diff --git a/package-lock.json b/package-lock.json index b41ab7c7a..8bca97695 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,6 +8,10 @@ "name": "@rockcarver/frodo-cli", "version": "3.0.0", "license": "MIT", + "dependencies": { + "deep-diff": "^1.0.2", + "tmp": "^0.2.3" + }, "bin": { "frodo": "dist/launch.cjs" }, @@ -3747,6 +3751,12 @@ } } }, + "node_modules/deep-diff": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/deep-diff/-/deep-diff-1.0.2.tgz", + "integrity": "sha512-aWS3UIVH+NPGCD1kki+DCU9Dua032iSsO43LqQpcs4R3+dVv7tX0qBGjiVHJHjplsoUM2XRO/KB92glqc68awg==", + "license": "MIT" + }, "node_modules/deep-extend": { "version": "0.6.0", "resolved": "https://registry.npmjs.org/deep-extend/-/deep-extend-0.6.0.tgz", @@ -4889,6 +4899,18 @@ "node": ">=4" } }, + "node_modules/external-editor/node_modules/tmp": { + "version": "0.0.33", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", + "integrity": "sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==", + "dev": true, + "dependencies": { + "os-tmpdir": "~1.0.2" + }, + "engines": { + "node": ">=0.6.0" + } + }, "node_modules/fast-deep-equal": { "version": "3.1.3", "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz", @@ -7880,7 +7902,6 @@ "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz", "integrity": "sha512-D2FR03Vir7FIu45XBY20mTb+/ZSWB00sjU9jdQXt83gDrI4Ztz5Fs7/yy74g2N5SVQY4xY1qDr4rNddwYRVX0g==", "dev": true, - "license": "MIT", "engines": { "node": ">=0.10.0" } @@ -9534,16 +9555,11 @@ } }, "node_modules/tmp": { - "version": "0.0.33", - "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz", - "integrity": "sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==", - "dev": true, - "license": "MIT", - "dependencies": { - "os-tmpdir": "~1.0.2" - }, + "version": "0.2.3", + "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.2.3.tgz", + "integrity": "sha512-nZD7m9iCPC5g0pYmcaxogYKggSfLsdxl8of3Q/oIbqCqLLIO9IAF0GWjX1z9NZRHPiXv8Wex4yDCaZsgEw0Y8w==", "engines": { - "node": ">=0.6.0" + "node": ">=14.14" } }, "node_modules/tmpl": { diff --git a/package.json b/package.json index 621af901b..3c93a4e11 100644 --- a/package.json +++ b/package.json @@ -158,5 +158,9 @@ "typescript": "^5.2.2", "uuid": "^9.0.0", "yesno": "^0.4.0" + }, + "dependencies": { + "deep-diff": "^1.0.2", + "tmp": "^0.2.3" } } diff --git a/src/app.ts b/src/app.ts index cbb367796..9b80e6a4e 100755 --- a/src/app.ts +++ b/src/app.ts @@ -18,6 +18,7 @@ import journey from './cli/journey/journey'; import log from './cli/log/log'; import mapping from './cli/mapping/mapping'; import oauth from './cli/oauth/oauth'; +import promote from './cli/promote/promote'; import realm from './cli/realm/realm'; import role from './cli/role/role'; import saml from './cli/saml/saml'; @@ -73,6 +74,7 @@ const { initTokenCache } = frodo.cache; await program.addCommand(log()); program.addCommand(mapping()); program.addCommand(oauth()); + program.addCommand(promote()); program.addCommand(realm()); program.addCommand(role()); program.addCommand(saml()); diff --git a/src/cli/idm/idm-delete.ts b/src/cli/idm/idm-delete.ts new file mode 100644 index 000000000..4f5c779fa --- /dev/null +++ b/src/cli/idm/idm-delete.ts @@ -0,0 +1,55 @@ +import { Option } from 'commander'; + +import { getTokens } from '../../ops/AuthenticateOps'; +import { deleteConfigEntityById } from '../../ops/IdmOps'; +import { FrodoCommand } from '../FrodoCommand'; + +export default function setup() { + const program = new FrodoCommand('frodo idm delete'); + + interface ServiceDeleteOptions { + id?: string; + type?: string; + insecure?: boolean; + verbose?: boolean; + debug?: boolean; + curlirize?: boolean; + all?: boolean; + global?: boolean; + } + + program + .description('Delete AM services.') + .addOption(new Option('-i, --id ', 'Id of Service to be deleted.')) + .action( + async ( + host: string, + realm: string, + user: string, + password: string, + options: ServiceDeleteOptions, + command + ) => { + command.handleDefaultArgsAndOpts( + host, + realm, + user, + password, + options, + command + ); + + // const globalConfig = options.global ?? false; + + if (options.id && (await getTokens())) { + const outcome = await deleteConfigEntityById(options.id); + if (!outcome) process.exitCode = 1; + } else { + program.help(); + process.exitCode = 1; + } + } + ); + + return program; +} diff --git a/src/cli/idm/idm.ts b/src/cli/idm/idm.ts index 400eb7ff3..0fa5c174f 100644 --- a/src/cli/idm/idm.ts +++ b/src/cli/idm/idm.ts @@ -1,5 +1,6 @@ import { FrodoStubCommand } from '../FrodoCommand'; import CountCmd from './idm-count.js'; +import DeleteCmd from './idm-delete.js'; import ExportCmd from './idm-export.js'; import ImportCmd from './idm-import.js'; import ListCmd from './idm-list.js'; @@ -17,5 +18,7 @@ export default function setup() { program.addCommand(CountCmd().name('count')); + program.addCommand(DeleteCmd().name(`delete`)); + return program; } diff --git a/src/cli/idp/idp-delete.ts b/src/cli/idp/idp-delete.ts new file mode 100644 index 000000000..9a6565801 --- /dev/null +++ b/src/cli/idp/idp-delete.ts @@ -0,0 +1,45 @@ +import { state } from '@rockcarver/frodo-lib'; +import { Option } from 'commander'; + +import { getTokens } from '../../ops/AuthenticateOps'; +import { deleteSocialIdentityProviderById } from '../../ops/IdpOps'; +import { printMessage, verboseMessage } from '../../utils/Console'; +import { FrodoCommand } from '../FrodoCommand'; + +export default function setup() { + const program = new FrodoCommand('frodo idp delete'); + + program + .description('Delete (social) identity providers.') + .addOption(new Option('-i, --idp-id ', 'Id/name of a provider.')) + .action( + // implement command logic inside action handler + async (host, realm, user, password, options, command) => { + command.handleDefaultArgsAndOpts( + host, + realm, + user, + password, + options, + command + ); + if ((await getTokens()) && options.idpId) { + verboseMessage( + `Deleting idp ${options.idpId} in realm "${state.getRealm()}"...` + ); + const outcome = await deleteSocialIdentityProviderById(options.idpId); + if (!outcome) process.exitCode = 1; + } else { + printMessage( + 'Unrecognized combination of options or no options...', + 'error' + ); + program.help(); + process.exitCode = 1; + } + } + // end command logic inside action handler + ); + + return program; +} diff --git a/src/cli/idp/idp.ts b/src/cli/idp/idp.ts index fc301e26e..d9735a156 100644 --- a/src/cli/idp/idp.ts +++ b/src/cli/idp/idp.ts @@ -1,4 +1,5 @@ import { FrodoStubCommand } from '../FrodoCommand'; +import DeleteCmd from './idp-delete'; import ExportCmd from './idp-export.js'; import ImportCmd from './idp-import.js'; import ListCmd from './idp-list.js'; @@ -14,5 +15,7 @@ export default function setup() { program.addCommand(ImportCmd().name('import')); + program.addCommand(DeleteCmd().name('delete')); + return program; } diff --git a/src/cli/oauth/oauth-client-delete.ts b/src/cli/oauth/oauth-client-delete.ts index 1b286df3a..39defb09d 100644 --- a/src/cli/oauth/oauth-client-delete.ts +++ b/src/cli/oauth/oauth-client-delete.ts @@ -1,6 +1,7 @@ import { Option } from 'commander'; import { getTokens } from '../../ops/AuthenticateOps'; +import { deleteOauth2ClientById } from '../../ops/OAuth2ClientOps'; import { FrodoCommand } from '../FrodoCommand'; export default function setup() { @@ -34,8 +35,9 @@ export default function setup() { options, command ); - if (await getTokens()) { - // code goes here + if (options.appId && (await getTokens())) { + const outcome = deleteOauth2ClientById(options.appId); + if (!outcome) process.exitCode = 1; } else { process.exitCode = 1; } diff --git a/src/cli/oauth/oauth-client.ts b/src/cli/oauth/oauth-client.ts index a7364a4ca..ea852b110 100644 --- a/src/cli/oauth/oauth-client.ts +++ b/src/cli/oauth/oauth-client.ts @@ -1,9 +1,9 @@ import { FrodoStubCommand } from '../FrodoCommand'; // import DescribeCmd from './oauth-client-describe.js'; +import DeleteCmd from './oauth-client-delete.js'; import ExportCmd from './oauth-client-export.js'; import ImportCmd from './oauth-client-import.js'; import ListCmd from './oauth-client-list.js'; -// import DeleteCmd from './oauth-client-delete.js'; export default function setup() { const program = new FrodoStubCommand('frodo oauth client'); @@ -18,7 +18,7 @@ export default function setup() { program.addCommand(ImportCmd().name('import')); - // program.addCommand(DeleteCmd().name('delete')); + program.addCommand(DeleteCmd().name('delete')); return program; } diff --git a/src/cli/promote/promote.ts b/src/cli/promote/promote.ts new file mode 100644 index 000000000..83b848bf2 --- /dev/null +++ b/src/cli/promote/promote.ts @@ -0,0 +1,124 @@ +import { FrodoError } from '@rockcarver/frodo-lib'; +import { Option } from 'commander'; + +import { getTokens } from '../../ops/AuthenticateOps'; +import { compareExportToDirectory } from '../../ops/PromoteOps'; +import { verboseMessage } from '../../utils/Console.js'; +import { FrodoCommand } from '../FrodoCommand'; + +const deploymentTypes = ['cloud', 'forgeops']; + +export default function setup() { + const program = new FrodoCommand('promote'); + + program + .description('Prepares a tenant to be promoted') + .addHelpText( + 'after', + 'This is used to compare two directories and automatically import and delete' + + 'configurations so the tenant can be promoted. It will compare a master export to a current export' + + 'and make the changes based off that diff. A file will be generated to show what has changed. \n' + + `Usage Examples:\n` + + '\n' + + 'frodo promote -M ./master -E ./export [testTenant]\n' + + '\n' + + 'This will run the promote command making the changes from master to the export, with the master being the one we are going to.' + + '\n' + + '\n' + + 'frodo promote --what-if -M ./master -E ./export [testTenant]\n' + + '\n' + + 'This will output the changes that would be made if the promote was run but will not do those changes' + ) + .addOption( + new Option( + '-E, --frodo-export-dir ', + 'The directory where the frodo export is located.' + ) + ) + .addOption( + new Option( + '--what-if', + 'Runs a what if of the comparison, so it wont do any changes' + ).default(false, 'false') + ) + .addOption( + new Option( + '-M, --master-dir ', + 'The directory where the master configurations is located.' + ) + ) + .addOption( + new Option( + '--propmt-prune', + 'Will prompt for Frodo Journey Prune on all realms' + ).default(false, 'false') + ) + .addOption( + new Option('--no-prune', 'Will stop prune from running').default( + false, + 'false' + ) + ) + .addOption( + new Option( + '-S --effect-secrets', + 'Will effect the secrets, otherwise we will not change the secrets but will compare them' + ).default(false, 'false') + ) + .addOption( + new Option( + '-W --wait-secrets', + 'When secrets are effected we need to run a refresh on the enviornment. This will cause the command to wait until the refresh is finished.' + ).default(false, 'false') + ) + .addOption( + new Option( + '-P --print-diff', + 'Outputs the diff to a file in the directory where the command was run.' + ).default(false, 'false') + ) + .addOption( + new Option( + '--target ', + 'Host URL of the environment to perform secret value encryption. The URL must resolve to an existing connection profile. Use this option to generate an export that can be imported into the target environment without requiring admin access to the source environment.' + ) + ) + .action( + async (host, realm, user, password, options, command) => { + command.handleDefaultArgsAndOpts( + host, + realm, + user, + password, + options, + command + ); + if ( + (await getTokens(false, true, deploymentTypes)) && + options.masterDir && + options.frodoExportDir + ) { + verboseMessage('Comparing export...'); + verboseMessage('comparing'); + const outcome = await compareExportToDirectory( + options.masterDir, + options.frodoExportDir, + options.whatIf, + options.effectSecrets, + options.waitSecrets, + options.promptPrune, + options.noPrune, + options.printDiff + ); + verboseMessage('done'); + if (!outcome) process.exitCode = 1; + } else { + new FrodoError('need to designate a master dir and export directory'); + } + } + //end command logic inside action handler + //"/home/trivir/Frodo/golden1-git/identity-cloud-config" + ); + + return program; +} diff --git a/src/cli/service/service-import.ts b/src/cli/service/service-import.ts index 2b6b22529..01e268ca4 100644 --- a/src/cli/service/service-import.ts +++ b/src/cli/service/service-import.ts @@ -89,7 +89,7 @@ export default function setup() { const globalConfig = options.global ?? false; const realmConfig = globalConfig ? false - : (options.currentRealm ?? false); + : options.currentRealm ?? false; // import by id if (options.serviceId && options.file && (await getTokens())) { diff --git a/src/ops/ConfigOps.ts b/src/ops/ConfigOps.ts index c67372af5..6ba212f4c 100644 --- a/src/ops/ConfigOps.ts +++ b/src/ops/ConfigOps.ts @@ -142,7 +142,7 @@ export async function exportEverythingToFiles( * @param {boolean} extract Extracts the scripts from the exports into separate files if true * @param {boolean} separateMappings separate sync.idm.json mappings if true, otherwise keep them in a single file */ -function exportItem( +export function exportItem( exportData, type, obj, diff --git a/src/ops/IdmOps.ts b/src/ops/IdmOps.ts index fd7d40596..9c7e5ce62 100644 --- a/src/ops/IdmOps.ts +++ b/src/ops/IdmOps.ts @@ -30,6 +30,7 @@ const { readConfigEntities, exportConfigEntity, exportConfigEntities, + deleteConfigEntity, importConfigEntities, } = frodo.idm.config; const { queryManagedObjects } = frodo.idm.managed; @@ -250,6 +251,30 @@ export async function importConfigEntityByIdFromFile( return false; } +/** + * Delete IDM config Entity by id + * @param {String} id saml entityId + * @returns {Promise} true if successful, false otherwise + */ +export async function deleteConfigEntityById( + entityId: string +): Promise { + const spinnerId = createProgressIndicator( + 'indeterminate', + undefined, + `Deleting ${entityId}...` + ); + try { + await deleteConfigEntity(entityId); + stopProgressIndicator(spinnerId, `Deleted ${entityId}.`, 'success'); + return true; + } catch (error) { + stopProgressIndicator(spinnerId, `Error: ${error.message}`, 'fail'); + printError(error); + } + return false; +} + /** * Import first IDM configuration object from file. * @param {string} file optional file to import diff --git a/src/ops/IdpOps.ts b/src/ops/IdpOps.ts index 91770dfc0..aeab67c27 100644 --- a/src/ops/IdpOps.ts +++ b/src/ops/IdpOps.ts @@ -15,6 +15,7 @@ import { const { getRealmString, getTypedFilename, saveJsonToFile } = frodo.utils; const { readSocialIdentityProviders, + deleteSocialIdentityProvider, exportSocialIdentityProvider, exportSocialIdentityProviders, importFirstSocialIdentityProvider, @@ -352,3 +353,27 @@ export async function importSocialIdentityProvidersFromFiles( } return false; } + +/** + * Delete idp by id + * @param {String} id idp id + * @returns {Promise} true if successful, false otherwise + */ +export async function deleteSocialIdentityProviderById( + id: string +): Promise { + const spinnerId = createProgressIndicator( + 'indeterminate', + undefined, + `Deleting ${id}...` + ); + try { + await deleteSocialIdentityProvider(id); + stopProgressIndicator(spinnerId, `Deleted ${id}.`, 'success'); + return true; + } catch (error) { + stopProgressIndicator(spinnerId, `Error: ${error.message}`, 'fail'); + printError(error); + } + return false; +} diff --git a/src/ops/OAuth2ClientOps.ts b/src/ops/OAuth2ClientOps.ts index 0476a2e66..7584716e4 100644 --- a/src/ops/OAuth2ClientOps.ts +++ b/src/ops/OAuth2ClientOps.ts @@ -1,9 +1,9 @@ import { frodo, FrodoError, state } from '@rockcarver/frodo-lib'; import { Readable } from '@rockcarver/frodo-lib/types/api/ApiTypes'; -import type { - OAuth2ClientExportInterface, - OAuth2ClientExportOptions, - OAuth2ClientImportOptions, +import { + type OAuth2ClientExportInterface, + type OAuth2ClientExportOptions, + type OAuth2ClientImportOptions, } from '@rockcarver/frodo-lib/types/ops/OAuth2ClientOps'; import fs from 'fs'; @@ -31,6 +31,7 @@ const { readOAuth2Clients, exportOAuth2Client, exportOAuth2Clients, + deleteOAuth2Client, importOAuth2Client, importFirstOAuth2Client, importOAuth2Clients, @@ -362,3 +363,27 @@ export async function importOAuth2ClientsFromFiles( } return false; } + +/** + * Delete oauth2 client by id + * @param {String} id script id + * @returns {Promise} true if successful, false otherwise + */ +export async function deleteOauth2ClientById( + clientId: string +): Promise { + const spinnerId = createProgressIndicator( + 'indeterminate', + undefined, + `Deleting ${clientId}...` + ); + try { + await deleteOAuth2Client(clientId); + stopProgressIndicator(spinnerId, `Deleted ${clientId}.`, 'success'); + return true; + } catch (error) { + stopProgressIndicator(spinnerId, `Error: ${error.message}`, 'fail'); + printError(error); + } + return false; +} diff --git a/src/ops/PromoteOps.ts b/src/ops/PromoteOps.ts new file mode 100644 index 000000000..432e5183e --- /dev/null +++ b/src/ops/PromoteOps.ts @@ -0,0 +1,1217 @@ +import { frodo, FrodoError, state } from '@rockcarver/frodo-lib'; +import * as crypto from 'crypto'; +import * as fs from 'fs'; +import * as path from 'path'; +import yesno from 'yesno'; + +import { printError, verboseMessage } from '../utils/Console'; +import { + deleteAgent, + deleteIdentityGatewayAgent, + deleteJavaAgent, + deleteWebAgent, + importAgentFromFile, + importIdentityGatewayAgentFromFile, + importJavaAgentFromFile, + importWebAgentFromFile, +} from './AgentOps'; +import { + deleteApplication, + importApplicationsFromFile, +} from './ApplicationOps'; +import { importAuthenticationSettingsFromFile } from './AuthenticationSettingsOps'; +import { + deleteVariableById, + importVariableFromFile, +} from './cloud/VariablesOps'; +import { importEmailTemplateFromFile } from './EmailTemplateOps'; +import { + deleteConfigEntityById, + importFirstConfigEntityFromFile, +} from './IdmOps'; +import { deleteJourney, importJourneyFromFile } from './JourneyOps'; +import { deleteMapping, importMappingFromFile } from './MappingOps'; +import { + deleteOauth2ClientById, + importOAuth2ClientFromFile, +} from './OAuth2ClientOps'; +import { deletePolicyById, importPolicyFromFile } from './PolicyOps'; +import { + deleteResourceTypeUsingName, + importResourceTypesFromFile, +} from './ResourceTypeOps'; +import { deleteScriptId, importScriptsFromFile } from './ScriptOps'; +import { deleteService, importFirstServiceFromFile } from './ServiceOps.js'; + +const { findOrphanedNodes, removeOrphanedNodes } = frodo.authn.node; + +const { applyUpdates } = frodo.cloud.startup; + +const { saveJsonToFile, getFilePath, getRealmUsingExportFormat } = frodo.utils; + +const changed = new Array(); +const deleted = new Array(); +const added = new Array(); +const realms = new Set(); +const logmessages = new Array(); + +let PromptPrune = false; +let NoPrune = false; + +interface CompareObj { + added: Array; + changed: Array; + deleted: Array; +} + +/** + * runs a comparison of two config export directories (AxND flags) to check for differences and + * if there are differences it will then run imports and deletes on the tenant based off those differences found + * @param masterDir master directory that the changes run will try to emulate + * @param exportDir exported directory that the master dir is compared to + * @param whatIf flag to run the comparison but not affect the differences if true + * @param effectSecrets if true esv's will be effected + * @param wait causes function to wait for an environment refresh to finish before letting to of control if a refresh is necessary + * @param promptPrune when true if a prune of orphaned nodes will run the user will be prompted to say yes or no + * @param noPrune when true pruning of orphaned nodes will not occur + * @param printDiff when true outputs two files, one that shows the files that were changed in some way and another that + * gives a log for if the changes were successful or not + */ +export async function compareExportToDirectory( + masterDir: string, + exportDir: string, + whatIf: boolean, + effectSecrets: boolean = false, + wait: boolean = false, + promptPrune: boolean = false, + noPrune: boolean = false, + printDiff: boolean = false +): Promise { + try { + PromptPrune = promptPrune; + NoPrune = noPrune; + verboseMessage(`Master dir: ${masterDir}`); + verboseMessage(`Export dir: ${exportDir}`); + + verboseMessage('fileDiffing'); + const fileDiffname = 'fileDiff.config.json'; + compareDirectories(exportDir, masterDir); + + const compareObj: CompareObj = { + added: added, + changed: changed, + deleted: deleted, + }; + if (printDiff) { + saveJsonToFile(compareObj, getFilePath('a1' + fileDiffname, true)); + } + + verboseMessage(realms); + + for (const realm of realms) { + let realmAdded = new Array(); + let realmChanged = new Array(); + let realmDeleted = new Array(); + + if (realm === 'global') { + realmAdded = added.filter((val) => + val.substring(0, val.indexOf('/')).includes('global') + ); + realmChanged = changed.filter((val) => + val.substring(0, val.indexOf('/')).includes('global') + ); + realmDeleted = deleted.filter((val) => + val.substring(0, val.indexOf('/')).includes('global') + ); + } else { + realmAdded = added.filter( + (val) => + val.substring( + val.indexOf('/') + 1, + val.indexOf('/', val.indexOf('/') + 1) + ) === realm + ); + realmChanged = changed.filter( + (val) => + val.substring( + val.indexOf('/') + 1, + val.indexOf('/', val.indexOf('/') + 1) + ) == realm + ); + realmDeleted = deleted.filter( + (val) => + val.substring( + val.indexOf('/') + 1, + val.indexOf('/', val.indexOf('/') + 1) + ) === realm + ); + } + + verboseMessage(realm); + const compObj: CompareObj = { + added: realmAdded, + changed: realmChanged, + deleted: realmDeleted, + }; + verboseMessage(compObj); + if (!whatIf) { + await effectDifferences(compObj, masterDir, exportDir, effectSecrets); + } + } + + if (!whatIf) { + const globalSync = changed.find((val) => val === 'global/idm/sync.json'); + if (globalSync) { + await changeFile('global/idm/sync.json', masterDir); + } + if (enviornmentChanged(compareObj) && effectSecrets) { + await applyUpdates(wait); + verboseMessage( + 'Must wait around 10 minutes because the enviornment is updating' + ); + } + } + + if (printDiff) { + saveJsonToFile(logmessages, getFilePath('a2' + fileDiffname, true)); + } + + return true; + } catch (error) { + printError(error); + } + return false; +} + +/** + * checks to see if there were any changes to esv's to see if an environment refresh is necessary + * @param files the compare object we need to filter through to see if any variables or secrets were changed + */ +function enviornmentChanged(files: CompareObj): boolean { + // variables + let variable = files.changed.find((val) => val.includes('global/variable')); + if (variable) { + return true; + } + variable = files.added.find((val) => val.includes('global/variable')); + if (variable) { + return true; + } + variable = files.deleted.find((val) => val.includes('global/variable')); + if (variable) { + return true; + } + // todo: need to work around how secrets encrpt + // secrets + // variable = files.changed.find((val) => val.includes('global/secret')); + // if (variable) { + // return true; + // } + // variable = files.added.find((val) => val.includes('global/secret')); + // if (variable) { + // return true; + // } + // variable = files.deleted.find((val) => val.includes('global/secret')); + // if (variable) { + // return true; + // } +} + +/** + * Takes in a compare object and runs through all the imports and exports that were determined by and earlier + * copmarison + * @param compObj object that contains the sub-paths for all the configs that were changed, added, or deleted + * @param masterDir path to the master directory + * @param exportDir path to the export directory + * @param effectSecrets true if we want esv's to be effected + */ +export async function effectDifferences( + compObj: CompareObj, + masterDir: string, + exportDir: string, + effectSecrets: boolean = false +) { + for (const add of compObj.added) { + await addFile(add, masterDir, effectSecrets); + } + for (const change of compObj.changed) { + await changeFile(change, masterDir, effectSecrets); + } + for (const del of compObj.deleted) { + await deleteFile(del, exportDir, effectSecrets); + } + verboseMessage(`finished effect differences`); +} + +/** + * hashes the file with sha256 + * @param filePath path to the config object + */ +function hashFile(filePath): string { + const hash = crypto.createHash('sha256'); + const fileData = fs.readFileSync(filePath); + hash.update(fileData); + return hash.digest('hex'); +} + +/** + * Compares all the files within two separate directories that have identical file structures + * @param dir1 path to the master directory + * @param dir2 path to the export directory + */ +function compareDirectories(dir1: string, dir2: string) { + // Walk through dir1 + const walkDir = (dir, callback) => { + fs.readdirSync(dir).forEach((file) => { + const filePath = path.join(dir, file); + const stat = fs.statSync(filePath); + if (stat.isDirectory()) { + walkDir(filePath, callback); + } else { + callback(filePath); + } + }); + }; + + // First directory traversal + walkDir(dir1, (file: string) => { + const relativePath = path.relative(dir1, file); + const counterpart = path.join(dir2, relativePath); + + if ( + relativePath.startsWith('.git' + path.sep) || + relativePath.includes('README.md') + ) { + return; // Skip .git directories + } + + if (fs.existsSync(counterpart)) { + const hash1 = hashFile(file); + const hash2 = hashFile(counterpart); + if (hash1 !== hash2) { + checkChange(relativePath, dir2, `${dir1}/${relativePath}`); + } + } else { + checkForRealmFromPath(relativePath); + if (checkTypeIsPromotable(relativePath)) { + deleted.push(`${relativePath}`); + } + } + }); + + // Second directory traversal to find added files + walkDir(dir2, (file: string) => { + const relativePath = path.relative(dir2, file); + const counterpart = path.join(dir1, relativePath); + + if ( + relativePath.startsWith('.git' + path.sep) || + relativePath.includes('README.md') + ) { + return; // Skip .git directories + } + + if (!fs.existsSync(counterpart)) { + checkForRealmFromPath(relativePath); + if (checkTypeIsPromotable(relativePath)) { + added.push(`${relativePath}`); + } + } + }); +} + +/** + * removes specific keys from two json objects and then compares them to determine a difference + * @param masterFilePath path to the master config object + * @param counterpartPath path to the exported config object + * @param keysToRemove keys to remove from the objects before comparing them + */ +function removeKeysAndCompare( + masterFilePath: string, + counterpartPath: string, + keysToRemove: Array +): boolean { + const data = fs.readFileSync(masterFilePath, 'utf8'); + const obj = removeKeys(JSON.parse(data), keysToRemove); + const dataCopy = fs.readFileSync(counterpartPath, 'utf8'); + const objCopy = removeKeys(JSON.parse(dataCopy), keysToRemove); + return JSON.stringify(objCopy) === JSON.stringify(obj); +} + +/** + * removes specific keys and values from json objects + * @param obj the object that we want to remove the values from + * @param keysToRemove the keys to remove from that object + */ +function removeKeys(obj, keysToRemove) { + return Object.fromEntries( + Object.entries(obj) + .filter(([key]) => !keysToRemove.includes(key)) // Exclude specified keys + .map(([key, value]) => + value && typeof value === 'object' + ? [key, removeKeys(value, keysToRemove)] + : [key, value] + ) + ); +} + +/** + * removes nulls from json objects and then compares the two objects for changes + * @param masterFilePath path to the master config object + * @param counterpartPath path to the export config object + */ +function removeNullsAndCompare( + masterFilePath: string, + counterpartPath: string +): boolean { + const data = fs.readFileSync(masterFilePath, 'utf8'); + const object = removeNulls(JSON.parse(data)); + const dataCopy = fs.readFileSync(counterpartPath, 'utf8'); + const objectCopy = removeNulls(JSON.parse(dataCopy)); + return JSON.stringify(object) === JSON.stringify(objectCopy); +} + +/** + * removes nulls from the config objects + * @param obj object to remove the null values from + */ +function removeNulls(obj) { + return Object.fromEntries( + Object.entries(obj) + .filter(([, value]) => value !== null) + .map(([key, value]) => + value && typeof value === 'object' + ? [key, removeNulls(value)] + : [key, value] + ) + ); +} + +/** + * When these objects change certain parts are not as important as others when they are changed + * so if that part is determined to have been the part that changed and other parts did not change + * the object will not be flagged as changed. + * @param path sub-path to the config object + * @param dir path to the master directory + * @param counterpartPath path to the export directory + */ +function checkChange(path: string, dir: string, counterpartPath: string) { + const type = getTypeFromPath(path); + const importFilePath = dir + '/' + path; + switch (type) { + case 'policy': { + const keysToRemove = [ + 'createdBy', + 'creationDate', + 'lastModifiedDate', + 'lastModifiedBy', + ]; + if (removeKeysAndCompare(importFilePath, counterpartPath, keysToRemove)) { + return; + } + break; + } + case 'resourcetype': { + const keysToRemove = [ + 'createdBy', + 'creationDate', + 'lastModifiedDate', + 'lastModifiedBy', + ]; + if (removeKeysAndCompare(importFilePath, counterpartPath, keysToRemove)) { + return; + } + break; + } + case 'sync': { + if (importFilePath.includes('/sync.json')) { + const keysToRemove = ['meta']; + if ( + removeKeysAndCompare(importFilePath, counterpartPath, keysToRemove) + ) { + return; + } + } + break; + } + case 'application': { + if (removeNullsAndCompare(importFilePath, counterpartPath)) { + return; + } + break; + } + case 'variable': { + const keysToRemove = ['lastChangeDate', 'lastChangedBy']; + if (removeKeysAndCompare(importFilePath, counterpartPath, keysToRemove)) { + return; + } + break; + } + default: + break; + } + if (checkTypeIsPromotable(path)) { + checkForRealmFromPath(path); + changed.push(`${path}`); + } +} + +/** + * logs messages to say the file was changed then calls add file + * @param path sub-path to the config object + * @param dir path to the base directory where the sub-path starts + * @param effectSecrets true if we want to change esv's + */ +async function changeFile( + path: string, + dir: string, + effectSecrets: boolean = false +) { + logmessages.push('file changed:'); + verboseMessage('File Changed: '); + await addFile(path, dir, effectSecrets); +} + +/** + * Sets the variables before running the add switch statement + * @param path sub-path to the config object + * @param dir path to the base directory where the sub-path starts + * @param effectSecrets true if we want to change esv's + */ +async function addFile( + path: string, + dir: string, + effectSecrets: boolean = false +) { + const type = getTypeFromPath(path); + const importFilePath = dir + '/' + path; + const global = path.substring(0, path.indexOf('/')) === 'global'; + const inRealm = path.substring(0, path.indexOf('/')) === 'realm'; + setRealmFromPath(path, inRealm); + + await addSwitch(importFilePath, type, global, inRealm, effectSecrets); +} + +/** + * A switch statement for effecting imports to the different config files if it was determined that a file + * was changed or needs to be added into the tenant + * @param importFilePath path to the config object + * @param type object type of the config object + * @param global tru if the config is in the global realm + * @param inRealm true if the object is in any realm other than the global realm + * @param effectSecrets set to true if we want esv's to be changed + */ +async function addSwitch( + importFilePath: string, + type: string, + global: boolean, + inRealm: boolean, + effectSecrets: boolean = false +) { + switch (type) { + case 'application': { + const application = getJsonObjectTwoDown(importFilePath); + verboseMessage(`application id: ${application._id}`); + const outcome = await importOAuth2ClientFromFile( + application._id, + importFilePath, + { + deps: true, + } + ); + logmessages.push(`add application ${importFilePath}`); + verboseMessage(`add application ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + break; + } + case 'authentication': { + const outcome = + await importAuthenticationSettingsFromFile(importFilePath); + logmessages.push(`add authentication ${importFilePath}`); + verboseMessage(`add authentication ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + break; + } + case 'journey': { + const journey = getJsonObjectOneDown(importFilePath); + const journeyId = Object.keys(journey)[0]; + verboseMessage(`journey Id: ${journeyId}`); + const outcome = await importJourneyFromFile(journeyId, importFilePath, { + reUuid: false, + deps: true, + }); + logmessages.push(`add journey ${importFilePath}`); + verboseMessage(`add journey ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + break; + } + case 'managedApplication': { + const outcome = await importApplicationsFromFile(importFilePath, { + deps: true, + }); + logmessages.push(`add managedApplication ${importFilePath}`); + verboseMessage(`add managedApplication ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + break; + } + case 'resourcetype': { + const outcome = await importResourceTypesFromFile(importFilePath); + logmessages.push(`add resourcetype ${importFilePath}`); + verboseMessage(`add resourcetype ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + break; + } + case 'script': { + if ( + importFilePath.endsWith('.js') || + importFilePath.endsWith('.groovy') + ) { + verboseMessage(importFilePath); + verboseMessage( + 'this is a script file, we will not import it as a script file,' + + 'but will import the config and that should import the script as well\n' + ); + logmessages.push(importFilePath); + logmessages.push( + 'this is a script file, we will not import it as a script file,' + + 'but will import the config and that should import the script as well\n' + ); + logmessages.push(' '); + break; + } + const script = getJsonObjectTwoDown(importFilePath); + verboseMessage(`script name: ${script.name}`); + verboseMessage(`script id: ${script._id}`); + const outcome = await importScriptsFromFile( + script._id, + script.name, + importFilePath, + { + deps: true, + reUuid: false, + includeDefault: false, + } + ); + logmessages.push(`add script ${importFilePath}`); + verboseMessage(`add script ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + break; + } + case 'service': { + logmessages.push(`add service ${importFilePath}`); + verboseMessage(`add service ${importFilePath}\n`); + if (global) { + const outcome = await importFirstServiceFromFile(importFilePath, { + clean: false, + global: global, + realm: inRealm, + }); + logmessages.push(`outcome: ${outcome}`); + } else { + const outcome = await importFirstServiceFromFile(importFilePath, { + clean: true, + global: global, + realm: inRealm, + }); + logmessages.push(`outcome: ${outcome}`); + } + + logmessages.push(' '); + break; + } + // Taken care of by Idm + case 'theme': { + break; + } + case 'emailTemplate': { + const emailTemplate = getJsonObjectTwoDown(importFilePath); + verboseMessage(`Email Template Id: ${emailTemplate._id}`); + const outcome = await importEmailTemplateFromFile( + emailTemplate._id, + importFilePath, + false + ); + logmessages.push(`add emailTemplate ${importFilePath}`); + verboseMessage(`add emailTemplate ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + break; + } + case 'idm': { + if (importFilePath.includes('emailTemplate')) { + break; + } + const outcome = await importFirstConfigEntityFromFile(importFilePath); + logmessages.push(`add idm ${importFilePath}`); + verboseMessage(`add idm ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + break; + } + // todo: need to determine how to get the compare to work properly + case 'secret': { + if (effectSecrets) { + const secret = getJsonObjectTwoDown(importFilePath); + + verboseMessage(`Importing secret ${secret._id}...`); + // const outcome = await importSecretFromFile( + // nestedSecret._id, + // importFilePath, + // false, + // null + // ); + logmessages.push(`add secret ${importFilePath}`); + verboseMessage(`add secret ${importFilePath}\n`); + // logmessages.push(`outcome: ${outcome}`) + logmessages.push(' '); + } + break; + } + case 'sync': { + const data = fs.readFileSync(importFilePath, 'utf8'); + const importData = JSON.parse(data); + verboseMessage(`sync Id: ${importData._id}`); + const outcome = await importMappingFromFile( + importData._id, + importFilePath, + { + deps: true, + } + ); + logmessages.push(`add sync ${importFilePath}`); + verboseMessage(`add sync ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + break; + } + case 'variable': { + if (effectSecrets) { + const variable = getJsonObjectOneDown(importFilePath); + verboseMessage(`Importing variable ${variable._id}...`); + const outcome = await importVariableFromFile( + variable._id, + importFilePath + ); + logmessages.push(`add variable ${importFilePath}`); + verboseMessage(`add variable ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + } + break; + } + case 'mapping': { + const data = fs.readFileSync(importFilePath, 'utf8'); + const importData = JSON.parse(data); + verboseMessage(`mapping Id: ${importData._id}`); + const outcome = await importMappingFromFile( + importData._id, + importFilePath, + { + deps: true, + } + ); + logmessages.push(`add mapping ${importFilePath}`); + verboseMessage(`add mapping ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + break; + } + case 'agent': { + const agent = getJsonObjectTwoDown(importFilePath); + const agentType = agent._type._id; + verboseMessage(`Agent id: ${agent._id} and type: ${agentType}`); + switch (agentType) { + case 'WebAgent': { + const outcome = await importWebAgentFromFile( + agent._id, + importFilePath + ); + logmessages.push(`add agents ${importFilePath}`); + verboseMessage(`add agents ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + break; + } + case 'IdentityGatewayAgent': { + const outcome = await importIdentityGatewayAgentFromFile( + agent._id, + importFilePath + ); + logmessages.push(`add agents ${importFilePath}`); + verboseMessage(`add agents ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + break; + } + case 'J2EEAgent': { + const outcome = await importJavaAgentFromFile( + agent._id, + importFilePath + ); + logmessages.push(`add agents ${importFilePath}`); + verboseMessage(`add agents ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + break; + } + default: { + const outcome = importAgentFromFile(agent._id, importFilePath); + logmessages.push(`add agents ${importFilePath}`); + verboseMessage(`add agents ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + break; + } + } + logmessages.push(' '); + break; + } + // Taken care of by service + case 'idp': { + break; + } + case 'policy': { + const policy = getJsonObjectTwoDown(importFilePath); + verboseMessage(`Add Policy with id: ${policy._id}`); + const outcome = await importPolicyFromFile(policy._id, importFilePath, { + deps: true, + prereqs: false, + }); + logmessages.push(`add policy ${importFilePath}`); + verboseMessage(`add policy ${importFilePath}\n`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + break; + } + // These next three object types have deletes written for them, but they are not promotable so we don't worry about effecting them + case 'policyset': { + break; + } + case 'saml': { + break; + } + case 'cot': { + break; + } + default: { + logmessages.push(`missed add for ${importFilePath} with type ${type}`); + verboseMessage(`missed add for ${importFilePath} with type ${type}\n`); + logmessages.push(' '); + break; + } + } + return; +} + +/** + * sets the variables necessary from the path and then runs the delete switch + * @param path path to the config object + * @param dir the base directory that leads to the config object + * @param effectSecrets true if we want to effect changes to esv's + */ +async function deleteFile( + path: string, + dir: string, + effectSecrets: boolean = false +) { + const type = getTypeFromPath(path); + const deleteFilePath = dir + '/' + path; + const global = path.substring(0, path.indexOf('/')) === 'global'; + const inRealm = path.substring(0, path.indexOf('/')) === 'realm'; + setRealmFromPath(path, inRealm); + + await deleteSwitch(deleteFilePath, type, global, effectSecrets); +} + +/** + * A switch statement for effecting deletes to different config files + * @param deleteFilePath the path to the delete config object + * @param type the type of object to delete + * @param global true if the object is in the global config + * @param effectSecrets set to true if we want esv's to be changed + */ +async function deleteSwitch( + deleteFilePath: string, + type: string, + global: boolean, + effectSecrets: boolean = false +) { + switch (type) { + case 'application': { + const application = getJsonObjectTwoDown(deleteFilePath); + logmessages.push(`delete application with id ${application._id}`); + verboseMessage(`delete application with id ${application._id}`); + const outcome = await deleteOauth2ClientById(application._id); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + break; + } + case 'authentication': { + logmessages.push(`no delete exitsts for authentication`); + logmessages.push(`delete authentication ${deleteFilePath}`); + logmessages.push(' '); + verboseMessage(`no delete exitsts for authentication`); + verboseMessage(`delete authentication ${deleteFilePath}\n`); + break; + } + case 'journey': { + const journey = getJsonObjectOneDown(deleteFilePath); + const journeyId = Object.keys(journey)[0]; + verboseMessage( + `Deleting journey ${journeyId} in realm "${state.getRealm()}"...` + ); + const outcome = await deleteJourney(journeyId, { + deep: true, + verbose: false, + progress: false, + }); + logmessages.push(`delete journey ${deleteFilePath}`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + verboseMessage(`delete journey ${deleteFilePath}\n`); + if (!NoPrune) { + verboseMessage( + `Pruning orphaned configuration artifacts in realm "${state.getRealm()}"...` + ); + try { + const orphanedNodes = await findOrphanedNodes(); + if (orphanedNodes.length > 0) { + if (PromptPrune) { + const ok = await yesno({ + question: `Prune (permanently delete) orphaned nodes from journey ${journeyId}? (y|n):`, + }); + if (ok) { + await removeOrphanedNodes(orphanedNodes); + } + } else { + await removeOrphanedNodes(orphanedNodes); + } + } else { + verboseMessage('No orphaned nodes found.'); + } + } catch (error) { + printError(error); + process.exitCode = 1; + } + } + break; + } + case 'managedApplication': { + const managedApplication = getJsonObjectTwoDown(deleteFilePath); + verboseMessage( + `Deleting Managed Application with name ${managedApplication.name}` + ); + const outcome = await deleteApplication(managedApplication.name, true); + logmessages.push(`delete managedApplication ${deleteFilePath}`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + verboseMessage(`delete managedApplication ${deleteFilePath}\n`); + break; + } + case 'resourcetype': { + const resourcetype = getJsonObjectTwoDown(deleteFilePath); + verboseMessage( + `Deleting authorization resource type ${resourcetype.name}` + ); + const outcome = await deleteResourceTypeUsingName(resourcetype.name); + logmessages.push(`delete resourcetype ${deleteFilePath}`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + verboseMessage(`delete resourcetype ${deleteFilePath}\n`); + break; + } + case 'script': { + if ( + deleteFilePath.endsWith('.js') || + deleteFilePath.endsWith('.groovy') + ) { + verboseMessage(deleteFilePath); + verboseMessage( + 'this is a script file, we will not delete it as a script file,' + + 'but will delete the config and that should delete the script as well\n' + ); + logmessages.push(deleteFilePath); + logmessages.push( + 'this is a script file, we will not delete it as a script file,' + + 'but will delete the config and that should delete the script as well\n' + ); + logmessages.push(' '); + break; + } + const script = getJsonObjectTwoDown(deleteFilePath); + verboseMessage( + `Deleting script ${script._id} in realm "${state.getRealm()}"...` + ); + const outcome = await deleteScriptId(script._id); + logmessages.push(`delete script ${deleteFilePath}`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + verboseMessage(`delete script ${deleteFilePath}\n`); + break; + } + case 'service': { + const service = getJsonObjectOneDown(deleteFilePath); + const serviceId = Object.keys(service)[0]; + verboseMessage(`service Id: ${serviceId}`); + const outcome = await deleteService(serviceId, global); + logmessages.push(`delete service ${deleteFilePath}`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + verboseMessage(`delete service ${deleteFilePath}\n`); + break; + } + // Taken care of by Idm + case 'theme': { + break; + } + // Taken care of by the Idm config + case 'emailTemplate': { + break; + } + case 'idm': { + const data = fs.readFileSync(deleteFilePath, 'utf8'); + const fileData = JSON.parse(data); + const entityId = fileData._id; + verboseMessage(`delete Idm config with entity Id: ${entityId}`); + logmessages.push(`delete Idm config with entity Id: ${entityId}`); + const outcome = await deleteConfigEntityById(entityId); + logmessages.push(`No delete written for idm`); + logmessages.push(`delete idm ${deleteFilePath}`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + verboseMessage(`delete idm ${deleteFilePath}\n`); + break; + } + // todo: Currently secrets when exported are hashed so it needs to be thought of more + case 'secret': { + if (effectSecrets) { + const secret = getJsonObjectTwoDown(deleteFilePath); + verboseMessage(`Deleting secret with id ${secret._id}`); + // const outcome = await deleteSecret(secret._id); + logmessages.push(`delete secret ${deleteFilePath}`); + // logmessages.push(`outcome: ${outcome}`) + logmessages.push(' '); + verboseMessage(`delete secret ${deleteFilePath}\n`); + } + break; + } + case 'sync': { + const data = fs.readFileSync(deleteFilePath, 'utf8'); + const sync = JSON.parse(data); + verboseMessage(`sync Id: ${sync._id}`); + const outcome = await deleteMapping(sync._id); + logmessages.push(`delete sync ${deleteFilePath}`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + verboseMessage(`delete sync ${deleteFilePath}\n`); + break; + } + case 'variable': { + if (effectSecrets) { + const variable = getJsonObjectTwoDown(deleteFilePath); + verboseMessage(`Deleting variable with id: ${variable._id}`); + const outcome = await deleteVariableById(variable._id); + logmessages.push(`delete variable ${deleteFilePath}`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + verboseMessage(`delete variable ${deleteFilePath}\n`); + } + break; + } + case 'mapping': { + const data = fs.readFileSync(deleteFilePath, 'utf8'); + const mapping = JSON.parse(data); + verboseMessage(`mapping Id: ${mapping._id}`); + const outcome = await deleteMapping(mapping._id); + logmessages.push(`delete mapping ${deleteFilePath}`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + verboseMessage(`delete mapping ${deleteFilePath}\n`); + break; + } + case 'agent': { + const agent = getJsonObjectTwoDown(deleteFilePath); + const agentType = agent._type._id; + verboseMessage( + `Deleting agent '${agent._id}' of type ${agentType} in realm "${state.getRealm()}"...` + ); + switch (agentType) { + case 'WebAgent': { + const outcome = await deleteWebAgent(agent._id); + logmessages.push(`delete WebAgent ${deleteFilePath}`); + logmessages.push(`outcome: ${outcome}`); + verboseMessage(`delete agents ${deleteFilePath}\n`); + break; + } + case 'IdentityGatewayAgent': { + const outcome = await deleteIdentityGatewayAgent(agent._id); + logmessages.push(`delete IdentityGatewayAgent ${deleteFilePath}`); + logmessages.push(`outcome: ${outcome}`); + verboseMessage(`delete agents ${deleteFilePath}\n`); + break; + } + case 'J2EEAgent': { + const outcome = await deleteJavaAgent(agent._id); + logmessages.push(`delete IdentityGatewayAgent ${deleteFilePath}`); + logmessages.push(`outcome: ${outcome}`); + verboseMessage(`delete agents ${deleteFilePath}\n`); + break; + } + default: { + const outcome = await deleteAgent(agent._id); + logmessages.push(`delete agents ${deleteFilePath}`); + logmessages.push(`outcome: ${outcome}`); + verboseMessage(`delete agents ${deleteFilePath}\n`); + break; + } + } + logmessages.push(' '); + break; + } + // When an idp object is modified so is a service file, by changing the service config it will also + // change the idp config. + case 'idp': { + break; + } + case 'policy': { + const policy = getJsonObjectTwoDown(deleteFilePath); + verboseMessage(`policy id: ${policy._id}`); + const outcome = await deletePolicyById(policy._id); + logmessages.push(`delete policy ${deleteFilePath}`); + logmessages.push(`outcome: ${outcome}`); + logmessages.push(' '); + verboseMessage(`delete policy ${deleteFilePath}\n`); + break; + } + // These next three object types have deletes written for them, but they are not promotable so we don't worry about effecting them + case 'cot': { + break; + } + case 'policyset': { + break; + } + case 'saml': { + break; + } + default: { + logmessages.push( + `No delete ${deleteFilePath} not setup for type ${type}` + ); + logmessages.push(' '); + verboseMessage( + `No delete ${deleteFilePath} not setup for type ${type}\n` + ); + break; + } + } + return; +} + +/** + * Opens the file and returns the json object two keys down into the config object. + * @param filePath + */ +function getJsonObjectTwoDown(filePath: string): any { + try { + const data = fs.readFileSync(filePath, 'utf8'); + const fileData = JSON.parse(data); + const jsonObject = fileData[Object.keys(fileData)[0]]; + return jsonObject[Object.keys(jsonObject)[0]]; + } catch { + new FrodoError('error in json parsing'); + } +} + +/** + * Opens the file and returns a json object one element down from the top object + * @param filePath path to the config file + */ +function getJsonObjectOneDown(filePath: string): any { + try { + const data = fs.readFileSync(filePath, 'utf8'); + const fileData = JSON.parse(data); + return fileData[Object.keys(fileData)[0]]; + } catch { + new FrodoError('error in json parsing'); + } +} + +/** + * Sets the realm for the next command to run on. + * @param path sub-path to the config file currently being looked at + * @param inRealm if the object is in a realm or not + */ +function setRealmFromPath(path: string, inRealm: boolean) { + if (inRealm) { + let realm = path.substring( + path.indexOf('/') + 1, + path.indexOf('/', path.indexOf('/') + 1) + ); + realm = getRealmUsingExportFormat(realm); + verboseMessage(`realm = ${realm}`); + state.setRealm(realm); + } +} + +/** + * Pulls the path out of the path to the config file we are referencing. + * @param path the sub-path to the config file + */ +function checkForRealmFromPath(path: string) { + const inRealm = path.substring(0, path.indexOf('/')) === 'realm'; + if (inRealm) { + const realm = path.substring( + path.indexOf('/') + 1, + path.indexOf('/', path.indexOf('/') + 1) + ); + realms.add(realm); + } else { + realms.add('global'); + } +} + +/** + * These three object types are not promotable so we don't care to import or delete them with changes. + * @param path path to the config file we are looking at + */ +function checkTypeIsPromotable(path: string): boolean { + const type = getTypeFromPath(path); + let promotable: boolean; + switch (type) { + case 'cot': { + promotable = false; + break; + } + case 'policyset': { + promotable = false; + break; + } + case 'saml': { + promotable = false; + break; + } + default: + promotable = true; + } + return promotable; +} + +/** + * Pass in the path for where the export is and using a substring of that path + * the type is inferred from the directory where the file was stored. + * @param path the sub-path that is used to determine the type + */ +function getTypeFromPath(path: string): string { + let type: string; + if (path.includes('idm')) { + type = 'idm'; + } else { + type = path.substring( + path.substring(0, path.lastIndexOf('/')).lastIndexOf('/') + 1, + path.lastIndexOf('/') + ); + } + return type; +} diff --git a/src/ops/Saml2Ops.ts b/src/ops/Saml2Ops.ts index b0792164c..f707f8c6e 100644 --- a/src/ops/Saml2Ops.ts +++ b/src/ops/Saml2Ops.ts @@ -27,6 +27,7 @@ const { readSaml2ProviderStub, getSaml2ProviderMetadataUrl, getSaml2ProviderMetadata, + deleteSaml2Provider, exportSaml2Provider, exportSaml2Providers, importSaml2Provider, @@ -461,3 +462,27 @@ export async function importSaml2ProvidersFromFiles( } return false; } + +/** + * Delete saml by id + * @param {String} id saml entityId + * @returns {Promise} true if successful, false otherwise + */ +export async function deleteSaml2ProviderById( + entityId: string +): Promise { + const spinnerId = createProgressIndicator( + 'indeterminate', + undefined, + `Deleting ${entityId}...` + ); + try { + await deleteSaml2Provider(entityId); + stopProgressIndicator(spinnerId, `Deleted ${entityId}.`, 'success'); + return true; + } catch (error) { + stopProgressIndicator(spinnerId, `Error: ${error.message}`, 'fail'); + printError(error); + } + return false; +} diff --git a/test/client_cli/en/__snapshots__/idm-delete.test.js.snap b/test/client_cli/en/__snapshots__/idm-delete.test.js.snap new file mode 100644 index 000000000..aaecb77aa --- /dev/null +++ b/test/client_cli/en/__snapshots__/idm-delete.test.js.snap @@ -0,0 +1,104 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`CLI help interface for 'idm delete' should be expected english 1`] = ` +"Usage: frodo idm delete [options] [host] [realm] [username] [password] + +Delete AM services. + +Arguments: + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a + unique substring. + realm Realm. Specify realm as '/' for the root + realm or 'realm' or '/parent/child' + otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin + user with appropriate rights to manage + authentication journeys/trees. + password Password. + +Options: + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. + If specified, may or may not produce + additional output helpful for + troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --id Id of Service to be deleted. + --idm-host IDM base URL, e.g.: + https://cdk.idm.example.com/myidm. Use + only if your IDM installation resides in + a different domain and/or if the base + path differs from the default + "/openidm". + -k, --insecure Allow insecure connections when using + SSL/TLS. Has no effect when using a + network proxy for https + (HTTPS_PROXY=http://:), in + that case the proxy must provide this + capability. (default: Don't allow + insecure connections) + --login-client-id Specify a custom OAuth2 client id to use + a your own oauth2 client for IDM API + calls in deployments of type "cloud" or + "forgeops". Your custom client must be + configured as a public client and allow + the authorization code grant using the + "openid fr:idm:*" scope. Use the + "--redirect-uri" parameter if you have + configured a custom redirect uri + (default: + "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use + with your custom OAuth2 client (efault: + "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. + Valid values for type: + classic: A classic Access + Management-only deployment with custom + layout and configuration. + cloud: A ForgeRock Identity Cloud + environment. + forgeops: A ForgeOps CDK or CDM + deployment. + The detected or provided deployment type + controls certain behavior like obtaining + an Identity Management admin token or + not and whether to export/import + referenced email templates or how to + walk through the tenant admin login flow + of Identity Cloud and handle MFA + (choices: "classic", "cloud", + "forgeops") + --no-cache Disable token cache for this operation. + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) + associated with the the service account. + --verbose Verbose output during command execution. + If specified, may or may not produce + additional output. + +Environment Variables: + FRODO_HOST: AM base URL. Overridden by 'host' argument. + FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. + FRODO_REALM: Realm. Overridden by 'realm' argument. + FRODO_USERNAME: Username. Overridden by 'username' argument. + FRODO_PASSWORD: Password. Overridden by 'password' argument. + FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. + FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. + FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. + FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. + FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. + FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. + FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. + FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. + FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. + +" +`; diff --git a/test/client_cli/en/__snapshots__/idm.test.js.snap b/test/client_cli/en/__snapshots__/idm.test.js.snap index 79f6d7167..40f9a7713 100644 --- a/test/client_cli/en/__snapshots__/idm.test.js.snap +++ b/test/client_cli/en/__snapshots__/idm.test.js.snap @@ -10,6 +10,7 @@ Options: Commands: count Count managed objects. + delete Delete AM services. export Export IDM configuration objects. help display help for command import Import IDM configuration objects. diff --git a/test/client_cli/en/__snapshots__/idp-delete.test.js.snap b/test/client_cli/en/__snapshots__/idp-delete.test.js.snap new file mode 100644 index 000000000..99b7a467a --- /dev/null +++ b/test/client_cli/en/__snapshots__/idp-delete.test.js.snap @@ -0,0 +1,104 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`CLI help interface for 'idp delete' should be expected english 1`] = ` +"Usage: frodo idp delete [options] [host] [realm] [username] [password] + +Delete (social) identity providers. + +Arguments: + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a + unique substring. + realm Realm. Specify realm as '/' for the root + realm or 'realm' or '/parent/child' + otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin + user with appropriate rights to manage + authentication journeys/trees. + password Password. + +Options: + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. + If specified, may or may not produce + additional output helpful for + troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --idp-id Id/name of a provider. + --idm-host IDM base URL, e.g.: + https://cdk.idm.example.com/myidm. Use + only if your IDM installation resides in + a different domain and/or if the base + path differs from the default + "/openidm". + -k, --insecure Allow insecure connections when using + SSL/TLS. Has no effect when using a + network proxy for https + (HTTPS_PROXY=http://:), in + that case the proxy must provide this + capability. (default: Don't allow + insecure connections) + --login-client-id Specify a custom OAuth2 client id to use + a your own oauth2 client for IDM API + calls in deployments of type "cloud" or + "forgeops". Your custom client must be + configured as a public client and allow + the authorization code grant using the + "openid fr:idm:*" scope. Use the + "--redirect-uri" parameter if you have + configured a custom redirect uri + (default: + "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use + with your custom OAuth2 client (efault: + "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. + Valid values for type: + classic: A classic Access + Management-only deployment with custom + layout and configuration. + cloud: A ForgeRock Identity Cloud + environment. + forgeops: A ForgeOps CDK or CDM + deployment. + The detected or provided deployment type + controls certain behavior like obtaining + an Identity Management admin token or + not and whether to export/import + referenced email templates or how to + walk through the tenant admin login flow + of Identity Cloud and handle MFA + (choices: "classic", "cloud", + "forgeops") + --no-cache Disable token cache for this operation. + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) + associated with the the service account. + --verbose Verbose output during command execution. + If specified, may or may not produce + additional output. + +Environment Variables: + FRODO_HOST: AM base URL. Overridden by 'host' argument. + FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. + FRODO_REALM: Realm. Overridden by 'realm' argument. + FRODO_USERNAME: Username. Overridden by 'username' argument. + FRODO_PASSWORD: Password. Overridden by 'password' argument. + FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. + FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. + FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. + FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. + FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. + FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. + FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. + FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. + FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. + +" +`; diff --git a/test/client_cli/en/__snapshots__/idp.test.js.snap b/test/client_cli/en/__snapshots__/idp.test.js.snap index 08470b785..2f5255206 100644 --- a/test/client_cli/en/__snapshots__/idp.test.js.snap +++ b/test/client_cli/en/__snapshots__/idp.test.js.snap @@ -9,6 +9,7 @@ Options: -h, --help Help Commands: + delete Delete (social) identity providers. export Export (social) identity providers. help display help for command import Import (social) identity providers. diff --git a/test/client_cli/en/__snapshots__/oauth-client-delete.test.js.snap b/test/client_cli/en/__snapshots__/oauth-client-delete.test.js.snap new file mode 100644 index 000000000..f4643f35a --- /dev/null +++ b/test/client_cli/en/__snapshots__/oauth-client-delete.test.js.snap @@ -0,0 +1,109 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`CLI help interface for 'oauth client delete' should be expected english 1`] = ` +"Usage: frodo oauth client delete [options] [host] [realm] [username] [password] + +Delete OAuth2 clients. + +Arguments: + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a + unique substring. + realm Realm. Specify realm as '/' for the root + realm or 'realm' or '/parent/child' + otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin + user with appropriate rights to manage + authentication journeys/trees. + password Password. + +Options: + -a, --all Delete all cmds in a realm. Ignored with + -i. + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. + If specified, may or may not produce + additional output helpful for + troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --app-id OAuth2 client id/name. If specified, -a + and -A are ignored. + --idm-host IDM base URL, e.g.: + https://cdk.idm.example.com/myidm. Use + only if your IDM installation resides in + a different domain and/or if the base + path differs from the default + "/openidm". + -k, --insecure Allow insecure connections when using + SSL/TLS. Has no effect when using a + network proxy for https + (HTTPS_PROXY=http://:), in + that case the proxy must provide this + capability. (default: Don't allow + insecure connections) + --login-client-id Specify a custom OAuth2 client id to use + a your own oauth2 client for IDM API + calls in deployments of type "cloud" or + "forgeops". Your custom client must be + configured as a public client and allow + the authorization code grant using the + "openid fr:idm:*" scope. Use the + "--redirect-uri" parameter if you have + configured a custom redirect uri + (default: + "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use + with your custom OAuth2 client (efault: + "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. + Valid values for type: + classic: A classic Access + Management-only deployment with custom + layout and configuration. + cloud: A ForgeRock Identity Cloud + environment. + forgeops: A ForgeOps CDK or CDM + deployment. + The detected or provided deployment type + controls certain behavior like obtaining + an Identity Management admin token or + not and whether to export/import + referenced email templates or how to + walk through the tenant admin login flow + of Identity Cloud and handle MFA + (choices: "classic", "cloud", + "forgeops") + --no-cache Disable token cache for this operation. + --no-deep No deep delete. This leaves orphaned + configuration artifacts behind. + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) + associated with the the service account. + --verbose Verbose output during command execution. + If specified, may or may not produce + additional output. + +Environment Variables: + FRODO_HOST: AM base URL. Overridden by 'host' argument. + FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. + FRODO_REALM: Realm. Overridden by 'realm' argument. + FRODO_USERNAME: Username. Overridden by 'username' argument. + FRODO_PASSWORD: Password. Overridden by 'password' argument. + FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. + FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. + FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. + FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. + FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. + FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. + FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. + FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. + FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. + +" +`; diff --git a/test/client_cli/en/__snapshots__/oauth-client.test.js.snap b/test/client_cli/en/__snapshots__/oauth-client.test.js.snap index 9175a015d..1f1727b40 100644 --- a/test/client_cli/en/__snapshots__/oauth-client.test.js.snap +++ b/test/client_cli/en/__snapshots__/oauth-client.test.js.snap @@ -9,6 +9,7 @@ Options: -h, --help Help Commands: + delete Delete OAuth2 clients. export Export OAuth2 clients. help display help for command import Import OAuth2 clients. diff --git a/test/client_cli/en/__snapshots__/promote.test.js.snap b/test/client_cli/en/__snapshots__/promote.test.js.snap new file mode 100644 index 000000000..2f5865035 --- /dev/null +++ b/test/client_cli/en/__snapshots__/promote.test.js.snap @@ -0,0 +1,139 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`CLI help interface for 'app' should be expected english 1`] = ` +"Usage: frodo promote [options] [host] [realm] [username] [password] + +Prepares a tenant to be promoted + +Arguments: + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a + unique substring. + realm Realm. Specify realm as '/' for the root + realm or 'realm' or '/parent/child' + otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin + user with appropriate rights to manage + authentication journeys/trees. + password Password. + +Options: + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. + If specified, may or may not produce + additional output helpful for + troubleshooting. + -E, --frodo-export-dir The directory where the frodo export is + located. + --flush-cache Flush token cache. + -h, --help Help + --idm-host IDM base URL, e.g.: + https://cdk.idm.example.com/myidm. Use + only if your IDM installation resides in + a different domain and/or if the base + path differs from the default + "/openidm". + -k, --insecure Allow insecure connections when using + SSL/TLS. Has no effect when using a + network proxy for https + (HTTPS_PROXY=http://:), in + that case the proxy must provide this + capability. (default: Don't allow + insecure connections) + --login-client-id Specify a custom OAuth2 client id to use + a your own oauth2 client for IDM API + calls in deployments of type "cloud" or + "forgeops". Your custom client must be + configured as a public client and allow + the authorization code grant using the + "openid fr:idm:*" scope. Use the + "--redirect-uri" parameter if you have + configured a custom redirect uri + (default: + "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use + with your custom OAuth2 client (efault: + "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. + Valid values for type: + classic: A classic Access + Management-only deployment with custom + layout and configuration. + cloud: A ForgeRock Identity Cloud + environment. + forgeops: A ForgeOps CDK or CDM + deployment. + The detected or provided deployment type + controls certain behavior like obtaining + an Identity Management admin token or + not and whether to export/import + referenced email templates or how to + walk through the tenant admin login flow + of Identity Cloud and handle MFA + (choices: "classic", "cloud", + "forgeops") + -M, --master-dir The directory where the master + configurations is located. + --no-cache Disable token cache for this operation. + --no-prune Will stop prune from running + -P --print-diff Outputs the diff to a file in the + directory where the command was run. + (default: false) + --propmt-prune Will prompt for Frodo Journey Prune on + all realms (default: false) + -S --effect-secrets Will effect the secrets, otherwise we + will not change the secrets but will + compare them (default: false) + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) + associated with the the service account. + --target Host URL of the environment to perform + secret value encryption. The URL must + resolve to an existing connection + profile. Use this option to generate an + export that can be imported into the + target environment without requiring + admin access to the source environment. + --verbose Verbose output during command execution. + If specified, may or may not produce + additional output. + -W --wait-secrets When secrets are effected we need to run + a refresh on the enviornment. This will + cause the command to wait until the + refresh is finished. (default: false) + --what-if Runs a what if of the comparison, so it + wont do any changes (default: false) + +Environment Variables: + FRODO_HOST: AM base URL. Overridden by 'host' argument. + FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. + FRODO_REALM: Realm. Overridden by 'realm' argument. + FRODO_USERNAME: Username. Overridden by 'username' argument. + FRODO_PASSWORD: Password. Overridden by 'password' argument. + FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. + FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. + FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. + FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. + FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. + FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. + FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. + FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. + FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. + +This is used to compare two directories and automatically import and deleteconfigurations so the tenant can be promoted. It will compare a master export to a current exportand make the changes based off that diff. A file will be generated to show what has changed. +Usage Examples: + +frodo promote -M ./master -E ./export [testTenant] + +This will run the promote command making the changes from master to the export, with the master being the one we are going to. + +frodo promote --what-if -M ./master -E ./export [testTenant] + +This will output the changes that would be made if the promote was run but will not do those changes +" +`; diff --git a/test/client_cli/en/__snapshots__/root.test.js.snap b/test/client_cli/en/__snapshots__/root.test.js.snap index 180e12809..d31f1b894 100644 --- a/test/client_cli/en/__snapshots__/root.test.js.snap +++ b/test/client_cli/en/__snapshots__/root.test.js.snap @@ -4,34 +4,35 @@ exports[`CLI help interface for 'frodo' root command should be expected english "Usage: frodo [options] [command] Options: - -v, --version output the version number - -h, --help display help for command + -v, --version output the version number + -h, --help display help for command Commands: - admin Platform admin tasks. - agent Manage agents. - authn Manage authentication settings. - authz Manage authorization policies, policy sets, and resource types. - app Manage applications. - config Manage full cloud configuration. - conn|connection Manage connection profiles. - email Manage email templates and configuration. - esv Manage environment secrets and variables (ESVs). - idm Manage IDM configuration. - idp Manage (social) identity providers. - info [options] [host] [username] [password] Print versions and tokens. - journey Manage journeys/trees. - log|logs List/View Identity Cloud logs - mapping Manage IDM mappings. - oauth Manage OAuth2 clients and providers. - realm Manage realms. - role Manage internal (authorization) roles. - saml Manage SAML entity providers and circles of trust. - script Manage scripts. - server Manage servers. - service Manage AM services. - shell [options] [host] [realm] [username] [password] Launch the frodo interactive shell. - theme Manage themes. - help [command] display help for command + admin Platform admin tasks. + agent Manage agents. + authn Manage authentication settings. + authz Manage authorization policies, policy sets, and resource types. + app Manage applications. + config Manage full cloud configuration. + conn|connection Manage connection profiles. + email Manage email templates and configuration. + esv Manage environment secrets and variables (ESVs). + idm Manage IDM configuration. + idp Manage (social) identity providers. + info [options] [host] [username] [password] Print versions and tokens. + journey Manage journeys/trees. + log|logs List/View Identity Cloud logs + mapping Manage IDM mappings. + oauth Manage OAuth2 clients and providers. + promote [options] [host] [realm] [username] [password] Prepares a tenant to be promoted + realm Manage realms. + role Manage internal (authorization) roles. + saml Manage SAML entity providers and circles of trust. + script Manage scripts. + server Manage servers. + service Manage AM services. + shell [options] [host] [realm] [username] [password] Launch the frodo interactive shell. + theme Manage themes. + help [command] display help for command " `; diff --git a/test/client_cli/en/idm-delete.test.js b/test/client_cli/en/idm-delete.test.js new file mode 100644 index 000000000..858464c0b --- /dev/null +++ b/test/client_cli/en/idm-delete.test.js @@ -0,0 +1,10 @@ +import cp from 'child_process'; +import { promisify } from 'util'; + +const exec = promisify(cp.exec); +const CMD = 'frodo idm delete --help'; +const { stdout } = await exec(CMD); + +test("CLI help interface for 'idm delete' should be expected english", async () => { + expect(stdout).toMatchSnapshot(); +}); diff --git a/test/client_cli/en/idp-delete.test.js b/test/client_cli/en/idp-delete.test.js new file mode 100644 index 000000000..5f611de1a --- /dev/null +++ b/test/client_cli/en/idp-delete.test.js @@ -0,0 +1,10 @@ +import cp from 'child_process'; +import { promisify } from 'util'; + +const exec = promisify(cp.exec); +const CMD = 'frodo idp delete --help'; +const { stdout } = await exec(CMD); + +test("CLI help interface for 'idp delete' should be expected english", async () => { + expect(stdout).toMatchSnapshot(); +}); diff --git a/test/client_cli/en/oauth-client-delete.test_.js b/test/client_cli/en/oauth-client-delete.test.js similarity index 100% rename from test/client_cli/en/oauth-client-delete.test_.js rename to test/client_cli/en/oauth-client-delete.test.js diff --git a/test/client_cli/en/promote.test.js b/test/client_cli/en/promote.test.js new file mode 100644 index 000000000..ea5aabe49 --- /dev/null +++ b/test/client_cli/en/promote.test.js @@ -0,0 +1,10 @@ +import cp from 'child_process'; +import { promisify } from 'util'; + +const exec = promisify(cp.exec); +const CMD = 'frodo promote --help'; +const { stdout } = await exec(CMD); + +test("CLI help interface for 'app' should be expected english", async () => { + expect(stdout).toMatchSnapshot(); +}); diff --git a/test/e2e/__snapshots__/idm-delete.e2e.test.js.snap b/test/e2e/__snapshots__/idm-delete.e2e.test.js.snap new file mode 100644 index 000000000..b41c251d5 --- /dev/null +++ b/test/e2e/__snapshots__/idm-delete.e2e.test.js.snap @@ -0,0 +1,3 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`frodo idm delete -i "emailTemplate/deleteTemplate" "frodo idm delete -i emailTemplate/deleteTemplate": should delete idm config with entityId emailTemplate/deleteTemplate 1`] = `""`; diff --git a/test/e2e/__snapshots__/idp-delete.e2e.test.js.snap b/test/e2e/__snapshots__/idp-delete.e2e.test.js.snap new file mode 100644 index 000000000..ceae3f37b --- /dev/null +++ b/test/e2e/__snapshots__/idp-delete.e2e.test.js.snap @@ -0,0 +1,104 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`"frodo idp delete -i insta" "frodo idp delete -i insta": should delete idp config with Id insta 1`] = ` +"Usage: frodo idp delete [options] [host] [realm] [username] [password] + +Delete (social) identity providers. + +Arguments: + host AM base URL, e.g.: + https://cdk.iam.example.com/am. To use a + connection profile, just specify a + unique substring. + realm Realm. Specify realm as '/' for the root + realm or 'realm' or '/parent/child' + otherwise. (default: "alpha" for + Identity Cloud tenants, "/" otherwise.) + username Username to login with. Must be an admin + user with appropriate rights to manage + authentication journeys/trees. + password Password. + +Options: + --curlirize Output all network calls in curl format. + -D, --directory Set the working directory. + --debug Debug output during command execution. + If specified, may or may not produce + additional output helpful for + troubleshooting. + --flush-cache Flush token cache. + -h, --help Help + -i, --idp-id Id/name of a provider. + --idm-host IDM base URL, e.g.: + https://cdk.idm.example.com/myidm. Use + only if your IDM installation resides in + a different domain and/or if the base + path differs from the default + "/openidm". + -k, --insecure Allow insecure connections when using + SSL/TLS. Has no effect when using a + network proxy for https + (HTTPS_PROXY=http://:), in + that case the proxy must provide this + capability. (default: Don't allow + insecure connections) + --login-client-id Specify a custom OAuth2 client id to use + a your own oauth2 client for IDM API + calls in deployments of type "cloud" or + "forgeops". Your custom client must be + configured as a public client and allow + the authorization code grant using the + "openid fr:idm:*" scope. Use the + "--redirect-uri" parameter if you have + configured a custom redirect uri + (default: + "/platform/appAuthHelperRedirect.html"). + --login-redirect-uri Specify a custom redirect URI to use + with your custom OAuth2 client (efault: + "/platform/appAuthHelperRedirect.html"). + -m, --type Override auto-detected deployment type. + Valid values for type: + classic: A classic Access + Management-only deployment with custom + layout and configuration. + cloud: A ForgeRock Identity Cloud + environment. + forgeops: A ForgeOps CDK or CDM + deployment. + The detected or provided deployment type + controls certain behavior like obtaining + an Identity Management admin token or + not and whether to export/import + referenced email templates or how to + walk through the tenant admin login flow + of Identity Cloud and handle MFA + (choices: "classic", "cloud", + "forgeops") + --no-cache Disable token cache for this operation. + --sa-id Service account id. + --sa-jwk-file File containing the JSON Web Key (JWK) + associated with the the service account. + --verbose Verbose output during command execution. + If specified, may or may not produce + additional output. + +Environment Variables: + FRODO_HOST: AM base URL. Overridden by 'host' argument. + FRODO_IDM_HOST: IDM base URL. Overridden by '--idm-host' option. + FRODO_REALM: Realm. Overridden by 'realm' argument. + FRODO_USERNAME: Username. Overridden by 'username' argument. + FRODO_PASSWORD: Password. Overridden by 'password' argument. + FRODO_LOGIN_CLIENT_ID: OAuth2 client id for IDM API calls. Overridden by '--login-client-id' option. + FRODO_LOGIN_REDIRECT_URI: Redirect Uri for custom OAuth2 client id. Overridden by '--login-redirect-uri' option. + FRODO_SA_ID: Service account uuid. Overridden by '--sa-id' option. + FRODO_SA_JWK: Service account JWK. Overridden by '--sa-jwk-file' option but takes the actual JWK as a value, not a file name. + FRODO_NO_CACHE: Disable token cache. Same as '--no-cache' option. + FRODO_TOKEN_CACHE_PATH: Use this token cache file instead of '~/.frodo/TokenCache.json'. + FRODO_CONNECTION_PROFILES_PATH: Use this connection profiles file instead of '~/.frodo/Connections.json'. + FRODO_AUTHENTICATION_SERVICE: Name of a login journey to use. + FRODO_DEBUG: Set to any value to enable debug output. Same as '--debug'. + FRODO_MASTER_KEY_PATH: Use this master key file instead of '~/.frodo/masterkey.key' file. + FRODO_MASTER_KEY: Use this master key instead of what's in '~/.frodo/masterkey.key'. Takes precedence over FRODO_MASTER_KEY_PATH. + +" +`; diff --git a/test/e2e/__snapshots__/oauth-client-delete.e2e.test.js.snap b/test/e2e/__snapshots__/oauth-client-delete.e2e.test.js.snap new file mode 100644 index 000000000..49a0e83c4 --- /dev/null +++ b/test/e2e/__snapshots__/oauth-client-delete.e2e.test.js.snap @@ -0,0 +1,3 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`frodo oauth client delete -i testapp "frodo oauth client delete -i testapp": should delete the oauth client with oauth client id "testapp" 1`] = `""`; diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/baselineDemoEmailVerification.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/baselineDemoEmailVerification.emailTemplate.json new file mode 100644 index 000000000..7bb5fa359 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/baselineDemoEmailVerification.emailTemplate.json @@ -0,0 +1,23 @@ +{ + "emailTemplate": { + "baselineDemoEmailVerification": { + "_id": "emailTemplate/baselineDemoEmailVerification", + "defaultLocale": "en", + "displayName": "Baseline Demo Email Verification", + "enabled": true, + "from": "security@example.com", + "html": { + "en": "

Email Verification


Hello,

Great to have you on board.


Verify Your Account

Finish the steps of verification for the account by clicking the button below.


Click Here to Verify Your Account

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

" + }, + "message": { + "en": "

Email Verification


Hello,

Great to have you on board.


Verify Your Account

Finish the steps of verfication for the account by clicking the button below.


Click Here to Verify Your Account

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

" + }, + "mimeType": "text/html", + "styles": "body {\n background-color: #f6f6f6;\n color: #455469;\n padding: 60px;\n text-align: center \n}\n a {\n text-decoration: none;\n color: #109cf1;\n}\n h1 {\n font-size: 40px;\n text-align: center;\n}\n h2 {\n font-size: 36px;\n}\n h3 {\n font-size: 32px;\n}\n h4 {\n font-size: 28px;\n}\n h5 {\n font-size: 24px;\n}\n h6 {\n font-size: 20px;\n}\n .content {\n background-color: #fff;\n border-radius: 4px;\n margin: 0 auto;\n padding: 48px;\n width: 600px \n}\n .button {\n background-color: #109cf1;\n border: none;\n color: white;\n padding: 15px 32px;\n text-align: center;\n text-decoration: none;\n display: inline-block;\n font-size: 16px;\n}\n ", + "subject": { + "en": "Please verify your email address" + }, + "templateId": "baselineDemoEmailVerification" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/baselineDemoMagicLink.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/baselineDemoMagicLink.emailTemplate.json new file mode 100644 index 000000000..769fa375c --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/baselineDemoMagicLink.emailTemplate.json @@ -0,0 +1,23 @@ +{ + "emailTemplate": { + "baselineDemoMagicLink": { + "_id": "emailTemplate/baselineDemoMagicLink", + "defaultLocale": "en", + "displayName": "Baseline Demo Magic Link", + "enabled": true, + "from": "security@example.com", + "html": { + "en": "

Welcome back


Hello,

You're receiving this email because you requested a link to sign you into your account.


Finish Signing In

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

" + }, + "message": { + "en": "

Welcome back


Hello,

You're receiving this email because you requested a link to sign you into your account.


Finish Signing In

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

" + }, + "mimeType": "text/html", + "styles": "body {\n background-color: #f6f6f6;\n color: #455469;\n padding: 60px;\n text-align: center \n}\n a {\n text-decoration: none;\n color: #109cf1;\n}\n h1 {\n font-size: 40px;\n text-align: center;\n}\n h2 {\n font-size: 36px;\n}\n h3 {\n font-size: 32px;\n}\n h4 {\n font-size: 28px;\n}\n h5 {\n font-size: 24px;\n}\n h6 {\n font-size: 20px;\n}\n .content {\n background-color: #fff;\n border-radius: 4px;\n margin: 0 auto;\n padding: 48px;\n width: 600px \n}\n .button {\n background-color: #109cf1;\n border: none;\n color: white;\n padding: 15px 32px;\n text-align: center;\n text-decoration: none;\n display: inline-block;\n font-size: 16px;\n}\n ", + "subject": { + "en": "Your sign-in link" + }, + "templateId": "baselineDemoMagicLink" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/deleteTemplate.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/deleteTemplate.emailTemplate.json new file mode 100644 index 000000000..ac199f199 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/deleteTemplate.emailTemplate.json @@ -0,0 +1,23 @@ +{ + "emailTemplate": { + "deleteTemplate": { + "_id": "emailTemplate/deleteTemplate", + "defaultLocale": "en", + "description": "", + "displayName": "deleteTemplate", + "enabled": true, + "from": "", + "html": { + "en": "

\"alt

Email Title

Message text lorem ipsum dolor sit amet consectetur adipisicing elit sed do eiusmod tempor.

" + }, + "message": { + "en": "

\"alt

Email Title

Message text lorem ipsum dolor sit amet consectetur adipisicing elit sed do eiusmod tempor.

" + }, + "mimeType": "text/html", + "styles": "body {\n background-color: #324054;\n color: #455469;\n padding: 60px;\n text-align: center \n}\n a {\n text-decoration: none;\n color: #109cf1;\n}\n .content {\n background-color: #fff;\n border-radius: 4px;\n margin: 0 auto;\n padding: 48px;\n width: 235px \n}\n", + "subject": { + "en": "" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/forgottenUsername.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/forgottenUsername.emailTemplate.json new file mode 100644 index 000000000..e5469d572 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/forgottenUsername.emailTemplate.json @@ -0,0 +1,24 @@ +{ + "emailTemplate": { + "forgottenUsername": { + "_id": "emailTemplate/forgottenUsername", + "defaultLocale": "en", + "enabled": true, + "from": "", + "html": { + "en": "{{#if object.userName}}

Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", + "fr": "{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

" + }, + "message": { + "en": "

{{#if object.userName}}Your username is '{{object.userName}}'.

{{else}}If you received this email in error, please disregard.{{/if}}

Click here to login

", + "fr": "
{{#if object.userName}}

Votre nom d'utilisateur est '{{object.userName}}'.

{{else}}Si vous avez reçu cet e-mail par erreur, veuillez ne pas en tenir compte.{{/if}}

Cliquez ici pour vous connecter

" + }, + "mimeType": "text/html", + "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", + "subject": { + "en": "Account Information - username", + "fr": "Informations sur le compte - nom d'utilisateur" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/frEmailUpdated.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/frEmailUpdated.emailTemplate.json new file mode 100644 index 000000000..6dda56a49 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/frEmailUpdated.emailTemplate.json @@ -0,0 +1,17 @@ +{ + "emailTemplate": { + "frEmailUpdated": { + "_id": "emailTemplate/frEmailUpdated", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
\"ForgeRock

Your account email has changed

Your ForgeRock Identity Cloud email has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
" + }, + "mimeType": "text/html", + "subject": { + "en": "Your email has been updated" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/frForgotUsername.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/frForgotUsername.emailTemplate.json new file mode 100644 index 000000000..d4a5ef795 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/frForgotUsername.emailTemplate.json @@ -0,0 +1,17 @@ +{ + "emailTemplate": { + "frForgotUsername": { + "_id": "emailTemplate/frForgotUsername", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
\"ForgeRock

Forgot your username?

Your username is {{ object.userName }}.

Sign In to Your Account

If you didn't request this, please ignore this email.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
" + }, + "mimeType": "text/html", + "subject": { + "en": "Forgot Username" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/frOnboarding.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/frOnboarding.emailTemplate.json new file mode 100644 index 000000000..cd0da976c --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/frOnboarding.emailTemplate.json @@ -0,0 +1,17 @@ +{ + "emailTemplate": { + "frOnboarding": { + "_id": "emailTemplate/frOnboarding", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
\"ForgeRock

Your account is ready

Your ForgeRock Identity Cloud account is ready. Click the button below to complete registration and access your environment.

Complete Registration

If you did not request this account, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
" + }, + "mimeType": "text/html", + "subject": { + "en": "Complete your ForgeRock Identity Cloud registration" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/frPasswordUpdated.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/frPasswordUpdated.emailTemplate.json new file mode 100644 index 000000000..9a6fd6fc8 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/frPasswordUpdated.emailTemplate.json @@ -0,0 +1,17 @@ +{ + "emailTemplate": { + "frPasswordUpdated": { + "_id": "emailTemplate/frPasswordUpdated", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
\"ForgeRock

Your account password has changed

Your ForgeRock Identity Cloud password has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
" + }, + "mimeType": "text/html", + "subject": { + "en": "Your password has been updated" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/frProfileUpdated.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/frProfileUpdated.emailTemplate.json new file mode 100644 index 000000000..d5f096df7 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/frProfileUpdated.emailTemplate.json @@ -0,0 +1,17 @@ +{ + "emailTemplate": { + "frProfileUpdated": { + "_id": "emailTemplate/frProfileUpdated", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
\"ForgeRock

Your account profile has changed

Your ForgeRock Identity Cloud profile has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
" + }, + "mimeType": "text/html", + "subject": { + "en": "Your profile has been updated" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/frResetPassword.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/frResetPassword.emailTemplate.json new file mode 100644 index 000000000..4a4030954 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/frResetPassword.emailTemplate.json @@ -0,0 +1,17 @@ +{ + "emailTemplate": { + "frResetPassword": { + "_id": "emailTemplate/frResetPassword", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
\"ForgeRock

Reset your password

It seems you have forgotten the password for your ForgeRock Identity Cloud account. Click the button below to reset your password and access your environment.

Reset Password

If you did not request to reset your password, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
" + }, + "mimeType": "text/html", + "subject": { + "en": "Reset your password" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/frUsernameUpdated.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/frUsernameUpdated.emailTemplate.json new file mode 100644 index 000000000..c40cfa326 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/frUsernameUpdated.emailTemplate.json @@ -0,0 +1,17 @@ +{ + "emailTemplate": { + "frUsernameUpdated": { + "_id": "emailTemplate/frUsernameUpdated", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "
\"ForgeRock

Your account username has changed

Your ForgeRock Identity Cloud username has been changed. If you did not request this change, please contact ForgeRock support.

Thanks,
The ForgeRock Team

© 2001-{{ object.currentYear }} ForgeRock Inc®, All Rights Reserved.
201 Mission St Suite 2900, San Francisco, CA 94105
Privacy Policy
" + }, + "mimeType": "text/html", + "subject": { + "en": "Your username has been updated" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/idv.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/idv.emailTemplate.json new file mode 100644 index 000000000..6e78adf96 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/idv.emailTemplate.json @@ -0,0 +1,28 @@ +{ + "emailTemplate": { + "idv": { + "_id": "emailTemplate/idv", + "defaultLocale": "en", + "description": "Identity Verification Invitation", + "displayName": "idv", + "enabled": true, + "from": "", + "html": { + "en": "

Click the link below to verify your identity:

Verify my identity now

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

" + }, + "message": { + "en": "

Click the link below to verify your identity:

Verify my identity now

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

" + }, + "mimeType": "text/html", + "name": "registration", + "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", + "subject": { + "en": "You have been invited to verify your identity", + "fr": "Créer un nouveau compte" + }, + "templateId": "idv" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/joiner.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/joiner.emailTemplate.json new file mode 100644 index 000000000..5d51d685d --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/joiner.emailTemplate.json @@ -0,0 +1,25 @@ +{ + "emailTemplate": { + "joiner": { + "_id": "emailTemplate/joiner", + "advancedEditor": true, + "defaultLocale": "en", + "description": "This email will be sent onCreate of user to the external eMail address provided during creation. An OTP will also be sent to Telephone Number provided during creation to validate the user. The user will then be able to set their password and ForgeRock Push Authenticator", + "displayName": "Joiner", + "enabled": true, + "from": "\"Encore HR\" ", + "html": { + "en": "" + }, + "message": { + "en": "\n \n \n
\n

\n \n

\n

Welcome to Encore {{object.givenName}} {{object.sn}}

\n

Please click on the link below to validate your phone number with a One Time Code that will be sent via SMS or called to you depending on your phone type.

\n

You will see your UserName and have the ability to set your password that will be used to login to Encore resources.

\n

As we believe in enhanced security, you will also be setting up a Push Notification for future use.

\n Click to Join Encore\n
\n \n" + }, + "mimeType": "text/html", + "styles": "body {\n background-color: #324054;\n color: #455469;\n padding: 60px;\n text-align: center \n}\n a {\n text-decoration: none;\n color: #109cf1;\n}\n .content {\n background-color: #fff;\n border-radius: 4px;\n margin: 0 auto;\n padding: 48px;\n width: 235px \n}\n ", + "subject": { + "en": "Welcome to Encore!" + }, + "templateId": "joiner" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/registerPasswordlessDevice.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/registerPasswordlessDevice.emailTemplate.json new file mode 100644 index 000000000..470f7feb3 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/registerPasswordlessDevice.emailTemplate.json @@ -0,0 +1,24 @@ +{ + "emailTemplate": { + "registerPasswordlessDevice": { + "_id": "emailTemplate/registerPasswordlessDevice", + "defaultLocale": "en", + "description": "", + "displayName": "Register Passwordless Device", + "enabled": true, + "from": "\"ForgeRock Identity Cloud\" ", + "html": { + "en": "

Welcome back

\"alt


Hello,

You're receiving this email because you requested a link to register a new passwordless device.


Register New Device

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

" + }, + "message": { + "en": "

Welcome back

\"alt


Hello,

You're receiving this email because you requested a link to register a new passwordless device.


Register New Device

This link will expire in 24 hours.


-- The ForgeRock Team

www.forgerock.com

201 Mission St Suite 2900

San Francisco, CA 94105

support@forgerock.com

If you did not request for this email, please ignore and we won't email you again.

ForgeRock | Privacy Policy

" + }, + "mimeType": "text/html", + "styles": "body {\n\tbackground-color: #324054;\n\tcolor: #455469;\n\tpadding: 60px;\n\ttext-align: center\n}\n\na {\n\ttext-decoration: none;\n\tcolor: #109cf1;\n}\n\n.content {\n\tbackground-color: #fff;\n\tborder-radius: 4px;\n\tmargin: 0 auto;\n\tpadding: 48px;\n\twidth: 235px\n}\n", + "subject": { + "en": "Your magic link is here - register new WebAuthN device" + }, + "templateId": "registerPasswordlessDevice" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/registration.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/registration.emailTemplate.json new file mode 100644 index 000000000..bb77e55fc --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/registration.emailTemplate.json @@ -0,0 +1,24 @@ +{ + "emailTemplate": { + "registration": { + "_id": "emailTemplate/registration", + "defaultLocale": "en", + "enabled": true, + "from": "", + "html": { + "en": "

This is your registration email.

Email verification link

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

" + }, + "message": { + "en": "

This is your registration email.

Email verification link

", + "fr": "

Ceci est votre mail d'inscription.

Lien de vérification email

" + }, + "mimeType": "text/html", + "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", + "subject": { + "en": "Register new account", + "fr": "Créer un nouveau compte" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/resetPassword.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/resetPassword.emailTemplate.json new file mode 100644 index 000000000..7d62f29a0 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/resetPassword.emailTemplate.json @@ -0,0 +1,19 @@ +{ + "emailTemplate": { + "resetPassword": { + "_id": "emailTemplate/resetPassword", + "defaultLocale": "en", + "enabled": true, + "from": "", + "message": { + "en": "

Click to reset your password

Password reset link

", + "fr": "

Cliquez pour réinitialiser votre mot de passe

Mot de passe lien de réinitialisation

" + }, + "mimeType": "text/html", + "subject": { + "en": "Reset your password", + "fr": "RĂ©initialisez votre mot de passe" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/updatePassword.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/updatePassword.emailTemplate.json new file mode 100644 index 000000000..3d4156c44 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/updatePassword.emailTemplate.json @@ -0,0 +1,21 @@ +{ + "emailTemplate": { + "updatePassword": { + "_id": "emailTemplate/updatePassword", + "defaultLocale": "en", + "enabled": true, + "from": "", + "html": { + "en": "

Verify email to update password

Update password link

" + }, + "message": { + "en": "

Verify email to update password

Update password link

" + }, + "mimeType": "text/html", + "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", + "subject": { + "en": "Update your password" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/emailTemplate/welcome.emailTemplate.json b/test/e2e/exports/full-export-separate/global/emailTemplate/welcome.emailTemplate.json new file mode 100644 index 000000000..dcefbd668 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/emailTemplate/welcome.emailTemplate.json @@ -0,0 +1,23 @@ +{ + "emailTemplate": { + "welcome": { + "_id": "emailTemplate/welcome", + "defaultLocale": "en", + "displayName": "Welcome", + "enabled": true, + "from": "", + "html": { + "en": "

Welcome. Your username is '{{object.userName}}'. Change

" + }, + "message": { + "en": "

Welcome. Your username is '{{object.userName}}'. Change

" + }, + "mimeType": "text/html", + "styles": "body{background-color:#324054;color:#5e6d82;padding:60px;text-align:center}a{text-decoration:none;color:#109cf1}.content{background-color:#fff;border-radius:4px;margin:0 auto;padding:48px;width:235px}", + "subject": { + "en": "Your account has been created" + }, + "templateId": "welcome" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/access.idm.json b/test/e2e/exports/full-export-separate/global/idm/access.idm.json new file mode 100644 index 000000000..7f44efa42 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/access.idm.json @@ -0,0 +1,328 @@ +{ + "idm": { + "access": { + "_id": "access", + "configs": [ + { + "actions": "*", + "methods": "read", + "pattern": "info/*", + "roles": "*" + }, + { + "actions": "login,logout", + "methods": "read,action", + "pattern": "authentication", + "roles": "*" + }, + { + "actions": "*", + "methods": "read", + "pattern": "config/fidc/*", + "roles": "*" + }, + { + "actions": "*", + "methods": "*", + "pattern": "config/fidc/*", + "roles": "internal/role/openidm-admin" + }, + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/themeconfig", + "roles": "*" + }, + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/themerealm", + "roles": "*" + }, + { + "actions": "*", + "methods": "read", + "pattern": "config/uilocale/*", + "roles": "*" + }, + { + "actions": "*", + "methods": "read", + "pattern": "config/fieldPolicy/*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "*", + "methods": "read", + "pattern": "info/uiconfig", + "roles": "*" + }, + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/dashboard", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "*", + "methods": "query", + "pattern": "info/features", + "roles": "*" + }, + { + "actions": "listPrivileges", + "methods": "action", + "pattern": "privilege", + "roles": "*" + }, + { + "actions": "*", + "methods": "read", + "pattern": "privilege/*", + "roles": "*" + }, + { + "actions": "validate", + "methods": "action", + "pattern": "util/validateQueryFilter", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "*", + "customAuthz": "checkIfAnyFeatureEnabled('kba')", + "methods": "read", + "pattern": "selfservice/kba", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "*", + "methods": "read", + "pattern": "schema/*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "*", + "methods": "action,query", + "pattern": "consent", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "*", + "excludePatterns": "repo,repo/*", + "methods": "*", + "pattern": "*", + "roles": "internal/role/openidm-admin" + }, + { + "actions": "", + "methods": "create,read,update,delete,patch,query", + "pattern": "system/*", + "roles": "internal/role/openidm-admin" + }, + { + "actions": "*", + "methods": "script", + "pattern": "system/*", + "roles": "internal/role/openidm-admin" + }, + { + "actions": "test,testConfig,createconfiguration,liveSync,authenticate", + "methods": "action", + "pattern": "system/*", + "roles": "internal/role/openidm-admin" + }, + { + "actions": "*", + "customAuthz": "disallowCommandAction()", + "methods": "*", + "pattern": "repo", + "roles": "internal/role/openidm-admin" + }, + { + "actions": "*", + "customAuthz": "disallowCommandAction()", + "methods": "*", + "pattern": "repo/*", + "roles": "internal/role/openidm-admin" + }, + { + "actions": "command", + "customAuthz": "request.additionalParameters.commandId === 'delete-mapping-links'", + "methods": "action", + "pattern": "repo/link", + "roles": "internal/role/openidm-admin" + }, + { + "methods": "create,read,query,patch", + "pattern": "managed/*", + "roles": "internal/role/platform-provisioning" + }, + { + "methods": "read,query", + "pattern": "internal/role/*", + "roles": "internal/role/platform-provisioning" + }, + { + "actions": "*", + "methods": "create,read,action,update", + "pattern": "profile/*", + "roles": "internal/role/platform-provisioning" + }, + { + "actions": "*", + "methods": "read,action", + "pattern": "policy/*", + "roles": "internal/role/platform-provisioning" + }, + { + "methods": "read", + "pattern": "schema/*", + "roles": "internal/role/platform-provisioning" + }, + { + "actions": "*", + "methods": "action,query", + "pattern": "consent", + "roles": "internal/role/platform-provisioning" + }, + { + "methods": "read", + "pattern": "selfservice/kba", + "roles": "internal/role/platform-provisioning" + }, + { + "methods": "read", + "pattern": "selfservice/terms", + "roles": "internal/role/platform-provisioning" + }, + { + "methods": "read", + "pattern": "identityProviders", + "roles": "internal/role/platform-provisioning" + }, + { + "actions": "sendTemplate", + "methods": "action", + "pattern": "external/email", + "roles": "internal/role/platform-provisioning" + }, + { + "actions": "authenticate", + "methods": "action", + "pattern": "system/*", + "roles": "internal/role/platform-provisioning" + }, + { + "actions": "*", + "methods": "read,action", + "pattern": "policy/*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "*", + "methods": "read", + "pattern": "config/ui/*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "bind,unbind", + "customAuthz": "ownDataOnly()", + "methods": "read,action,delete", + "pattern": "*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "patch", + "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('user', [])", + "methods": "update,patch,action", + "pattern": "*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "patch", + "customAuthz": "(request.resourcePath === 'selfservice/user/' + context.security.authorization.id) && onlyEditableManagedObjectProperties('user', [])", + "methods": "patch,action", + "pattern": "selfservice/user/*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "patch", + "customAuthz": "isQueryOneOf({'managed/user': ['for-userName']}) && restrictPatchToFields(['password'])", + "methods": "patch,action", + "pattern": "managed/user", + "roles": "internal/role/openidm-cert" + }, + { + "actions": "*", + "customAuthz": "ownRelationshipProperty('_meta', false)", + "methods": "read", + "pattern": "internal/usermeta/*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "*", + "customAuthz": "ownRelationshipProperty('_notifications', true)", + "methods": "read,delete", + "pattern": "internal/notification/*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "*", + "customAuthz": "ownRelationshipCollection(['_meta','_notifications'])", + "methods": "read,query", + "pattern": "managed/user/*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "", + "customAuthz": "ownDataOnly()", + "methods": "read,delete", + "pattern": "managed/alpha_user/*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "patch", + "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('alpha_user', [])", + "methods": "update,patch,action", + "pattern": "managed/alpha_user/*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "*", + "customAuthz": "ownRelationshipCollection(['_meta','_notifications'])", + "methods": "read,query", + "pattern": "managed/alpha_user/*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "", + "customAuthz": "ownDataOnly()", + "methods": "read,delete", + "pattern": "managed/bravo_user/*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "patch", + "customAuthz": "ownDataOnly() && onlyEditableManagedObjectProperties('bravo_user', [])", + "methods": "update,patch,action", + "pattern": "managed/bravo_user/*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "*", + "customAuthz": "ownRelationshipCollection(['_meta','_notifications'])", + "methods": "read,query", + "pattern": "managed/bravo_user/*", + "roles": "internal/role/openidm-authorized" + }, + { + "actions": "deleteNotificationsForTarget", + "customAuthz": "request.additionalParameters.target === (context.security.authorization.component + '/' + context.security.authorization.id)", + "methods": "action", + "pattern": "notification", + "roles": "internal/role/openidm-authorized" + } + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/alphaOrgPrivileges.idm.json b/test/e2e/exports/full-export-separate/global/idm/alphaOrgPrivileges.idm.json new file mode 100644 index 000000000..0fbaf3cfd --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/alphaOrgPrivileges.idm.json @@ -0,0 +1,761 @@ +{ + "idm": { + "alphaOrgPrivileges": { + "_id": "alphaOrgPrivileges", + "privileges": [ + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "owners", + "readOnly": true + }, + { + "attribute": "admins", + "readOnly": false + }, + { + "attribute": "members", + "readOnly": false + }, + { + "attribute": "parent", + "readOnly": false + }, + { + "attribute": "children", + "readOnly": false + }, + { + "attribute": "parentIDs", + "readOnly": true + }, + { + "attribute": "adminIDs", + "readOnly": true + }, + { + "attribute": "parentAdminIDs", + "readOnly": true + }, + { + "attribute": "ownerIDs", + "readOnly": true + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/ownerIDs eq \"{{_id}}\" or /parentOwnerIDs eq \"{{_id}}\"", + "name": "owner-view-update-delete-orgs", + "path": "managed/alpha_organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE" + ] + }, + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "owners", + "readOnly": true + }, + { + "attribute": "admins", + "readOnly": false + }, + { + "attribute": "members", + "readOnly": false + }, + { + "attribute": "parent", + "readOnly": false + }, + { + "attribute": "children", + "readOnly": false + }, + { + "attribute": "parentIDs", + "readOnly": true + }, + { + "attribute": "adminIDs", + "readOnly": true + }, + { + "attribute": "parentAdminIDs", + "readOnly": true + }, + { + "attribute": "ownerIDs", + "readOnly": true + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/parent pr", + "name": "owner-create-orgs", + "path": "managed/alpha_organization", + "permissions": [ + "CREATE" + ] + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false + }, + { + "attribute": "password", + "readOnly": false + }, + { + "attribute": "givenName", + "readOnly": false + }, + { + "attribute": "sn", + "readOnly": false + }, + { + "attribute": "mail", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "accountStatus", + "readOnly": false + }, + { + "attribute": "telephoneNumber", + "readOnly": false + }, + { + "attribute": "postalAddress", + "readOnly": false + }, + { + "attribute": "city", + "readOnly": false + }, + { + "attribute": "postalCode", + "readOnly": false + }, + { + "attribute": "country", + "readOnly": false + }, + { + "attribute": "stateProvince", + "readOnly": false + }, + { + "attribute": "roles", + "readOnly": false + }, + { + "attribute": "groups", + "readOnly": false + }, + { + "attribute": "manager", + "readOnly": false + }, + { + "attribute": "authzRoles", + "readOnly": false + }, + { + "attribute": "reports", + "readOnly": false + }, + { + "attribute": "effectiveRoles", + "readOnly": false + }, + { + "attribute": "effectiveAssignments", + "readOnly": false + }, + { + "attribute": "effectiveGroups", + "readOnly": false + }, + { + "attribute": "lastSync", + "readOnly": false + }, + { + "attribute": "kbaInfo", + "readOnly": false + }, + { + "attribute": "preferences", + "readOnly": false + }, + { + "attribute": "consentedMappings", + "readOnly": false + }, + { + "attribute": "memberOfOrg", + "readOnly": false + }, + { + "attribute": "adminOfOrg", + "readOnly": false + }, + { + "attribute": "ownerOfOrg", + "readOnly": true + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/memberOfOrgIDs eq \"__org_id_placeholder__\"", + "name": "owner-view-update-delete-admins-and-members", + "path": "managed/alpha_user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE" + ] + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false + }, + { + "attribute": "password", + "readOnly": false + }, + { + "attribute": "givenName", + "readOnly": false + }, + { + "attribute": "sn", + "readOnly": false + }, + { + "attribute": "mail", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "accountStatus", + "readOnly": false + }, + { + "attribute": "telephoneNumber", + "readOnly": false + }, + { + "attribute": "postalAddress", + "readOnly": false + }, + { + "attribute": "city", + "readOnly": false + }, + { + "attribute": "postalCode", + "readOnly": false + }, + { + "attribute": "country", + "readOnly": false + }, + { + "attribute": "stateProvince", + "readOnly": false + }, + { + "attribute": "roles", + "readOnly": false + }, + { + "attribute": "groups", + "readOnly": false + }, + { + "attribute": "manager", + "readOnly": false + }, + { + "attribute": "authzRoles", + "readOnly": false + }, + { + "attribute": "reports", + "readOnly": false + }, + { + "attribute": "effectiveRoles", + "readOnly": false + }, + { + "attribute": "effectiveAssignments", + "readOnly": false + }, + { + "attribute": "effectiveGroups", + "readOnly": false + }, + { + "attribute": "lastSync", + "readOnly": false + }, + { + "attribute": "kbaInfo", + "readOnly": false + }, + { + "attribute": "preferences", + "readOnly": false + }, + { + "attribute": "consentedMappings", + "readOnly": false + }, + { + "attribute": "memberOfOrg", + "readOnly": false + }, + { + "attribute": "adminOfOrg", + "readOnly": false + }, + { + "attribute": "ownerOfOrg", + "readOnly": true + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and /adminOfOrg/0 pr and !(/ownerOfOrg pr)", + "name": "owner-create-admins", + "path": "managed/alpha_user", + "permissions": [ + "CREATE" + ] + }, + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "owners", + "readOnly": true + }, + { + "attribute": "admins", + "readOnly": true + }, + { + "attribute": "members", + "readOnly": false + }, + { + "attribute": "parent", + "readOnly": false + }, + { + "attribute": "children", + "readOnly": false + }, + { + "attribute": "parentIDs", + "readOnly": true + }, + { + "attribute": "adminIDs", + "readOnly": true + }, + { + "attribute": "parentAdminIDs", + "readOnly": true + }, + { + "attribute": "ownerIDs", + "readOnly": true + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/adminIDs eq \"{{_id}}\" or /parentAdminIDs eq \"{{_id}}\"", + "name": "admin-view-update-delete-orgs", + "path": "managed/alpha_organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE" + ] + }, + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "owners", + "readOnly": true + }, + { + "attribute": "admins", + "readOnly": true + }, + { + "attribute": "members", + "readOnly": false + }, + { + "attribute": "parent", + "readOnly": false + }, + { + "attribute": "children", + "readOnly": false + }, + { + "attribute": "parentIDs", + "readOnly": true + }, + { + "attribute": "adminIDs", + "readOnly": true + }, + { + "attribute": "parentAdminIDs", + "readOnly": true + }, + { + "attribute": "ownerIDs", + "readOnly": true + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/parent pr", + "name": "admin-create-orgs", + "path": "managed/alpha_organization", + "permissions": [ + "CREATE" + ] + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false + }, + { + "attribute": "password", + "readOnly": false + }, + { + "attribute": "givenName", + "readOnly": false + }, + { + "attribute": "sn", + "readOnly": false + }, + { + "attribute": "mail", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "accountStatus", + "readOnly": false + }, + { + "attribute": "telephoneNumber", + "readOnly": false + }, + { + "attribute": "postalAddress", + "readOnly": false + }, + { + "attribute": "city", + "readOnly": false + }, + { + "attribute": "postalCode", + "readOnly": false + }, + { + "attribute": "country", + "readOnly": false + }, + { + "attribute": "stateProvince", + "readOnly": false + }, + { + "attribute": "roles", + "readOnly": false + }, + { + "attribute": "groups", + "readOnly": false + }, + { + "attribute": "manager", + "readOnly": false + }, + { + "attribute": "authzRoles", + "readOnly": false + }, + { + "attribute": "reports", + "readOnly": false + }, + { + "attribute": "effectiveRoles", + "readOnly": false + }, + { + "attribute": "effectiveAssignments", + "readOnly": false + }, + { + "attribute": "effectiveGroups", + "readOnly": false + }, + { + "attribute": "lastSync", + "readOnly": false + }, + { + "attribute": "kbaInfo", + "readOnly": false + }, + { + "attribute": "preferences", + "readOnly": false + }, + { + "attribute": "consentedMappings", + "readOnly": false + }, + { + "attribute": "memberOfOrg", + "readOnly": false + }, + { + "attribute": "adminOfOrg", + "readOnly": true + }, + { + "attribute": "ownerOfOrg", + "readOnly": true + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/memberOfOrgIDs eq \"__org_id_placeholder__\"", + "name": "admin-view-update-delete-members", + "path": "managed/alpha_user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE" + ] + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false + }, + { + "attribute": "password", + "readOnly": false + }, + { + "attribute": "givenName", + "readOnly": false + }, + { + "attribute": "sn", + "readOnly": false + }, + { + "attribute": "mail", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "accountStatus", + "readOnly": false + }, + { + "attribute": "telephoneNumber", + "readOnly": false + }, + { + "attribute": "postalAddress", + "readOnly": false + }, + { + "attribute": "city", + "readOnly": false + }, + { + "attribute": "postalCode", + "readOnly": false + }, + { + "attribute": "country", + "readOnly": false + }, + { + "attribute": "stateProvince", + "readOnly": false + }, + { + "attribute": "roles", + "readOnly": false + }, + { + "attribute": "groups", + "readOnly": false + }, + { + "attribute": "manager", + "readOnly": false + }, + { + "attribute": "authzRoles", + "readOnly": false + }, + { + "attribute": "reports", + "readOnly": false + }, + { + "attribute": "effectiveRoles", + "readOnly": false + }, + { + "attribute": "effectiveAssignments", + "readOnly": false + }, + { + "attribute": "effectiveGroups", + "readOnly": false + }, + { + "attribute": "lastSync", + "readOnly": false + }, + { + "attribute": "kbaInfo", + "readOnly": false + }, + { + "attribute": "preferences", + "readOnly": false + }, + { + "attribute": "consentedMappings", + "readOnly": false + }, + { + "attribute": "memberOfOrg", + "readOnly": false + }, + { + "attribute": "adminOfOrg", + "readOnly": true + }, + { + "attribute": "ownerOfOrg", + "readOnly": true + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and !(/adminOfOrg pr) and !(/ownerOfOrg pr)", + "name": "admin-create-members", + "path": "managed/alpha_user", + "permissions": [ + "CREATE" + ] + } + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/audit.idm.json b/test/e2e/exports/full-export-separate/global/idm/audit.idm.json new file mode 100644 index 000000000..84827d1a0 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/audit.idm.json @@ -0,0 +1,118 @@ +{ + "idm": { + "audit": { + "_id": "audit", + "auditServiceConfig": { + "availableAuditEventHandlers": [ + "org.forgerock.audit.handlers.csv.CsvAuditEventHandler", + "org.forgerock.audit.handlers.elasticsearch.ElasticsearchAuditEventHandler", + "org.forgerock.audit.handlers.jms.JmsAuditEventHandler", + "org.forgerock.audit.handlers.json.JsonAuditEventHandler", + "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", + "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", + "org.forgerock.openidm.audit.impl.RouterAuditEventHandler", + "org.forgerock.audit.handlers.splunk.SplunkAuditEventHandler", + "org.forgerock.audit.handlers.syslog.SyslogAuditEventHandler" + ], + "caseInsensitiveFields": [ + "/access/http/request/headers", + "/access/http/response/headers" + ], + "filterPolicies": { + "value": { + "excludeIf": [ + "/access/http/request/cookies/&{com.iplanet.am.cookie.name}", + "/access/http/request/cookies/session-jwt", + "/access/http/request/headers/&{com.sun.identity.auth.cookieName}", + "/access/http/request/headers/&{com.iplanet.am.cookie.name}", + "/access/http/request/headers/accept-encoding", + "/access/http/request/headers/accept-language", + "/access/http/request/headers/Authorization", + "/access/http/request/headers/cache-control", + "/access/http/request/headers/connection", + "/access/http/request/headers/content-length", + "/access/http/request/headers/content-type", + "/access/http/request/headers/proxy-authorization", + "/access/http/request/headers/X-OpenAM-Password", + "/access/http/request/headers/X-OpenIDM-Password", + "/access/http/request/queryParameters/access_token", + "/access/http/request/queryParameters/IDToken1", + "/access/http/request/queryParameters/id_token_hint", + "/access/http/request/queryParameters/Login.Token1", + "/access/http/request/queryParameters/redirect_uri", + "/access/http/request/queryParameters/requester", + "/access/http/request/queryParameters/sessionUpgradeSSOTokenId", + "/access/http/request/queryParameters/tokenId", + "/access/http/response/headers/Authorization", + "/access/http/response/headers/Set-Cookie", + "/access/http/response/headers/X-OpenIDM-Password" + ], + "includeIf": [] + } + }, + "handlerForQueries": "json" + }, + "eventHandlers": [ + { + "class": "org.forgerock.audit.handlers.json.stdout.JsonStdoutAuditEventHandler", + "config": { + "name": "json", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config" + ] + } + }, + { + "class": "org.forgerock.openidm.audit.impl.RepositoryAuditEventHandler", + "config": { + "enabled": false, + "name": "repo", + "topics": [ + "access", + "activity", + "sync", + "authentication", + "config" + ] + } + } + ], + "eventTopics": { + "activity": { + "filter": { + "actions": [ + "create", + "update", + "delete", + "patch", + "action" + ] + }, + "passwordFields": [ + "password" + ], + "watchedFields": [] + }, + "config": { + "filter": { + "actions": [ + "create", + "update", + "delete", + "patch", + "action" + ] + } + } + }, + "exceptionFormatter": { + "file": "bin/defaults/script/audit/stacktraceFormatter.js", + "type": "text/javascript" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/authentication.idm.json b/test/e2e/exports/full-export-separate/global/idm/authentication.idm.json new file mode 100644 index 000000000..bbb3d0504 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/authentication.idm.json @@ -0,0 +1,44 @@ +{ + "idm": { + "authentication": { + "_id": "authentication", + "rsFilter": { + "augmentSecurityContext": { + "source": "require('auth/orgPrivileges').assignPrivilegesToUser(resource, security, properties, subjectMapping, privileges, security.authorization.component.includes('/alpha_') ? 'alphaOrgPrivileges' : 'bravoOrgPrivileges', 'privilegeAssignments');", + "type": "text/javascript" + }, + "cache": { + "maxTimeout": "300 seconds" + }, + "scopes": [ + "fr:idm:*" + ], + "staticUserMapping": [ + { + "localUser": "internal/user/idm-provisioning", + "roles": [ + "internal/role/openidm-admin" + ], + "subject": "autoid-resource-server" + } + ], + "subjectMapping": [ + { + "additionalUserFields": [ + "adminOfOrg", + "ownerOfOrg" + ], + "defaultRoles": [ + "internal/role/openidm-authorized" + ], + "propertyMapping": { + "sub": "_id" + }, + "queryOnResource": "managed/{{substring realm 1}}_user", + "userRoles": "authzRoles/*" + } + ] + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/bravoOrgPrivileges.idm.json b/test/e2e/exports/full-export-separate/global/idm/bravoOrgPrivileges.idm.json new file mode 100644 index 000000000..3e5f74445 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/bravoOrgPrivileges.idm.json @@ -0,0 +1,761 @@ +{ + "idm": { + "bravoOrgPrivileges": { + "_id": "bravoOrgPrivileges", + "privileges": [ + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "owners", + "readOnly": true + }, + { + "attribute": "admins", + "readOnly": false + }, + { + "attribute": "members", + "readOnly": false + }, + { + "attribute": "parent", + "readOnly": false + }, + { + "attribute": "children", + "readOnly": false + }, + { + "attribute": "parentIDs", + "readOnly": true + }, + { + "attribute": "adminIDs", + "readOnly": true + }, + { + "attribute": "parentAdminIDs", + "readOnly": true + }, + { + "attribute": "ownerIDs", + "readOnly": true + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/ownerIDs eq \"{{_id}}\" or /parentOwnerIDs eq \"{{_id}}\"", + "name": "owner-view-update-delete-orgs", + "path": "managed/bravo_organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE" + ] + }, + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "owners", + "readOnly": true + }, + { + "attribute": "admins", + "readOnly": false + }, + { + "attribute": "members", + "readOnly": false + }, + { + "attribute": "parent", + "readOnly": false + }, + { + "attribute": "children", + "readOnly": false + }, + { + "attribute": "parentIDs", + "readOnly": true + }, + { + "attribute": "adminIDs", + "readOnly": true + }, + { + "attribute": "parentAdminIDs", + "readOnly": true + }, + { + "attribute": "ownerIDs", + "readOnly": true + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/parent pr", + "name": "owner-create-orgs", + "path": "managed/bravo_organization", + "permissions": [ + "CREATE" + ] + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false + }, + { + "attribute": "password", + "readOnly": false + }, + { + "attribute": "givenName", + "readOnly": false + }, + { + "attribute": "sn", + "readOnly": false + }, + { + "attribute": "mail", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "accountStatus", + "readOnly": false + }, + { + "attribute": "telephoneNumber", + "readOnly": false + }, + { + "attribute": "postalAddress", + "readOnly": false + }, + { + "attribute": "city", + "readOnly": false + }, + { + "attribute": "postalCode", + "readOnly": false + }, + { + "attribute": "country", + "readOnly": false + }, + { + "attribute": "stateProvince", + "readOnly": false + }, + { + "attribute": "roles", + "readOnly": false + }, + { + "attribute": "groups", + "readOnly": false + }, + { + "attribute": "manager", + "readOnly": false + }, + { + "attribute": "authzRoles", + "readOnly": false + }, + { + "attribute": "reports", + "readOnly": false + }, + { + "attribute": "effectiveRoles", + "readOnly": false + }, + { + "attribute": "effectiveAssignments", + "readOnly": false + }, + { + "attribute": "effectiveGroups", + "readOnly": false + }, + { + "attribute": "lastSync", + "readOnly": false + }, + { + "attribute": "kbaInfo", + "readOnly": false + }, + { + "attribute": "preferences", + "readOnly": false + }, + { + "attribute": "consentedMappings", + "readOnly": false + }, + { + "attribute": "memberOfOrg", + "readOnly": false + }, + { + "attribute": "adminOfOrg", + "readOnly": false + }, + { + "attribute": "ownerOfOrg", + "readOnly": true + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/memberOfOrgIDs eq \"__org_id_placeholder__\"", + "name": "owner-view-update-delete-admins-and-members", + "path": "managed/bravo_user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE" + ] + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false + }, + { + "attribute": "password", + "readOnly": false + }, + { + "attribute": "givenName", + "readOnly": false + }, + { + "attribute": "sn", + "readOnly": false + }, + { + "attribute": "mail", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "accountStatus", + "readOnly": false + }, + { + "attribute": "telephoneNumber", + "readOnly": false + }, + { + "attribute": "postalAddress", + "readOnly": false + }, + { + "attribute": "city", + "readOnly": false + }, + { + "attribute": "postalCode", + "readOnly": false + }, + { + "attribute": "country", + "readOnly": false + }, + { + "attribute": "stateProvince", + "readOnly": false + }, + { + "attribute": "roles", + "readOnly": false + }, + { + "attribute": "groups", + "readOnly": false + }, + { + "attribute": "manager", + "readOnly": false + }, + { + "attribute": "authzRoles", + "readOnly": false + }, + { + "attribute": "reports", + "readOnly": false + }, + { + "attribute": "effectiveRoles", + "readOnly": false + }, + { + "attribute": "effectiveAssignments", + "readOnly": false + }, + { + "attribute": "effectiveGroups", + "readOnly": false + }, + { + "attribute": "lastSync", + "readOnly": false + }, + { + "attribute": "kbaInfo", + "readOnly": false + }, + { + "attribute": "preferences", + "readOnly": false + }, + { + "attribute": "consentedMappings", + "readOnly": false + }, + { + "attribute": "memberOfOrg", + "readOnly": false + }, + { + "attribute": "adminOfOrg", + "readOnly": false + }, + { + "attribute": "ownerOfOrg", + "readOnly": true + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and /adminOfOrg/0 pr and !(/ownerOfOrg pr)", + "name": "owner-create-admins", + "path": "managed/bravo_user", + "permissions": [ + "CREATE" + ] + }, + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "owners", + "readOnly": true + }, + { + "attribute": "admins", + "readOnly": true + }, + { + "attribute": "members", + "readOnly": false + }, + { + "attribute": "parent", + "readOnly": false + }, + { + "attribute": "children", + "readOnly": false + }, + { + "attribute": "parentIDs", + "readOnly": true + }, + { + "attribute": "adminIDs", + "readOnly": true + }, + { + "attribute": "parentAdminIDs", + "readOnly": true + }, + { + "attribute": "ownerIDs", + "readOnly": true + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/adminIDs eq \"{{_id}}\" or /parentAdminIDs eq \"{{_id}}\"", + "name": "admin-view-update-delete-orgs", + "path": "managed/bravo_organization", + "permissions": [ + "VIEW", + "UPDATE", + "DELETE" + ] + }, + { + "accessFlags": [ + { + "attribute": "name", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "owners", + "readOnly": true + }, + { + "attribute": "admins", + "readOnly": true + }, + { + "attribute": "members", + "readOnly": false + }, + { + "attribute": "parent", + "readOnly": false + }, + { + "attribute": "children", + "readOnly": false + }, + { + "attribute": "parentIDs", + "readOnly": true + }, + { + "attribute": "adminIDs", + "readOnly": true + }, + { + "attribute": "parentAdminIDs", + "readOnly": true + }, + { + "attribute": "ownerIDs", + "readOnly": true + }, + { + "attribute": "parentOwnerIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/parent pr", + "name": "admin-create-orgs", + "path": "managed/bravo_organization", + "permissions": [ + "CREATE" + ] + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false + }, + { + "attribute": "password", + "readOnly": false + }, + { + "attribute": "givenName", + "readOnly": false + }, + { + "attribute": "sn", + "readOnly": false + }, + { + "attribute": "mail", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "accountStatus", + "readOnly": false + }, + { + "attribute": "telephoneNumber", + "readOnly": false + }, + { + "attribute": "postalAddress", + "readOnly": false + }, + { + "attribute": "city", + "readOnly": false + }, + { + "attribute": "postalCode", + "readOnly": false + }, + { + "attribute": "country", + "readOnly": false + }, + { + "attribute": "stateProvince", + "readOnly": false + }, + { + "attribute": "roles", + "readOnly": false + }, + { + "attribute": "groups", + "readOnly": false + }, + { + "attribute": "manager", + "readOnly": false + }, + { + "attribute": "authzRoles", + "readOnly": false + }, + { + "attribute": "reports", + "readOnly": false + }, + { + "attribute": "effectiveRoles", + "readOnly": false + }, + { + "attribute": "effectiveAssignments", + "readOnly": false + }, + { + "attribute": "effectiveGroups", + "readOnly": false + }, + { + "attribute": "lastSync", + "readOnly": false + }, + { + "attribute": "kbaInfo", + "readOnly": false + }, + { + "attribute": "preferences", + "readOnly": false + }, + { + "attribute": "consentedMappings", + "readOnly": false + }, + { + "attribute": "memberOfOrg", + "readOnly": false + }, + { + "attribute": "adminOfOrg", + "readOnly": true + }, + { + "attribute": "ownerOfOrg", + "readOnly": true + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/memberOfOrgIDs eq \"__org_id_placeholder__\"", + "name": "admin-view-update-delete-members", + "path": "managed/bravo_user", + "permissions": [ + "VIEW", + "DELETE", + "UPDATE" + ] + }, + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false + }, + { + "attribute": "password", + "readOnly": false + }, + { + "attribute": "givenName", + "readOnly": false + }, + { + "attribute": "sn", + "readOnly": false + }, + { + "attribute": "mail", + "readOnly": false + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "accountStatus", + "readOnly": false + }, + { + "attribute": "telephoneNumber", + "readOnly": false + }, + { + "attribute": "postalAddress", + "readOnly": false + }, + { + "attribute": "city", + "readOnly": false + }, + { + "attribute": "postalCode", + "readOnly": false + }, + { + "attribute": "country", + "readOnly": false + }, + { + "attribute": "stateProvince", + "readOnly": false + }, + { + "attribute": "roles", + "readOnly": false + }, + { + "attribute": "groups", + "readOnly": false + }, + { + "attribute": "manager", + "readOnly": false + }, + { + "attribute": "authzRoles", + "readOnly": false + }, + { + "attribute": "reports", + "readOnly": false + }, + { + "attribute": "effectiveRoles", + "readOnly": false + }, + { + "attribute": "effectiveAssignments", + "readOnly": false + }, + { + "attribute": "effectiveGroups", + "readOnly": false + }, + { + "attribute": "lastSync", + "readOnly": false + }, + { + "attribute": "kbaInfo", + "readOnly": false + }, + { + "attribute": "preferences", + "readOnly": false + }, + { + "attribute": "consentedMappings", + "readOnly": false + }, + { + "attribute": "memberOfOrg", + "readOnly": false + }, + { + "attribute": "adminOfOrg", + "readOnly": true + }, + { + "attribute": "ownerOfOrg", + "readOnly": true + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true + } + ], + "actions": [], + "filter": "/memberOfOrg/0 pr and !(/adminOfOrg pr) and !(/ownerOfOrg pr)", + "name": "admin-create-members", + "path": "managed/bravo_user", + "permissions": [ + "CREATE" + ] + } + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/endpoint/Test.idm.json b/test/e2e/exports/full-export-separate/global/idm/endpoint/Test.idm.json new file mode 100644 index 000000000..588dad15c --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/endpoint/Test.idm.json @@ -0,0 +1,11 @@ +{ + "idm": { + "endpoint/Test": { + "_id": "endpoint/Test", + "description": "test", + "globalsObject": "\" {\\n \\\"request\\\": {\\n \\\"method\\\": \\\"create\\\"\\n }\\n }\"", + "source": " (function () {\n if (request.method === 'create') {\n // POST\n return {};\n } else if (request.method === 'read') {\n // GET\n return {};\n } else if (request.method === 'update') {\n // PUT\n return {};\n } else if (request.method === 'patch') {\n return {};\n } else if (request.method === 'delete') {\n return {};\n }\n throw { code: 500, message: 'Unknown error' };\n }());", + "type": "text/javascript" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/endpoint/testEndpoint2.idm.json b/test/e2e/exports/full-export-separate/global/idm/endpoint/testEndpoint2.idm.json new file mode 100644 index 000000000..dc0a656db --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/endpoint/testEndpoint2.idm.json @@ -0,0 +1,11 @@ +{ + "idm": { + "endpoint/testEndpoint2": { + "_id": "endpoint/testEndpoint2", + "description": "", + "globalsObject": "\" {\\n \\\"request\\\": {\\n \\\"method\\\": \\\"create\\\"\\n }\\n }\"", + "source": " (function () {\n if (request.method === 'create') {\n // POST\n return {};\n } else if (request.method === 'read') {\n // GET\n return {};\n } else if (request.method === 'update') {\n // PUT\n return {};\n } else if (request.method === 'patch') {\n return {};\n } else if (request.method === 'delete') {\n return {};\n }\n throw { code: 500, message: 'Unknown error' };\n }());", + "type": "text/javascript" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/entityId.idm.json b/test/e2e/exports/full-export-separate/global/idm/entityId.idm.json new file mode 100644 index 000000000..a53b8e663 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/entityId.idm.json @@ -0,0 +1,18 @@ +{ + "idm": { + "entityId": { + "_id": "entityId", + "defaultLocale": "en", + "displayName": "Frodo Test Email Template Three", + "enabled": true, + "from": "", + "message": { + "en": "

You started a login or profile update that requires MFA.

Click to Proceed

" + }, + "mimeType": "text/html", + "subject": { + "en": "Multi-Factor Email for Identity Cloud login" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/external.email.idm.json b/test/e2e/exports/full-export-separate/global/idm/external.email.idm.json new file mode 100644 index 000000000..deed194ac --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/external.email.idm.json @@ -0,0 +1,27 @@ +{ + "idm": { + "external.email": { + "_id": "external.email", + "auth": { + "enable": true, + "password": "&{aic.customer.sasl.pass}", + "username": "&{aic.customer.sasl.user|donotuse@pingidentity.com}" + }, + "connectiontimeout": 300000, + "debug": false, + "from": "&{email.sender.address}", + "host": "&{aic.smtp.relay.host|smtp-relay.fr-platform.svc.cluster.local}", + "port": 25, + "smtpProperties": [], + "ssl": { + "enable": false + }, + "starttls": { + "enable": false + }, + "threadPoolSize": 20, + "timeout": 300000, + "writetimeout": 300000 + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/external.emailDefault.idm.json b/test/e2e/exports/full-export-separate/global/idm/external.emailDefault.idm.json new file mode 100644 index 000000000..3a3c214a0 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/external.emailDefault.idm.json @@ -0,0 +1,27 @@ +{ + "idm": { + "external.emailDefault": { + "_id": "external.emailDefault", + "auth": { + "enable": true, + "password": "&{aic.customer.sasl.pass}", + "username": "&{aic.customer.sasl.user|donotuse@pingidentity.com}" + }, + "connectiontimeout": 300000, + "debug": false, + "from": "&{email.sender.address}", + "host": "&{aic.smtp.relay.host|smtp-relay.fr-platform.svc.cluster.local}", + "port": 25, + "smtpProperties": [], + "ssl": { + "enable": false + }, + "starttls": { + "enable": false + }, + "threadPoolSize": 20, + "timeout": 300000, + "writetimeout": 300000 + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/fieldPolicy/alpha_user.idm.json b/test/e2e/exports/full-export-separate/global/idm/fieldPolicy/alpha_user.idm.json new file mode 100644 index 000000000..8b4b88cfe --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/fieldPolicy/alpha_user.idm.json @@ -0,0 +1,51 @@ +{ + "idm": { + "fieldPolicy/alpha_user": { + "_id": "fieldPolicy/alpha_user", + "defaultPasswordStorageScheme": [ + { + "_id": "PBKDF2-HMAC-SHA256" + } + ], + "passwordAttribute": "password", + "resourceCollection": "managed/alpha_user", + "type": "password-policy", + "validator": [ + { + "_id": "alpha_userPasswordPolicy-length-based-password-validator", + "enabled": true, + "maxPasswordLength": 0, + "minPasswordLength": 10, + "type": "length-based" + }, + { + "_id": "alpha_userPasswordPolicy-attribute-value-password-validator", + "checkSubstrings": true, + "enabled": true, + "matchAttribute": [ + "mail", + "userName", + "givenName", + "sn" + ], + "minSubstringLength": 5, + "testReversedPassword": true, + "type": "attribute-value" + }, + { + "_id": "alpha_userPasswordPolicy-character-set-password-validator", + "allowUnclassifiedCharacters": true, + "characterSet": [ + "0:abcdefghijklmnopqrstuvwxyz", + "0:ABCDEFGHIJKLMNOPQRSTUVWXYZ", + "0:0123456789", + "0:~!@#$%^&*()-_=+[]{}|;:,.<>/?\"'\\`" + ], + "enabled": true, + "minCharacterSets": 4, + "type": "character-set" + } + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/fieldPolicy/bravo_user.idm.json b/test/e2e/exports/full-export-separate/global/idm/fieldPolicy/bravo_user.idm.json new file mode 100644 index 000000000..b1a893ca7 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/fieldPolicy/bravo_user.idm.json @@ -0,0 +1,50 @@ +{ + "idm": { + "fieldPolicy/bravo_user": { + "_id": "fieldPolicy/bravo_user", + "defaultPasswordStorageScheme": [ + { + "_id": "PBKDF2-HMAC-SHA256" + } + ], + "passwordAttribute": "password", + "resourceCollection": "managed/bravo_user", + "type": "password-policy", + "validator": [ + { + "_id": "bravo_userPasswordPolicy-length-based-password-validator", + "enabled": true, + "maxPasswordLength": 0, + "minPasswordLength": 8, + "type": "length-based" + }, + { + "_id": "bravo_userPasswordPolicy-attribute-value-password-validator", + "checkSubstrings": true, + "enabled": true, + "matchAttribute": [ + "mail", + "userName", + "givenName", + "sn" + ], + "minSubstringLength": 5, + "testReversedPassword": true, + "type": "attribute-value" + }, + { + "_id": "bravo_userPasswordPolicy-character-set-password-validator", + "allowUnclassifiedCharacters": true, + "characterSet": [ + "1:abcdefghijklmnopqrstuvwxyz", + "1:ABCDEFGHIJKLMNOPQRSTUVWXYZ", + "1:0123456789", + "1:~!@#$%^&*()-_=+[]{}|;:,.<>/?\"'\\`" + ], + "enabled": true, + "type": "character-set" + } + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/internal.idm.json b/test/e2e/exports/full-export-separate/global/idm/internal.idm.json new file mode 100644 index 000000000..4419c6726 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/internal.idm.json @@ -0,0 +1,34 @@ +{ + "idm": { + "internal": { + "_id": "internal", + "objects": [ + { + "name": "role", + "properties": { + "authzMembers": { + "items": { + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ] + } + } + } + } + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/managed.idm.json b/test/e2e/exports/full-export-separate/global/idm/managed.idm.json new file mode 100644 index 000000000..39fe02469 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/managed.idm.json @@ -0,0 +1,5661 @@ +{ + "idm": { + "managed": { + "_id": "managed", + "objects": [ + { + "lastSync": { + "effectiveAssignmentsProperty": "effectiveAssignments", + "lastSyncProperty": "lastSync" + }, + "name": "alpha_user", + "notifications": {}, + "schema": { + "$schema": "http://json-schema.org/draft-03/schema", + "icon": "fa-user", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User", + "mat-icon": "people", + "order": [ + "_id", + "userName", + "password", + "givenName", + "cn", + "sn", + "mail", + "profileImage", + "description", + "accountStatus", + "telephoneNumber", + "postalAddress", + "city", + "postalCode", + "country", + "stateProvince", + "roles", + "assignments", + "groups", + "applications", + "manager", + "authzRoles", + "reports", + "effectiveRoles", + "effectiveAssignments", + "effectiveGroups", + "effectiveApplications", + "lastSync", + "kbaInfo", + "preferences", + "consentedMappings", + "ownerOfOrg", + "adminOfOrg", + "memberOfOrg", + "memberOfOrgIDs", + "ownerOfApp", + "frIndexedString1", + "frIndexedString2", + "frIndexedString3", + "frIndexedString4", + "frIndexedString5", + "frUnindexedString1", + "frUnindexedString2", + "frUnindexedString3", + "frUnindexedString4", + "frUnindexedString5", + "frIndexedMultivalued1", + "frIndexedMultivalued2", + "frIndexedMultivalued3", + "frIndexedMultivalued4", + "frIndexedMultivalued5", + "frUnindexedMultivalued1", + "frUnindexedMultivalued2", + "frUnindexedMultivalued3", + "frUnindexedMultivalued4", + "frUnindexedMultivalued5", + "frIndexedDate1", + "frIndexedDate2", + "frIndexedDate3", + "frIndexedDate4", + "frIndexedDate5", + "frUnindexedDate1", + "frUnindexedDate2", + "frUnindexedDate3", + "frUnindexedDate4", + "frUnindexedDate5", + "frIndexedInteger1", + "frIndexedInteger2", + "frIndexedInteger3", + "frIndexedInteger4", + "frIndexedInteger5", + "frUnindexedInteger1", + "frUnindexedInteger2", + "frUnindexedInteger3", + "frUnindexedInteger4", + "frUnindexedInteger5", + "assignedDashboard" + ], + "properties": { + "_id": { + "description": "User ID", + "isPersonal": false, + "policies": [ + { + "params": { + "forbiddenChars": [ + "/" + ] + }, + "policyId": "cannot-contain-characters" + } + ], + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false + }, + "accountStatus": { + "default": "active", + "description": "Status", + "isPersonal": false, + "searchable": true, + "title": "Status", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "adminOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/alpha_organization", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "admins", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Administer", + "type": "array", + "userEditable": false, + "viewable": true + }, + "aliasList": { + "description": "List of identity aliases used primarily to record social IdP subjects for this user", + "isVirtual": false, + "items": { + "title": "User Alias Names Items", + "type": "string" + }, + "returnByDefault": false, + "searchable": false, + "title": "User Alias Names List", + "type": "array", + "userEditable": true, + "viewable": false + }, + "applications": { + "description": "Applications", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Groups Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/alpha_application", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [ + "name" + ] + } + } + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Groups Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Applications", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": false + }, + "assignedDashboard": { + "description": "List of items to click on for this user", + "isVirtual": true, + "items": { + "title": "Assigned Dashboard Items", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "name" + ], + "referencedRelationshipFields": [ + [ + "roles", + "applications" + ], + [ + "applications" + ] + ] + }, + "searchable": false, + "title": "Assigned Dashboard", + "type": "array", + "userEditable": false, + "viewable": true + }, + "assignments": { + "description": "Assignments", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Assignment", + "path": "managed/alpha_assignment", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Assignments Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Assignments", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "authzRoles": { + "description": "Authorization Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Authorization Roles Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Internal Role", + "path": "internal/role", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "authzMembers", + "reverseRelationship": true, + "title": "Authorization Roles Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Authorization Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "city": { + "description": "City", + "isPersonal": false, + "title": "City", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "cn": { + "default": "{{givenName}} {{sn}}", + "description": "Common Name", + "isPersonal": true, + "scope": "private", + "searchable": false, + "title": "Common Name", + "type": "string", + "userEditable": false, + "viewable": false + }, + "consentedMappings": { + "description": "Consented Mappings", + "isPersonal": false, + "isVirtual": false, + "items": { + "items": { + "order": [ + "mapping", + "consentDate" + ], + "properties": { + "consentDate": { + "description": "Consent Date", + "searchable": true, + "title": "Consent Date", + "type": "string", + "userEditable": true, + "viewable": true + }, + "mapping": { + "description": "Mapping", + "searchable": true, + "title": "Mapping", + "type": "string", + "userEditable": true, + "viewable": true + } + }, + "required": [ + "mapping", + "consentDate" + ], + "title": "Consented Mappings Item", + "type": "object" + }, + "title": "Consented Mappings Items", + "type": "array" + }, + "returnByDefault": false, + "searchable": false, + "title": "Consented Mappings", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false + }, + "country": { + "description": "Country", + "isPersonal": false, + "title": "Country", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "description": { + "description": "Description", + "isPersonal": false, + "searchable": true, + "title": "Description", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "effectiveApplications": { + "description": "Effective Applications", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Assigned Application Items", + "type": "object" + }, + "queryConfig": { + "referencedObjectFields": [ + "name" + ], + "referencedRelationshipFields": [ + [ + "roles", + "applications" + ], + [ + "applications" + ] + ] + }, + "returnByDefault": true, + "title": "Effective Applications", + "type": "array", + "viewable": false + }, + "effectiveAssignments": { + "description": "Effective Assignments", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Assignments Items", + "type": "object" + }, + "queryConfig": { + "referencedObjectFields": [ + "*" + ], + "referencedRelationshipFields": [ + [ + "roles", + "assignments" + ], + [ + "assignments" + ] + ] + }, + "returnByDefault": true, + "title": "Effective Assignments", + "type": "array", + "usageDescription": "", + "viewable": false + }, + "effectiveGroups": { + "description": "Effective Groups", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Groups Items", + "type": "object" + }, + "queryConfig": { + "referencedRelationshipFields": [ + "groups" + ] + }, + "returnByDefault": true, + "title": "Effective Groups", + "type": "array", + "usageDescription": "", + "viewable": false + }, + "effectiveRoles": { + "description": "Effective Roles", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Roles Items", + "type": "object" + }, + "queryConfig": { + "referencedRelationshipFields": [ + "roles" + ] + }, + "returnByDefault": true, + "title": "Effective Roles", + "type": "array", + "usageDescription": "", + "viewable": false + }, + "frIndexedDate1": { + "description": "Generic Indexed Date 1", + "isPersonal": false, + "title": "Generic Indexed Date 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedDate2": { + "description": "Generic Indexed Date 2", + "isPersonal": false, + "title": "Generic Indexed Date 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedDate3": { + "description": "Generic Indexed Date 3", + "isPersonal": false, + "title": "Generic Indexed Date 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedDate4": { + "description": "Generic Indexed Date 4", + "isPersonal": false, + "title": "Generic Indexed Date 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedDate5": { + "description": "Generic Indexed Date 5", + "isPersonal": false, + "title": "Generic Indexed Date 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedInteger1": { + "description": "Generic Indexed Integer 1", + "isPersonal": false, + "title": "Generic Indexed Integer 1", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedInteger2": { + "description": "Generic Indexed Integer 2", + "isPersonal": false, + "title": "Generic Indexed Integer 2", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedInteger3": { + "description": "Generic Indexed Integer 3", + "isPersonal": false, + "title": "Generic Indexed Integer 3", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedInteger4": { + "description": "Generic Indexed Integer 4", + "isPersonal": false, + "title": "Generic Indexed Integer 4", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedInteger5": { + "description": "Generic Indexed Integer 5", + "isPersonal": false, + "title": "Generic Indexed Integer 5", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedMultivalued1": { + "description": "Generic Indexed Multivalue 1", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Indexed Multivalue 1", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedMultivalued2": { + "description": "Generic Indexed Multivalue 2", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Indexed Multivalue 2", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedMultivalued3": { + "description": "Generic Indexed Multivalue 3", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Indexed Multivalue 3", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedMultivalued4": { + "description": "Generic Indexed Multivalue 4", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Indexed Multivalue 4", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedMultivalued5": { + "description": "Generic Indexed Multivalue 5", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Indexed Multivalue 5", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedString1": { + "description": "Generic Indexed String 1", + "isPersonal": false, + "title": "Generic Indexed String 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedString2": { + "description": "Generic Indexed String 2", + "isPersonal": false, + "title": "Generic Indexed String 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedString3": { + "description": "Generic Indexed String 3", + "isPersonal": false, + "title": "Generic Indexed String 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedString4": { + "description": "Generic Indexed String 4", + "isPersonal": false, + "title": "Generic Indexed String 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedString5": { + "description": "Generic Indexed String 5", + "isPersonal": false, + "title": "Generic Indexed String 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedDate1": { + "description": "Generic Unindexed Date 1", + "isPersonal": false, + "title": "Generic Unindexed Date 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedDate2": { + "description": "Generic Unindexed Date 2", + "isPersonal": false, + "title": "Generic Unindexed Date 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedDate3": { + "description": "Generic Unindexed Date 3", + "isPersonal": false, + "title": "Generic Unindexed Date 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedDate4": { + "description": "Generic Unindexed Date 4", + "isPersonal": false, + "title": "Generic Unindexed Date 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedDate5": { + "description": "Generic Unindexed Date 5", + "isPersonal": false, + "title": "Generic Unindexed Date 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedInteger1": { + "description": "Generic Unindexed Integer 1", + "isPersonal": false, + "title": "Generic Unindexed Integer 1", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedInteger2": { + "description": "Generic Unindexed Integer 2", + "isPersonal": false, + "title": "Generic Unindexed Integer 2", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedInteger3": { + "description": "Generic Unindexed Integer 3", + "isPersonal": false, + "title": "Generic Unindexed Integer 3", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedInteger4": { + "description": "Generic Unindexed Integer 4", + "isPersonal": false, + "title": "Generic Unindexed Integer 4", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedInteger5": { + "description": "Generic Unindexed Integer 5", + "isPersonal": false, + "title": "Generic Unindexed Integer 5", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedMultivalued1": { + "description": "Generic Unindexed Multivalue 1", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Unindexed Multivalue 1", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedMultivalued2": { + "description": "Generic Unindexed Multivalue 2", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Unindexed Multivalue 2", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedMultivalued3": { + "description": "Generic Unindexed Multivalue 3", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Unindexed Multivalue 3", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedMultivalued4": { + "description": "Generic Unindexed Multivalue 4", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Unindexed Multivalue 4", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedMultivalued5": { + "description": "Generic Unindexed Multivalue 5", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Unindexed Multivalue 5", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedString1": { + "description": "Generic Unindexed String 1", + "isPersonal": false, + "title": "Generic Unindexed String 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedString2": { + "description": "Generic Unindexed String 2", + "isPersonal": false, + "title": "Generic Unindexed String 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedString3": { + "description": "Generic Unindexed String 3", + "isPersonal": false, + "title": "Generic Unindexed String 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedString4": { + "description": "Generic Unindexed String 4", + "isPersonal": false, + "title": "Generic Unindexed String 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedString5": { + "description": "Generic Unindexed String 5", + "isPersonal": false, + "title": "Generic Unindexed String 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "givenName": { + "description": "First Name", + "isPersonal": true, + "searchable": true, + "title": "First Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "groups": { + "description": "Groups", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Groups Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Group", + "path": "managed/alpha_group", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Groups Items", + "type": "relationship", + "validate": true + }, + "relationshipGrantTemporalConstraintsEnforced": false, + "returnByDefault": false, + "title": "Groups", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "kbaInfo": { + "description": "KBA Info", + "isPersonal": true, + "items": { + "order": [ + "answer", + "customQuestion", + "questionId" + ], + "properties": { + "answer": { + "description": "Answer", + "type": "string" + }, + "customQuestion": { + "description": "Custom question", + "type": "string" + }, + "questionId": { + "description": "Question ID", + "type": "string" + } + }, + "required": [], + "title": "KBA Info Items", + "type": "object" + }, + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false + }, + "lastSync": { + "description": "Last Sync timestamp", + "isPersonal": false, + "order": [ + "effectiveAssignments", + "timestamp" + ], + "properties": { + "effectiveAssignments": { + "description": "Effective Assignments", + "items": { + "title": "Effective Assignments Items", + "type": "object" + }, + "title": "Effective Assignments", + "type": "array" + }, + "timestamp": { + "description": "Timestamp", + "type": "string" + } + }, + "required": [], + "scope": "private", + "searchable": false, + "title": "Last Sync timestamp", + "type": "object", + "usageDescription": "", + "viewable": false + }, + "mail": { + "description": "Email Address", + "isPersonal": true, + "policies": [ + { + "policyId": "valid-email-address-format" + } + ], + "searchable": true, + "title": "Email Address", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "manager": { + "description": "Manager", + "isPersonal": false, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Manager _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "reports", + "reverseRelationship": true, + "searchable": false, + "title": "Manager", + "type": "relationship", + "usageDescription": "", + "userEditable": false, + "validate": true, + "viewable": true + }, + "memberOfOrg": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/alpha_organization", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations to which I Belong", + "type": "array", + "userEditable": false, + "viewable": true + }, + "memberOfOrgIDs": { + "isVirtual": true, + "items": { + "title": "org identifiers", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs" + ], + "referencedRelationshipFields": [ + "memberOfOrg" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "MemberOfOrgIDs", + "type": "array", + "userEditable": false, + "viewable": false + }, + "ownerOfApp": { + "items": { + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/alpha_application", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [ + "name" + ] + } + } + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "searchable": false, + "title": "Applications I Own", + "type": "array", + "userEditable": false, + "viewable": true + }, + "ownerOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/alpha_organization", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Own", + "type": "array", + "userEditable": false, + "viewable": true + }, + "password": { + "description": "Password", + "isPersonal": false, + "isProtected": true, + "scope": "private", + "searchable": false, + "title": "Password", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": false + }, + "postalAddress": { + "description": "Address 1", + "isPersonal": true, + "title": "Address 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "postalCode": { + "description": "Postal Code", + "isPersonal": false, + "title": "Postal Code", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "preferences": { + "description": "Preferences", + "isPersonal": false, + "order": [ + "updates", + "marketing" + ], + "properties": { + "marketing": { + "description": "Send me special offers and services", + "type": "boolean" + }, + "updates": { + "description": "Send me news and updates", + "type": "boolean" + } + }, + "required": [], + "searchable": false, + "title": "Preferences", + "type": "object", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "profileImage": { + "description": "Profile Image", + "isPersonal": true, + "searchable": true, + "title": "Profile Image", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": false + }, + "reports": { + "description": "Direct Reports", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:reports:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Direct Reports Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "manager", + "reverseRelationship": true, + "title": "Direct Reports Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Direct Reports", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "roles": { + "description": "Provisioning Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Role", + "path": "managed/alpha_role", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Provisioning Roles Items", + "type": "relationship", + "validate": true + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Provisioning Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "sn": { + "description": "Last Name", + "isPersonal": true, + "searchable": true, + "title": "Last Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "stateProvince": { + "description": "State/Province", + "isPersonal": false, + "title": "State/Province", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "telephoneNumber": { + "description": "Telephone Number", + "isPersonal": true, + "pattern": "^\\+?([0-9\\- \\(\\)])*$", + "title": "Telephone Number", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "userName": { + "description": "Username", + "isPersonal": true, + "minLength": 1, + "policies": [ + { + "policyId": "valid-username" + }, + { + "params": { + "forbiddenChars": [ + "/" + ] + }, + "policyId": "cannot-contain-characters" + }, + { + "params": { + "minLength": 1 + }, + "policyId": "minimum-length" + }, + { + "params": { + "maxLength": 255 + }, + "policyId": "maximum-length" + } + ], + "searchable": true, + "title": "Username", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + } + }, + "required": [ + "userName", + "givenName", + "sn", + "mail" + ], + "title": "Alpha realm - User", + "type": "object", + "viewable": true + } + }, + { + "lastSync": { + "effectiveAssignmentsProperty": "effectiveAssignments", + "lastSyncProperty": "lastSync" + }, + "name": "bravo_user", + "notifications": {}, + "schema": { + "$schema": "http://json-schema.org/draft-03/schema", + "icon": "fa-user", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User", + "mat-icon": "people", + "order": [ + "_id", + "userName", + "password", + "givenName", + "cn", + "sn", + "mail", + "profileImage", + "description", + "accountStatus", + "telephoneNumber", + "postalAddress", + "city", + "postalCode", + "country", + "stateProvince", + "roles", + "assignments", + "groups", + "applications", + "manager", + "authzRoles", + "reports", + "effectiveRoles", + "effectiveAssignments", + "effectiveGroups", + "effectiveApplications", + "lastSync", + "kbaInfo", + "preferences", + "consentedMappings", + "ownerOfOrg", + "adminOfOrg", + "memberOfOrg", + "memberOfOrgIDs", + "ownerOfApp", + "frIndexedString1", + "frIndexedString2", + "frIndexedString3", + "frIndexedString4", + "frIndexedString5", + "frUnindexedString1", + "frUnindexedString2", + "frUnindexedString3", + "frUnindexedString4", + "frUnindexedString5", + "frIndexedMultivalued1", + "frIndexedMultivalued2", + "frIndexedMultivalued3", + "frIndexedMultivalued4", + "frIndexedMultivalued5", + "frUnindexedMultivalued1", + "frUnindexedMultivalued2", + "frUnindexedMultivalued3", + "frUnindexedMultivalued4", + "frUnindexedMultivalued5", + "frIndexedDate1", + "frIndexedDate2", + "frIndexedDate3", + "frIndexedDate4", + "frIndexedDate5", + "frUnindexedDate1", + "frUnindexedDate2", + "frUnindexedDate3", + "frUnindexedDate4", + "frUnindexedDate5", + "frIndexedInteger1", + "frIndexedInteger2", + "frIndexedInteger3", + "frIndexedInteger4", + "frIndexedInteger5", + "frUnindexedInteger1", + "frUnindexedInteger2", + "frUnindexedInteger3", + "frUnindexedInteger4", + "frUnindexedInteger5", + "assignedDashboard" + ], + "properties": { + "_id": { + "description": "User ID", + "isPersonal": false, + "policies": [ + { + "params": { + "forbiddenChars": [ + "/" + ] + }, + "policyId": "cannot-contain-characters" + } + ], + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false + }, + "accountStatus": { + "default": "active", + "description": "Status", + "isPersonal": false, + "searchable": true, + "title": "Status", + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "adminOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/bravo_organization", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "admins", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Administer", + "type": "array", + "userEditable": false, + "viewable": true + }, + "aliasList": { + "description": "List of identity aliases used primarily to record social IdP subjects for this user", + "isVirtual": false, + "items": { + "title": "User Alias Names Items", + "type": "string" + }, + "returnByDefault": false, + "searchable": false, + "title": "User Alias Names List", + "type": "array", + "userEditable": true, + "viewable": false + }, + "applications": { + "description": "Applications", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:applications:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Groups Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/bravo_application", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [ + "name" + ] + } + } + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Groups Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Applications", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": false + }, + "assignedDashboard": { + "description": "List of items to click on for this user", + "isVirtual": true, + "items": { + "title": "Assigned Dashboard Items", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "name" + ], + "referencedRelationshipFields": [ + [ + "roles", + "applications" + ], + [ + "applications" + ] + ] + }, + "searchable": false, + "title": "Assigned Dashboard", + "type": "array", + "userEditable": false, + "viewable": true + }, + "assignments": { + "description": "Assignments", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Assignment", + "path": "managed/bravo_assignment", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Assignments Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Assignments", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "authzRoles": { + "description": "Authorization Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:authzRoles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Authorization Roles Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Internal Role", + "path": "internal/role", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "authzMembers", + "reverseRelationship": true, + "title": "Authorization Roles Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Authorization Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "city": { + "description": "City", + "isPersonal": false, + "title": "City", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "cn": { + "default": "{{givenName}} {{sn}}", + "description": "Common Name", + "isPersonal": true, + "scope": "private", + "searchable": false, + "title": "Common Name", + "type": "string", + "userEditable": false, + "viewable": false + }, + "consentedMappings": { + "description": "Consented Mappings", + "isPersonal": false, + "isVirtual": false, + "items": { + "items": { + "order": [ + "mapping", + "consentDate" + ], + "properties": { + "consentDate": { + "description": "Consent Date", + "searchable": true, + "title": "Consent Date", + "type": "string", + "userEditable": true, + "viewable": true + }, + "mapping": { + "description": "Mapping", + "searchable": true, + "title": "Mapping", + "type": "string", + "userEditable": true, + "viewable": true + } + }, + "required": [ + "mapping", + "consentDate" + ], + "title": "Consented Mappings Item", + "type": "object" + }, + "title": "Consented Mappings Items", + "type": "array" + }, + "returnByDefault": false, + "searchable": false, + "title": "Consented Mappings", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false + }, + "country": { + "description": "Country", + "isPersonal": false, + "title": "Country", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "description": { + "description": "Description", + "isPersonal": false, + "searchable": true, + "title": "Description", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "effectiveApplications": { + "description": "Effective Applications", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Assigned Application Items", + "type": "object" + }, + "queryConfig": { + "referencedObjectFields": [ + "name" + ], + "referencedRelationshipFields": [ + [ + "roles", + "applications" + ], + [ + "applications" + ] + ] + }, + "returnByDefault": true, + "title": "Effective Applications", + "type": "array", + "viewable": false + }, + "effectiveAssignments": { + "description": "Effective Assignments", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Assignments Items", + "type": "object" + }, + "queryConfig": { + "referencedObjectFields": [ + "*" + ], + "referencedRelationshipFields": [ + [ + "roles", + "assignments" + ], + [ + "assignments" + ] + ] + }, + "returnByDefault": true, + "title": "Effective Assignments", + "type": "array", + "usageDescription": "", + "viewable": false + }, + "effectiveGroups": { + "description": "Effective Groups", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Groups Items", + "type": "object" + }, + "queryConfig": { + "referencedRelationshipFields": [ + "groups" + ] + }, + "returnByDefault": true, + "title": "Effective Groups", + "type": "array", + "usageDescription": "", + "viewable": false + }, + "effectiveRoles": { + "description": "Effective Roles", + "isPersonal": false, + "isVirtual": true, + "items": { + "title": "Effective Roles Items", + "type": "object" + }, + "queryConfig": { + "referencedRelationshipFields": [ + "roles" + ] + }, + "returnByDefault": true, + "title": "Effective Roles", + "type": "array", + "usageDescription": "", + "viewable": false + }, + "frIndexedDate1": { + "description": "Generic Indexed Date 1", + "isPersonal": false, + "title": "Generic Indexed Date 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedDate2": { + "description": "Generic Indexed Date 2", + "isPersonal": false, + "title": "Generic Indexed Date 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedDate3": { + "description": "Generic Indexed Date 3", + "isPersonal": false, + "title": "Generic Indexed Date 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedDate4": { + "description": "Generic Indexed Date 4", + "isPersonal": false, + "title": "Generic Indexed Date 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedDate5": { + "description": "Generic Indexed Date 5", + "isPersonal": false, + "title": "Generic Indexed Date 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedInteger1": { + "description": "Generic Indexed Integer 1", + "isPersonal": false, + "title": "Generic Indexed Integer 1", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedInteger2": { + "description": "Generic Indexed Integer 2", + "isPersonal": false, + "title": "Generic Indexed Integer 2", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedInteger3": { + "description": "Generic Indexed Integer 3", + "isPersonal": false, + "title": "Generic Indexed Integer 3", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedInteger4": { + "description": "Generic Indexed Integer 4", + "isPersonal": false, + "title": "Generic Indexed Integer 4", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedInteger5": { + "description": "Generic Indexed Integer 5", + "isPersonal": false, + "title": "Generic Indexed Integer 5", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedMultivalued1": { + "description": "Generic Indexed Multivalue 1", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Indexed Multivalue 1", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedMultivalued2": { + "description": "Generic Indexed Multivalue 2", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Indexed Multivalue 2", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedMultivalued3": { + "description": "Generic Indexed Multivalue 3", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Indexed Multivalue 3", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedMultivalued4": { + "description": "Generic Indexed Multivalue 4", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Indexed Multivalue 4", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedMultivalued5": { + "description": "Generic Indexed Multivalue 5", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Indexed Multivalue 5", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedString1": { + "description": "Generic Indexed String 1", + "isPersonal": false, + "title": "Generic Indexed String 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedString2": { + "description": "Generic Indexed String 2", + "isPersonal": false, + "title": "Generic Indexed String 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedString3": { + "description": "Generic Indexed String 3", + "isPersonal": false, + "title": "Generic Indexed String 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedString4": { + "description": "Generic Indexed String 4", + "isPersonal": false, + "title": "Generic Indexed String 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frIndexedString5": { + "description": "Generic Indexed String 5", + "isPersonal": false, + "title": "Generic Indexed String 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedDate1": { + "description": "Generic Unindexed Date 1", + "isPersonal": false, + "title": "Generic Unindexed Date 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedDate2": { + "description": "Generic Unindexed Date 2", + "isPersonal": false, + "title": "Generic Unindexed Date 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedDate3": { + "description": "Generic Unindexed Date 3", + "isPersonal": false, + "title": "Generic Unindexed Date 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedDate4": { + "description": "Generic Unindexed Date 4", + "isPersonal": false, + "title": "Generic Unindexed Date 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedDate5": { + "description": "Generic Unindexed Date 5", + "isPersonal": false, + "title": "Generic Unindexed Date 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedInteger1": { + "description": "Generic Unindexed Integer 1", + "isPersonal": false, + "title": "Generic Unindexed Integer 1", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedInteger2": { + "description": "Generic Unindexed Integer 2", + "isPersonal": false, + "title": "Generic Unindexed Integer 2", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedInteger3": { + "description": "Generic Unindexed Integer 3", + "isPersonal": false, + "title": "Generic Unindexed Integer 3", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedInteger4": { + "description": "Generic Unindexed Integer 4", + "isPersonal": false, + "title": "Generic Unindexed Integer 4", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedInteger5": { + "description": "Generic Unindexed Integer 5", + "isPersonal": false, + "title": "Generic Unindexed Integer 5", + "type": "number", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedMultivalued1": { + "description": "Generic Unindexed Multivalue 1", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Unindexed Multivalue 1", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedMultivalued2": { + "description": "Generic Unindexed Multivalue 2", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Unindexed Multivalue 2", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedMultivalued3": { + "description": "Generic Unindexed Multivalue 3", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Unindexed Multivalue 3", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedMultivalued4": { + "description": "Generic Unindexed Multivalue 4", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Unindexed Multivalue 4", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedMultivalued5": { + "description": "Generic Unindexed Multivalue 5", + "isPersonal": false, + "items": { + "type": "string" + }, + "title": "Generic Unindexed Multivalue 5", + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedString1": { + "description": "Generic Unindexed String 1", + "isPersonal": false, + "title": "Generic Unindexed String 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedString2": { + "description": "Generic Unindexed String 2", + "isPersonal": false, + "title": "Generic Unindexed String 2", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedString3": { + "description": "Generic Unindexed String 3", + "isPersonal": false, + "title": "Generic Unindexed String 3", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedString4": { + "description": "Generic Unindexed String 4", + "isPersonal": false, + "title": "Generic Unindexed String 4", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "frUnindexedString5": { + "description": "Generic Unindexed String 5", + "isPersonal": false, + "title": "Generic Unindexed String 5", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "givenName": { + "description": "First Name", + "isPersonal": true, + "searchable": true, + "title": "First Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "groups": { + "description": "Groups", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:groups:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Groups Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Group", + "path": "managed/bravo_group", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Groups Items", + "type": "relationship", + "validate": true + }, + "relationshipGrantTemporalConstraintsEnforced": false, + "returnByDefault": false, + "title": "Groups", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "kbaInfo": { + "description": "KBA Info", + "isPersonal": true, + "items": { + "order": [ + "answer", + "customQuestion", + "questionId" + ], + "properties": { + "answer": { + "description": "Answer", + "type": "string" + }, + "customQuestion": { + "description": "Custom question", + "type": "string" + }, + "questionId": { + "description": "Question ID", + "type": "string" + } + }, + "required": [], + "title": "KBA Info Items", + "type": "object" + }, + "type": "array", + "usageDescription": "", + "userEditable": true, + "viewable": false + }, + "lastSync": { + "description": "Last Sync timestamp", + "isPersonal": false, + "order": [ + "effectiveAssignments", + "timestamp" + ], + "properties": { + "effectiveAssignments": { + "description": "Effective Assignments", + "items": { + "title": "Effective Assignments Items", + "type": "object" + }, + "title": "Effective Assignments", + "type": "array" + }, + "timestamp": { + "description": "Timestamp", + "type": "string" + } + }, + "required": [], + "scope": "private", + "searchable": false, + "title": "Last Sync timestamp", + "type": "object", + "usageDescription": "", + "viewable": false + }, + "mail": { + "description": "Email Address", + "isPersonal": true, + "policies": [ + { + "policyId": "valid-email-address-format" + } + ], + "searchable": true, + "title": "Email Address", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "manager": { + "description": "Manager", + "isPersonal": false, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Manager _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "reports", + "reverseRelationship": true, + "searchable": false, + "title": "Manager", + "type": "relationship", + "usageDescription": "", + "userEditable": false, + "validate": true, + "viewable": true + }, + "memberOfOrg": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/bravo_organization", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations to which I Belong", + "type": "array", + "userEditable": false, + "viewable": true + }, + "memberOfOrgIDs": { + "isVirtual": true, + "items": { + "title": "org identifiers", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs" + ], + "referencedRelationshipFields": [ + "memberOfOrg" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "MemberOfOrgIDs", + "type": "array", + "userEditable": false, + "viewable": false + }, + "ownerOfApp": { + "items": { + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/bravo_application", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [ + "name" + ] + } + } + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "searchable": false, + "title": "Applications I Own", + "type": "array", + "userEditable": false, + "viewable": true + }, + "ownerOfOrg": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/bravo_organization", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "owners", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Organizations I Own", + "type": "array", + "userEditable": false, + "viewable": true + }, + "password": { + "description": "Password", + "isPersonal": false, + "isProtected": true, + "scope": "private", + "searchable": false, + "title": "Password", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": false + }, + "postalAddress": { + "description": "Address 1", + "isPersonal": true, + "title": "Address 1", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "postalCode": { + "description": "Postal Code", + "isPersonal": false, + "title": "Postal Code", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "preferences": { + "description": "Preferences", + "isPersonal": false, + "order": [ + "updates", + "marketing" + ], + "properties": { + "marketing": { + "description": "Send me special offers and services", + "type": "boolean" + }, + "updates": { + "description": "Send me news and updates", + "type": "boolean" + } + }, + "required": [], + "searchable": false, + "title": "Preferences", + "type": "object", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "profileImage": { + "description": "Profile Image", + "isPersonal": true, + "searchable": true, + "title": "Profile Image", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": false + }, + "reports": { + "description": "Direct Reports", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:reports:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Direct Reports Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "manager", + "reverseRelationship": true, + "title": "Direct Reports Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Direct Reports", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "roles": { + "description": "Provisioning Roles", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles", + "isPersonal": false, + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:User:roles:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Provisioning Roles Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociationField": "condition", + "label": "Role", + "path": "managed/bravo_role", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "members", + "reverseRelationship": true, + "title": "Provisioning Roles Items", + "type": "relationship", + "validate": true + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Provisioning Roles", + "type": "array", + "usageDescription": "", + "userEditable": false, + "viewable": true + }, + "sn": { + "description": "Last Name", + "isPersonal": true, + "searchable": true, + "title": "Last Name", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "stateProvince": { + "description": "State/Province", + "isPersonal": false, + "title": "State/Province", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "telephoneNumber": { + "description": "Telephone Number", + "isPersonal": true, + "pattern": "^\\+?([0-9\\- \\(\\)])*$", + "title": "Telephone Number", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + }, + "userName": { + "description": "Username", + "isPersonal": true, + "minLength": 1, + "policies": [ + { + "policyId": "valid-username" + }, + { + "params": { + "forbiddenChars": [ + "/" + ] + }, + "policyId": "cannot-contain-characters" + }, + { + "params": { + "minLength": 1 + }, + "policyId": "minimum-length" + }, + { + "params": { + "maxLength": 255 + }, + "policyId": "maximum-length" + } + ], + "searchable": true, + "title": "Username", + "type": "string", + "usageDescription": "", + "userEditable": true, + "viewable": true + } + }, + "required": [ + "userName", + "givenName", + "sn", + "mail" + ], + "title": "Bravo realm - User", + "type": "object", + "viewable": true + } + }, + { + "name": "alpha_role", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "", + "icon": "fa-check-square-o", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role", + "mat-icon": "assignment_ind", + "order": [ + "_id", + "name", + "description", + "members", + "assignments", + "applications", + "condition", + "temporalConstraints" + ], + "properties": { + "_id": { + "description": "Role ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false + }, + "applications": { + "description": "Role Applications", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:applications:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Role Application Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/alpha_application", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Application Items", + "type": "relationship", + "validate": true + }, + "notifyRelationships": [ + "members" + ], + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Applications", + "type": "array", + "viewable": false + }, + "assignments": { + "description": "Managed Assignments", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Managed Assignments Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Assignment", + "path": "managed/alpha_assignment", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Managed Assignments Items", + "type": "relationship", + "validate": true + }, + "notifyRelationships": [ + "members" + ], + "returnByDefault": false, + "title": "Managed Assignments", + "type": "array", + "viewable": true + }, + "condition": { + "description": "A conditional filter for this role", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false + }, + "description": { + "description": "The role description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true + }, + "members": { + "description": "Role Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Role Members Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Members Items", + "type": "relationship", + "validate": true + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Role Members", + "type": "array", + "viewable": true + }, + "name": { + "description": "The role name, used for display purposes.", + "policies": [ + { + "policyId": "unique" + } + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true + }, + "temporalConstraints": { + "description": "An array of temporal constraints for a role", + "isTemporalConstraint": true, + "items": { + "order": [ + "duration" + ], + "properties": { + "duration": { + "description": "Duration", + "type": "string" + } + }, + "required": [ + "duration" + ], + "title": "Temporal Constraints Items", + "type": "object" + }, + "notifyRelationships": [ + "members" + ], + "returnByDefault": true, + "title": "Temporal Constraints", + "type": "array", + "viewable": false + } + }, + "required": [ + "name" + ], + "title": "Alpha realm - Role", + "type": "object" + } + }, + { + "name": "bravo_role", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "", + "icon": "fa-check-square-o", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role", + "mat-icon": "assignment_ind", + "order": [ + "_id", + "name", + "description", + "members", + "assignments", + "applications", + "condition", + "temporalConstraints" + ], + "properties": { + "_id": { + "description": "Role ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false + }, + "applications": { + "description": "Role Applications", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:applications:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Role Application Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Application", + "path": "managed/bravo_application", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Application Items", + "type": "relationship", + "validate": true + }, + "notifyRelationships": [ + "members" + ], + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Applications", + "type": "array", + "viewable": false + }, + "assignments": { + "description": "Managed Assignments", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:assignments:items", + "notifySelf": true, + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Managed Assignments Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Assignment", + "path": "managed/bravo_assignment", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Managed Assignments Items", + "type": "relationship", + "validate": true + }, + "notifyRelationships": [ + "members" + ], + "returnByDefault": false, + "title": "Managed Assignments", + "type": "array", + "viewable": true + }, + "condition": { + "description": "A conditional filter for this role", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false + }, + "description": { + "description": "The role description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true + }, + "members": { + "description": "Role Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Role:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Role Members Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "roles", + "reverseRelationship": true, + "title": "Role Members Items", + "type": "relationship", + "validate": true + }, + "relationshipGrantTemporalConstraintsEnforced": true, + "returnByDefault": false, + "title": "Role Members", + "type": "array", + "viewable": true + }, + "name": { + "description": "The role name, used for display purposes.", + "policies": [ + { + "policyId": "unique" + } + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true + }, + "temporalConstraints": { + "description": "An array of temporal constraints for a role", + "isTemporalConstraint": true, + "items": { + "order": [ + "duration" + ], + "properties": { + "duration": { + "description": "Duration", + "type": "string" + } + }, + "required": [ + "duration" + ], + "title": "Temporal Constraints Items", + "type": "object" + }, + "notifyRelationships": [ + "members" + ], + "returnByDefault": true, + "title": "Temporal Constraints", + "type": "array", + "viewable": false + } + }, + "required": [ + "name" + ], + "title": "Bravo realm - Role", + "type": "object" + } + }, + { + "attributeEncryption": {}, + "name": "alpha_assignment", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "A role assignment", + "icon": "fa-key", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment", + "mat-icon": "vpn_key", + "order": [ + "_id", + "name", + "description", + "type", + "mapping", + "attributes", + "linkQualifiers", + "roles", + "members", + "condition", + "weight" + ], + "properties": { + "_id": { + "description": "The assignment ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false + }, + "attributes": { + "description": "The attributes operated on by this assignment.", + "items": { + "order": [ + "assignmentOperation", + "unassignmentOperation", + "name", + "value" + ], + "properties": { + "assignmentOperation": { + "description": "Assignment operation", + "type": "string" + }, + "name": { + "description": "Name", + "type": "string" + }, + "unassignmentOperation": { + "description": "Unassignment operation", + "type": "string" + }, + "value": { + "description": "Value", + "type": "string" + } + }, + "required": [], + "title": "Assignment Attributes Items", + "type": "object" + }, + "notifyRelationships": [ + "roles", + "members" + ], + "title": "Assignment Attributes", + "type": "array", + "viewable": true + }, + "condition": { + "description": "A conditional filter for this assignment", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false + }, + "description": { + "description": "The assignment description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true + }, + "linkQualifiers": { + "description": "Conditional link qualifiers to restrict this assignment to.", + "items": { + "title": "Link Qualifiers Items", + "type": "string" + }, + "title": "Link Qualifiers", + "type": "array", + "viewable": true + }, + "mapping": { + "description": "The name of the mapping this assignment applies to", + "policies": [ + { + "policyId": "mapping-exists" + } + ], + "searchable": true, + "title": "Mapping", + "type": "string", + "viewable": true + }, + "members": { + "description": "Assignment Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Assignment Members Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Assignment Members Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Assignment Members", + "type": "array", + "viewable": true + }, + "name": { + "description": "The assignment name, used for display purposes.", + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true + }, + "roles": { + "description": "Managed Roles", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Managed Roles Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/alpha_role", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Managed Roles Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Managed Roles", + "type": "array", + "userEditable": false, + "viewable": true + }, + "type": { + "description": "The type of object this assignment represents", + "title": "Type", + "type": "string", + "viewable": true + }, + "weight": { + "description": "The weight of the assignment.", + "notifyRelationships": [ + "roles", + "members" + ], + "searchable": false, + "title": "Weight", + "type": [ + "number", + "null" + ], + "viewable": true + } + }, + "required": [ + "name", + "description", + "mapping" + ], + "title": "Alpha realm - Assignment", + "type": "object" + } + }, + { + "attributeEncryption": {}, + "name": "bravo_assignment", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "A role assignment", + "icon": "fa-key", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment", + "mat-icon": "vpn_key", + "order": [ + "_id", + "name", + "description", + "type", + "mapping", + "attributes", + "linkQualifiers", + "roles", + "members", + "condition", + "weight" + ], + "properties": { + "_id": { + "description": "The assignment ID", + "searchable": false, + "title": "Name", + "type": "string", + "viewable": false + }, + "attributes": { + "description": "The attributes operated on by this assignment.", + "items": { + "order": [ + "assignmentOperation", + "unassignmentOperation", + "name", + "value" + ], + "properties": { + "assignmentOperation": { + "description": "Assignment operation", + "type": "string" + }, + "name": { + "description": "Name", + "type": "string" + }, + "unassignmentOperation": { + "description": "Unassignment operation", + "type": "string" + }, + "value": { + "description": "Value", + "type": "string" + } + }, + "required": [], + "title": "Assignment Attributes Items", + "type": "object" + }, + "notifyRelationships": [ + "roles", + "members" + ], + "title": "Assignment Attributes", + "type": "array", + "viewable": true + }, + "condition": { + "description": "A conditional filter for this assignment", + "isConditional": true, + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false + }, + "description": { + "description": "The assignment description, used for display purposes.", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true + }, + "linkQualifiers": { + "description": "Conditional link qualifiers to restrict this assignment to.", + "items": { + "title": "Link Qualifiers Items", + "type": "string" + }, + "title": "Link Qualifiers", + "type": "array", + "viewable": true + }, + "mapping": { + "description": "The name of the mapping this assignment applies to", + "policies": [ + { + "policyId": "mapping-exists" + } + ], + "searchable": true, + "title": "Mapping", + "type": "string", + "viewable": true + }, + "members": { + "description": "Assignment Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Assignment Members Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Assignment Members Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Assignment Members", + "type": "array", + "viewable": true + }, + "name": { + "description": "The assignment name, used for display purposes.", + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true + }, + "roles": { + "description": "Managed Roles", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Assignment:roles:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Managed Roles Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/bravo_role", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "assignments", + "reverseRelationship": true, + "title": "Managed Roles Items", + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "title": "Managed Roles", + "type": "array", + "userEditable": false, + "viewable": true + }, + "type": { + "description": "The type of object this assignment represents", + "title": "Type", + "type": "string", + "viewable": true + }, + "weight": { + "description": "The weight of the assignment.", + "notifyRelationships": [ + "roles", + "members" + ], + "searchable": false, + "title": "Weight", + "type": [ + "number", + "null" + ], + "viewable": true + } + }, + "required": [ + "name", + "description", + "mapping" + ], + "title": "Bravo realm - Assignment", + "type": "object" + } + }, + { + "name": "alpha_organization", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "An organization or tenant, whose resources are managed by organizational admins.", + "icon": "fa-building", + "mat-icon": "domain", + "order": [ + "name", + "description", + "owners", + "admins", + "members", + "parent", + "children", + "adminIDs", + "ownerIDs", + "parentAdminIDs", + "parentOwnerIDs", + "parentIDs" + ], + "properties": { + "adminIDs": { + "isVirtual": true, + "items": { + "title": "admin ids", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id" + ], + "referencedRelationshipFields": [ + "admins" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "Admin user ids", + "type": "array", + "userEditable": false, + "viewable": false + }, + "admins": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "adminOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "notifyRelationships": [ + "children" + ], + "returnByDefault": false, + "searchable": false, + "title": "Administrators", + "type": "array", + "userEditable": false, + "viewable": true + }, + "children": { + "description": "Child Organizations", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/alpha_organization", + "query": { + "fields": [ + "name", + "description" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "parent", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Child Organizations", + "type": "array", + "userEditable": false, + "viewable": false + }, + "description": { + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": true, + "viewable": true + }, + "members": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "memberOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true + }, + "name": { + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true + }, + "ownerIDs": { + "isVirtual": true, + "items": { + "title": "owner ids", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id" + ], + "referencedRelationshipFields": [ + "owners" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "Owner user ids", + "type": "array", + "userEditable": false, + "viewable": false + }, + "owners": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "ownerOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "notifyRelationships": [ + "children" + ], + "returnByDefault": false, + "searchable": false, + "title": "Owner", + "type": "array", + "userEditable": false, + "viewable": true + }, + "parent": { + "description": "Parent Organization", + "notifyRelationships": [ + "children", + "members" + ], + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/alpha_organization", + "query": { + "fields": [ + "name", + "description" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "returnByDefault": false, + "reversePropertyName": "children", + "reverseRelationship": true, + "searchable": false, + "title": "Parent Organization", + "type": "relationship", + "userEditable": false, + "validate": true, + "viewable": true + }, + "parentAdminIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent admins", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "adminIDs", + "parentAdminIDs" + ], + "referencedRelationshipFields": [ + "parent" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent admins", + "type": "array", + "userEditable": false, + "viewable": false + }, + "parentIDs": { + "isVirtual": true, + "items": { + "title": "parent org ids", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs" + ], + "referencedRelationshipFields": [ + "parent" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "parent org ids", + "type": "array", + "userEditable": false, + "viewable": false + }, + "parentOwnerIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent owners", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "ownerIDs", + "parentOwnerIDs" + ], + "referencedRelationshipFields": [ + "parent" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent owners", + "type": "array", + "userEditable": false, + "viewable": false + } + }, + "required": [ + "name" + ], + "title": "Alpha realm - Organization", + "type": "object" + } + }, + { + "name": "bravo_organization", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "An organization or tenant, whose resources are managed by organizational admins.", + "icon": "fa-building", + "mat-icon": "domain", + "order": [ + "name", + "description", + "owners", + "admins", + "members", + "parent", + "children", + "adminIDs", + "ownerIDs", + "parentAdminIDs", + "parentOwnerIDs", + "parentIDs" + ], + "properties": { + "adminIDs": { + "isVirtual": true, + "items": { + "title": "admin ids", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id" + ], + "referencedRelationshipFields": [ + "admins" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "Admin user ids", + "type": "array", + "userEditable": false, + "viewable": false + }, + "admins": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "adminOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "notifyRelationships": [ + "children" + ], + "returnByDefault": false, + "searchable": false, + "title": "Administrators", + "type": "array", + "userEditable": false, + "viewable": true + }, + "children": { + "description": "Child Organizations", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": true, + "path": "managed/bravo_organization", + "query": { + "fields": [ + "name", + "description" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "parent", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Child Organizations", + "type": "array", + "userEditable": false, + "viewable": false + }, + "description": { + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": true, + "viewable": true + }, + "members": { + "items": { + "notifySelf": false, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "memberOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true + }, + "name": { + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true + }, + "ownerIDs": { + "isVirtual": true, + "items": { + "title": "owner ids", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id" + ], + "referencedRelationshipFields": [ + "owners" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "Owner user ids", + "type": "array", + "userEditable": false, + "viewable": false + }, + "owners": { + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "notify": false, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "ownerOfOrg", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "notifyRelationships": [ + "children" + ], + "returnByDefault": false, + "searchable": false, + "title": "Owner", + "type": "array", + "userEditable": false, + "viewable": true + }, + "parent": { + "description": "Parent Organization", + "notifyRelationships": [ + "children", + "members" + ], + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Organization", + "notify": false, + "path": "managed/bravo_organization", + "query": { + "fields": [ + "name", + "description" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "returnByDefault": false, + "reversePropertyName": "children", + "reverseRelationship": true, + "searchable": false, + "title": "Parent Organization", + "type": "relationship", + "userEditable": false, + "validate": true, + "viewable": true + }, + "parentAdminIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent admins", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "adminIDs", + "parentAdminIDs" + ], + "referencedRelationshipFields": [ + "parent" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent admins", + "type": "array", + "userEditable": false, + "viewable": false + }, + "parentIDs": { + "isVirtual": true, + "items": { + "title": "parent org ids", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "_id", + "parentIDs" + ], + "referencedRelationshipFields": [ + "parent" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "parent org ids", + "type": "array", + "userEditable": false, + "viewable": false + }, + "parentOwnerIDs": { + "isVirtual": true, + "items": { + "title": "user ids of parent owners", + "type": "string" + }, + "queryConfig": { + "flattenProperties": true, + "referencedObjectFields": [ + "ownerIDs", + "parentOwnerIDs" + ], + "referencedRelationshipFields": [ + "parent" + ] + }, + "returnByDefault": true, + "searchable": false, + "title": "user ids of parent owners", + "type": "array", + "userEditable": false, + "viewable": false + } + }, + "required": [ + "name" + ], + "title": "Bravo realm - Organization", + "type": "object" + } + }, + { + "name": "alpha_group", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "icon": "fa-group", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group", + "mat-icon": "group", + "order": [ + "_id", + "name", + "description", + "condition", + "members" + ], + "properties": { + "_id": { + "description": "Group ID", + "isPersonal": false, + "policies": [ + { + "params": { + "propertyName": "name" + }, + "policyId": "id-must-equal-property" + } + ], + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false + }, + "condition": { + "description": "A filter for conditionally assigned members", + "isConditional": true, + "policies": [ + { + "policyId": "valid-query-filter" + } + ], + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false + }, + "description": { + "description": "Group Description", + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": false, + "viewable": true + }, + "members": { + "description": "Group Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Group Members Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "groups", + "reverseRelationship": true, + "title": "Group Members Items", + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true + }, + "name": { + "description": "Group Name", + "policies": [ + { + "policyId": "required" + }, + { + "params": { + "forbiddenChars": [ + "/*" + ] + }, + "policyId": "cannot-contain-characters" + } + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true + } + }, + "required": [ + "name" + ], + "title": "Alpha realm - Group", + "viewable": true + } + }, + { + "name": "bravo_group", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "icon": "fa-group", + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group", + "mat-icon": "group", + "order": [ + "_id", + "name", + "description", + "condition", + "members" + ], + "properties": { + "_id": { + "description": "Group ID", + "isPersonal": false, + "policies": [ + { + "params": { + "propertyName": "name" + }, + "policyId": "id-must-equal-property" + } + ], + "searchable": false, + "type": "string", + "usageDescription": "", + "userEditable": false, + "viewable": false + }, + "condition": { + "description": "A filter for conditionally assigned members", + "isConditional": true, + "policies": [ + { + "policyId": "valid-query-filter" + } + ], + "searchable": false, + "title": "Condition", + "type": "string", + "viewable": false + }, + "description": { + "description": "Group Description", + "searchable": true, + "title": "Description", + "type": "string", + "userEditable": false, + "viewable": true + }, + "members": { + "description": "Group Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Group:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Group Members Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "conditionalAssociation": true, + "label": "User", + "notify": true, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "groups", + "reverseRelationship": true, + "title": "Group Members Items", + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true + }, + "name": { + "description": "Group Name", + "policies": [ + { + "policyId": "required" + }, + { + "params": { + "forbiddenChars": [ + "/*" + ] + }, + "policyId": "cannot-contain-characters" + } + ], + "searchable": true, + "title": "Name", + "type": "string", + "viewable": true + } + }, + "required": [ + "name" + ], + "title": "Bravo realm - Group", + "viewable": true + } + }, + { + "name": "alpha_application", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "Application Object", + "icon": "fa-folder", + "order": [ + "name", + "description", + "url", + "icon", + "mappingNames", + "owners", + "roles", + "members" + ], + "properties": { + "_id": { + "description": "Application ID", + "isPersonal": false, + "searchable": false, + "type": "string", + "userEditable": false, + "viewable": false + }, + "authoritative": { + "description": "Is this an authoritative application", + "searchable": false, + "title": "Authoritative", + "type": "boolean", + "viewable": false + }, + "connectorId": { + "description": "Id of the connector associated with the application", + "searchable": false, + "title": "Connector ID", + "type": "string", + "userEditable": false, + "viewable": false + }, + "description": { + "description": "Application Description", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true + }, + "icon": { + "searchable": true, + "title": "Icon", + "type": "string", + "userEditable": true, + "viewable": true + }, + "mappingNames": { + "description": "Names of the sync mappings used by an application with provisioning configured.", + "items": { + "title": "Mapping Name Items", + "type": "string" + }, + "searchable": true, + "title": "Sync Mapping Names", + "type": "array", + "viewable": true + }, + "members": { + "description": "Application Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Application:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Group Members Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "applications", + "reverseRelationship": true, + "title": "Group Members Items", + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true + }, + "name": { + "description": "Application name", + "notifyRelationships": [ + "roles", + "members" + ], + "policies": [ + { + "policyId": "unique" + } + ], + "returnByDefault": true, + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true + }, + "owners": { + "description": "Application Owners", + "items": { + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Application _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/alpha_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "ownerOfApp", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "searchable": false, + "title": "Owners", + "type": "array", + "userEditable": false, + "viewable": true + }, + "roles": { + "description": "Roles granting users the application", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/alpha_role", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "applications", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "searchable": false, + "title": "Roles", + "type": "array", + "userEditable": false, + "viewable": true + }, + "ssoEntities": { + "description": "SSO Entity Id", + "properties": { + "idpLocation": { + "type": "string" + }, + "idpPrivateId": { + "type": "string" + }, + "spLocation": { + "type": "string" + }, + "spPrivate": { + "type": "string" + } + }, + "searchable": false, + "title": "SSO Entity Id", + "type": "object", + "userEditable": false, + "viewable": false + }, + "templateName": { + "description": "Name of the template the application was created from", + "searchable": false, + "title": "Template Name", + "type": "string", + "userEditable": false, + "viewable": false + }, + "templateVersion": { + "description": "The template version", + "searchable": false, + "title": "Template Version", + "type": "string", + "userEditable": false, + "viewable": false + }, + "uiConfig": { + "description": "UI Config", + "isPersonal": false, + "properties": {}, + "searchable": false, + "title": "UI Config", + "type": "object", + "usageDescription": "", + "viewable": false + }, + "url": { + "searchable": true, + "title": "Url", + "type": "string", + "userEditable": true, + "viewable": true + } + }, + "required": [ + "name" + ], + "title": "Alpha realm - Application", + "type": "object" + } + }, + { + "name": "bravo_application", + "schema": { + "$schema": "http://forgerock.org/json-schema#", + "description": "Application Object", + "icon": "fa-folder", + "order": [ + "name", + "description", + "url", + "icon", + "mappingNames", + "owners", + "roles", + "members" + ], + "properties": { + "_id": { + "description": "Application ID", + "isPersonal": false, + "searchable": false, + "type": "string", + "userEditable": false, + "viewable": false + }, + "authoritative": { + "description": "Is this an authoritative application", + "searchable": false, + "title": "Authoritative", + "type": "boolean", + "viewable": false + }, + "connectorId": { + "description": "Id of the connector associated with the application", + "searchable": false, + "title": "Connector ID", + "type": "string", + "userEditable": false, + "viewable": false + }, + "description": { + "description": "Application Description", + "searchable": true, + "title": "Description", + "type": "string", + "viewable": true + }, + "icon": { + "searchable": true, + "title": "Icon", + "type": "string", + "userEditable": true, + "viewable": true + }, + "mappingNames": { + "description": "Names of the sync mappings used by an application with provisioning configured.", + "items": { + "title": "Mapping Name Items", + "type": "string" + }, + "searchable": true, + "title": "Sync Mapping Names", + "type": "array", + "viewable": true + }, + "members": { + "description": "Application Members", + "items": { + "id": "urn:jsonschema:org:forgerock:openidm:managed:api:Application:members:items", + "properties": { + "_ref": { + "description": "References a relationship from a managed object", + "type": "string" + }, + "_refProperties": { + "description": "Supports metadata within the relationship", + "properties": { + "_grantType": { + "description": "Grant Type", + "label": "Grant Type", + "type": "string" + }, + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Group Members Items _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "notify": true, + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "applications", + "reverseRelationship": true, + "title": "Group Members Items", + "type": "relationship", + "validate": true + }, + "policies": [], + "returnByDefault": false, + "searchable": false, + "title": "Members", + "type": "array", + "userEditable": false, + "viewable": true + }, + "name": { + "description": "Application name", + "notifyRelationships": [ + "roles", + "members" + ], + "policies": [ + { + "policyId": "unique" + } + ], + "returnByDefault": true, + "searchable": true, + "title": "Name", + "type": "string", + "userEditable": true, + "viewable": true + }, + "owners": { + "description": "Application Owners", + "items": { + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "description": "_refProperties object ID", + "type": "string" + } + }, + "title": "Application _refProperties", + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "User", + "path": "managed/bravo_user", + "query": { + "fields": [ + "userName", + "givenName", + "sn" + ], + "queryFilter": "true" + } + } + ], + "reversePropertyName": "ownerOfApp", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "searchable": false, + "title": "Owners", + "type": "array", + "userEditable": false, + "viewable": true + }, + "roles": { + "description": "Roles granting users the application", + "items": { + "notifySelf": true, + "properties": { + "_ref": { + "type": "string" + }, + "_refProperties": { + "properties": { + "_id": { + "propName": "_id", + "required": false, + "type": "string" + } + }, + "type": "object" + } + }, + "resourceCollection": [ + { + "label": "Role", + "notify": true, + "path": "managed/bravo_role", + "query": { + "fields": [ + "name" + ], + "queryFilter": "true", + "sortKeys": [] + } + } + ], + "reversePropertyName": "applications", + "reverseRelationship": true, + "type": "relationship", + "validate": true + }, + "returnByDefault": false, + "searchable": false, + "title": "Roles", + "type": "array", + "userEditable": false, + "viewable": true + }, + "ssoEntities": { + "description": "SSO Entity Id", + "properties": { + "idpLocation": { + "type": "string" + }, + "idpPrivateId": { + "type": "string" + }, + "spLocation": { + "type": "string" + }, + "spPrivate": { + "type": "string" + } + }, + "searchable": false, + "title": "SSO Entity Id", + "type": "object", + "userEditable": false, + "viewable": false + }, + "templateName": { + "description": "Name of the template the application was created from", + "searchable": false, + "title": "Template Name", + "type": "string", + "userEditable": false, + "viewable": false + }, + "templateVersion": { + "description": "The template version", + "searchable": false, + "title": "Template Version", + "type": "string", + "userEditable": false, + "viewable": false + }, + "uiConfig": { + "description": "UI Config", + "isPersonal": false, + "properties": {}, + "searchable": false, + "title": "UI Config", + "type": "object", + "usageDescription": "", + "viewable": false + }, + "url": { + "searchable": true, + "title": "Url", + "type": "string", + "userEditable": true, + "viewable": true + } + }, + "required": [ + "name" + ], + "title": "Bravo realm - Application", + "type": "object" + } + } + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/policy.idm.json b/test/e2e/exports/full-export-separate/global/idm/policy.idm.json new file mode 100644 index 000000000..ab5b687a9 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/policy.idm.json @@ -0,0 +1,9 @@ +{ + "idm": { + "policy": { + "_id": "policy", + "additionalFiles": [], + "resources": [] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/privilegeAssignments.idm.json b/test/e2e/exports/full-export-separate/global/idm/privilegeAssignments.idm.json new file mode 100644 index 000000000..7b0f0a2ce --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/privilegeAssignments.idm.json @@ -0,0 +1,31 @@ +{ + "idm": { + "privilegeAssignments": { + "_id": "privilegeAssignments", + "privilegeAssignments": [ + { + "name": "ownerPrivileges", + "privileges": [ + "owner-view-update-delete-orgs", + "owner-create-orgs", + "owner-view-update-delete-admins-and-members", + "owner-create-admins", + "admin-view-update-delete-members", + "admin-create-members" + ], + "relationshipField": "ownerOfOrg" + }, + { + "name": "adminPrivileges", + "privileges": [ + "admin-view-update-delete-orgs", + "admin-create-orgs", + "admin-view-update-delete-members", + "admin-create-members" + ], + "relationshipField": "adminOfOrg" + } + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/privileges.idm.json b/test/e2e/exports/full-export-separate/global/idm/privileges.idm.json new file mode 100644 index 000000000..2df21b067 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/privileges.idm.json @@ -0,0 +1,8 @@ +{ + "idm": { + "privileges": { + "_id": "privileges", + "privileges": [] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/provisioner.openic/GoogleApps.idm.json b/test/e2e/exports/full-export-separate/global/idm/provisioner.openic/GoogleApps.idm.json new file mode 100644 index 000000000..9dc6b8e93 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/provisioner.openic/GoogleApps.idm.json @@ -0,0 +1,442 @@ +{ + "idm": { + "provisioner.openic/GoogleApps": { + "_id": "provisioner.openic/GoogleApps", + "configurationProperties": { + "availableLicenses": [ + "101005/1010050001", + "101001/1010010001", + "101031/1010310010", + "101034/1010340002", + "101038/1010380002", + "101034/1010340001", + "101038/1010380003", + "101034/1010340004", + "101034/1010340003", + "101034/1010340006", + "Google-Apps/Google-Apps-For-Business", + "101034/1010340005", + "Google-Vault/Google-Vault", + "Google-Apps/1010020031", + "Google-Apps/1010020030", + "Google-Apps/1010060003", + "Google-Apps/1010060005", + "Google-Apps/Google-Apps-Unlimited", + "Google-Apps/1010020029", + "Google-Apps/Google-Apps-Lite", + "101031/1010310003", + "101033/1010330002", + "101033/1010330004", + "Google-Apps/Google-Apps-For-Education", + "101031/1010310002", + "101033/1010330003", + "Google-Apps/1010020026", + "101031/1010310007", + "Google-Apps/1010020025", + "101031/1010310008", + "Google-Apps/1010020028", + "Google-Apps/Google-Apps-For-Postini", + "101031/1010310005", + "Google-Apps/1010020027", + "101031/1010310006", + "101031/1010310009", + "Google-Vault/Google-Vault-Former-Employee", + "101038/1010370001", + "Google-Apps/1010020020", + "Google-Apps/1010060001" + ], + "clientId": "&{esv.gac.client.id}", + "clientSecret": "&{esv.gac.secret}", + "domain": "&{esv.gac.domain}", + "groupsMaxResults": "200", + "listProductAndSkuMaxResults": "100", + "listProductMaxResults": "100", + "membersMaxResults": "200", + "proxyHost": null, + "proxyPort": 8080, + "refreshToken": "&{esv.gac.refresh}", + "roleAssignmentMaxResults": 100, + "roleMaxResults": 100, + "usersMaxResults": "100", + "validateCertificate": true + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.googleapps-connector", + "bundleVersion": "[1.5.0.0,1.6.0.0)", + "connectorHostRef": "", + "connectorName": "org.forgerock.openicf.connectors.googleapps.GoogleAppsConnector", + "displayName": "GoogleApps Connector", + "systemType": "provisioner.openicf" + }, + "enabled": { + "$bool": "&{esv.gac.enable.connector}" + }, + "objectTypes": { + "__ACCOUNT__": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__GROUPS__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "__GROUPS__", + "nativeType": "string", + "type": "array" + }, + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string" + }, + "__PASSWORD__": { + "flags": [ + "NOT_READABLE", + "NOT_RETURNED_BY_DEFAULT" + ], + "nativeName": "__PASSWORD__", + "nativeType": "JAVA_TYPE_GUARDEDSTRING", + "required": true, + "type": "string" + }, + "__PHOTO__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT" + ], + "nativeName": "__PHOTO__", + "nativeType": "JAVA_TYPE_BYTE_ARRAY", + "type": "string" + }, + "__SECONDARY_EMAILS__": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "__SECONDARY_EMAILS__", + "nativeType": "object", + "type": "array" + }, + "__UID__": { + "nativeName": "__UID__", + "nativeType": "string", + "required": false, + "type": "string" + }, + "addresses": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "addresses", + "nativeType": "object", + "type": "array" + }, + "agreedToTerms": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "agreedToTerms", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean" + }, + "aliases": { + "flags": [ + "NOT_CREATABLE" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "aliases", + "nativeType": "string", + "type": "array" + }, + "archived": { + "nativeName": "archived", + "nativeType": "boolean", + "type": "boolean" + }, + "changePasswordAtNextLogin": { + "nativeName": "changePasswordAtNextLogin", + "nativeType": "boolean", + "type": "boolean" + }, + "creationTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "creationTime", + "nativeType": "string", + "type": "array" + }, + "customSchemas": { + "nativeName": "customSchemas", + "nativeType": "object", + "type": "object" + }, + "customerId": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "customerId", + "nativeType": "string", + "type": "string" + }, + "deletionTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "deletionTime", + "nativeType": "string", + "type": "string" + }, + "externalIds": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "externalIds", + "nativeType": "object", + "type": "array" + }, + "familyName": { + "nativeName": "familyName", + "nativeType": "string", + "type": "string" + }, + "fullName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "fullName", + "nativeType": "string", + "type": "string" + }, + "givenName": { + "nativeName": "givenName", + "nativeType": "string", + "required": true, + "type": "string" + }, + "hashFunction": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT" + ], + "nativeName": "hashFunction", + "nativeType": "string", + "type": "string" + }, + "ims": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "ims", + "nativeType": "object", + "type": "array" + }, + "includeInGlobalAddressList": { + "nativeName": "includeInGlobalAddressList", + "nativeType": "boolean", + "type": "boolean" + }, + "ipWhitelisted": { + "nativeName": "ipWhitelisted", + "nativeType": "boolean", + "type": "boolean" + }, + "isAdmin": { + "nativeName": "isAdmin", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean" + }, + "isDelegatedAdmin": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "isDelegatedAdmin", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean" + }, + "isEnforcedIn2Sv": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "isEnforcedIn2Sv", + "nativeType": "boolean", + "type": "boolean" + }, + "isEnrolledIn2Sv": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "isEnrolledIn2Sv", + "nativeType": "boolean", + "type": "boolean" + }, + "isMailboxSetup": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "isMailboxSetup", + "nativeType": "boolean", + "type": "boolean" + }, + "languages": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "languages", + "nativeType": "object", + "type": "array" + }, + "lastLoginTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "lastLoginTime", + "nativeType": "string", + "type": "array" + }, + "nonEditableAliases": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "nonEditableAliases", + "nativeType": "string", + "type": "array" + }, + "orgUnitPath": { + "nativeName": "orgUnitPath", + "nativeType": "string", + "type": "string" + }, + "organizations": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "organizations", + "nativeType": "object", + "type": "array" + }, + "phones": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "phones", + "nativeType": "object", + "type": "array" + }, + "primaryEmail": { + "nativeName": "primaryEmail", + "nativeType": "string", + "type": "string" + }, + "recoveryEmail": { + "nativeName": "recoveryEmail", + "nativeType": "string", + "type": "string" + }, + "recoveryPhone": { + "nativeName": "recoveryPhone", + "nativeType": "string", + "type": "string" + }, + "relations": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "relations", + "nativeType": "object", + "type": "array" + }, + "suspended": { + "nativeName": "suspended", + "nativeType": "boolean", + "type": "boolean" + }, + "suspensionReason": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "suspensionReason", + "nativeType": "string", + "type": "string" + }, + "thumbnailPhotoUrl": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "thumbnailPhotoUrl", + "nativeType": "string", + "type": "string" + } + }, + "type": "object" + } + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1 + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1 + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/provisioner.openicf.connectorinfoprovider.idm.json b/test/e2e/exports/full-export-separate/global/idm/provisioner.openicf.connectorinfoprovider.idm.json new file mode 100644 index 000000000..61adce4da --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/provisioner.openicf.connectorinfoprovider.idm.json @@ -0,0 +1,18 @@ +{ + "idm": { + "provisioner.openicf.connectorinfoprovider": { + "_id": "provisioner.openicf.connectorinfoprovider", + "connectorsLocation": "connectors", + "remoteConnectorClients": [ + { + "enabled": true, + "name": "rcs1", + "useSSL": true + } + ], + "remoteConnectorClientsGroups": [], + "remoteConnectorServers": [], + "remoteConnectorServersGroups": [] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/provisioner.openicf/Azure.idm.json b/test/e2e/exports/full-export-separate/global/idm/provisioner.openicf/Azure.idm.json new file mode 100644 index 000000000..23d640d21 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/provisioner.openicf/Azure.idm.json @@ -0,0 +1,735 @@ +{ + "idm": { + "provisioner.openicf/Azure": { + "_id": "provisioner.openicf/Azure", + "configurationProperties": { + "clientId": "4b07adcc-329c-434c-aa83-49a14bef3c49", + "clientSecret": { + "$crypto": { + "type": "x-simple-encryption", + "value": { + "cipher": "AES/CBC/PKCS5Padding", + "data": "W63amdvzlmynT40WOTl1wPWDc8FUlGWQZK158lmlFTrnhy9PbWZV5YE4v3VeMUDC", + "iv": "KG/YFc8v26QHJzRI3uFhzw==", + "keySize": 16, + "mac": "mA4BzCNS7tuLhosQ+es1Tg==", + "purpose": "idm.config.encryption", + "salt": "vvPwKk0KqOqMjElQgICqEA==", + "stableId": "openidm-sym-default" + } + } + }, + "httpProxyHost": null, + "httpProxyPassword": null, + "httpProxyPort": null, + "httpProxyUsername": null, + "licenseCacheExpiryTime": 60, + "performHardDelete": true, + "readRateLimit": null, + "tenant": "711ffa9c-5972-4713-ace3-688c9732614a", + "writeRateLimit": null + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.msgraphapi-connector", + "bundleVersion": "1.5.20.21", + "connectorName": "org.forgerock.openicf.connectors.msgraphapi.MSGraphAPIConnector", + "displayName": "MSGraphAPI Connector", + "systemType": "provisioner.openicf" + }, + "enabled": true, + "objectTypes": { + "User": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__PASSWORD__": { + "autocomplete": "new-password", + "flags": [ + "NOT_UPDATEABLE", + "NOT_READABLE", + "NOT_RETURNED_BY_DEFAULT" + ], + "nativeName": "__PASSWORD__", + "nativeType": "JAVA_TYPE_GUARDEDSTRING", + "required": true, + "type": "string" + }, + "__roles__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "__roles__", + "nativeType": "string", + "type": "array" + }, + "__servicePlanIds__": { + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "__servicePlanIds__", + "nativeType": "string", + "type": "array" + }, + "accountEnabled": { + "nativeName": "accountEnabled", + "nativeType": "boolean", + "required": true, + "type": "boolean" + }, + "city": { + "nativeName": "city", + "nativeType": "string", + "type": "string" + }, + "companyName": { + "nativeName": "companyName", + "nativeType": "string", + "type": "string" + }, + "country": { + "nativeName": "country", + "nativeType": "string", + "type": "string" + }, + "department": { + "nativeName": "department", + "nativeType": "string", + "type": "string" + }, + "displayName": { + "nativeName": "displayName", + "nativeType": "string", + "required": true, + "type": "string" + }, + "givenName": { + "nativeName": "givenName", + "nativeType": "string", + "type": "string" + }, + "jobTitle": { + "nativeName": "jobTitle", + "nativeType": "string", + "type": "string" + }, + "mail": { + "nativeName": "mail", + "nativeType": "string", + "required": true, + "type": "string" + }, + "mailNickname": { + "nativeName": "mailNickname", + "nativeType": "string", + "required": true, + "type": "string" + }, + "manager": { + "nativeName": "manager", + "nativeType": "object", + "type": "object" + }, + "memberOf": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "memberOf", + "nativeType": "string", + "type": "array" + }, + "mobilePhone": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "mobilePhone", + "nativeType": "string", + "type": "string" + }, + "onPremisesImmutableId": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE" + ], + "nativeName": "onPremisesImmutableId", + "nativeType": "string", + "type": "string" + }, + "onPremisesSecurityIdentifier": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE" + ], + "nativeName": "onPremisesSecurityIdentifier", + "nativeType": "string", + "type": "string" + }, + "otherMails": { + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "otherMails", + "nativeType": "string", + "type": "array" + }, + "postalCode": { + "nativeName": "postalCode", + "nativeType": "string", + "type": "string" + }, + "preferredLanguage": { + "nativeName": "preferredLanguage", + "nativeType": "string", + "type": "string" + }, + "proxyAddresses": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "proxyAddresses", + "nativeType": "string", + "type": "array" + }, + "state": { + "nativeName": "state", + "nativeType": "string", + "type": "string" + }, + "streetAddress": { + "nativeName": "streetAddress", + "nativeType": "string", + "type": "string" + }, + "surname": { + "nativeName": "surname", + "nativeType": "string", + "type": "string" + }, + "usageLocation": { + "nativeName": "usageLocation", + "nativeType": "string", + "type": "string" + }, + "userPrincipalName": { + "nativeName": "userPrincipalName", + "nativeType": "string", + "required": true, + "type": "string" + }, + "userType": { + "nativeName": "userType", + "nativeType": "string", + "type": "string" + } + }, + "type": "object" + }, + "__GROUP__": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__GROUP__", + "nativeType": "__GROUP__", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "required": true, + "type": "string" + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string" + }, + "displayName": { + "nativeName": "displayName", + "nativeType": "string", + "required": true, + "type": "string" + }, + "groupTypes": { + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "groupTypes", + "nativeType": "string", + "type": "string" + }, + "id": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE" + ], + "nativeName": "id", + "type": "string" + }, + "mail": { + "nativeName": "mail", + "nativeType": "string", + "type": "string" + }, + "mailEnabled": { + "nativeName": "mailEnabled", + "nativeType": "boolean", + "required": true, + "type": "boolean" + }, + "onPremisesSecurityIdentifier": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE" + ], + "nativeName": "onPremisesSecurityIdentifier", + "nativeType": "string", + "type": "string" + }, + "proxyAddresses": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "proxyAddresses", + "nativeType": "string", + "type": "array" + }, + "securityEnabled": { + "nativeName": "securityEnabled", + "nativeType": "boolean", + "required": true, + "type": "boolean" + }, + "type": { + "nativeName": "type", + "required": true, + "type": "string" + } + }, + "type": "object" + }, + "directoryRole": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "directoryRole", + "nativeType": "directoryRole", + "properties": { + "description": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "description", + "nativeType": "string", + "type": "string" + }, + "displayName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "displayName", + "nativeType": "string", + "type": "string" + } + }, + "type": "object" + }, + "servicePlan": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "servicePlan", + "nativeType": "servicePlan", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string" + }, + "appliesTo": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE" + ], + "nativeName": "appliesTo", + "nativeType": "string", + "type": "string" + }, + "provisioningStatus": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE" + ], + "nativeName": "provisioningStatus", + "nativeType": "string", + "type": "string" + }, + "servicePlanId": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE" + ], + "nativeName": "servicePlanId", + "nativeType": "string", + "type": "string" + }, + "servicePlanName": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE" + ], + "nativeName": "servicePlanName", + "nativeType": "string", + "type": "string" + }, + "subscriberSkuId": { + "flags": [ + "NOT_UPDATEABLE", + "NOT_CREATABLE" + ], + "nativeName": "subscriberSkuId", + "type": "string" + } + }, + "type": "object" + }, + "servicePrincipal": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "servicePrincipal", + "nativeType": "servicePrincipal", + "properties": { + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string" + }, + "__addAppRoleAssignedTo__": { + "flags": [ + "NOT_READABLE", + "NOT_RETURNED_BY_DEFAULT" + ], + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "__addAppRoleAssignedTo__", + "nativeType": "object", + "type": "array" + }, + "__addAppRoleAssignments__": { + "flags": [ + "NOT_READABLE", + "NOT_RETURNED_BY_DEFAULT" + ], + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "__addAppRoleAssignments__", + "nativeType": "object", + "type": "array" + }, + "__removeAppRoleAssignedTo__": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + "NOT_RETURNED_BY_DEFAULT" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "__removeAppRoleAssignedTo__", + "nativeType": "string", + "type": "array" + }, + "__removeAppRoleAssignments__": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE", + "NOT_RETURNED_BY_DEFAULT" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "__removeAppRoleAssignments__", + "nativeType": "string", + "type": "array" + }, + "accountEnabled": { + "nativeName": "accountEnabled", + "nativeType": "boolean", + "type": "boolean" + }, + "addIns": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "addIns", + "nativeType": "object", + "type": "array" + }, + "alternativeNames": { + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "alternativeNames", + "nativeType": "string", + "type": "array" + }, + "appDescription": { + "nativeName": "appDescription", + "nativeType": "string", + "type": "string" + }, + "appDisplayName": { + "nativeName": "appDisplayName", + "nativeType": "string", + "type": "string" + }, + "appId": { + "nativeName": "appId", + "nativeType": "string", + "type": "string" + }, + "appOwnerOrganizationId": { + "nativeName": "appOwnerOrganizationId", + "nativeType": "string", + "type": "string" + }, + "appRoleAssignmentRequired": { + "nativeName": "appRoleAssignmentRequired", + "nativeType": "boolean", + "type": "boolean" + }, + "appRoles": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "appRoles", + "nativeType": "object", + "type": "array" + }, + "applicationTemplateId": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "applicationTemplateId", + "nativeType": "string", + "type": "string" + }, + "deletedDateTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "deletedDateTime", + "nativeType": "string", + "type": "string" + }, + "description": { + "nativeName": "description", + "nativeType": "string", + "type": "string" + }, + "disabledByMicrosoftStatus": { + "nativeName": "disabledByMicrosoftStatus", + "nativeType": "string", + "type": "string" + }, + "displayName": { + "nativeName": "displayName", + "nativeType": "string", + "type": "string" + }, + "homepage": { + "nativeName": "homepage", + "nativeType": "string", + "type": "string" + }, + "info": { + "nativeName": "info", + "nativeType": "object", + "type": "object" + }, + "keyCredentials": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "keyCredentials", + "nativeType": "object", + "type": "array" + }, + "loginUrl": { + "nativeName": "loginUrl", + "nativeType": "string", + "type": "string" + }, + "logoutUrl": { + "nativeName": "logoutUrl", + "nativeType": "string", + "type": "string" + }, + "notes": { + "nativeName": "notes", + "nativeType": "string", + "type": "string" + }, + "notificationEmailAddresses": { + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "notificationEmailAddresses", + "nativeType": "string", + "type": "array" + }, + "oauth2PermissionScopes": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "oauth2PermissionScopes", + "nativeType": "object", + "type": "array" + }, + "passwordCredentials": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "passwordCredentials", + "nativeType": "object", + "type": "array" + }, + "preferredSingleSignOnMode": { + "nativeName": "preferredSingleSignOnMode", + "nativeType": "string", + "type": "string" + }, + "replyUrls": { + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "replyUrls", + "nativeType": "string", + "type": "array" + }, + "resourceSpecificApplicationPermissions": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "resourceSpecificApplicationPermissions", + "nativeType": "object", + "type": "array" + }, + "samlSingleSignOnSettings": { + "nativeName": "samlSingleSignOnSettings", + "nativeType": "object", + "type": "object" + }, + "servicePrincipalNames": { + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "servicePrincipalNames", + "nativeType": "string", + "type": "array" + }, + "servicePrincipalType": { + "nativeName": "servicePrincipalType", + "nativeType": "string", + "type": "string" + }, + "signInAudience": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "signInAudience", + "nativeType": "string", + "type": "string" + }, + "tags": { + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "tags", + "nativeType": "string", + "type": "array" + }, + "tokenEncryptionKeyId": { + "nativeName": "tokenEncryptionKeyId", + "nativeType": "string", + "type": "string" + }, + "verifiedPublisher": { + "nativeName": "verifiedPublisher", + "nativeType": "object", + "type": "object" + } + }, + "type": "object" + } + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1 + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1 + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/provisioner.openicf/GoogleApps.idm.json b/test/e2e/exports/full-export-separate/global/idm/provisioner.openicf/GoogleApps.idm.json new file mode 100644 index 000000000..148a44847 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/provisioner.openicf/GoogleApps.idm.json @@ -0,0 +1,442 @@ +{ + "idm": { + "provisioner.openicf/GoogleApps": { + "_id": "provisioner.openicf/GoogleApps", + "configurationProperties": { + "availableLicenses": [ + "101005/1010050001", + "101001/1010010001", + "101031/1010310010", + "101034/1010340002", + "101038/1010380002", + "101034/1010340001", + "101038/1010380003", + "101034/1010340004", + "101034/1010340003", + "101034/1010340006", + "Google-Apps/Google-Apps-For-Business", + "101034/1010340005", + "Google-Vault/Google-Vault", + "Google-Apps/1010020031", + "Google-Apps/1010020030", + "Google-Apps/1010060003", + "Google-Apps/1010060005", + "Google-Apps/Google-Apps-Unlimited", + "Google-Apps/1010020029", + "Google-Apps/Google-Apps-Lite", + "101031/1010310003", + "101033/1010330002", + "101033/1010330004", + "Google-Apps/Google-Apps-For-Education", + "101031/1010310002", + "101033/1010330003", + "Google-Apps/1010020026", + "101031/1010310007", + "Google-Apps/1010020025", + "101031/1010310008", + "Google-Apps/1010020028", + "Google-Apps/Google-Apps-For-Postini", + "101031/1010310005", + "Google-Apps/1010020027", + "101031/1010310006", + "101031/1010310009", + "Google-Vault/Google-Vault-Former-Employee", + "101038/1010370001", + "Google-Apps/1010020020", + "Google-Apps/1010060001" + ], + "clientId": "&{esv.gac.client.id}", + "clientSecret": "&{esv.gac.secret}", + "domain": "&{esv.gac.domain}", + "groupsMaxResults": "200", + "listProductAndSkuMaxResults": "100", + "listProductMaxResults": "100", + "membersMaxResults": "200", + "proxyHost": null, + "proxyPort": 8080, + "refreshToken": "&{esv.gac.refresh}", + "roleAssignmentMaxResults": 100, + "roleMaxResults": 100, + "usersMaxResults": "100", + "validateCertificate": true + }, + "connectorRef": { + "bundleName": "org.forgerock.openicf.connectors.googleapps-connector", + "bundleVersion": "[1.5.0.0,1.6.0.0)", + "connectorHostRef": "", + "connectorName": "org.forgerock.openicf.connectors.googleapps.GoogleAppsConnector", + "displayName": "GoogleApps Connector", + "systemType": "provisioner.openicf" + }, + "enabled": { + "$bool": "&{esv.gac.enable.connector}" + }, + "objectTypes": { + "__ACCOUNT__": { + "$schema": "http://json-schema.org/draft-03/schema", + "id": "__ACCOUNT__", + "nativeType": "__ACCOUNT__", + "properties": { + "__GROUPS__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "__GROUPS__", + "nativeType": "string", + "type": "array" + }, + "__NAME__": { + "nativeName": "__NAME__", + "nativeType": "string", + "type": "string" + }, + "__PASSWORD__": { + "flags": [ + "NOT_READABLE", + "NOT_RETURNED_BY_DEFAULT" + ], + "nativeName": "__PASSWORD__", + "nativeType": "JAVA_TYPE_GUARDEDSTRING", + "required": true, + "type": "string" + }, + "__PHOTO__": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT" + ], + "nativeName": "__PHOTO__", + "nativeType": "JAVA_TYPE_BYTE_ARRAY", + "type": "string" + }, + "__SECONDARY_EMAILS__": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "__SECONDARY_EMAILS__", + "nativeType": "object", + "type": "array" + }, + "__UID__": { + "nativeName": "__UID__", + "nativeType": "string", + "required": false, + "type": "string" + }, + "addresses": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "addresses", + "nativeType": "object", + "type": "array" + }, + "agreedToTerms": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "agreedToTerms", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean" + }, + "aliases": { + "flags": [ + "NOT_CREATABLE" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "aliases", + "nativeType": "string", + "type": "array" + }, + "archived": { + "nativeName": "archived", + "nativeType": "boolean", + "type": "boolean" + }, + "changePasswordAtNextLogin": { + "nativeName": "changePasswordAtNextLogin", + "nativeType": "boolean", + "type": "boolean" + }, + "creationTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "creationTime", + "nativeType": "string", + "type": "array" + }, + "customSchemas": { + "nativeName": "customSchemas", + "nativeType": "object", + "type": "object" + }, + "customerId": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "customerId", + "nativeType": "string", + "type": "string" + }, + "deletionTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "deletionTime", + "nativeType": "string", + "type": "string" + }, + "externalIds": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "externalIds", + "nativeType": "object", + "type": "array" + }, + "familyName": { + "nativeName": "familyName", + "nativeType": "string", + "type": "string" + }, + "fullName": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "fullName", + "nativeType": "string", + "type": "string" + }, + "givenName": { + "nativeName": "givenName", + "nativeType": "string", + "required": true, + "type": "string" + }, + "hashFunction": { + "flags": [ + "NOT_RETURNED_BY_DEFAULT" + ], + "nativeName": "hashFunction", + "nativeType": "string", + "type": "string" + }, + "ims": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "ims", + "nativeType": "object", + "type": "array" + }, + "includeInGlobalAddressList": { + "nativeName": "includeInGlobalAddressList", + "nativeType": "boolean", + "type": "boolean" + }, + "ipWhitelisted": { + "nativeName": "ipWhitelisted", + "nativeType": "boolean", + "type": "boolean" + }, + "isAdmin": { + "nativeName": "isAdmin", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean" + }, + "isDelegatedAdmin": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "isDelegatedAdmin", + "nativeType": "JAVA_TYPE_PRIMITIVE_BOOLEAN", + "type": "boolean" + }, + "isEnforcedIn2Sv": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "isEnforcedIn2Sv", + "nativeType": "boolean", + "type": "boolean" + }, + "isEnrolledIn2Sv": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "isEnrolledIn2Sv", + "nativeType": "boolean", + "type": "boolean" + }, + "isMailboxSetup": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "isMailboxSetup", + "nativeType": "boolean", + "type": "boolean" + }, + "languages": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "languages", + "nativeType": "object", + "type": "array" + }, + "lastLoginTime": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "lastLoginTime", + "nativeType": "string", + "type": "array" + }, + "nonEditableAliases": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "items": { + "nativeType": "string", + "type": "string" + }, + "nativeName": "nonEditableAliases", + "nativeType": "string", + "type": "array" + }, + "orgUnitPath": { + "nativeName": "orgUnitPath", + "nativeType": "string", + "type": "string" + }, + "organizations": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "organizations", + "nativeType": "object", + "type": "array" + }, + "phones": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "phones", + "nativeType": "object", + "type": "array" + }, + "primaryEmail": { + "nativeName": "primaryEmail", + "nativeType": "string", + "type": "string" + }, + "recoveryEmail": { + "nativeName": "recoveryEmail", + "nativeType": "string", + "type": "string" + }, + "recoveryPhone": { + "nativeName": "recoveryPhone", + "nativeType": "string", + "type": "string" + }, + "relations": { + "items": { + "nativeType": "object", + "type": "object" + }, + "nativeName": "relations", + "nativeType": "object", + "type": "array" + }, + "suspended": { + "nativeName": "suspended", + "nativeType": "boolean", + "type": "boolean" + }, + "suspensionReason": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "suspensionReason", + "nativeType": "string", + "type": "string" + }, + "thumbnailPhotoUrl": { + "flags": [ + "NOT_CREATABLE", + "NOT_UPDATEABLE" + ], + "nativeName": "thumbnailPhotoUrl", + "nativeType": "string", + "type": "string" + } + }, + "type": "object" + } + }, + "operationTimeout": { + "AUTHENTICATE": -1, + "CREATE": -1, + "DELETE": -1, + "GET": -1, + "RESOLVEUSERNAME": -1, + "SCHEMA": -1, + "SCRIPT_ON_CONNECTOR": -1, + "SCRIPT_ON_RESOURCE": -1, + "SEARCH": -1, + "SYNC": -1, + "TEST": -1, + "UPDATE": -1, + "VALIDATE": -1 + }, + "poolConfigOption": { + "maxIdle": 10, + "maxObjects": 10, + "maxWait": 150000, + "minEvictableIdleTimeMillis": 120000, + "minIdle": 1 + }, + "resultsHandlerConfig": { + "enableAttributesToGetSearchResultsHandler": true, + "enableCaseInsensitiveFilter": false, + "enableFilteredResultsHandler": false, + "enableNormalizingResultsHandler": false + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/repo.ds.idm.json b/test/e2e/exports/full-export-separate/global/idm/repo.ds.idm.json new file mode 100644 index 000000000..6a23947a1 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/repo.ds.idm.json @@ -0,0 +1,2129 @@ +{ + "idm": { + "repo.ds": { + "_id": "repo.ds", + "commands": { + "delete-mapping-links": { + "_queryFilter": "/linkType eq \"${mapping}\"", + "operation": "DELETE" + }, + "delete-target-ids-for-recon": { + "_queryFilter": "/reconId eq \"${reconId}\"", + "operation": "DELETE" + } + }, + "embedded": false, + "ldapConnectionFactories": { + "bind": { + "availabilityCheckIntervalSeconds": 30, + "availabilityCheckTimeoutMilliSeconds": 10000, + "connectionPoolSize": 50, + "connectionSecurity": "none", + "heartBeatIntervalSeconds": 60, + "heartBeatTimeoutMilliSeconds": 10000, + "primaryLdapServers": [ + { + "hostname": "userstore-0.userstore", + "port": 1389 + } + ], + "secondaryLdapServers": [ + { + "hostname": "userstore-2.userstore", + "port": 1389 + } + ] + }, + "root": { + "authentication": { + "simple": { + "bindDn": "uid=admin", + "bindPassword": "&{userstore.password}" + } + }, + "inheritFrom": "bind" + } + }, + "maxConnectionAttempts": 5, + "queries": { + "explicit": { + "credential-internaluser-query": { + "_queryFilter": "/_id eq \"${username}\"" + }, + "credential-query": { + "_queryFilter": "/userName eq \"${username}\"" + }, + "for-userName": { + "_queryFilter": "/userName eq \"${uid}\"" + }, + "links-for-firstId": { + "_queryFilter": "/linkType eq \"${linkType}\" AND /firstId = \"${firstId}\"" + }, + "links-for-linkType": { + "_queryFilter": "/linkType eq \"${linkType}\"" + }, + "query-all": { + "_queryFilter": "true" + }, + "query-all-ids": { + "_fields": "_id,_rev", + "_queryFilter": "true" + } + }, + "generic": { + "credential-internaluser-query": { + "_queryFilter": "/_id eq \"${username}\"" + }, + "credential-query": { + "_queryFilter": "/userName eq \"${username}\"" + }, + "find-relationship-edges": { + "_queryFilter": "((/firstResourceCollection eq \"${firstResourceCollection}\" and /firstResourceId eq \"${firstResourceId}\" and /firstPropertyName eq \"${firstPropertyName}\") and (/secondResourceCollection eq \"${secondResourceCollection}\" and /secondResourceId eq \"${secondResourceId}\" and /secondPropertyName eq \"${secondPropertyName}\")) or ((/firstResourceCollection eq \"${secondResourceCollection}\" and /firstResourceId eq \"${secondResourceId}\" and /firstPropertyName eq \"${secondPropertyName}\") and (/secondResourceCollection eq \"${firstResourceCollection}\" and /secondResourceId eq \"${firstResourceId}\" and /secondPropertyName eq \"${firstPropertyName}\"))" + }, + "find-relationships-for-resource": { + "_queryFilter": "(/firstResourceCollection eq \"${resourceCollection}\" and /firstResourceId eq \"${resourceId}\" and /firstPropertyName eq \"${propertyName}\") or (/secondResourceCollection eq \"${resourceCollection}\" and /secondResourceId eq \"${resourceId}\" and /secondPropertyName eq \"${propertyName}\")" + }, + "for-userName": { + "_queryFilter": "/userName eq \"${uid}\"" + }, + "get-by-field-value": { + "_queryFilter": "/${field} eq \"${value}\"" + }, + "get-notifications-for-user": { + "_queryFilter": "/receiverId eq \"${userId}\"", + "_sortKeys": "-createDate" + }, + "get-recons": { + "_fields": "reconId,mapping,activitydate", + "_queryFilter": "/entryType eq \"summary\"", + "_sortKeys": "-activitydate" + }, + "links-for-firstId": { + "_queryFilter": "/linkType eq \"${linkType}\" AND /firstId = \"${firstId}\"" + }, + "links-for-linkType": { + "_queryFilter": "/linkType eq \"${linkType}\"" + }, + "query-all": { + "_queryFilter": "true" + }, + "query-all-ids": { + "_fields": "_id,_rev", + "_queryFilter": "true" + }, + "query-cluster-events": { + "_queryFilter": "/instanceId eq \"${instanceId}\"" + }, + "query-cluster-failed-instances": { + "_queryFilter": "/timestamp le ${timestamp} and (/state eq \"1\" or /state eq \"2\")" + }, + "query-cluster-instances": { + "_queryFilter": "true" + }, + "query-cluster-running-instances": { + "_queryFilter": "/state eq 1" + } + } + }, + "resourceMapping": { + "defaultMapping": { + "dnTemplate": "ou=generic,dc=openidm,dc=example,dc=com" + }, + "explicitMapping": { + "clusteredrecontargetids": { + "dnTemplate": "ou=clusteredrecontargetids,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-recon-clusteredTargetIds" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly" + }, + "reconId": { + "ldapAttribute": "fr-idm-recon-id", + "type": "simple" + }, + "targetIds": { + "ldapAttribute": "fr-idm-recon-targetIds", + "type": "json" + } + } + }, + "dsconfig/attributeValue": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-attribute-value-password-validator" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly" + }, + "checkSubstrings": { + "ldapAttribute": "ds-cfg-check-substrings", + "type": "simple" + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple" + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple" + }, + "matchAttribute": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-match-attribute", + "type": "simple" + }, + "minSubstringLength": { + "ldapAttribute": "ds-cfg-min-substring-length", + "type": "simple" + }, + "testReversedPassword": { + "isRequired": true, + "ldapAttribute": "ds-cfg-test-reversed-password", + "type": "simple" + } + } + }, + "dsconfig/characterSet": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-character-set-password-validator" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly" + }, + "allowUnclassifiedCharacters": { + "isRequired": true, + "ldapAttribute": "ds-cfg-allow-unclassified-characters", + "type": "simple" + }, + "characterSet": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-character-set", + "type": "simple" + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple" + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple" + }, + "minCharacterSets": { + "ldapAttribute": "ds-cfg-min-character-sets", + "type": "simple" + } + } + }, + "dsconfig/dictionary": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-dictionary-password-validator" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly" + }, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple" + }, + "checkSubstrings": { + "ldapAttribute": "ds-cfg-check-substrings", + "type": "simple" + }, + "dictionaryFile": { + "isRequired": true, + "ldapAttribute": "ds-cfg-dictionary-file", + "type": "simple" + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple" + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple" + }, + "minSubstringLength": { + "ldapAttribute": "ds-cfg-min-substring-length", + "type": "simple" + }, + "testReversedPassword": { + "isRequired": true, + "ldapAttribute": "ds-cfg-test-reversed-password", + "type": "simple" + } + } + }, + "dsconfig/lengthBased": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-length-based-password-validator" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly" + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple" + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple" + }, + "maxPasswordLength": { + "ldapAttribute": "ds-cfg-max-password-length", + "type": "simple" + }, + "minPasswordLength": { + "ldapAttribute": "ds-cfg-min-password-length", + "type": "simple" + } + } + }, + "dsconfig/passwordPolicies": { + "dnTemplate": "cn=Password Policies,cn=config", + "objectClasses": [ + "ds-cfg-password-policy", + "ds-cfg-authentication-policy" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly" + }, + "allowPreEncodedPasswords": { + "ldapAttribute": "ds-cfg-allow-pre-encoded-passwords", + "type": "simple" + }, + "defaultPasswordStorageScheme": { + "isMultiValued": true, + "isRequired": true, + "ldapAttribute": "ds-cfg-default-password-storage-scheme", + "type": "simple" + }, + "deprecatedPasswordStorageScheme": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-deprecated-password-storage-scheme", + "type": "simple" + }, + "maxPasswordAge": { + "ldapAttribute": "ds-cfg-max-password-age", + "type": "simple" + }, + "passwordAttribute": { + "isRequired": true, + "ldapAttribute": "ds-cfg-password-attribute", + "type": "simple" + }, + "passwordHistoryCount": { + "ldapAttribute": "ds-cfg-password-history-count", + "type": "simple" + }, + "validator": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-password-validator", + "type": "simple" + } + } + }, + "dsconfig/repeatedCharacters": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-repeated-characters-password-validator" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly" + }, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple" + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple" + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple" + }, + "maxConsecutiveLength": { + "isRequired": true, + "ldapAttribute": "ds-cfg-max-consecutive-length", + "type": "simple" + } + } + }, + "dsconfig/similarityBased": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-similarity-based-password-validator" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly" + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple" + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple" + }, + "minPasswordDifference": { + "isRequired": true, + "ldapAttribute": "ds-cfg-min-password-difference", + "type": "simple" + } + } + }, + "dsconfig/uniqueCharacters": { + "dnTemplate": "cn=Password Validators,cn=config", + "objectClasses": [ + "ds-cfg-password-validator", + "ds-cfg-unique-characters-password-validator" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly" + }, + "caseSensitiveValidation": { + "isRequired": true, + "ldapAttribute": "ds-cfg-case-sensitive-validation", + "type": "simple" + }, + "enabled": { + "ldapAttribute": "ds-cfg-enabled", + "type": "simple" + }, + "javaClass": { + "ldapAttribute": "ds-cfg-java-class", + "type": "simple" + }, + "minUniqueCharacters": { + "isRequired": true, + "ldapAttribute": "ds-cfg-min-unique-characters", + "type": "simple" + } + } + }, + "dsconfig/userDefinedVirtualAttribute": { + "dnTemplate": "cn=Virtual Attributes,cn=config", + "objectClasses": [ + "ds-cfg-user-defined-virtual-attribute", + "ds-cfg-virtual-attribute" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly" + }, + "attributeType": { + "isRequired": true, + "ldapAttribute": "ds-cfg-attribute-type", + "type": "simple" + }, + "baseDn": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-base-dn", + "type": "simple" + }, + "conflictBehavior": { + "ldapAttribute": "ds-cfg-conflict-behavior", + "type": "simple" + }, + "enabled": { + "isRequired": true, + "ldapAttribute": "ds-cfg-enabled", + "type": "simple" + }, + "filter": { + "isMultiValued": true, + "ldapAttribute": "ds-cfg-filter", + "type": "simple" + }, + "groupDn": { + "ldapAttribute": "ds-cfg-group-dn", + "type": "simple" + }, + "javaClass": { + "isRequired": true, + "ldapAttribute": "ds-cfg-java-class", + "type": "simple" + }, + "scope": { + "ldapAttribute": "ds-cfg-scope", + "type": "simple" + }, + "value": { + "isMultiValued": true, + "isRequired": true, + "ldapAttribute": "ds-cfg-value", + "type": "simple" + } + } + }, + "identities/admin": { + "dnTemplate": "o=root,ou=identities", + "isReadOnly": true, + "namingStrategy": { + "dnAttribute": "ou", + "type": "clientDnNaming" + }, + "objectClasses": [ + "organizationalunit" + ], + "properties": { + "_id": { + "ldapAttribute": "ou", + "primaryKey": true, + "type": "simple" + }, + "count": { + "isRequired": true, + "ldapAttribute": "numSubordinates", + "type": "simple", + "writability": "readOnly" + } + } + }, + "identities/alpha": { + "dnTemplate": "o=alpha,o=root,ou=identities", + "isReadOnly": true, + "namingStrategy": { + "dnAttribute": "ou", + "type": "clientDnNaming" + }, + "objectClasses": [ + "organizationalunit" + ], + "properties": { + "_id": { + "ldapAttribute": "ou", + "primaryKey": true, + "type": "simple" + }, + "count": { + "isRequired": true, + "ldapAttribute": "numSubordinates", + "type": "simple", + "writability": "readOnly" + } + } + }, + "identities/bravo": { + "dnTemplate": "o=bravo,o=root,ou=identities", + "isReadOnly": true, + "namingStrategy": { + "dnAttribute": "ou", + "type": "clientDnNaming" + }, + "objectClasses": [ + "organizationalunit" + ], + "properties": { + "_id": { + "ldapAttribute": "ou", + "primaryKey": true, + "type": "simple" + }, + "count": { + "isRequired": true, + "ldapAttribute": "numSubordinates", + "type": "simple", + "writability": "readOnly" + } + } + }, + "internal/role": { + "dnTemplate": "ou=roles,ou=internal,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "fr-idm-internal-role" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "cn", + "type": "simple", + "writability": "createOnly" + }, + "authzMembers": { + "isMultiValued": true, + "propertyName": "authzRoles", + "resourcePath": "managed/alpha_user", + "type": "reverseReference" + }, + "condition": { + "ldapAttribute": "fr-idm-condition", + "type": "simple" + }, + "description": { + "ldapAttribute": "description", + "type": "simple" + }, + "name": { + "ldapAttribute": "fr-idm-name", + "type": "simple" + }, + "privileges": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-privilege", + "type": "json" + }, + "temporalConstraints": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-temporal-constraints", + "type": "json" + } + } + }, + "internal/user": { + "dnTemplate": "ou=users,ou=internal,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-internal-user" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly" + }, + "password": { + "ldapAttribute": "fr-idm-password", + "type": "json" + } + } + }, + "link": { + "dnTemplate": "ou=links,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-link" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly" + }, + "firstId": { + "ldapAttribute": "fr-idm-link-firstId", + "type": "simple" + }, + "linkQualifier": { + "ldapAttribute": "fr-idm-link-qualifier", + "type": "simple" + }, + "linkType": { + "ldapAttribute": "fr-idm-link-type", + "type": "simple" + }, + "secondId": { + "ldapAttribute": "fr-idm-link-secondId", + "type": "simple" + } + } + }, + "locks": { + "dnTemplate": "ou=locks,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-lock" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly" + }, + "nodeId": { + "ldapAttribute": "fr-idm-lock-nodeid", + "type": "simple" + } + } + }, + "managed/teammember": { + "dnTemplate": "ou=people,o=root,ou=identities", + "namingStrategy": { + "dnAttribute": "fr-idm-uuid", + "type": "clientDnNaming" + }, + "nativeId": false, + "objectClasses": [ + "person", + "organizationalPerson", + "inetOrgPerson", + "fraas-admin", + "iplanet-am-user-service", + "deviceProfilesContainer", + "devicePrintProfilesContainer", + "kbaInfoContainer", + "fr-idm-managed-user-explicit", + "forgerock-am-dashboard-service", + "inetuser", + "iplanet-am-auth-configuration-service", + "iplanet-am-managed-person", + "iPlanetPreferences", + "oathDeviceProfilesContainer", + "pushDeviceProfilesContainer", + "sunAMAuthAccountLockout", + "sunFMSAML2NameIdentifier", + "webauthnDeviceProfilesContainer", + "fr-idm-hybrid-obj" + ], + "properties": { + "_id": { + "ldapAttribute": "fr-idm-uuid", + "primaryKey": true, + "type": "simple" + }, + "_meta": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-meta", + "primaryKey": "uid", + "resourcePath": "managed/teammembermeta", + "type": "reference" + }, + "accountStatus": { + "ldapAttribute": "inetUserStatus", + "type": "simple" + }, + "cn": { + "ldapAttribute": "cn", + "type": "simple" + }, + "givenName": { + "ldapAttribute": "givenName", + "type": "simple" + }, + "inviteDate": { + "ldapAttribute": "fr-idm-inviteDate", + "type": "simple" + }, + "jurisdiction": { + "ldapAttribute": "fr-idm-jurisdiction", + "type": "simple" + }, + "mail": { + "ldapAttribute": "mail", + "type": "simple" + }, + "onboardDate": { + "ldapAttribute": "fr-idm-onboardDate", + "type": "simple" + }, + "password": { + "ldapAttribute": "userPassword", + "type": "simple" + }, + "sn": { + "ldapAttribute": "sn", + "type": "simple" + }, + "userName": { + "ldapAttribute": "uid", + "type": "simple" + } + } + }, + "managed/teammembergroup": { + "dnTemplate": "ou=groups,o=root,ou=identities", + "objectClasses": [ + "groupofuniquenames" + ], + "properties": { + "_id": { + "ldapAttribute": "cn", + "primaryKey": true, + "type": "simple" + }, + "members": { + "isMultiValued": true, + "ldapAttribute": "uniqueMember", + "type": "simple" + } + } + }, + "recon/assoc": { + "dnTemplate": "ou=assoc,ou=recon,dc=openidm,dc=example,dc=com", + "namingStrategy": { + "dnAttribute": "fr-idm-reconassoc-reconid", + "type": "clientDnNaming" + }, + "objectClasses": [ + "fr-idm-reconassoc" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "fr-idm-reconassoc-reconid", + "type": "simple" + }, + "finishTime": { + "ldapAttribute": "fr-idm-reconassoc-finishtime", + "type": "simple" + }, + "isAnalysis": { + "ldapAttribute": "fr-idm-reconassoc-isanalysis", + "type": "simple" + }, + "mapping": { + "ldapAttribute": "fr-idm-reconassoc-mapping", + "type": "simple" + }, + "sourceResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-sourceresourcecollection", + "type": "simple" + }, + "targetResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-targetresourcecollection", + "type": "simple" + } + }, + "subResources": { + "entry": { + "namingStrategy": { + "dnAttribute": "uid", + "type": "clientDnNaming" + }, + "resource": "recon-assoc-entry", + "type": "collection" + } + } + }, + "recon/assoc/entry": { + "objectClasses": [ + "uidObject", + "fr-idm-reconassocentry" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple" + }, + "action": { + "ldapAttribute": "fr-idm-reconassocentry-action", + "type": "simple" + }, + "ambiguousTargetObjectIds": { + "ldapAttribute": "fr-idm-reconassocentry-ambiguoustargetobjectids", + "type": "simple" + }, + "exception": { + "ldapAttribute": "fr-idm-reconassocentry-exception", + "type": "simple" + }, + "isAnalysis": { + "ldapAttribute": "fr-idm-reconassoc-isanalysis", + "type": "simple" + }, + "linkQualifier": { + "ldapAttribute": "fr-idm-reconassocentry-linkqualifier", + "type": "simple" + }, + "mapping": { + "ldapAttribute": "fr-idm-reconassoc-mapping", + "type": "simple" + }, + "message": { + "ldapAttribute": "fr-idm-reconassocentry-message", + "type": "simple" + }, + "messageDetail": { + "ldapAttribute": "fr-idm-reconassocentry-messagedetail", + "type": "simple" + }, + "phase": { + "ldapAttribute": "fr-idm-reconassocentry-phase", + "type": "simple" + }, + "reconId": { + "ldapAttribute": "fr-idm-reconassocentry-reconid", + "type": "simple" + }, + "situation": { + "ldapAttribute": "fr-idm-reconassocentry-situation", + "type": "simple" + }, + "sourceObjectId": { + "ldapAttribute": "fr-idm-reconassocentry-sourceObjectId", + "type": "simple" + }, + "sourceResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-sourceresourcecollection", + "type": "simple" + }, + "status": { + "ldapAttribute": "fr-idm-reconassocentry-status", + "type": "simple" + }, + "targetObjectId": { + "ldapAttribute": "fr-idm-reconassocentry-targetObjectId", + "type": "simple" + }, + "targetResourceCollection": { + "ldapAttribute": "fr-idm-reconassoc-targetresourcecollection", + "type": "simple" + } + }, + "resourceName": "recon-assoc-entry", + "subResourceRouting": [ + { + "prefix": "entry", + "template": "recon/assoc/{reconId}/entry" + } + ] + }, + "sync/queue": { + "dnTemplate": "ou=queue,ou=sync,dc=openidm,dc=example,dc=com", + "objectClasses": [ + "uidObject", + "fr-idm-syncqueue" + ], + "properties": { + "_id": { + "isRequired": true, + "ldapAttribute": "uid", + "type": "simple", + "writability": "createOnly" + }, + "context": { + "ldapAttribute": "fr-idm-syncqueue-context", + "type": "json" + }, + "createDate": { + "ldapAttribute": "fr-idm-syncqueue-createdate", + "type": "simple" + }, + "mapping": { + "ldapAttribute": "fr-idm-syncqueue-mapping", + "type": "simple" + }, + "newObject": { + "ldapAttribute": "fr-idm-syncqueue-newobject", + "type": "json" + }, + "nodeId": { + "ldapAttribute": "fr-idm-syncqueue-nodeid", + "type": "simple" + }, + "objectRev": { + "ldapAttribute": "fr-idm-syncqueue-objectRev", + "type": "simple" + }, + "oldObject": { + "ldapAttribute": "fr-idm-syncqueue-oldobject", + "type": "json" + }, + "remainingRetries": { + "ldapAttribute": "fr-idm-syncqueue-remainingretries", + "type": "simple" + }, + "resourceCollection": { + "ldapAttribute": "fr-idm-syncqueue-resourcecollection", + "type": "simple" + }, + "resourceId": { + "ldapAttribute": "fr-idm-syncqueue-resourceid", + "type": "simple" + }, + "state": { + "ldapAttribute": "fr-idm-syncqueue-state", + "type": "simple" + }, + "syncAction": { + "ldapAttribute": "fr-idm-syncqueue-syncaction", + "type": "simple" + } + } + } + }, + "genericMapping": { + "cluster/*": { + "dnTemplate": "ou=cluster,dc=openidm,dc=example,dc=com", + "jsonAttribute": "fr-idm-cluster-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchClusterObject", + "objectClasses": [ + "uidObject", + "fr-idm-cluster-obj" + ] + }, + "config": { + "dnTemplate": "ou=config,dc=openidm,dc=example,dc=com" + }, + "file": { + "dnTemplate": "ou=file,dc=openidm,dc=example,dc=com" + }, + "internal/notification": { + "dnTemplate": "ou=notification,ou=internal,dc=openidm,dc=example,dc=com", + "jsonAttribute": "fr-idm-notification-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-notification" + ], + "properties": { + "target": { + "propertyName": "_notifications", + "resourcePath": "managed/alpha_user", + "type": "reverseReference" + } + } + }, + "internal/usermeta": { + "dnTemplate": "ou=usermeta,ou=internal,dc=openidm,dc=example,dc=com", + "jsonAttribute": "fr-idm-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-generic-obj" + ], + "properties": { + "target": { + "propertyName": "_meta", + "resourcePath": "managed/alpha_user", + "type": "reverseReference" + } + } + }, + "jsonstorage": { + "dnTemplate": "ou=jsonstorage,dc=openidm,dc=example,dc=com" + }, + "managed/*": { + "dnTemplate": "ou=managed,dc=openidm,dc=example,dc=com" + }, + "managed/alpha_group": { + "dnTemplate": "ou=groups,o=alpha,o=root,ou=identities", + "idGenerator": { + "propertyName": "name", + "type": "property" + }, + "jsonAttribute": "fr-idm-managed-group-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "namingStrategy": { + "dnAttribute": "cn", + "type": "clientDnNaming" + }, + "nativeId": false, + "objectClasses": [ + "top", + "groupOfURLs", + "fr-idm-managed-group" + ], + "properties": { + "_id": { + "ldapAttribute": "cn", + "primaryKey": true, + "type": "simple", + "writability": "createOnly" + }, + "condition": { + "ldapAttribute": "fr-idm-managed-group-condition", + "type": "simple" + }, + "description": { + "ldapAttribute": "description", + "type": "simple" + }, + "members": { + "isMultiValued": true, + "propertyName": "groups", + "resourcePath": "managed/alpha_user", + "type": "reverseReference" + } + } + }, + "managed/alpha_organization": { + "dnTemplate": "ou=organization,o=alpha,o=root,ou=identities", + "jsonAttribute": "fr-idm-managed-organization-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-managed-organization", + "fr-ext-attrs" + ], + "properties": { + "_id": { + "ldapAttribute": "uid", + "type": "simple" + }, + "admins": { + "isMultiValued": true, + "propertyName": "adminOfOrg", + "resourcePath": "managed/alpha_user", + "type": "reverseReference" + }, + "children": { + "isMultiValued": true, + "propertyName": "parent", + "resourcePath": "managed/alpha_organization", + "type": "reverseReference" + }, + "members": { + "isMultiValued": true, + "propertyName": "memberOfOrg", + "resourcePath": "managed/alpha_user", + "type": "reverseReference" + }, + "name": { + "ldapAttribute": "fr-idm-managed-organization-name", + "type": "simple" + }, + "owners": { + "isMultiValued": true, + "propertyName": "ownerOfOrg", + "resourcePath": "managed/alpha_user", + "type": "reverseReference" + }, + "parent": { + "ldapAttribute": "fr-idm-managed-organization-parent", + "primaryKey": "uid", + "resourcePath": "managed/alpha_organization", + "type": "reference" + } + } + }, + "managed/alpha_role": { + "dnTemplate": "ou=role,o=alpha,o=root,ou=identities", + "jsonAttribute": "fr-idm-managed-role-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedRole", + "objectClasses": [ + "uidObject", + "fr-idm-managed-role" + ], + "properties": { + "members": { + "isMultiValued": true, + "propertyName": "roles", + "resourcePath": "managed/alpha_user", + "type": "reverseReference" + } + } + }, + "managed/alpha_user": { + "dnTemplate": "ou=user,o=alpha,o=root,ou=identities", + "jsonAttribute": "fr-idm-custom-attrs", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "namingStrategy": { + "dnAttribute": "fr-idm-uuid", + "type": "clientDnNaming" + }, + "nativeId": false, + "objectClasses": [ + "person", + "organizationalPerson", + "inetOrgPerson", + "iplanet-am-user-service", + "devicePrintProfilesContainer", + "deviceProfilesContainer", + "kbaInfoContainer", + "fr-idm-managed-user-explicit", + "forgerock-am-dashboard-service", + "inetuser", + "iplanet-am-auth-configuration-service", + "iplanet-am-managed-person", + "iPlanetPreferences", + "oathDeviceProfilesContainer", + "pushDeviceProfilesContainer", + "sunAMAuthAccountLockout", + "sunFMSAML2NameIdentifier", + "webauthnDeviceProfilesContainer", + "fr-idm-hybrid-obj", + "fr-ext-attrs" + ], + "properties": { + "_id": { + "ldapAttribute": "fr-idm-uuid", + "primaryKey": true, + "type": "simple" + }, + "_meta": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-meta", + "primaryKey": "uid", + "resourcePath": "managed/alpha_usermeta", + "type": "reference" + }, + "_notifications": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-notifications", + "primaryKey": "uid", + "resourcePath": "internal/notification", + "type": "reference" + }, + "accountStatus": { + "ldapAttribute": "inetUserStatus", + "type": "simple" + }, + "adminOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-admin", + "primaryKey": "uid", + "resourcePath": "managed/alpha_organization", + "type": "reference" + }, + "aliasList": { + "isMultiValued": true, + "ldapAttribute": "iplanet-am-user-alias-list", + "type": "simple" + }, + "assignedDashboard": { + "isMultiValued": true, + "ldapAttribute": "assignedDashboard", + "type": "simple" + }, + "authzRoles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-authzroles-internal-role", + "primaryKey": "cn", + "resourcePath": "internal/role", + "type": "reference" + }, + "city": { + "ldapAttribute": "l", + "type": "simple" + }, + "cn": { + "ldapAttribute": "cn", + "type": "simple" + }, + "consentedMappings": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-consentedMapping", + "type": "json" + }, + "country": { + "ldapAttribute": "co", + "type": "simple" + }, + "description": { + "ldapAttribute": "description", + "type": "simple" + }, + "displayName": { + "ldapAttribute": "displayName", + "type": "simple" + }, + "effectiveAssignments": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveAssignment", + "type": "json" + }, + "effectiveGroups": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveGroup", + "type": "json" + }, + "effectiveRoles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveRole", + "type": "json" + }, + "frIndexedDate1": { + "ldapAttribute": "fr-attr-idate1", + "type": "simple" + }, + "frIndexedDate2": { + "ldapAttribute": "fr-attr-idate2", + "type": "simple" + }, + "frIndexedDate3": { + "ldapAttribute": "fr-attr-idate3", + "type": "simple" + }, + "frIndexedDate4": { + "ldapAttribute": "fr-attr-idate4", + "type": "simple" + }, + "frIndexedDate5": { + "ldapAttribute": "fr-attr-idate5", + "type": "simple" + }, + "frIndexedInteger1": { + "ldapAttribute": "fr-attr-iint1", + "type": "simple" + }, + "frIndexedInteger2": { + "ldapAttribute": "fr-attr-iint2", + "type": "simple" + }, + "frIndexedInteger3": { + "ldapAttribute": "fr-attr-iint3", + "type": "simple" + }, + "frIndexedInteger4": { + "ldapAttribute": "fr-attr-iint4", + "type": "simple" + }, + "frIndexedInteger5": { + "ldapAttribute": "fr-attr-iint5", + "type": "simple" + }, + "frIndexedMultivalued1": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti1", + "type": "simple" + }, + "frIndexedMultivalued2": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti2", + "type": "simple" + }, + "frIndexedMultivalued3": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti3", + "type": "simple" + }, + "frIndexedMultivalued4": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti4", + "type": "simple" + }, + "frIndexedMultivalued5": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti5", + "type": "simple" + }, + "frIndexedString1": { + "ldapAttribute": "fr-attr-istr1", + "type": "simple" + }, + "frIndexedString2": { + "ldapAttribute": "fr-attr-istr2", + "type": "simple" + }, + "frIndexedString3": { + "ldapAttribute": "fr-attr-istr3", + "type": "simple" + }, + "frIndexedString4": { + "ldapAttribute": "fr-attr-istr4", + "type": "simple" + }, + "frIndexedString5": { + "ldapAttribute": "fr-attr-istr5", + "type": "simple" + }, + "frUnindexedDate1": { + "ldapAttribute": "fr-attr-date1", + "type": "simple" + }, + "frUnindexedDate2": { + "ldapAttribute": "fr-attr-date2", + "type": "simple" + }, + "frUnindexedDate3": { + "ldapAttribute": "fr-attr-date3", + "type": "simple" + }, + "frUnindexedDate4": { + "ldapAttribute": "fr-attr-date4", + "type": "simple" + }, + "frUnindexedDate5": { + "ldapAttribute": "fr-attr-date5", + "type": "simple" + }, + "frUnindexedInteger1": { + "ldapAttribute": "fr-attr-int1", + "type": "simple" + }, + "frUnindexedInteger2": { + "ldapAttribute": "fr-attr-int2", + "type": "simple" + }, + "frUnindexedInteger3": { + "ldapAttribute": "fr-attr-int3", + "type": "simple" + }, + "frUnindexedInteger4": { + "ldapAttribute": "fr-attr-int4", + "type": "simple" + }, + "frUnindexedInteger5": { + "ldapAttribute": "fr-attr-int5", + "type": "simple" + }, + "frUnindexedMultivalued1": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi1", + "type": "simple" + }, + "frUnindexedMultivalued2": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi2", + "type": "simple" + }, + "frUnindexedMultivalued3": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi3", + "type": "simple" + }, + "frUnindexedMultivalued4": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi4", + "type": "simple" + }, + "frUnindexedMultivalued5": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi5", + "type": "simple" + }, + "frUnindexedString1": { + "ldapAttribute": "fr-attr-str1", + "type": "simple" + }, + "frUnindexedString2": { + "ldapAttribute": "fr-attr-str2", + "type": "simple" + }, + "frUnindexedString3": { + "ldapAttribute": "fr-attr-str3", + "type": "simple" + }, + "frUnindexedString4": { + "ldapAttribute": "fr-attr-str4", + "type": "simple" + }, + "frUnindexedString5": { + "ldapAttribute": "fr-attr-str5", + "type": "simple" + }, + "givenName": { + "ldapAttribute": "givenName", + "type": "simple" + }, + "groups": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-groups", + "primaryKey": "cn", + "resourcePath": "managed/alpha_group", + "type": "reference" + }, + "kbaInfo": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-kbaInfo", + "type": "json" + }, + "lastSync": { + "ldapAttribute": "fr-idm-lastSync", + "type": "json" + }, + "mail": { + "ldapAttribute": "mail", + "type": "simple" + }, + "manager": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-manager", + "primaryKey": "uid", + "resourcePath": "managed/alpha_user", + "type": "reference" + }, + "memberOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-member", + "primaryKey": "uid", + "resourcePath": "managed/alpha_organization", + "type": "reference" + }, + "memberOfOrgIDs": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-memberoforgid", + "type": "simple" + }, + "ownerOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-owner", + "primaryKey": "uid", + "resourcePath": "managed/alpha_organization", + "type": "reference" + }, + "password": { + "ldapAttribute": "userPassword", + "type": "simple" + }, + "postalAddress": { + "ldapAttribute": "street", + "type": "simple" + }, + "postalCode": { + "ldapAttribute": "postalCode", + "type": "simple" + }, + "preferences": { + "ldapAttribute": "fr-idm-preferences", + "type": "json" + }, + "profileImage": { + "ldapAttribute": "labeledURI", + "type": "simple" + }, + "reports": { + "isMultiValued": true, + "propertyName": "manager", + "resourcePath": "managed/alpha_user", + "type": "reverseReference" + }, + "roles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-roles", + "primaryKey": "uid", + "resourcePath": "managed/alpha_role", + "type": "reference" + }, + "sn": { + "ldapAttribute": "sn", + "type": "simple" + }, + "stateProvince": { + "ldapAttribute": "st", + "type": "simple" + }, + "telephoneNumber": { + "ldapAttribute": "telephoneNumber", + "type": "simple" + }, + "userName": { + "ldapAttribute": "uid", + "type": "simple" + } + } + }, + "managed/alpha_usermeta": { + "dnTemplate": "ou=usermeta,o=alpha,o=root,ou=identities", + "jsonAttribute": "fr-idm-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-generic-obj" + ], + "properties": { + "target": { + "propertyName": "_meta", + "resourcePath": "managed/alpha_user", + "type": "reverseReference" + } + } + }, + "managed/bravo_group": { + "dnTemplate": "ou=groups,o=bravo,o=root,ou=identities", + "idGenerator": { + "propertyName": "name", + "type": "property" + }, + "jsonAttribute": "fr-idm-managed-group-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "namingStrategy": { + "dnAttribute": "cn", + "type": "clientDnNaming" + }, + "nativeId": false, + "objectClasses": [ + "top", + "groupOfURLs", + "fr-idm-managed-group" + ], + "properties": { + "_id": { + "ldapAttribute": "cn", + "primaryKey": true, + "type": "simple", + "writability": "createOnly" + }, + "condition": { + "ldapAttribute": "fr-idm-managed-group-condition", + "type": "simple" + }, + "description": { + "ldapAttribute": "description", + "type": "simple" + }, + "members": { + "isMultiValued": true, + "propertyName": "groups", + "resourcePath": "managed/bravo_user", + "type": "reverseReference" + } + } + }, + "managed/bravo_organization": { + "dnTemplate": "ou=organization,o=bravo,o=root,ou=identities", + "jsonAttribute": "fr-idm-managed-organization-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-managed-organization", + "fr-ext-attrs" + ], + "properties": { + "_id": { + "ldapAttribute": "uid", + "type": "simple" + }, + "admins": { + "isMultiValued": true, + "propertyName": "adminOfOrg", + "resourcePath": "managed/bravo_user", + "type": "reverseReference" + }, + "children": { + "isMultiValued": true, + "propertyName": "parent", + "resourcePath": "managed/bravo_organization", + "type": "reverseReference" + }, + "members": { + "isMultiValued": true, + "propertyName": "memberOfOrg", + "resourcePath": "managed/bravo_user", + "type": "reverseReference" + }, + "name": { + "ldapAttribute": "fr-idm-managed-organization-name", + "type": "simple" + }, + "owners": { + "isMultiValued": true, + "propertyName": "ownerOfOrg", + "resourcePath": "managed/bravo_user", + "type": "reverseReference" + }, + "parent": { + "ldapAttribute": "fr-idm-managed-organization-parent", + "primaryKey": "uid", + "resourcePath": "managed/bravo_organization", + "type": "reference" + } + } + }, + "managed/bravo_role": { + "dnTemplate": "ou=role,o=bravo,o=root,ou=identities", + "jsonAttribute": "fr-idm-managed-role-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchManagedRole", + "objectClasses": [ + "uidObject", + "fr-idm-managed-role" + ], + "properties": { + "members": { + "isMultiValued": true, + "propertyName": "roles", + "resourcePath": "managed/bravo_user", + "type": "reverseReference" + } + } + }, + "managed/bravo_user": { + "dnTemplate": "ou=user,o=bravo,o=root,ou=identities", + "jsonAttribute": "fr-idm-custom-attrs", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "namingStrategy": { + "dnAttribute": "fr-idm-uuid", + "type": "clientDnNaming" + }, + "nativeId": false, + "objectClasses": [ + "person", + "organizationalPerson", + "inetOrgPerson", + "iplanet-am-user-service", + "devicePrintProfilesContainer", + "deviceProfilesContainer", + "kbaInfoContainer", + "fr-idm-managed-user-explicit", + "forgerock-am-dashboard-service", + "inetuser", + "iplanet-am-auth-configuration-service", + "iplanet-am-managed-person", + "iPlanetPreferences", + "oathDeviceProfilesContainer", + "pushDeviceProfilesContainer", + "sunAMAuthAccountLockout", + "sunFMSAML2NameIdentifier", + "webauthnDeviceProfilesContainer", + "fr-idm-hybrid-obj", + "fr-ext-attrs" + ], + "properties": { + "_id": { + "ldapAttribute": "fr-idm-uuid", + "primaryKey": true, + "type": "simple" + }, + "_meta": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-meta", + "primaryKey": "uid", + "resourcePath": "managed/bravo_usermeta", + "type": "reference" + }, + "_notifications": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-notifications", + "primaryKey": "uid", + "resourcePath": "internal/notification", + "type": "reference" + }, + "accountStatus": { + "ldapAttribute": "inetUserStatus", + "type": "simple" + }, + "adminOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-admin", + "primaryKey": "uid", + "resourcePath": "managed/bravo_organization", + "type": "reference" + }, + "aliasList": { + "isMultiValued": true, + "ldapAttribute": "iplanet-am-user-alias-list", + "type": "simple" + }, + "assignedDashboard": { + "isMultiValued": true, + "ldapAttribute": "assignedDashboard", + "type": "simple" + }, + "authzRoles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-authzroles-internal-role", + "primaryKey": "cn", + "resourcePath": "internal/role", + "type": "reference" + }, + "city": { + "ldapAttribute": "l", + "type": "simple" + }, + "cn": { + "ldapAttribute": "cn", + "type": "simple" + }, + "consentedMappings": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-consentedMapping", + "type": "json" + }, + "country": { + "ldapAttribute": "co", + "type": "simple" + }, + "description": { + "ldapAttribute": "description", + "type": "simple" + }, + "displayName": { + "ldapAttribute": "displayName", + "type": "simple" + }, + "effectiveAssignments": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveAssignment", + "type": "json" + }, + "effectiveGroups": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveGroup", + "type": "json" + }, + "effectiveRoles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-effectiveRole", + "type": "json" + }, + "frIndexedDate1": { + "ldapAttribute": "fr-attr-idate1", + "type": "simple" + }, + "frIndexedDate2": { + "ldapAttribute": "fr-attr-idate2", + "type": "simple" + }, + "frIndexedDate3": { + "ldapAttribute": "fr-attr-idate3", + "type": "simple" + }, + "frIndexedDate4": { + "ldapAttribute": "fr-attr-idate4", + "type": "simple" + }, + "frIndexedDate5": { + "ldapAttribute": "fr-attr-idate5", + "type": "simple" + }, + "frIndexedInteger1": { + "ldapAttribute": "fr-attr-iint1", + "type": "simple" + }, + "frIndexedInteger2": { + "ldapAttribute": "fr-attr-iint2", + "type": "simple" + }, + "frIndexedInteger3": { + "ldapAttribute": "fr-attr-iint3", + "type": "simple" + }, + "frIndexedInteger4": { + "ldapAttribute": "fr-attr-iint4", + "type": "simple" + }, + "frIndexedInteger5": { + "ldapAttribute": "fr-attr-iint5", + "type": "simple" + }, + "frIndexedMultivalued1": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti1", + "type": "simple" + }, + "frIndexedMultivalued2": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti2", + "type": "simple" + }, + "frIndexedMultivalued3": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti3", + "type": "simple" + }, + "frIndexedMultivalued4": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti4", + "type": "simple" + }, + "frIndexedMultivalued5": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-imulti5", + "type": "simple" + }, + "frIndexedString1": { + "ldapAttribute": "fr-attr-istr1", + "type": "simple" + }, + "frIndexedString2": { + "ldapAttribute": "fr-attr-istr2", + "type": "simple" + }, + "frIndexedString3": { + "ldapAttribute": "fr-attr-istr3", + "type": "simple" + }, + "frIndexedString4": { + "ldapAttribute": "fr-attr-istr4", + "type": "simple" + }, + "frIndexedString5": { + "ldapAttribute": "fr-attr-istr5", + "type": "simple" + }, + "frUnindexedDate1": { + "ldapAttribute": "fr-attr-date1", + "type": "simple" + }, + "frUnindexedDate2": { + "ldapAttribute": "fr-attr-date2", + "type": "simple" + }, + "frUnindexedDate3": { + "ldapAttribute": "fr-attr-date3", + "type": "simple" + }, + "frUnindexedDate4": { + "ldapAttribute": "fr-attr-date4", + "type": "simple" + }, + "frUnindexedDate5": { + "ldapAttribute": "fr-attr-date5", + "type": "simple" + }, + "frUnindexedInteger1": { + "ldapAttribute": "fr-attr-int1", + "type": "simple" + }, + "frUnindexedInteger2": { + "ldapAttribute": "fr-attr-int2", + "type": "simple" + }, + "frUnindexedInteger3": { + "ldapAttribute": "fr-attr-int3", + "type": "simple" + }, + "frUnindexedInteger4": { + "ldapAttribute": "fr-attr-int4", + "type": "simple" + }, + "frUnindexedInteger5": { + "ldapAttribute": "fr-attr-int5", + "type": "simple" + }, + "frUnindexedMultivalued1": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi1", + "type": "simple" + }, + "frUnindexedMultivalued2": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi2", + "type": "simple" + }, + "frUnindexedMultivalued3": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi3", + "type": "simple" + }, + "frUnindexedMultivalued4": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi4", + "type": "simple" + }, + "frUnindexedMultivalued5": { + "isMultiValued": true, + "ldapAttribute": "fr-attr-multi5", + "type": "simple" + }, + "frUnindexedString1": { + "ldapAttribute": "fr-attr-str1", + "type": "simple" + }, + "frUnindexedString2": { + "ldapAttribute": "fr-attr-str2", + "type": "simple" + }, + "frUnindexedString3": { + "ldapAttribute": "fr-attr-str3", + "type": "simple" + }, + "frUnindexedString4": { + "ldapAttribute": "fr-attr-str4", + "type": "simple" + }, + "frUnindexedString5": { + "ldapAttribute": "fr-attr-str5", + "type": "simple" + }, + "givenName": { + "ldapAttribute": "givenName", + "type": "simple" + }, + "groups": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-groups", + "primaryKey": "cn", + "resourcePath": "managed/bravo_group", + "type": "reference" + }, + "kbaInfo": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-kbaInfo", + "type": "json" + }, + "lastSync": { + "ldapAttribute": "fr-idm-lastSync", + "type": "json" + }, + "mail": { + "ldapAttribute": "mail", + "type": "simple" + }, + "manager": { + "isMultiValued": false, + "ldapAttribute": "fr-idm-managed-user-manager", + "primaryKey": "uid", + "resourcePath": "managed/bravo_user", + "type": "reference" + }, + "memberOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-member", + "primaryKey": "uid", + "resourcePath": "managed/bravo_organization", + "type": "reference" + }, + "memberOfOrgIDs": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-memberoforgid", + "type": "simple" + }, + "ownerOfOrg": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-organization-owner", + "primaryKey": "uid", + "resourcePath": "managed/bravo_organization", + "type": "reference" + }, + "password": { + "ldapAttribute": "userPassword", + "type": "simple" + }, + "postalAddress": { + "ldapAttribute": "street", + "type": "simple" + }, + "postalCode": { + "ldapAttribute": "postalCode", + "type": "simple" + }, + "preferences": { + "ldapAttribute": "fr-idm-preferences", + "type": "json" + }, + "profileImage": { + "ldapAttribute": "labeledURI", + "type": "simple" + }, + "reports": { + "isMultiValued": true, + "propertyName": "manager", + "resourcePath": "managed/bravo_user", + "type": "reverseReference" + }, + "roles": { + "isMultiValued": true, + "ldapAttribute": "fr-idm-managed-user-roles", + "primaryKey": "uid", + "resourcePath": "managed/bravo_role", + "type": "reference" + }, + "sn": { + "ldapAttribute": "sn", + "type": "simple" + }, + "stateProvince": { + "ldapAttribute": "st", + "type": "simple" + }, + "telephoneNumber": { + "ldapAttribute": "telephoneNumber", + "type": "simple" + }, + "userName": { + "ldapAttribute": "uid", + "type": "simple" + } + } + }, + "managed/bravo_usermeta": { + "dnTemplate": "ou=usermeta,o=bravo,o=root,ou=identities", + "jsonAttribute": "fr-idm-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-generic-obj" + ], + "properties": { + "target": { + "propertyName": "_meta", + "resourcePath": "managed/bravo_user", + "type": "reverseReference" + } + } + }, + "managed/teammembermeta": { + "dnTemplate": "ou=teammembermeta,o=root,ou=identities", + "jsonAttribute": "fr-idm-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatch", + "objectClasses": [ + "uidObject", + "fr-idm-generic-obj" + ], + "properties": { + "target": { + "propertyName": "_meta", + "resourcePath": "managed/teammember", + "type": "reverseReference" + } + } + }, + "reconprogressstate": { + "dnTemplate": "ou=reconprogressstate,dc=openidm,dc=example,dc=com" + }, + "relationships": { + "dnTemplate": "ou=relationships,dc=openidm,dc=example,dc=com", + "jsonAttribute": "fr-idm-relationship-json", + "jsonQueryEqualityMatchingRule": "caseIgnoreJsonQueryMatchRelationship", + "objectClasses": [ + "uidObject", + "fr-idm-relationship" + ] + }, + "scheduler": { + "dnTemplate": "ou=scheduler,dc=openidm,dc=example,dc=com" + }, + "scheduler/*": { + "dnTemplate": "ou=scheduler,dc=openidm,dc=example,dc=com" + }, + "ui/*": { + "dnTemplate": "ou=ui,dc=openidm,dc=example,dc=com" + }, + "updates": { + "dnTemplate": "ou=updates,dc=openidm,dc=example,dc=com" + } + } + }, + "rest2LdapOptions": { + "mvccAttribute": "etag", + "readOnUpdatePolicy": "controls", + "returnNullForMissingProperties": true, + "useMvcc": true, + "usePermissiveModify": true, + "useSubtreeDelete": true + }, + "security": { + "keyManager": "jvm", + "trustManager": "jvm" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/router.idm.json b/test/e2e/exports/full-export-separate/global/idm/router.idm.json new file mode 100644 index 000000000..4a80f1149 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/router.idm.json @@ -0,0 +1,8 @@ +{ + "idm": { + "router": { + "_id": "router", + "filters": [] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/script.idm.json b/test/e2e/exports/full-export-separate/global/idm/script.idm.json new file mode 100644 index 000000000..8220645d2 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/script.idm.json @@ -0,0 +1,43 @@ +{ + "idm": { + "script": { + "ECMAScript": { + "#javascript.debug": "&{openidm.script.javascript.debug}", + "javascript.recompile.minimumInterval": 60000 + }, + "Groovy": { + "#groovy.disabled.global.ast.transformations": "", + "#groovy.errors.tolerance": 10, + "#groovy.output.debug": false, + "#groovy.output.verbose": false, + "#groovy.script.base": "#any class extends groovy.lang.Script", + "#groovy.script.extension": ".groovy", + "#groovy.source.encoding": "utf-8 #default US-ASCII", + "#groovy.target.bytecode": "1.5", + "#groovy.target.indy": true, + "#groovy.warnings": "likely errors #othere values [none,likely,possible,paranoia]", + "groovy.classpath": "&{idm.install.dir}/lib", + "groovy.recompile": true, + "groovy.recompile.minimumInterval": 60000, + "groovy.source.encoding": "UTF-8", + "groovy.target.directory": "&{idm.install.dir}/classes" + }, + "_id": "script", + "properties": {}, + "sources": { + "default": { + "directory": "&{idm.install.dir}/bin/defaults/script" + }, + "install": { + "directory": "&{idm.install.dir}" + }, + "project": { + "directory": "&{idm.instance.dir}" + }, + "project-script": { + "directory": "&{idm.instance.dir}/script" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/secrets.idm.json b/test/e2e/exports/full-export-separate/global/idm/secrets.idm.json new file mode 100644 index 000000000..6b6594561 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/secrets.idm.json @@ -0,0 +1,114 @@ +{ + "idm": { + "secrets": { + "_id": "secrets", + "populateDefaults": true, + "stores": [ + { + "class": "org.forgerock.openidm.secrets.config.FileBasedStore", + "config": { + "file": "&{openidm.keystore.location|&{idm.install.dir}/security/keystore.jceks}", + "mappings": [ + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}", + "openidm-localhost" + ], + "secretId": "idm.default", + "types": [ + "ENCRYPT", + "DECRYPT" + ] + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}" + ], + "secretId": "idm.config.encryption", + "types": [ + "ENCRYPT", + "DECRYPT" + ] + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}" + ], + "secretId": "idm.password.encryption", + "types": [ + "ENCRYPT", + "DECRYPT" + ] + }, + { + "aliases": [ + "&{openidm.https.keystore.cert.alias|openidm-localhost}" + ], + "secretId": "idm.jwt.session.module.encryption", + "types": [ + "ENCRYPT", + "DECRYPT" + ] + }, + { + "aliases": [ + "&{openidm.config.crypto.jwtsession.hmackey.alias|openidm-jwtsessionhmac-key}" + ], + "secretId": "idm.jwt.session.module.signing", + "types": [ + "SIGN", + "VERIFY" + ] + }, + { + "aliases": [ + "selfservice" + ], + "secretId": "idm.selfservice.encryption", + "types": [ + "ENCRYPT", + "DECRYPT" + ] + }, + { + "aliases": [ + "&{openidm.config.crypto.selfservice.sharedkey.alias|openidm-selfservice-key}" + ], + "secretId": "idm.selfservice.signing", + "types": [ + "SIGN", + "VERIFY" + ] + }, + { + "aliases": [ + "&{openidm.config.crypto.alias|openidm-sym-default}" + ], + "secretId": "idm.assignment.attribute.encryption", + "types": [ + "ENCRYPT", + "DECRYPT" + ] + } + ], + "providerName": "&{openidm.keystore.provider|SunJCE}", + "storePassword": "&{openidm.keystore.password|changeit}", + "storetype": "&{openidm.keystore.type|JCEKS}" + }, + "name": "mainKeyStore" + }, + { + "class": "org.forgerock.openidm.secrets.config.FileBasedStore", + "config": { + "file": "&{openidm.truststore.location|&{idm.install.dir}/security/truststore}", + "mappings": [], + "providerName": "&{openidm.truststore.provider|SUN}", + "storePassword": "&{openidm.truststore.password|changeit}", + "storetype": "&{openidm.truststore.type|JKS}" + }, + "name": "mainTrustStore" + } + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/selfservice.kba.idm.json b/test/e2e/exports/full-export-separate/global/idm/selfservice.kba.idm.json new file mode 100644 index 000000000..f05d4f189 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/selfservice.kba.idm.json @@ -0,0 +1,15 @@ +{ + "idm": { + "selfservice.kba": { + "_id": "selfservice.kba", + "kbaPropertyName": "kbaInfo", + "minimumAnswersToDefine": 1, + "minimumAnswersToVerify": 1, + "questions": { + "1": { + "en": "What's your favorite color?" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/selfservice.terms.idm.json b/test/e2e/exports/full-export-separate/global/idm/selfservice.terms.idm.json new file mode 100644 index 000000000..48341c5fe --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/selfservice.terms.idm.json @@ -0,0 +1,22 @@ +{ + "idm": { + "selfservice.terms": { + "_id": "selfservice.terms", + "active": "0.0", + "uiConfig": { + "buttonText": "Accept", + "displayName": "We've updated our terms", + "purpose": "You must accept the updated terms in order to proceed." + }, + "versions": [ + { + "createDate": "2019-10-28T04:20:11.320Z", + "termsTranslations": { + "en": "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum." + }, + "version": "0.0" + } + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/servletfilter/cors.idm.json b/test/e2e/exports/full-export-separate/global/idm/servletfilter/cors.idm.json new file mode 100644 index 000000000..9fe932668 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/servletfilter/cors.idm.json @@ -0,0 +1,18 @@ +{ + "idm": { + "servletfilter/cors": { + "_id": "servletfilter/cors", + "initParams": { + "allowCredentials": false, + "allowedHeaders": "authorization,accept,content-type,origin,x-requested-with,cache-control,accept-api-version,if-match,if-none-match", + "allowedMethods": "GET,POST,PUT,DELETE,PATCH", + "allowedOrigins": "*", + "chainPreflight": false, + "exposedHeaders": "WWW-Authenticate" + }, + "urlPatterns": [ + "/*" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/servletfilter/payload.idm.json b/test/e2e/exports/full-export-separate/global/idm/servletfilter/payload.idm.json new file mode 100644 index 000000000..78c559ce2 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/servletfilter/payload.idm.json @@ -0,0 +1,13 @@ +{ + "idm": { + "servletfilter/payload": { + "_id": "servletfilter/payload", + "initParams": { + "maxRequestSizeInMegabytes": 5 + }, + "urlPatterns": [ + "&{openidm.servlet.alias}/*" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/servletfilter/upload.idm.json b/test/e2e/exports/full-export-separate/global/idm/servletfilter/upload.idm.json new file mode 100644 index 000000000..a593d043b --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/servletfilter/upload.idm.json @@ -0,0 +1,13 @@ +{ + "idm": { + "servletfilter/upload": { + "_id": "servletfilter/upload", + "initParams": { + "maxRequestSizeInMegabytes": 50 + }, + "urlPatterns": [ + "&{openidm.servlet.upload.alias}/*" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/ui.context/admin.idm.json b/test/e2e/exports/full-export-separate/global/idm/ui.context/admin.idm.json new file mode 100644 index 000000000..c20b3f9a9 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/ui.context/admin.idm.json @@ -0,0 +1,14 @@ +{ + "idm": { + "ui.context/admin": { + "_id": "ui.context/admin", + "defaultDir": "&{idm.install.dir}/ui/admin/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/admin/extension", + "responseHeaders": { + "X-Frame-Options": "SAMEORIGIN" + }, + "urlContextRoot": "/admin" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/ui.context/api.idm.json b/test/e2e/exports/full-export-separate/global/idm/ui.context/api.idm.json new file mode 100644 index 000000000..0ace771f4 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/ui.context/api.idm.json @@ -0,0 +1,13 @@ +{ + "idm": { + "ui.context/api": { + "_id": "ui.context/api", + "authEnabled": true, + "cacheEnabled": false, + "defaultDir": "&{idm.install.dir}/ui/api/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/api/extension", + "urlContextRoot": "/api" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/ui.context/enduser.idm.json b/test/e2e/exports/full-export-separate/global/idm/ui.context/enduser.idm.json new file mode 100644 index 000000000..76ecb31fd --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/ui.context/enduser.idm.json @@ -0,0 +1,13 @@ +{ + "idm": { + "ui.context/enduser": { + "_id": "ui.context/enduser", + "defaultDir": "&{idm.install.dir}/ui/enduser", + "enabled": true, + "responseHeaders": { + "X-Frame-Options": "DENY" + }, + "urlContextRoot": "/" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/ui.context/oauth.idm.json b/test/e2e/exports/full-export-separate/global/idm/ui.context/oauth.idm.json new file mode 100644 index 000000000..63880cdda --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/ui.context/oauth.idm.json @@ -0,0 +1,12 @@ +{ + "idm": { + "ui.context/oauth": { + "_id": "ui.context/oauth", + "cacheEnabled": true, + "defaultDir": "&{idm.install.dir}/ui/oauth/default", + "enabled": true, + "extensionDir": "&{idm.install.dir}/ui/oauth/extension", + "urlContextRoot": "/oauthReturn" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/ui/configuration.idm.json b/test/e2e/exports/full-export-separate/global/idm/ui/configuration.idm.json new file mode 100644 index 000000000..5c4a0dc25 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/ui/configuration.idm.json @@ -0,0 +1,39 @@ +{ + "idm": { + "ui/configuration": { + "_id": "ui/configuration", + "configuration": { + "defaultNotificationType": "info", + "forgotUsername": false, + "lang": "en", + "notificationTypes": { + "error": { + "iconPath": "images/notifications/error.png", + "name": "common.notification.types.error" + }, + "info": { + "iconPath": "images/notifications/info.png", + "name": "common.notification.types.info" + }, + "warning": { + "iconPath": "images/notifications/warning.png", + "name": "common.notification.types.warning" + } + }, + "passwordReset": true, + "passwordResetLink": "", + "platformSettings": { + "adminOauthClient": "idmAdminClient", + "adminOauthClientScopes": "fr:idm:*", + "amUrl": "/am", + "loginUrl": "" + }, + "roles": { + "internal/role/openidm-admin": "ui-admin", + "internal/role/openidm-authorized": "ui-user" + }, + "selfRegistration": true + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/ui/dashboard.idm.json b/test/e2e/exports/full-export-separate/global/idm/ui/dashboard.idm.json new file mode 100644 index 000000000..88000c060 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/ui/dashboard.idm.json @@ -0,0 +1,178 @@ +{ + "idm": { + "ui/dashboard": { + "_id": "ui/dashboard", + "adminDashboards": [ + { + "isDefault": true, + "name": "Quick Start", + "widgets": [ + { + "cards": [ + { + "href": "#resource/managed/alpha_user/list/", + "icon": "fa-user", + "name": "Manage Users" + }, + { + "href": "#resource/managed/alpha_role/list/", + "icon": "fa-check-square-o", + "name": "Manage Roles" + }, + { + "href": "#connectors/add/", + "icon": "fa-database", + "name": "Add Connector" + }, + { + "href": "#mapping/add/", + "icon": "fa-map-marker", + "name": "Create Mapping" + }, + { + "href": "#managed/add/", + "icon": "fa-tablet", + "name": "Add Device" + }, + { + "href": "#settings/", + "icon": "fa-user", + "name": "Configure System Preferences" + } + ], + "size": "large", + "type": "quickStart" + } + ] + }, + { + "isDefault": false, + "name": "System Monitoring", + "widgets": [ + { + "legendRange": { + "month": [ + 500, + 2500, + 5000 + ], + "week": [ + 10, + 30, + 90, + 270, + 810 + ], + "year": [ + 10000, + 40000, + 100000, + 250000 + ] + }, + "maxRange": "#24423c", + "minRange": "#b0d4cd", + "size": "large", + "type": "audit" + }, + { + "size": "large", + "type": "clusterStatus" + }, + { + "size": "large", + "type": "systemHealthFull" + }, + { + "barchart": "false", + "size": "large", + "type": "lastRecon" + } + ] + }, + { + "isDefault": false, + "name": "Resource Report", + "widgets": [ + { + "selected": "activeUsers", + "size": "x-small", + "type": "counter" + }, + { + "selected": "rolesEnabled", + "size": "x-small", + "type": "counter" + }, + { + "selected": "activeConnectors", + "size": "x-small", + "type": "counter" + }, + { + "size": "large", + "type": "resourceList" + } + ] + }, + { + "isDefault": false, + "name": "Business Report", + "widgets": [ + { + "graphType": "fa-pie-chart", + "providers": [ + "Username/Password" + ], + "size": "x-small", + "type": "signIns", + "widgetTitle": "Sign-Ins" + }, + { + "graphType": "fa-bar-chart", + "size": "x-small", + "type": "passwordResets", + "widgetTitle": "Password Resets" + }, + { + "graphType": "fa-line-chart", + "providers": [ + "Username/Password" + ], + "size": "x-small", + "type": "newRegistrations", + "widgetTitle": "New Registrations" + }, + { + "size": "x-small", + "timezone": { + "hours": "07", + "minutes": "00", + "negative": true + }, + "type": "socialLogin" + }, + { + "selected": "socialEnabled", + "size": "x-small", + "type": "counter" + }, + { + "selected": "manualRegistrations", + "size": "x-small", + "type": "counter" + } + ] + } + ], + "dashboard": { + "widgets": [ + { + "size": "large", + "type": "Welcome" + } + ] + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/ui/profile.idm.json b/test/e2e/exports/full-export-separate/global/idm/ui/profile.idm.json new file mode 100644 index 000000000..5a65db8a2 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/ui/profile.idm.json @@ -0,0 +1,45 @@ +{ + "idm": { + "ui/profile": { + "_id": "ui/profile", + "tabs": [ + { + "name": "personalInfoTab", + "view": "org/forgerock/openidm/ui/user/profile/personalInfo/PersonalInfoTab" + }, + { + "name": "signInAndSecurity", + "view": "org/forgerock/openidm/ui/user/profile/signInAndSecurity/SignInAndSecurityTab" + }, + { + "name": "preference", + "view": "org/forgerock/openidm/ui/user/profile/PreferencesTab" + }, + { + "name": "trustedDevice", + "view": "org/forgerock/openidm/ui/user/profile/TrustedDevicesTab" + }, + { + "name": "oauthApplication", + "view": "org/forgerock/openidm/ui/user/profile/OauthApplicationsTab" + }, + { + "name": "privacyAndConsent", + "view": "org/forgerock/openidm/ui/user/profile/PrivacyAndConsentTab" + }, + { + "name": "sharing", + "view": "org/forgerock/openidm/ui/user/profile/uma/SharingTab" + }, + { + "name": "auditHistory", + "view": "org/forgerock/openidm/ui/user/profile/uma/ActivityTab" + }, + { + "name": "accountControls", + "view": "org/forgerock/openidm/ui/user/profile/accountControls/AccountControlsTab" + } + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/ui/themeconfig.idm.json b/test/e2e/exports/full-export-separate/global/idm/ui/themeconfig.idm.json new file mode 100644 index 000000000..e4956d46e --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/ui/themeconfig.idm.json @@ -0,0 +1,31 @@ +{ + "idm": { + "ui/themeconfig": { + "_id": "ui/themeconfig", + "icon": "favicon.ico", + "path": "", + "settings": { + "footer": { + "mailto": "info@forgerock.com" + }, + "loginLogo": { + "alt": "ForgeRock", + "height": "104px", + "src": "images/login-logo-dark.png", + "title": "ForgeRock", + "width": "210px" + }, + "logo": { + "alt": "ForgeRock", + "src": "images/logo-horizontal-white.png", + "title": "ForgeRock" + } + }, + "stylesheets": [ + "css/bootstrap-3.4.1-custom.css", + "css/structure.css", + "css/theme.css" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/uilocale/fr.idm.json b/test/e2e/exports/full-export-separate/global/idm/uilocale/fr.idm.json new file mode 100644 index 000000000..fc81cd46c --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/uilocale/fr.idm.json @@ -0,0 +1,47 @@ +{ + "idm": { + "uilocale/fr": { + "_id": "uilocale/fr", + "admin": { + "overrides": { + "AppLogoURI": "URI du logo de l’application", + "EmailAddress": "Adresse e-mail", + "Name": "Nom", + "Owners": "Les propriétaires" + }, + "sideMenu": { + "securityQuestions": "Questions de sécurité" + } + }, + "enduser": { + "overrides": { + "FirstName": "Prénom", + "LastName": "Nom de famille" + }, + "pages": { + "dashboard": { + "widgets": { + "welcome": { + "greeting": "Bonjour" + } + } + } + } + }, + "login": { + "login": { + "next": "Suivant" + }, + "overrides": { + "Password": "Mot de passe", + "UserName": "Nom d'utilisateur" + } + }, + "shared": { + "sideMenu": { + "dashboard": "Tableau de bord" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/idm/undefined.idm.json b/test/e2e/exports/full-export-separate/global/idm/undefined.idm.json new file mode 100644 index 000000000..655b8227c --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/idm/undefined.idm.json @@ -0,0 +1,73 @@ +{ + "idm": { + "undefined": { + "_id": "undefined", + "mapping": { + "mapping/managedBravo_user_managedBravo_user0": { + "_id": "mapping/managedBravo_user_managedBravo_user0", + "consentRequired": false, + "displayName": "managedBravo_user_managedBravo_user0", + "icon": null, + "name": "managedBravo_user_managedBravo_user0", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT" + }, + { + "action": "ASYNC", + "situation": "ALL_GONE" + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS" + }, + { + "action": "ASYNC", + "situation": "CONFIRMED" + }, + { + "action": "ASYNC", + "situation": "FOUND" + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED" + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY" + }, + { + "action": "ASYNC", + "situation": "MISSING" + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED" + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING" + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED" + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED" + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED" + } + ], + "properties": [], + "source": "managed/bravo_user", + "target": "managed/bravo_user" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/internalRole/openidm-admin.internalRole.json b/test/e2e/exports/full-export-separate/global/internalRole/openidm-admin.internalRole.json new file mode 100644 index 000000000..092106e27 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/internalRole/openidm-admin.internalRole.json @@ -0,0 +1,12 @@ +{ + "internalRole": { + "openidm-admin": { + "_id": "openidm-admin", + "condition": null, + "description": "Administrative access", + "name": "openidm-admin", + "privileges": [], + "temporalConstraints": [] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/internalRole/openidm-authorized.internalRole.json b/test/e2e/exports/full-export-separate/global/internalRole/openidm-authorized.internalRole.json new file mode 100644 index 000000000..d198b81bf --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/internalRole/openidm-authorized.internalRole.json @@ -0,0 +1,12 @@ +{ + "internalRole": { + "openidm-authorized": { + "_id": "openidm-authorized", + "condition": null, + "description": "Basic minimum user", + "name": "openidm-authorized", + "privileges": [], + "temporalConstraints": [] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/internalRole/openidm-cert.internalRole.json b/test/e2e/exports/full-export-separate/global/internalRole/openidm-cert.internalRole.json new file mode 100644 index 000000000..203d7e3e3 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/internalRole/openidm-cert.internalRole.json @@ -0,0 +1,12 @@ +{ + "internalRole": { + "openidm-cert": { + "_id": "openidm-cert", + "condition": null, + "description": "Authenticated via certificate", + "name": "openidm-cert", + "privileges": [], + "temporalConstraints": [] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/internalRole/openidm-reg.internalRole.json b/test/e2e/exports/full-export-separate/global/internalRole/openidm-reg.internalRole.json new file mode 100644 index 000000000..5ba60972a --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/internalRole/openidm-reg.internalRole.json @@ -0,0 +1,12 @@ +{ + "internalRole": { + "openidm-reg": { + "_id": "openidm-reg", + "condition": null, + "description": "Anonymous access", + "name": "openidm-reg", + "privileges": [], + "temporalConstraints": [] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/internalRole/openidm-tasks-manager.internalRole.json b/test/e2e/exports/full-export-separate/global/internalRole/openidm-tasks-manager.internalRole.json new file mode 100644 index 000000000..56e161c52 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/internalRole/openidm-tasks-manager.internalRole.json @@ -0,0 +1,12 @@ +{ + "internalRole": { + "openidm-tasks-manager": { + "_id": "openidm-tasks-manager", + "condition": null, + "description": "Allowed to reassign workflow tasks", + "name": "openidm-tasks-manager", + "privileges": [], + "temporalConstraints": [] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/internalRole/platform-provisioning.internalRole.json b/test/e2e/exports/full-export-separate/global/internalRole/platform-provisioning.internalRole.json new file mode 100644 index 000000000..4cfee3ff9 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/internalRole/platform-provisioning.internalRole.json @@ -0,0 +1,12 @@ +{ + "internalRole": { + "platform-provisioning": { + "_id": "platform-provisioning", + "condition": null, + "description": "Platform provisioning access", + "name": "platform-provisioning", + "privileges": [], + "temporalConstraints": [] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/internalRole/test-internal-role.internalRole.json b/test/e2e/exports/full-export-separate/global/internalRole/test-internal-role.internalRole.json new file mode 100644 index 000000000..8cc653328 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/internalRole/test-internal-role.internalRole.json @@ -0,0 +1,330 @@ +{ + "internalRole": { + "ccb11ba1-333b-4197-95db-89bb08a2ab56": { + "_id": "ccb11ba1-333b-4197-95db-89bb08a2ab56", + "condition": "/description co \"somerandomstring\"", + "description": "A test internal role", + "name": "test-internal-role", + "privileges": [ + { + "accessFlags": [ + { + "attribute": "userName", + "readOnly": false + }, + { + "attribute": "givenName", + "readOnly": false + }, + { + "attribute": "cn", + "readOnly": false + }, + { + "attribute": "sn", + "readOnly": false + }, + { + "attribute": "mail", + "readOnly": false + }, + { + "attribute": "profileImage", + "readOnly": true + }, + { + "attribute": "description", + "readOnly": false + }, + { + "attribute": "accountStatus", + "readOnly": true + }, + { + "attribute": "telephoneNumber", + "readOnly": true + }, + { + "attribute": "postalAddress", + "readOnly": true + }, + { + "attribute": "city", + "readOnly": true + }, + { + "attribute": "postalCode", + "readOnly": true + }, + { + "attribute": "country", + "readOnly": true + }, + { + "attribute": "stateProvince", + "readOnly": true + }, + { + "attribute": "roles", + "readOnly": true + }, + { + "attribute": "assignments", + "readOnly": true + }, + { + "attribute": "groups", + "readOnly": true + }, + { + "attribute": "applications", + "readOnly": true + }, + { + "attribute": "manager", + "readOnly": true + }, + { + "attribute": "authzRoles", + "readOnly": true + }, + { + "attribute": "reports", + "readOnly": true + }, + { + "attribute": "effectiveRoles", + "readOnly": true + }, + { + "attribute": "effectiveAssignments", + "readOnly": true + }, + { + "attribute": "effectiveGroups", + "readOnly": true + }, + { + "attribute": "effectiveApplications", + "readOnly": true + }, + { + "attribute": "lastSync", + "readOnly": true + }, + { + "attribute": "kbaInfo", + "readOnly": true + }, + { + "attribute": "preferences", + "readOnly": true + }, + { + "attribute": "consentedMappings", + "readOnly": true + }, + { + "attribute": "ownerOfOrg", + "readOnly": true + }, + { + "attribute": "adminOfOrg", + "readOnly": true + }, + { + "attribute": "memberOfOrg", + "readOnly": true + }, + { + "attribute": "memberOfOrgIDs", + "readOnly": true + }, + { + "attribute": "ownerOfApp", + "readOnly": true + }, + { + "attribute": "frIndexedString1", + "readOnly": true + }, + { + "attribute": "frIndexedString2", + "readOnly": true + }, + { + "attribute": "frIndexedString3", + "readOnly": true + }, + { + "attribute": "frIndexedString4", + "readOnly": true + }, + { + "attribute": "frIndexedString5", + "readOnly": true + }, + { + "attribute": "frUnindexedString1", + "readOnly": true + }, + { + "attribute": "frUnindexedString2", + "readOnly": true + }, + { + "attribute": "frUnindexedString3", + "readOnly": true + }, + { + "attribute": "frUnindexedString4", + "readOnly": true + }, + { + "attribute": "frUnindexedString5", + "readOnly": true + }, + { + "attribute": "frIndexedMultivalued1", + "readOnly": true + }, + { + "attribute": "frIndexedMultivalued2", + "readOnly": true + }, + { + "attribute": "frIndexedMultivalued3", + "readOnly": true + }, + { + "attribute": "frIndexedMultivalued4", + "readOnly": true + }, + { + "attribute": "frIndexedMultivalued5", + "readOnly": true + }, + { + "attribute": "frUnindexedMultivalued1", + "readOnly": true + }, + { + "attribute": "frUnindexedMultivalued2", + "readOnly": true + }, + { + "attribute": "frUnindexedMultivalued3", + "readOnly": true + }, + { + "attribute": "frUnindexedMultivalued4", + "readOnly": true + }, + { + "attribute": "frUnindexedMultivalued5", + "readOnly": true + }, + { + "attribute": "frIndexedDate1", + "readOnly": true + }, + { + "attribute": "frIndexedDate2", + "readOnly": true + }, + { + "attribute": "frIndexedDate3", + "readOnly": true + }, + { + "attribute": "frIndexedDate4", + "readOnly": true + }, + { + "attribute": "frIndexedDate5", + "readOnly": true + }, + { + "attribute": "frUnindexedDate1", + "readOnly": true + }, + { + "attribute": "frUnindexedDate2", + "readOnly": true + }, + { + "attribute": "frUnindexedDate3", + "readOnly": true + }, + { + "attribute": "frUnindexedDate4", + "readOnly": true + }, + { + "attribute": "frUnindexedDate5", + "readOnly": true + }, + { + "attribute": "frIndexedInteger1", + "readOnly": true + }, + { + "attribute": "frIndexedInteger2", + "readOnly": true + }, + { + "attribute": "frIndexedInteger3", + "readOnly": true + }, + { + "attribute": "frIndexedInteger4", + "readOnly": true + }, + { + "attribute": "frIndexedInteger5", + "readOnly": true + }, + { + "attribute": "frUnindexedInteger1", + "readOnly": true + }, + { + "attribute": "frUnindexedInteger2", + "readOnly": true + }, + { + "attribute": "frUnindexedInteger3", + "readOnly": true + }, + { + "attribute": "frUnindexedInteger4", + "readOnly": true + }, + { + "attribute": "frUnindexedInteger5", + "readOnly": true + }, + { + "attribute": "assignedDashboard", + "readOnly": true + } + ], + "actions": [], + "filter": "/userName co \"test\"", + "name": "Alpha realm - Users", + "path": "managed/alpha_user", + "permissions": [ + "VIEW", + "UPDATE", + "CREATE" + ] + } + ], + "temporalConstraints": [ + { + "duration": "2024-11-04T12:45:00.000Z/2100-12-01T12:45:00.000Z" + } + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/mapping/managedAlpha_assignment_managedBravo_assignment.mapping.json b/test/e2e/exports/full-export-separate/global/mapping/managedAlpha_assignment_managedBravo_assignment.mapping.json new file mode 100644 index 000000000..ffbc57a1b --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/mapping/managedAlpha_assignment_managedBravo_assignment.mapping.json @@ -0,0 +1,68 @@ +{ + "mapping": { + "mapping/managedAlpha_assignment_managedBravo_assignment": { + "_id": "mapping/managedAlpha_assignment_managedBravo_assignment", + "consentRequired": false, + "displayName": "managedAlpha_assignment_managedBravo_assignment", + "icon": null, + "name": "managedAlpha_assignment_managedBravo_assignment", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT" + }, + { + "action": "ASYNC", + "situation": "ALL_GONE" + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS" + }, + { + "action": "ASYNC", + "situation": "CONFIRMED" + }, + { + "action": "ASYNC", + "situation": "FOUND" + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED" + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY" + }, + { + "action": "ASYNC", + "situation": "MISSING" + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED" + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING" + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED" + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED" + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED" + } + ], + "properties": [], + "source": "managed/alpha_assignment", + "target": "managed/bravo_assignment" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/mapping/managedAlpha_user_systemAzureUser.mapping.json b/test/e2e/exports/full-export-separate/global/mapping/managedAlpha_user_systemAzureUser.mapping.json new file mode 100644 index 000000000..8d8734fa7 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/mapping/managedAlpha_user_systemAzureUser.mapping.json @@ -0,0 +1,147 @@ +{ + "mapping": { + "mapping/managedAlpha_user_systemAzureUser": { + "_id": "mapping/managedAlpha_user_systemAzureUser", + "consentRequired": false, + "defaultSourceFields": [ + "*", + "assignments" + ], + "defaultTargetFields": [ + "*", + "memberOf", + "__roles__", + "__servicePlanIds__" + ], + "displayName": "managedAlpha_user_systemAzureUser", + "icon": null, + "name": "managedAlpha_user_systemAzureUser", + "optimizeAssignmentSync": true, + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS" + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING" + }, + { + "action": "ASYNC", + "situation": "MISSING" + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED" + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED" + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED" + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY" + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED" + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED" + }, + { + "action": "ASYNC", + "situation": "ALL_GONE" + }, + { + "action": "UPDATE", + "situation": "CONFIRMED" + }, + { + "action": "ASYNC", + "situation": "FOUND" + }, + { + "action": "CREATE", + "situation": "ABSENT" + }, + { + "action": "ASYNC", + "situation": "SOURCE_TARGET_CONFLICT" + }, + { + "action": "INCORPORATE_CHANGES", + "situation": "TARGET_CHANGED" + } + ], + "properties": [ + { + "source": "mail", + "target": "mail" + }, + { + "source": "givenName", + "target": "givenName" + }, + { + "source": "sn", + "target": "surname" + }, + { + "source": "", + "target": "displayName", + "transform": { + "source": "source.givenName+\" \"+source.sn", + "type": "text/javascript" + } + }, + { + "source": "", + "target": "mailNickname", + "transform": { + "source": "source.givenName[0].toLowerCase()+source.sn.toLowerCase()", + "type": "text/javascript" + } + }, + { + "source": "", + "target": "accountEnabled", + "transform": { + "source": "true", + "type": "text/javascript" + } + }, + { + "condition": { + "globals": {}, + "source": "(typeof oldTarget === 'undefined' || oldTarget === null)", + "type": "text/javascript" + }, + "source": "", + "target": "__PASSWORD__", + "transform": { + "source": "\"!@#$%\"[Math.floor(Math.random()*5)] + Math.random().toString(36).slice(2, 13).toUpperCase()+Math.random().toString(36).slice(2,13)", + "type": "text/javascript" + } + } + ], + "queuedSync": { + "enabled": true, + "maxRetries": 0, + "pollingInterval": 10000 + }, + "runTargetPhase": false, + "source": "managed/alpha_user", + "sourceCondition": "/source/effectiveApplications[_id eq \"0f357b7e-6c54-4351-a094-43916877d7e5\"] or /source/effectiveAssignments[(mapping eq \"managedAlpha_user_systemAzureUser\" and type eq \"__ENTITLEMENT__\")]", + "sourceQuery": { + "_queryFilter": "effectiveApplications[_id eq \"0f357b7e-6c54-4351-a094-43916877d7e5\"] or lastSync/managedAlpha_user_systemAzureUser pr or /source/effectiveAssignments[(mapping eq \"managedAlpha_user_systemAzureUser\" and type eq \"__ENTITLEMENT__\")]" + }, + "target": "system/Azure/User" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/mapping/managedBravo_group_managedBravo_group.mapping.json b/test/e2e/exports/full-export-separate/global/mapping/managedBravo_group_managedBravo_group.mapping.json new file mode 100644 index 000000000..4f21705ee --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/mapping/managedBravo_group_managedBravo_group.mapping.json @@ -0,0 +1,68 @@ +{ + "mapping": { + "mapping/managedBravo_group_managedBravo_group": { + "_id": "mapping/managedBravo_group_managedBravo_group", + "consentRequired": false, + "displayName": "managedBravo_group_managedBravo_group", + "icon": null, + "name": "managedBravo_group_managedBravo_group", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT" + }, + { + "action": "ASYNC", + "situation": "ALL_GONE" + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS" + }, + { + "action": "ASYNC", + "situation": "CONFIRMED" + }, + { + "action": "ASYNC", + "situation": "FOUND" + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED" + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY" + }, + { + "action": "ASYNC", + "situation": "MISSING" + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED" + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING" + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED" + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED" + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED" + } + ], + "properties": [], + "source": "managed/bravo_group", + "target": "managed/bravo_group" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/mapping/managedBravo_user_managedBravo_user0.mapping.json b/test/e2e/exports/full-export-separate/global/mapping/managedBravo_user_managedBravo_user0.mapping.json new file mode 100644 index 000000000..74e8b90ae --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/mapping/managedBravo_user_managedBravo_user0.mapping.json @@ -0,0 +1,68 @@ +{ + "mapping": { + "mapping/managedBravo_user_managedBravo_user0": { + "_id": "mapping/managedBravo_user_managedBravo_user0", + "consentRequired": false, + "displayName": "managedBravo_user_managedBravo_user0", + "icon": null, + "name": "managedBravo_user_managedBravo_user0", + "policies": [ + { + "action": "ASYNC", + "situation": "ABSENT" + }, + { + "action": "ASYNC", + "situation": "ALL_GONE" + }, + { + "action": "ASYNC", + "situation": "AMBIGUOUS" + }, + { + "action": "ASYNC", + "situation": "CONFIRMED" + }, + { + "action": "ASYNC", + "situation": "FOUND" + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED" + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY" + }, + { + "action": "ASYNC", + "situation": "MISSING" + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED" + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING" + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED" + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED" + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED" + } + ], + "properties": [], + "source": "managed/bravo_user", + "target": "managed/bravo_user" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/mapping/mapping12.mapping.json b/test/e2e/exports/full-export-separate/global/mapping/mapping12.mapping.json new file mode 100644 index 000000000..e7c1118bb --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/mapping/mapping12.mapping.json @@ -0,0 +1,16 @@ +{ + "mapping": { + "mapping/mapping12": { + "_id": "mapping/mapping12", + "consentRequired": false, + "displayName": "mapping12", + "linkQualifiers": [], + "name": "mapping12", + "policies": [], + "properties": [], + "source": "managed/bravo_user", + "syncAfter": [], + "target": "managed/bravo_user" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/mapping/systemAzureDirectoryrole_managedAlpha_assignment.mapping.json b/test/e2e/exports/full-export-separate/global/mapping/systemAzureDirectoryrole_managedAlpha_assignment.mapping.json new file mode 100644 index 000000000..907f28b65 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/mapping/systemAzureDirectoryrole_managedAlpha_assignment.mapping.json @@ -0,0 +1,118 @@ +{ + "mapping": { + "mapping/systemAzureDirectoryrole_managedAlpha_assignment": { + "_id": "mapping/systemAzureDirectoryrole_managedAlpha_assignment", + "consentRequired": false, + "displayName": "systemAzureDirectoryrole_managedAlpha_assignment", + "icon": null, + "name": "systemAzureDirectoryrole_managedAlpha_assignment", + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS" + }, + { + "action": "DELETE", + "situation": "SOURCE_MISSING" + }, + { + "action": "CREATE", + "situation": "MISSING" + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED" + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED" + }, + { + "action": "EXCEPTION", + "situation": "UNASSIGNED" + }, + { + "action": "EXCEPTION", + "situation": "LINK_ONLY" + }, + { + "action": "IGNORE", + "situation": "TARGET_IGNORED" + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED" + }, + { + "action": "IGNORE", + "situation": "ALL_GONE" + }, + { + "action": "UPDATE", + "situation": "CONFIRMED" + }, + { + "action": "LINK", + "situation": "FOUND" + }, + { + "action": "CREATE", + "situation": "ABSENT" + } + ], + "properties": [ + { + "default": "__RESOURCE__", + "target": "type" + }, + { + "source": "", + "target": "description", + "transform": { + "globals": {}, + "source": "(typeof source.description !== \"undefined\" && source.description !== null) ? source.description : source._id", + "type": "text/javascript" + } + }, + { + "default": "managedAlpha_user_systemAzureUser", + "target": "mapping" + }, + { + "source": "", + "target": "name", + "transform": { + "globals": {}, + "source": "(typeof source.displayName !== \"undefined\" && source.displayName !== null) ? source.displayName : source._id", + "type": "text/javascript" + } + }, + { + "source": "_id", + "target": "attributes", + "transform": { + "globals": {}, + "source": "[\n {\n 'name': '__roles__',\n 'value': [source]\n }\n]", + "type": "text/javascript" + } + }, + { + "source": "_id", + "target": "_id", + "transform": { + "globals": { + "sourceObjectSet": "system_Azure_directoryRole_" + }, + "source": "sourceObjectSet.concat(source)", + "type": "text/javascript" + } + } + ], + "source": "system/Azure/directoryRole", + "target": "managed/alpha_assignment", + "targetQuery": { + "_queryFilter": "mapping eq \"managedAlpha_user_systemAzureUser\" and attributes[name eq \"__roles__\"]" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/mapping/systemAzureServiceplan_managedAlpha_assignment.mapping.json b/test/e2e/exports/full-export-separate/global/mapping/systemAzureServiceplan_managedAlpha_assignment.mapping.json new file mode 100644 index 000000000..9570cd139 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/mapping/systemAzureServiceplan_managedAlpha_assignment.mapping.json @@ -0,0 +1,118 @@ +{ + "mapping": { + "mapping/systemAzureServiceplan_managedAlpha_assignment": { + "_id": "mapping/systemAzureServiceplan_managedAlpha_assignment", + "consentRequired": false, + "displayName": "systemAzureServiceplan_managedAlpha_assignment", + "icon": null, + "name": "systemAzureServiceplan_managedAlpha_assignment", + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS" + }, + { + "action": "DELETE", + "situation": "SOURCE_MISSING" + }, + { + "action": "CREATE", + "situation": "MISSING" + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED" + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED" + }, + { + "action": "EXCEPTION", + "situation": "UNASSIGNED" + }, + { + "action": "EXCEPTION", + "situation": "LINK_ONLY" + }, + { + "action": "IGNORE", + "situation": "TARGET_IGNORED" + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED" + }, + { + "action": "IGNORE", + "situation": "ALL_GONE" + }, + { + "action": "UPDATE", + "situation": "CONFIRMED" + }, + { + "action": "LINK", + "situation": "FOUND" + }, + { + "action": "CREATE", + "situation": "ABSENT" + } + ], + "properties": [ + { + "default": "__RESOURCE__", + "target": "type" + }, + { + "source": "", + "target": "description", + "transform": { + "globals": {}, + "source": "(typeof source.servicePlanName !== \"undefined\" && source.servicePlanName !== null) ? source.servicePlanName : source._id", + "type": "text/javascript" + } + }, + { + "default": "managedAlpha_user_systemAzureUser", + "target": "mapping" + }, + { + "source": "", + "target": "name", + "transform": { + "globals": {}, + "source": "(typeof source.servicePlanName !== \"undefined\" && source.servicePlanName !== null) ? source.servicePlanName : source._id", + "type": "text/javascript" + } + }, + { + "source": "_id", + "target": "attributes", + "transform": { + "globals": {}, + "source": "[\n {\n 'name': '__servicePlanIds__',\n 'value': [source]\n }\n]", + "type": "text/javascript" + } + }, + { + "source": "_id", + "target": "_id", + "transform": { + "globals": { + "sourceObjectSet": "system_Azure_servicePlan_" + }, + "source": "sourceObjectSet.concat(source)", + "type": "text/javascript" + } + } + ], + "source": "system/Azure/servicePlan", + "target": "managed/alpha_assignment", + "targetQuery": { + "_queryFilter": "mapping eq \"managedAlpha_user_systemAzureUser\" and attributes[name eq \"__servicePlanIds__\"]" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/mapping/systemAzureUser_managedAlpha_user.mapping.json b/test/e2e/exports/full-export-separate/global/mapping/systemAzureUser_managedAlpha_user.mapping.json new file mode 100644 index 000000000..a4c8aae1c --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/mapping/systemAzureUser_managedAlpha_user.mapping.json @@ -0,0 +1,110 @@ +{ + "mapping": { + "mapping/systemAzureUser_managedAlpha_user": { + "_id": "mapping/systemAzureUser_managedAlpha_user", + "consentRequired": false, + "correlationQuery": [ + { + "linkQualifier": "default", + "source": "var qry = {'_queryFilter': 'mail eq \"' + source.mail + '\"'}; qry", + "type": "text/javascript" + } + ], + "defaultSourceFields": [ + "*", + "memberOf", + "__roles__", + "__servicePlanIds__" + ], + "defaultTargetFields": [ + "*", + "assignments" + ], + "displayName": "systemAzureUser_managedAlpha_user", + "icon": null, + "links": "managedAlpha_user_systemAzureUser", + "name": "systemAzureUser_managedAlpha_user", + "policies": [ + { + "action": "ASYNC", + "situation": "AMBIGUOUS" + }, + { + "action": "ASYNC", + "situation": "SOURCE_MISSING" + }, + { + "action": "ASYNC", + "situation": "MISSING" + }, + { + "action": "ASYNC", + "situation": "FOUND_ALREADY_LINKED" + }, + { + "action": "ASYNC", + "situation": "UNQUALIFIED" + }, + { + "action": "ASYNC", + "situation": "UNASSIGNED" + }, + { + "action": "ASYNC", + "situation": "LINK_ONLY" + }, + { + "action": "ASYNC", + "situation": "TARGET_IGNORED" + }, + { + "action": "ASYNC", + "situation": "SOURCE_IGNORED" + }, + { + "action": "ASYNC", + "situation": "ALL_GONE" + }, + { + "action": "UPDATE", + "situation": "CONFIRMED" + }, + { + "action": "ONBOARD", + "situation": "FOUND" + }, + { + "action": "ASYNC", + "situation": "ABSENT" + }, + { + "action": "ASYNC", + "situation": "SOURCE_TARGET_CONFLICT" + } + ], + "properties": [ + { + "referencedObjectType": "__GROUP__", + "source": "memberOf", + "target": "assignments" + }, + { + "referencedObjectType": "directoryRole", + "source": "__roles__", + "target": "assignments" + }, + { + "referencedObjectType": "servicePlan", + "source": "__servicePlanIds__", + "target": "assignments" + } + ], + "reconSourceQueryPageSize": 999, + "reconSourceQueryPaging": true, + "runTargetPhase": false, + "source": "system/Azure/User", + "sourceQueryFullEntry": true, + "target": "managed/alpha_user" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/mapping/systemAzure__group___managedAlpha_assignment.mapping.json b/test/e2e/exports/full-export-separate/global/mapping/systemAzure__group___managedAlpha_assignment.mapping.json new file mode 100644 index 000000000..1483316d0 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/mapping/systemAzure__group___managedAlpha_assignment.mapping.json @@ -0,0 +1,118 @@ +{ + "mapping": { + "mapping/systemAzure__group___managedAlpha_assignment": { + "_id": "mapping/systemAzure__group___managedAlpha_assignment", + "consentRequired": false, + "displayName": "systemAzure__group___managedAlpha_assignment", + "icon": null, + "name": "systemAzure__group___managedAlpha_assignment", + "policies": [ + { + "action": "EXCEPTION", + "situation": "AMBIGUOUS" + }, + { + "action": "DELETE", + "situation": "SOURCE_MISSING" + }, + { + "action": "CREATE", + "situation": "MISSING" + }, + { + "action": "EXCEPTION", + "situation": "FOUND_ALREADY_LINKED" + }, + { + "action": "DELETE", + "situation": "UNQUALIFIED" + }, + { + "action": "EXCEPTION", + "situation": "UNASSIGNED" + }, + { + "action": "EXCEPTION", + "situation": "LINK_ONLY" + }, + { + "action": "IGNORE", + "situation": "TARGET_IGNORED" + }, + { + "action": "IGNORE", + "situation": "SOURCE_IGNORED" + }, + { + "action": "IGNORE", + "situation": "ALL_GONE" + }, + { + "action": "UPDATE", + "situation": "CONFIRMED" + }, + { + "action": "LINK", + "situation": "FOUND" + }, + { + "action": "CREATE", + "situation": "ABSENT" + } + ], + "properties": [ + { + "default": "__RESOURCE__", + "target": "type" + }, + { + "source": "", + "target": "description", + "transform": { + "globals": {}, + "source": "(typeof source.description !== \"undefined\" && source.description !== null) ? source.description : source._id", + "type": "text/javascript" + } + }, + { + "default": "managedAlpha_user_systemAzureUser", + "target": "mapping" + }, + { + "source": "", + "target": "name", + "transform": { + "globals": {}, + "source": "(typeof source.displayName !== \"undefined\" && source.displayName !== null) ? source.displayName : source._id", + "type": "text/javascript" + } + }, + { + "source": "_id", + "target": "attributes", + "transform": { + "globals": {}, + "source": "[\n {\n 'name': 'memberOf',\n 'value': [source]\n }\n]", + "type": "text/javascript" + } + }, + { + "source": "_id", + "target": "_id", + "transform": { + "globals": { + "sourceObjectSet": "system_Azure___GROUP___" + }, + "source": "sourceObjectSet.concat(source)", + "type": "text/javascript" + } + } + ], + "source": "system/Azure/__GROUP__", + "target": "managed/alpha_assignment", + "targetQuery": { + "_queryFilter": "mapping eq \"managedAlpha_user_systemAzureUser\" and attributes[name eq \"memberOf\"]" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/realm/alpha.realm.json b/test/e2e/exports/full-export-separate/global/realm/alpha.realm.json new file mode 100644 index 000000000..506521eec --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/realm/alpha.realm.json @@ -0,0 +1,11 @@ +{ + "realm": { + "L2FscGhh": { + "_id": "L2FscGhh", + "active": true, + "aliases": [], + "name": "alpha", + "parentPath": "/" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/realm/bravo.realm.json b/test/e2e/exports/full-export-separate/global/realm/bravo.realm.json new file mode 100644 index 000000000..a582f5e85 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/realm/bravo.realm.json @@ -0,0 +1,11 @@ +{ + "realm": { + "L2JyYXZv": { + "_id": "L2JyYXZv", + "active": true, + "aliases": [], + "name": "bravo", + "parentPath": "/" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/AUTHENTICATION_CLIENT_SIDE.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/AUTHENTICATION_CLIENT_SIDE.scripttype.json new file mode 100644 index 000000000..e279dd797 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/AUTHENTICATION_CLIENT_SIDE.scripttype.json @@ -0,0 +1,31 @@ +{ + "scripttype": { + "AUTHENTICATION_CLIENT_SIDE": { + "_id": "AUTHENTICATION_CLIENT_SIDE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "AUTHENTICATION_CLIENT_SIDE", + "allowLists": [], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "[Empty]", + "isHidden": false, + "languages": [ + "JAVASCRIPT", + "GROOVY" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/AUTHENTICATION_SERVER_SIDE.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/AUTHENTICATION_SERVER_SIDE.scripttype.json new file mode 100644 index 000000000..eaaab9d78 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/AUTHENTICATION_SERVER_SIDE.scripttype.json @@ -0,0 +1,348 @@ +{ + "scripttype": { + "AUTHENTICATION_SERVER_SIDE": { + "_id": "AUTHENTICATION_SERVER_SIDE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "AUTHENTICATION_SERVER_SIDE", + "allowLists": [ + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.HashMap$KeyIterator", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn" + ], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "7e3d7067-d50f-4674-8c76-a3e13a810c33", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{authentication.server.side.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{authentication.server.side.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{authentication.server.side.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.ImmutableList", + "com.google.common.collect.Sets$1", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ReCaptchaCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.IdentifiableCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.PagePropertiesCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.common.CaseInsensitiveHashMap$Entry", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.idm.IdType", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.StringEscapeUtils", + "groovy.json.internal.LazyMap", + "java.io.ByteArrayInputStream", + "java.io.ByteArrayOutputStream", + "java.io.UnsupportedEncodingException", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.NullPointerException", + "java.lang.Number", + "java.lang.Object", + "java.lang.RuntimeException", + "java.lang.SecurityException", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.math.BigDecimal", + "java.math.BigInteger", + "java.net.URI", + "java.security.KeyFactory", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.MessageDigest", + "java.security.MessageDigest$Delegate", + "java.security.MessageDigest$Delegate$CloneableDelegate", + "java.security.NoSuchAlgorithmException", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.cert.CertificateFactory", + "java.security.cert.X509Certificate", + "java.security.spec.MGF1ParameterSpec", + "java.security.spec.PKCS8EncodedKeySpec", + "java.security.spec.X509EncodedKeySpec", + "java.text.SimpleDateFormat", + "java.time.Clock", + "java.time.Clock$FixedClock", + "java.time.Clock$OffsetClock", + "java.time.Clock$SystemClock", + "java.time.Clock$TickClock", + "java.time.temporal.ChronoUnit", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Arrays", + "java.util.Collections", + "java.util.Collections$*", + "java.util.Date", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap$LinkedKeySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "java.util.UUID", + "javax.crypto.Cipher", + "javax.crypto.Mac", + "javax.crypto.spec.IvParameterSpec", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.crypto.spec.SecretKeySpec", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "org.apache.groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.guice.core.IdentityProvider", + "org.forgerock.guice.core.InjectorHolder", + "org.forgerock.http.Client", + "org.forgerock.http.Context", + "org.forgerock.http.Handler", + "org.forgerock.http.client.*", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.json.jose.builders.EncryptedJwtBuilder", + "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", + "org.forgerock.json.jose.builders.JweHeaderBuilder", + "org.forgerock.json.jose.builders.JwsHeaderBuilder", + "org.forgerock.json.jose.builders.JwtBuilderFactory", + "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", + "org.forgerock.json.jose.jwe.EncryptedJwt", + "org.forgerock.json.jose.jwe.EncryptionMethod", + "org.forgerock.json.jose.jwe.JweAlgorithm", + "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", + "org.forgerock.json.jose.jwk.JWKSet", + "org.forgerock.json.jose.jwk.RsaJWK", + "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", + "org.forgerock.json.jose.jws.JwsAlgorithm", + "org.forgerock.json.jose.jws.JwsHeader", + "org.forgerock.json.jose.jws.SignedEncryptedJwt", + "org.forgerock.json.jose.jws.SignedJwt", + "org.forgerock.json.jose.jws.SigningManager", + "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.RSASigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", + "org.forgerock.json.jose.jwt.JwtClaimsSet", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", + "org.forgerock.openam.auth.nodes.IdentityProvider", + "org.forgerock.openam.auth.nodes.InjectorHolder", + "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", + "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", + "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.secrets.SecretBuilder", + "org.forgerock.secrets.keys.SigningKey", + "org.forgerock.secrets.keys.VerificationKey", + "org.forgerock.util.encode.Base64", + "org.forgerock.util.encode.Base64url", + "org.forgerock.util.encode.Hex", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.ConsString", + "org.mozilla.javascript.JavaScriptException", + "org.mozilla.javascript.WrappedException", + "sun.security.ec.ECPrivateKeyImpl", + "sun.security.rsa.RSAPrivateCrtKeyImpl", + "sun.security.rsa.RSAPublicKeyImpl", + "sun.security.x509.X500Name", + "sun.security.x509.X509CertImpl", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT", + "GROOVY" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/AUTHENTICATION_TREE_DECISION_NODE.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/AUTHENTICATION_TREE_DECISION_NODE.scripttype.json new file mode 100644 index 000000000..4967e480c --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/AUTHENTICATION_TREE_DECISION_NODE.scripttype.json @@ -0,0 +1,416 @@ +{ + "scripttype": { + "AUTHENTICATION_TREE_DECISION_NODE": { + "_id": "AUTHENTICATION_TREE_DECISION_NODE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "AUTHENTICATION_TREE_DECISION_NODE", + "allowLists": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper" + ], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "01e1a3c0-038b-4c16-956a-6c9d89328cff", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{authentication.tree.decision.node.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{authentication.tree.decision.node.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{authentication.tree.decision.node.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.ImmutableList", + "com.google.common.collect.Sets$1", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ReCaptchaCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.IdentifiableCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.PagePropertiesCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.common.CaseInsensitiveHashMap$Entry", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.idm.IdType", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.StringEscapeUtils", + "groovy.json.internal.LazyMap", + "java.io.ByteArrayInputStream", + "java.io.ByteArrayOutputStream", + "java.io.UnsupportedEncodingException", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.NullPointerException", + "java.lang.Number", + "java.lang.Object", + "java.lang.RuntimeException", + "java.lang.SecurityException", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.math.BigDecimal", + "java.math.BigInteger", + "java.net.URI", + "java.security.KeyFactory", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.MessageDigest", + "java.security.MessageDigest$Delegate", + "java.security.MessageDigest$Delegate$CloneableDelegate", + "java.security.NoSuchAlgorithmException", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.cert.CertificateFactory", + "java.security.cert.X509Certificate", + "java.security.spec.MGF1ParameterSpec", + "java.security.spec.PKCS8EncodedKeySpec", + "java.security.spec.X509EncodedKeySpec", + "java.text.SimpleDateFormat", + "java.time.Clock", + "java.time.Clock$FixedClock", + "java.time.Clock$OffsetClock", + "java.time.Clock$SystemClock", + "java.time.Clock$TickClock", + "java.time.temporal.ChronoUnit", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Arrays", + "java.util.Collections", + "java.util.Collections$*", + "java.util.Date", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap$LinkedKeySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "java.util.UUID", + "javax.crypto.Cipher", + "javax.crypto.Mac", + "javax.crypto.spec.IvParameterSpec", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.crypto.spec.SecretKeySpec", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "org.apache.groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.guice.core.IdentityProvider", + "org.forgerock.guice.core.InjectorHolder", + "org.forgerock.http.Client", + "org.forgerock.http.Context", + "org.forgerock.http.Handler", + "org.forgerock.http.client.*", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.json.jose.builders.EncryptedJwtBuilder", + "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", + "org.forgerock.json.jose.builders.JweHeaderBuilder", + "org.forgerock.json.jose.builders.JwsHeaderBuilder", + "org.forgerock.json.jose.builders.JwtBuilderFactory", + "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", + "org.forgerock.json.jose.jwe.EncryptedJwt", + "org.forgerock.json.jose.jwe.EncryptionMethod", + "org.forgerock.json.jose.jwe.JweAlgorithm", + "org.forgerock.json.jose.jwe.JweHeader", + "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", + "org.forgerock.json.jose.jwk.JWKSet", + "org.forgerock.json.jose.jwk.RsaJWK", + "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", + "org.forgerock.json.jose.jws.JwsAlgorithm", + "org.forgerock.json.jose.jws.JwsHeader", + "org.forgerock.json.jose.jws.SignedEncryptedJwt", + "org.forgerock.json.jose.jws.SignedJwt", + "org.forgerock.json.jose.jws.SigningManager", + "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.RSASigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", + "org.forgerock.json.jose.jwt.JwtClaimsSet", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", + "org.forgerock.openam.auth.nodes.IdentityProvider", + "org.forgerock.openam.auth.nodes.InjectorHolder", + "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", + "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", + "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.realms.impl.RealmImpl", + "org.forgerock.openam.core.realms.Realms", + "org.forgerock.openam.core.realms.RootRealm", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.placeholder.substitution.FbcPlaceholderSubstitution", + "org.forgerock.openam.placeholder.substitution.PlaceholderSubstitution", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", + "org.forgerock.openam.social.idp.OpenIDConnectClientConfig", + "org.forgerock.openam.social.idp.OpenIDConnectClientConfig$ByteBuddy*", + "org.forgerock.openam.social.idp.SocialIdentityProviders", + "org.forgerock.openam.social.idp.SocialIdentityProvidersImpl", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.secrets.SecretBuilder", + "org.forgerock.secrets.keys.SigningKey", + "org.forgerock.secrets.keys.VerificationKey", + "org.forgerock.util.encode.Base64", + "org.forgerock.util.encode.Base64url", + "org.forgerock.util.encode.Hex", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.ConsString", + "org.mozilla.javascript.JavaScriptException", + "org.mozilla.javascript.WrappedException", + "sun.security.ec.ECPrivateKeyImpl", + "sun.security.rsa.RSAPrivateCrtKeyImpl", + "sun.security.rsa.RSAPublicKeyImpl", + "sun.security.x509.X500Name", + "sun.security.x509.X509CertImpl", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.PBEKeySpec", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "java.security.spec.InvalidKeySpecException", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT", + "GROOVY" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/CONFIG_PROVIDER_NODE.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/CONFIG_PROVIDER_NODE.scripttype.json new file mode 100644 index 000000000..d8cf9b790 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/CONFIG_PROVIDER_NODE.scripttype.json @@ -0,0 +1,407 @@ +{ + "scripttype": { + "CONFIG_PROVIDER_NODE": { + "_id": "CONFIG_PROVIDER_NODE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "CONFIG_PROVIDER_NODE", + "allowLists": [ + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.Collections$*", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.util.HashSet", + "java.util.HashMap", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.InvalidKeySpecException", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.shared.debug.Debug", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.Client", + "org.forgerock.http.Handler", + "org.forgerock.http.Context", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.protocol.Cookie", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Form", + "org.forgerock.http.protocol.Header", + "org.forgerock.http.protocol.Headers", + "org.forgerock.http.protocol.Message", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Response", + "org.forgerock.http.protocol.ResponseException", + "org.forgerock.http.protocol.Responses", + "org.forgerock.http.protocol.Status", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "groovy.json.JsonSlurper", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "org.mozilla.javascript.ConsString", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn" + ], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "5e854779-6ec1-4c39-aeba-0477e0986646", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{config.provider.node.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{config.provider.node.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{config.provider.node.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.ImmutableList", + "com.google.common.collect.Sets$1", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ReCaptchaCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.IdentifiableCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.PagePropertiesCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.common.CaseInsensitiveHashMap$Entry", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.idm.IdType", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.StringEscapeUtils", + "groovy.json.internal.LazyMap", + "java.io.ByteArrayInputStream", + "java.io.ByteArrayOutputStream", + "java.io.UnsupportedEncodingException", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.NullPointerException", + "java.lang.Number", + "java.lang.Object", + "java.lang.RuntimeException", + "java.lang.SecurityException", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.math.BigDecimal", + "java.math.BigInteger", + "java.net.URI", + "java.security.KeyFactory", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.MessageDigest", + "java.security.MessageDigest$Delegate", + "java.security.MessageDigest$Delegate$CloneableDelegate", + "java.security.NoSuchAlgorithmException", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.cert.CertificateFactory", + "java.security.cert.X509Certificate", + "java.security.spec.MGF1ParameterSpec", + "java.security.spec.PKCS8EncodedKeySpec", + "java.security.spec.X509EncodedKeySpec", + "java.text.SimpleDateFormat", + "java.time.Clock", + "java.time.Clock$FixedClock", + "java.time.Clock$OffsetClock", + "java.time.Clock$SystemClock", + "java.time.Clock$TickClock", + "java.time.temporal.ChronoUnit", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Arrays", + "java.util.Collections", + "java.util.Collections$*", + "java.util.Date", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap$LinkedKeySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "java.util.UUID", + "javax.crypto.Cipher", + "javax.crypto.Mac", + "javax.crypto.spec.IvParameterSpec", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.crypto.spec.SecretKeySpec", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "org.apache.groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.guice.core.IdentityProvider", + "org.forgerock.guice.core.InjectorHolder", + "org.forgerock.http.Client", + "org.forgerock.http.Context", + "org.forgerock.http.Handler", + "org.forgerock.http.client.*", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.json.jose.builders.EncryptedJwtBuilder", + "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", + "org.forgerock.json.jose.builders.JweHeaderBuilder", + "org.forgerock.json.jose.builders.JwsHeaderBuilder", + "org.forgerock.json.jose.builders.JwtBuilderFactory", + "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", + "org.forgerock.json.jose.jwe.EncryptedJwt", + "org.forgerock.json.jose.jwe.EncryptionMethod", + "org.forgerock.json.jose.jwe.JweAlgorithm", + "org.forgerock.json.jose.jwe.JweHeader", + "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", + "org.forgerock.json.jose.jwk.JWKSet", + "org.forgerock.json.jose.jwk.RsaJWK", + "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", + "org.forgerock.json.jose.jws.JwsAlgorithm", + "org.forgerock.json.jose.jws.JwsHeader", + "org.forgerock.json.jose.jws.SignedEncryptedJwt", + "org.forgerock.json.jose.jws.SignedJwt", + "org.forgerock.json.jose.jws.SigningManager", + "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.RSASigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", + "org.forgerock.json.jose.jwt.JwtClaimsSet", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", + "org.forgerock.openam.auth.nodes.IdentityProvider", + "org.forgerock.openam.auth.nodes.InjectorHolder", + "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", + "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", + "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.secrets.SecretBuilder", + "org.forgerock.secrets.keys.SigningKey", + "org.forgerock.secrets.keys.VerificationKey", + "org.forgerock.util.encode.Base64", + "org.forgerock.util.encode.Base64url", + "org.forgerock.util.encode.Hex", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.ConsString", + "org.mozilla.javascript.JavaScriptException", + "org.mozilla.javascript.WrappedException", + "sun.security.ec.ECPrivateKeyImpl", + "sun.security.rsa.RSAPrivateCrtKeyImpl", + "sun.security.rsa.RSAPublicKeyImpl", + "sun.security.x509.X500Name", + "sun.security.x509.X509CertImpl", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.PBEKeySpec", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "java.util.concurrent.TimeUnit", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "java.security.spec.InvalidKeySpecException", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT", + "GROOVY" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/DEVICE_MATCH_NODE.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/DEVICE_MATCH_NODE.scripttype.json new file mode 100644 index 000000000..4601795ee --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/DEVICE_MATCH_NODE.scripttype.json @@ -0,0 +1,2793 @@ +{ + "scripttype": { + "DEVICE_MATCH_NODE": { + "_id": "DEVICE_MATCH_NODE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "DEVICE_MATCH_NODE", + "allowLists": [ + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.util.promise.Promises$*", + "java.lang.Object", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Float", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.concurrent.TimeUnit", + "java.util.Collections$*", + "java.util.HashSet", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "sun.security.ec.ECPrivateKeyImpl", + "org.slf4j.Logger", + "com.sun.proxy.$*", + "java.util.Date", + "java.security.spec.InvalidKeySpecException", + "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper" + ], + "bindings": [ + { + "elements": [ + { + "elementType": "method", + "name": "getDeviceProfiles", + "parameters": [ + { + "javaScriptType": "string", + "name": "username" + }, + { + "javaScriptType": "string", + "name": "realm" + } + ], + "returnType": "array" + }, + { + "elementType": "method", + "name": "saveDeviceProfiles", + "parameters": [ + { + "javaScriptType": "string", + "name": "username" + }, + { + "javaScriptType": "string", + "name": "realm" + }, + { + "javaScriptType": "array", + "name": "deviceProfiles" + } + ], + "returnType": "void" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.DeviceProfilesDaoScriptWrapper", + "javaScriptType": "object", + "name": "deviceProfilesDao" + }, + { + "elements": [ + { + "elementType": "method", + "name": "send", + "parameters": [ + { + "javaScriptType": "string", + "name": "uri" + }, + { + "javaScriptType": "object", + "name": "requestOptions" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "send", + "parameters": [ + { + "javaScriptType": "string", + "name": "uri" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.wrappers.HttpClientScriptWrapper", + "javaScriptType": "object", + "name": "httpClient" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getName", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "isTraceEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isDebugEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isErrorEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isInfoEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isWarnEnabled", + "parameters": [], + "returnType": "boolean" + } + ], + "javaClass": "org.forgerock.openam.scripting.logging.ScriptedLoggerWrapper", + "javaScriptType": "object", + "name": "logger" + }, + { + "elements": [], + "javaScriptType": "object", + "name": "requestParameters" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getStringAttributeInputCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getNumberAttributeInputCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getBooleanAttributeInputCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getConfirmationCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getLanguageCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getIdpCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getValidatedPasswordCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getValidatedUsernameCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getHttpCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getX509CertificateCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getConsentMappingCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getDeviceProfileCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getKbaCreateCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getSelectIdPCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getTermsAndConditionsCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getChoiceCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getNameCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getPasswordCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getHiddenValueCallbacks", + "parameters": [], + "returnType": "object" + }, + { + "elementType": "method", + "name": "getTextInputCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "isEmpty", + "parameters": [], + "returnType": "boolean" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.ScriptedCallbacksWrapper", + "javaScriptType": "object", + "name": "callbacks" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getGenericSecret", + "parameters": [ + { + "javaScriptType": "string", + "name": "secretId" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "javaScriptType": "object", + "name": "secrets" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getIdentity", + "parameters": [ + { + "javaScriptType": "string", + "name": "userName" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepositoryScriptWrapper", + "javaScriptType": "object", + "name": "idRepository" + }, + { + "elements": [], + "javaScriptType": "object", + "name": "requestHeaders" + }, + { + "elements": [ + { + "elementType": "method", + "name": "generateJwt", + "parameters": [ + { + "javaScriptType": "object", + "name": "jwtData" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.JwtAssertionScriptWrapper", + "javaScriptType": "object", + "name": "jwtAssertion" + }, + { + "elements": [ + { + "elementType": "method", + "name": "remove", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "get", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "keys", + "parameters": [], + "returnType": "object" + }, + { + "elementType": "method", + "name": "getObject", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "isDefined", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "putShared", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + }, + { + "javaScriptType": "object", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "mergeShared", + "parameters": [ + { + "javaScriptType": "object", + "name": "object" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "putTransient", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + }, + { + "javaScriptType": "object", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "mergeTransient", + "parameters": [ + { + "javaScriptType": "object", + "name": "object" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.auth.node.api.NodeStateScriptWrapper", + "javaScriptType": "object", + "name": "nodeState" + }, + { + "javaScriptType": "boolean", + "name": "resumedFromSuspend" + }, + { + "elements": [ + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "randomUUID", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "getRandomValues", + "parameters": [ + { + "javaScriptType": "array", + "name": "array" + } + ], + "returnType": "array" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptCryptoService", + "javaScriptType": "object", + "name": "crypto" + }, + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "decode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "encode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "btoa", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "atob", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64Service", + "javaScriptType": "object", + "name": "base64" + }, + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "decode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "encode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "btoa", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "atob", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64UrlService", + "javaScriptType": "object", + "name": "base64url" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptUtilityService", + "javaScriptType": "object", + "name": "utils" + }, + { + "elements": [ + { + "elementType": "method", + "name": "withIdentifiedUser", + "parameters": [ + { + "javaScriptType": "string", + "name": "username" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withIdentifiedAgent", + "parameters": [ + { + "javaScriptType": "string", + "name": "agentName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "suspend", + "parameters": [ + { + "javaScriptType": "string", + "name": "callbackTextFormat" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "suspend", + "parameters": [ + { + "javaScriptType": "string", + "name": "callbackTextFormat" + }, + { + "javaScriptType": "object", + "name": "additionalLogic" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "goTo", + "parameters": [ + { + "javaScriptType": "string", + "name": "outcome" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "putSessionProperty", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + }, + { + "javaScriptType": "string", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withHeader", + "parameters": [ + { + "javaScriptType": "string", + "name": "header" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withDescription", + "parameters": [ + { + "javaScriptType": "string", + "name": "description" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withStage", + "parameters": [ + { + "javaScriptType": "string", + "name": "stage" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withErrorMessage", + "parameters": [ + { + "javaScriptType": "string", + "name": "errorMessage" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withLockoutMessage", + "parameters": [ + { + "javaScriptType": "string", + "name": "lockoutMessage" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "removeSessionProperty", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.ActionWrapper", + "javaScriptType": "object", + "name": "action" + }, + { + "javaScriptType": "string", + "name": "scriptName" + }, + { + "javaScriptType": "string", + "name": "realm" + }, + { + "elements": [ + { + "elementType": "method", + "name": "validateJwtClaims", + "parameters": [ + { + "javaScriptType": "object", + "name": "jwtData" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.JwtValidatorScriptWrapper", + "javaScriptType": "object", + "name": "jwtValidator" + }, + { + "elements": [ + { + "elementType": "method", + "name": "suspendedTextOutputCallback", + "parameters": [ + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "string", + "name": "message" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "textInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "defaultText" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "textInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "scriptTextOutputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "message" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "metadataCallback", + "parameters": [ + { + "javaScriptType": "object", + "name": "outputValue" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "stringAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "stringAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "stringAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "stringAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "numberAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "numberAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "numberAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "numberAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "booleanAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "booleanAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "booleanAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "booleanAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "languageCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "language" + }, + { + "javaScriptType": "string", + "name": "country" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "idPCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "provider" + }, + { + "javaScriptType": "string", + "name": "clientId" + }, + { + "javaScriptType": "string", + "name": "redirectUri" + }, + { + "javaScriptType": "array", + "name": "scope" + }, + { + "javaScriptType": "string", + "name": "nonce" + }, + { + "javaScriptType": "string", + "name": "request" + }, + { + "javaScriptType": "string", + "name": "requestUri" + }, + { + "javaScriptType": "array", + "name": "acrValues" + }, + { + "javaScriptType": "boolean", + "name": "requestNativeAppForUserInfo" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "idPCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "provider" + }, + { + "javaScriptType": "string", + "name": "clientId" + }, + { + "javaScriptType": "string", + "name": "redirectUri" + }, + { + "javaScriptType": "array", + "name": "scope" + }, + { + "javaScriptType": "string", + "name": "nonce" + }, + { + "javaScriptType": "string", + "name": "request" + }, + { + "javaScriptType": "string", + "name": "requestUri" + }, + { + "javaScriptType": "array", + "name": "acrValues" + }, + { + "javaScriptType": "boolean", + "name": "requestNativeAppForUserInfo" + }, + { + "javaScriptType": "string", + "name": "token" + }, + { + "javaScriptType": "string", + "name": "tokenType" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "httpCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "authRHeader" + }, + { + "javaScriptType": "string", + "name": "negoName" + }, + { + "javaScriptType": "string", + "name": "negoValue" + }, + { + "javaScriptType": "number", + "name": "errorCode" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "httpCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "authorizationHeader" + }, + { + "javaScriptType": "string", + "name": "negotiationHeader" + }, + { + "javaScriptType": "string", + "name": "errorCode" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "x509CertificateCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "x509CertificateCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "object", + "name": "certificate" + }, + { + "javaScriptType": "boolean", + "name": "requestSignature" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "x509CertificateCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "object", + "name": "certificate" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "consentMappingCallback", + "parameters": [ + { + "javaScriptType": "object", + "name": "config" + }, + { + "javaScriptType": "string", + "name": "message" + }, + { + "javaScriptType": "boolean", + "name": "isRequired" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "consentMappingCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "displayName" + }, + { + "javaScriptType": "string", + "name": "icon" + }, + { + "javaScriptType": "string", + "name": "accessLevel" + }, + { + "javaScriptType": "array", + "name": "titles" + }, + { + "javaScriptType": "string", + "name": "message" + }, + { + "javaScriptType": "boolean", + "name": "isRequired" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "deviceProfileCallback", + "parameters": [ + { + "javaScriptType": "boolean", + "name": "metadata" + }, + { + "javaScriptType": "boolean", + "name": "location" + }, + { + "javaScriptType": "string", + "name": "message" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "kbaCreateCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "array", + "name": "predefinedQuestions" + }, + { + "javaScriptType": "boolean", + "name": "allowUserDefinedQuestions" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "selectIdPCallback", + "parameters": [ + { + "javaScriptType": "object", + "name": "providers" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "termsAndConditionsCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "version" + }, + { + "javaScriptType": "string", + "name": "terms" + }, + { + "javaScriptType": "string", + "name": "createDate" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "confirmationCallback", + "parameters": [ + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "array", + "name": "options" + }, + { + "javaScriptType": "number", + "name": "defaultOption" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "confirmationCallback", + "parameters": [ + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "number", + "name": "optionType" + }, + { + "javaScriptType": "number", + "name": "defaultOption" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "confirmationCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "number", + "name": "optionType" + }, + { + "javaScriptType": "number", + "name": "defaultOption" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "confirmationCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "array", + "name": "options" + }, + { + "javaScriptType": "number", + "name": "defaultOption" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "textOutputCallback", + "parameters": [ + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "string", + "name": "message" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "choiceCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "array", + "name": "choices" + }, + { + "javaScriptType": "number", + "name": "defaultChoice" + }, + { + "javaScriptType": "boolean", + "name": "multipleSelectionsAllowed" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "redirectCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "redirectUrl" + }, + { + "javaScriptType": "object", + "name": "redirectData" + }, + { + "javaScriptType": "string", + "name": "method" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "redirectCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "redirectUrl" + }, + { + "javaScriptType": "object", + "name": "redirectData" + }, + { + "javaScriptType": "string", + "name": "method" + }, + { + "javaScriptType": "string", + "name": "statusParameter" + }, + { + "javaScriptType": "string", + "name": "redirectBackUrlCookie" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "redirectCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "redirectUrl" + }, + { + "javaScriptType": "object", + "name": "redirectData" + }, + { + "javaScriptType": "string", + "name": "method" + }, + { + "javaScriptType": "boolean", + "name": "setTrackingCookie" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "redirectCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "redirectUrl" + }, + { + "javaScriptType": "object", + "name": "redirectData" + }, + { + "javaScriptType": "string", + "name": "method" + }, + { + "javaScriptType": "string", + "name": "statusParameter" + }, + { + "javaScriptType": "string", + "name": "redirectBackUrlCookie" + }, + { + "javaScriptType": "boolean", + "name": "setTrackingCookie" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "hiddenValueCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "value" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "nameCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "defaultName" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "nameCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "passwordCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "echoOn" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "pollingWaitCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "waitTime" + }, + { + "javaScriptType": "string", + "name": "message" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "validatedUsernameCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "validatedUsernameCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "validatedPasswordCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "echoOn" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "validatedPasswordCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "echoOn" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.ScriptedCallbacksBuilder", + "javaScriptType": "object", + "name": "callbacksBuilder" + }, + { + "elements": [ + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "query", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "query", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.wrappers.IdmIntegrationServiceScriptWrapper", + "javaScriptType": "object", + "name": "openidm" + }, + { + "elements": [], + "javaScriptType": "object", + "name": "requestCookies" + }, + { + "javaScriptType": "string", + "name": "cookieName" + } + ], + "evaluatorVersions": { + "JAVASCRIPT": [ + "2.0" + ] + } + }, + "defaultScript": "11e1a3c0-038b-4c16-956a-6c9d89328d00", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{device.match.node.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{device.match.node.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{device.match.node.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "jdk.proxy*", + "org.mozilla.javascript.WrappedException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/LIBRARY.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/LIBRARY.scripttype.json new file mode 100644 index 000000000..71cfe6add --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/LIBRARY.scripttype.json @@ -0,0 +1,1165 @@ +{ + "scripttype": { + "LIBRARY": { + "_id": "LIBRARY", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "LIBRARY", + "allowLists": [ + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.util.promise.Promises$*", + "java.lang.Object" + ], + "bindings": [ + { + "elements": [ + { + "elementType": "method", + "name": "send", + "parameters": [ + { + "javaScriptType": "string", + "name": "uri" + }, + { + "javaScriptType": "object", + "name": "requestOptions" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "send", + "parameters": [ + { + "javaScriptType": "string", + "name": "uri" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.wrappers.HttpClientScriptWrapper", + "javaScriptType": "object", + "name": "httpClient" + }, + { + "elements": [ + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "randomUUID", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "getRandomValues", + "parameters": [ + { + "javaScriptType": "array", + "name": "array" + } + ], + "returnType": "array" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptCryptoService", + "javaScriptType": "object", + "name": "crypto" + }, + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "decode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "encode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "btoa", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "atob", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64Service", + "javaScriptType": "object", + "name": "base64" + }, + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "decode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "encode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "btoa", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "atob", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64UrlService", + "javaScriptType": "object", + "name": "base64url" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptUtilityService", + "javaScriptType": "object", + "name": "utils" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getName", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "isTraceEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isDebugEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isErrorEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isInfoEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isWarnEnabled", + "parameters": [], + "returnType": "boolean" + } + ], + "javaClass": "org.forgerock.openam.scripting.logging.ScriptedLoggerWrapper", + "javaScriptType": "object", + "name": "logger" + }, + { + "javaScriptType": "string", + "name": "scriptName" + }, + { + "javaScriptType": "string", + "name": "realm" + }, + { + "elements": [ + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "query", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "query", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.wrappers.IdmIntegrationServiceScriptWrapper", + "javaScriptType": "object", + "name": "openidm" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getGenericSecret", + "parameters": [ + { + "javaScriptType": "string", + "name": "secretId" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "javaScriptType": "object", + "name": "secrets" + }, + { + "javaScriptType": "string", + "name": "cookieName" + } + ], + "evaluatorVersions": { + "JAVASCRIPT": [ + "2.0" + ] + } + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.security.AccessController", + "java.lang.reflect.*" + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Float", + "org.forgerock.http.protocol.Header", + "java.lang.Integer", + "org.forgerock.http.Client", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Long", + "java.lang.Short", + "java.util.Map", + "org.forgerock.http.client.*", + "java.lang.Math", + "org.forgerock.opendj.ldap.Dn", + "java.lang.Byte", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "java.lang.StrictMath", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.http.Context", + "java.lang.Void", + "org.codehaus.groovy.runtime.GStringImpl", + "groovy.json.JsonSlurper", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.context.RootContext", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "java.util.List", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Responses", + "org.forgerock.util.promise.Promise", + "java.util.HashMap$KeyIterator", + "com.sun.identity.shared.debug.Debug", + "java.lang.Double", + "org.forgerock.http.protocol.Headers", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.http.protocol.Status", + "java.util.HashMap", + "java.lang.Character$Subset", + "java.util.TreeSet", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.LinkedHashMap", + "org.forgerock.http.protocol.ResponseException", + "java.util.Collections$UnmodifiableRandomAccessList", + "org.forgerock.http.protocol.Message", + "java.lang.Boolean", + "java.lang.String", + "java.lang.Number", + "java.util.LinkedList", + "java.util.LinkedHashSet", + "org.forgerock.http.protocol.Response", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.TreeMap", + "java.util.Collections$EmptyList", + "org.forgerock.openam.scripting.api.ScriptedSession", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.http.Handler", + "java.lang.Object", + "org.forgerock.http.protocol.Form" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/NODE_DESIGNER.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/NODE_DESIGNER.scripttype.json new file mode 100644 index 000000000..36cc67fe4 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/NODE_DESIGNER.scripttype.json @@ -0,0 +1,2795 @@ +{ + "scripttype": { + "NODE_DESIGNER": { + "_id": "NODE_DESIGNER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "NODE_DESIGNER", + "allowLists": [ + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.util.promise.Promises$*", + "java.lang.Object", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Float", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.concurrent.TimeUnit", + "java.util.Collections$*", + "java.util.HashSet", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "sun.security.ec.ECPrivateKeyImpl", + "ch.qos.logback.classic.Logger", + "com.sun.proxy.$*", + "java.util.Date", + "java.security.spec.InvalidKeySpecException" + ], + "bindings": [ + { + "elements": [ + { + "elementType": "method", + "name": "send", + "parameters": [ + { + "javaScriptType": "string", + "name": "uri" + }, + { + "javaScriptType": "object", + "name": "requestOptions" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "send", + "parameters": [ + { + "javaScriptType": "string", + "name": "uri" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.wrappers.HttpClientScriptWrapper", + "javaScriptType": "object", + "name": "httpClient" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getName", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "isTraceEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isDebugEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isErrorEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isInfoEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isWarnEnabled", + "parameters": [], + "returnType": "boolean" + } + ], + "javaClass": "org.forgerock.openam.scripting.logging.ScriptedLoggerWrapper", + "javaScriptType": "object", + "name": "logger" + }, + { + "elements": [], + "javaScriptType": "object", + "name": "requestParameters" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getStringAttributeInputCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getNumberAttributeInputCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getBooleanAttributeInputCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getConfirmationCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getLanguageCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getIdpCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getValidatedPasswordCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getValidatedUsernameCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getHttpCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getX509CertificateCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getConsentMappingCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getDeviceProfileCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getKbaCreateCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getSelectIdPCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getTermsAndConditionsCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getChoiceCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getNameCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getPasswordCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getHiddenValueCallbacks", + "parameters": [], + "returnType": "object" + }, + { + "elementType": "method", + "name": "getTextInputCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "isEmpty", + "parameters": [], + "returnType": "boolean" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.ScriptedCallbacksWrapper", + "javaScriptType": "object", + "name": "callbacks" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getGenericSecret", + "parameters": [ + { + "javaScriptType": "string", + "name": "secretId" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "javaScriptType": "object", + "name": "secrets" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getIdentity", + "parameters": [ + { + "javaScriptType": "string", + "name": "userName" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepositoryScriptWrapper", + "javaScriptType": "object", + "name": "idRepository" + }, + { + "elements": [], + "javaScriptType": "object", + "name": "requestHeaders" + }, + { + "elements": [ + { + "elementType": "method", + "name": "generateJwt", + "parameters": [ + { + "javaScriptType": "object", + "name": "jwtData" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.JwtAssertionScriptWrapper", + "javaScriptType": "object", + "name": "jwtAssertion" + }, + { + "elements": [ + { + "elementType": "method", + "name": "remove", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "get", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "keys", + "parameters": [], + "returnType": "object" + }, + { + "elementType": "method", + "name": "getObject", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "isDefined", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "putShared", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + }, + { + "javaScriptType": "object", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "mergeShared", + "parameters": [ + { + "javaScriptType": "object", + "name": "object" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "putTransient", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + }, + { + "javaScriptType": "object", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "mergeTransient", + "parameters": [ + { + "javaScriptType": "object", + "name": "object" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.auth.node.api.NodeStateScriptWrapper", + "javaScriptType": "object", + "name": "nodeState" + }, + { + "javaScriptType": "boolean", + "name": "resumedFromSuspend" + }, + { + "elements": [ + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "randomUUID", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "getRandomValues", + "parameters": [ + { + "javaScriptType": "array", + "name": "array" + } + ], + "returnType": "array" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptCryptoService", + "javaScriptType": "object", + "name": "crypto" + }, + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "decode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "encode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "btoa", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "atob", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64Service", + "javaScriptType": "object", + "name": "base64" + }, + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "decode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "encode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "btoa", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "atob", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64UrlService", + "javaScriptType": "object", + "name": "base64url" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptUtilityService", + "javaScriptType": "object", + "name": "utils" + }, + { + "elements": [], + "javaScriptType": "object", + "name": "existingSession" + }, + { + "elements": [ + { + "elementType": "method", + "name": "withIdentifiedUser", + "parameters": [ + { + "javaScriptType": "string", + "name": "username" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withIdentifiedAgent", + "parameters": [ + { + "javaScriptType": "string", + "name": "agentName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "suspend", + "parameters": [ + { + "javaScriptType": "string", + "name": "callbackTextFormat" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "suspend", + "parameters": [ + { + "javaScriptType": "string", + "name": "callbackTextFormat" + }, + { + "javaScriptType": "object", + "name": "additionalLogic" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "goTo", + "parameters": [ + { + "javaScriptType": "string", + "name": "outcome" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "putSessionProperty", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + }, + { + "javaScriptType": "string", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withHeader", + "parameters": [ + { + "javaScriptType": "string", + "name": "header" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withDescription", + "parameters": [ + { + "javaScriptType": "string", + "name": "description" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withStage", + "parameters": [ + { + "javaScriptType": "string", + "name": "stage" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withErrorMessage", + "parameters": [ + { + "javaScriptType": "string", + "name": "errorMessage" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withLockoutMessage", + "parameters": [ + { + "javaScriptType": "string", + "name": "lockoutMessage" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "removeSessionProperty", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.ActionWrapper", + "javaScriptType": "object", + "name": "action" + }, + { + "javaScriptType": "string", + "name": "scriptName" + }, + { + "elements": [], + "javaScriptType": "object", + "name": "attributes" + }, + { + "javaScriptType": "string", + "name": "realm" + }, + { + "elements": [ + { + "elementType": "method", + "name": "validateJwtClaims", + "parameters": [ + { + "javaScriptType": "object", + "name": "jwtData" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.JwtValidatorScriptWrapper", + "javaScriptType": "object", + "name": "jwtValidator" + }, + { + "elements": [ + { + "elementType": "method", + "name": "suspendedTextOutputCallback", + "parameters": [ + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "string", + "name": "message" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "textInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "defaultText" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "textInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "scriptTextOutputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "message" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "metadataCallback", + "parameters": [ + { + "javaScriptType": "object", + "name": "outputValue" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "stringAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "stringAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "stringAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "stringAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "numberAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "numberAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "numberAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "numberAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "booleanAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "booleanAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "booleanAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "booleanAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "languageCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "language" + }, + { + "javaScriptType": "string", + "name": "country" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "idPCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "provider" + }, + { + "javaScriptType": "string", + "name": "clientId" + }, + { + "javaScriptType": "string", + "name": "redirectUri" + }, + { + "javaScriptType": "array", + "name": "scope" + }, + { + "javaScriptType": "string", + "name": "nonce" + }, + { + "javaScriptType": "string", + "name": "request" + }, + { + "javaScriptType": "string", + "name": "requestUri" + }, + { + "javaScriptType": "array", + "name": "acrValues" + }, + { + "javaScriptType": "boolean", + "name": "requestNativeAppForUserInfo" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "idPCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "provider" + }, + { + "javaScriptType": "string", + "name": "clientId" + }, + { + "javaScriptType": "string", + "name": "redirectUri" + }, + { + "javaScriptType": "array", + "name": "scope" + }, + { + "javaScriptType": "string", + "name": "nonce" + }, + { + "javaScriptType": "string", + "name": "request" + }, + { + "javaScriptType": "string", + "name": "requestUri" + }, + { + "javaScriptType": "array", + "name": "acrValues" + }, + { + "javaScriptType": "boolean", + "name": "requestNativeAppForUserInfo" + }, + { + "javaScriptType": "string", + "name": "token" + }, + { + "javaScriptType": "string", + "name": "tokenType" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "httpCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "authRHeader" + }, + { + "javaScriptType": "string", + "name": "negoName" + }, + { + "javaScriptType": "string", + "name": "negoValue" + }, + { + "javaScriptType": "number", + "name": "errorCode" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "httpCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "authorizationHeader" + }, + { + "javaScriptType": "string", + "name": "negotiationHeader" + }, + { + "javaScriptType": "string", + "name": "errorCode" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "x509CertificateCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "x509CertificateCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "object", + "name": "certificate" + }, + { + "javaScriptType": "boolean", + "name": "requestSignature" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "x509CertificateCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "object", + "name": "certificate" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "consentMappingCallback", + "parameters": [ + { + "javaScriptType": "object", + "name": "config" + }, + { + "javaScriptType": "string", + "name": "message" + }, + { + "javaScriptType": "boolean", + "name": "isRequired" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "consentMappingCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "displayName" + }, + { + "javaScriptType": "string", + "name": "icon" + }, + { + "javaScriptType": "string", + "name": "accessLevel" + }, + { + "javaScriptType": "array", + "name": "titles" + }, + { + "javaScriptType": "string", + "name": "message" + }, + { + "javaScriptType": "boolean", + "name": "isRequired" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "deviceProfileCallback", + "parameters": [ + { + "javaScriptType": "boolean", + "name": "metadata" + }, + { + "javaScriptType": "boolean", + "name": "location" + }, + { + "javaScriptType": "string", + "name": "message" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "kbaCreateCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "array", + "name": "predefinedQuestions" + }, + { + "javaScriptType": "boolean", + "name": "allowUserDefinedQuestions" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "selectIdPCallback", + "parameters": [ + { + "javaScriptType": "object", + "name": "providers" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "termsAndConditionsCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "version" + }, + { + "javaScriptType": "string", + "name": "terms" + }, + { + "javaScriptType": "string", + "name": "createDate" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "confirmationCallback", + "parameters": [ + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "array", + "name": "options" + }, + { + "javaScriptType": "number", + "name": "defaultOption" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "confirmationCallback", + "parameters": [ + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "number", + "name": "optionType" + }, + { + "javaScriptType": "number", + "name": "defaultOption" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "confirmationCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "number", + "name": "optionType" + }, + { + "javaScriptType": "number", + "name": "defaultOption" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "confirmationCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "array", + "name": "options" + }, + { + "javaScriptType": "number", + "name": "defaultOption" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "textOutputCallback", + "parameters": [ + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "string", + "name": "message" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "choiceCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "array", + "name": "choices" + }, + { + "javaScriptType": "number", + "name": "defaultChoice" + }, + { + "javaScriptType": "boolean", + "name": "multipleSelectionsAllowed" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "redirectCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "redirectUrl" + }, + { + "javaScriptType": "object", + "name": "redirectData" + }, + { + "javaScriptType": "string", + "name": "method" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "redirectCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "redirectUrl" + }, + { + "javaScriptType": "object", + "name": "redirectData" + }, + { + "javaScriptType": "string", + "name": "method" + }, + { + "javaScriptType": "string", + "name": "statusParameter" + }, + { + "javaScriptType": "string", + "name": "redirectBackUrlCookie" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "redirectCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "redirectUrl" + }, + { + "javaScriptType": "object", + "name": "redirectData" + }, + { + "javaScriptType": "string", + "name": "method" + }, + { + "javaScriptType": "boolean", + "name": "setTrackingCookie" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "redirectCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "redirectUrl" + }, + { + "javaScriptType": "object", + "name": "redirectData" + }, + { + "javaScriptType": "string", + "name": "method" + }, + { + "javaScriptType": "string", + "name": "statusParameter" + }, + { + "javaScriptType": "string", + "name": "redirectBackUrlCookie" + }, + { + "javaScriptType": "boolean", + "name": "setTrackingCookie" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "hiddenValueCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "value" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "nameCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "defaultName" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "nameCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "passwordCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "echoOn" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "pollingWaitCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "waitTime" + }, + { + "javaScriptType": "string", + "name": "message" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "validatedUsernameCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "validatedUsernameCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "validatedPasswordCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "echoOn" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "validatedPasswordCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "echoOn" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.ScriptedCallbacksBuilder", + "javaScriptType": "object", + "name": "callbacksBuilder" + }, + { + "elements": [ + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "query", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "query", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.wrappers.IdmIntegrationServiceScriptWrapper", + "javaScriptType": "object", + "name": "openidm" + }, + { + "elements": [], + "javaScriptType": "object", + "name": "requestCookies" + }, + { + "javaScriptType": "string", + "name": "cookieName" + } + ], + "evaluatorVersions": { + "JAVASCRIPT": [ + "2.0" + ] + } + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.security.AccessController", + "java.lang.Class", + "java.lang.reflect.*" + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.util.promise.Promises$*", + "java.lang.Object", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Float", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.concurrent.TimeUnit", + "java.util.Collections$*", + "java.util.HashSet", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "sun.security.ec.ECPrivateKeyImpl", + "ch.qos.logback.classic.Logger", + "com.sun.proxy.$*", + "java.util.Date", + "java.security.spec.InvalidKeySpecException" + ] + }, + "isHidden": true, + "languages": [ + "JAVASCRIPT" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_ACCESS_TOKEN_MODIFICATION.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_ACCESS_TOKEN_MODIFICATION.scripttype.json new file mode 100644 index 000000000..38157f3a4 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_ACCESS_TOKEN_MODIFICATION.scripttype.json @@ -0,0 +1,371 @@ +{ + "scripttype": { + "OAUTH2_ACCESS_TOKEN_MODIFICATION": { + "_id": "OAUTH2_ACCESS_TOKEN_MODIFICATION", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "OAUTH2_ACCESS_TOKEN_MODIFICATION", + "allowLists": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl" + ], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{oauth2.access.token.modification.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{oauth2.access.token.modification.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{oauth2.access.token.modification.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.ImmutableList", + "com.google.common.collect.Sets$1", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ReCaptchaCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.IdentifiableCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.PagePropertiesCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.common.CaseInsensitiveHashMap$Entry", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.idm.IdType", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.StringEscapeUtils", + "groovy.json.internal.LazyMap", + "java.io.ByteArrayInputStream", + "java.io.ByteArrayOutputStream", + "java.io.UnsupportedEncodingException", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.NullPointerException", + "java.lang.Number", + "java.lang.Object", + "java.lang.RuntimeException", + "java.lang.SecurityException", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.math.BigDecimal", + "java.math.BigInteger", + "java.net.URI", + "java.security.KeyFactory", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.MessageDigest", + "java.security.MessageDigest$Delegate", + "java.security.MessageDigest$Delegate$CloneableDelegate", + "java.security.NoSuchAlgorithmException", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.cert.CertificateFactory", + "java.security.cert.X509Certificate", + "java.security.spec.MGF1ParameterSpec", + "java.security.spec.PKCS8EncodedKeySpec", + "java.security.spec.X509EncodedKeySpec", + "java.text.SimpleDateFormat", + "java.time.Clock", + "java.time.Clock$FixedClock", + "java.time.Clock$OffsetClock", + "java.time.Clock$SystemClock", + "java.time.Clock$TickClock", + "java.time.temporal.ChronoUnit", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Arrays", + "java.util.Collections", + "java.util.Collections$*", + "java.util.Date", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap$LinkedKeySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "java.util.UUID", + "javax.crypto.Cipher", + "javax.crypto.Mac", + "javax.crypto.spec.IvParameterSpec", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.crypto.spec.SecretKeySpec", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "org.apache.groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.guice.core.IdentityProvider", + "org.forgerock.guice.core.InjectorHolder", + "org.forgerock.http.Client", + "org.forgerock.http.Context", + "org.forgerock.http.Handler", + "org.forgerock.http.client.*", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.json.jose.builders.EncryptedJwtBuilder", + "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", + "org.forgerock.json.jose.builders.JweHeaderBuilder", + "org.forgerock.json.jose.builders.JwsHeaderBuilder", + "org.forgerock.json.jose.builders.JwtBuilderFactory", + "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", + "org.forgerock.json.jose.jwe.EncryptedJwt", + "org.forgerock.json.jose.jwe.EncryptionMethod", + "org.forgerock.json.jose.jwe.JweAlgorithm", + "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", + "org.forgerock.json.jose.jwk.JWKSet", + "org.forgerock.json.jose.jwk.RsaJWK", + "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", + "org.forgerock.json.jose.jws.JwsAlgorithm", + "org.forgerock.json.jose.jws.JwsHeader", + "org.forgerock.json.jose.jws.SignedEncryptedJwt", + "org.forgerock.json.jose.jws.SignedJwt", + "org.forgerock.json.jose.jws.SigningManager", + "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.RSASigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", + "org.forgerock.json.jose.jwt.JwtClaimsSet", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", + "org.forgerock.openam.auth.nodes.IdentityProvider", + "org.forgerock.openam.auth.nodes.InjectorHolder", + "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", + "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", + "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.secrets.SecretBuilder", + "org.forgerock.secrets.keys.SigningKey", + "org.forgerock.secrets.keys.VerificationKey", + "org.forgerock.util.encode.Base64", + "org.forgerock.util.encode.Base64url", + "org.forgerock.util.encode.Hex", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.ConsString", + "org.mozilla.javascript.JavaScriptException", + "org.mozilla.javascript.WrappedException", + "sun.security.ec.ECPrivateKeyImpl", + "sun.security.rsa.RSAPrivateCrtKeyImpl", + "sun.security.rsa.RSAPublicKeyImpl", + "sun.security.x509.X500Name", + "sun.security.x509.X509CertImpl", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableSet", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT", + "GROOVY" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER.scripttype.json new file mode 100644 index 000000000..beb03d70c --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER.scripttype.json @@ -0,0 +1,361 @@ +{ + "scripttype": { + "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER": { + "_id": "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "OAUTH2_AUTHORIZE_ENDPOINT_DATA_PROVIDER", + "allowLists": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl" + ], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{oauth2.authorize.endpoint.data.provider.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{oauth2.authorize.endpoint.data.provider.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{oauth2.authorize.endpoint.data.provider.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.ImmutableList", + "com.google.common.collect.Sets$1", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ReCaptchaCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.IdentifiableCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.PagePropertiesCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.common.CaseInsensitiveHashMap$Entry", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.idm.IdType", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.StringEscapeUtils", + "groovy.json.internal.LazyMap", + "java.io.ByteArrayInputStream", + "java.io.ByteArrayOutputStream", + "java.io.UnsupportedEncodingException", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.NullPointerException", + "java.lang.Number", + "java.lang.Object", + "java.lang.RuntimeException", + "java.lang.SecurityException", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.math.BigDecimal", + "java.math.BigInteger", + "java.net.URI", + "java.security.KeyFactory", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.MessageDigest", + "java.security.MessageDigest$Delegate", + "java.security.MessageDigest$Delegate$CloneableDelegate", + "java.security.NoSuchAlgorithmException", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.cert.CertificateFactory", + "java.security.cert.X509Certificate", + "java.security.spec.MGF1ParameterSpec", + "java.security.spec.PKCS8EncodedKeySpec", + "java.security.spec.X509EncodedKeySpec", + "java.text.SimpleDateFormat", + "java.time.Clock", + "java.time.Clock$FixedClock", + "java.time.Clock$OffsetClock", + "java.time.Clock$SystemClock", + "java.time.Clock$TickClock", + "java.time.temporal.ChronoUnit", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Arrays", + "java.util.Collections", + "java.util.Collections$*", + "java.util.Date", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap$LinkedKeySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "java.util.UUID", + "javax.crypto.Cipher", + "javax.crypto.Mac", + "javax.crypto.spec.IvParameterSpec", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.crypto.spec.SecretKeySpec", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "org.apache.groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.guice.core.IdentityProvider", + "org.forgerock.guice.core.InjectorHolder", + "org.forgerock.http.Client", + "org.forgerock.http.Context", + "org.forgerock.http.Handler", + "org.forgerock.http.client.*", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.json.jose.builders.EncryptedJwtBuilder", + "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", + "org.forgerock.json.jose.builders.JweHeaderBuilder", + "org.forgerock.json.jose.builders.JwsHeaderBuilder", + "org.forgerock.json.jose.builders.JwtBuilderFactory", + "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", + "org.forgerock.json.jose.jwe.EncryptedJwt", + "org.forgerock.json.jose.jwe.EncryptionMethod", + "org.forgerock.json.jose.jwe.JweAlgorithm", + "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", + "org.forgerock.json.jose.jwk.JWKSet", + "org.forgerock.json.jose.jwk.RsaJWK", + "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", + "org.forgerock.json.jose.jws.JwsAlgorithm", + "org.forgerock.json.jose.jws.JwsHeader", + "org.forgerock.json.jose.jws.SignedEncryptedJwt", + "org.forgerock.json.jose.jws.SignedJwt", + "org.forgerock.json.jose.jws.SigningManager", + "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.RSASigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", + "org.forgerock.json.jose.jwt.JwtClaimsSet", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", + "org.forgerock.openam.auth.nodes.IdentityProvider", + "org.forgerock.openam.auth.nodes.InjectorHolder", + "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", + "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", + "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.secrets.SecretBuilder", + "org.forgerock.secrets.keys.SigningKey", + "org.forgerock.secrets.keys.VerificationKey", + "org.forgerock.util.encode.Base64", + "org.forgerock.util.encode.Base64url", + "org.forgerock.util.encode.Hex", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.ConsString", + "org.mozilla.javascript.JavaScriptException", + "org.mozilla.javascript.WrappedException", + "sun.security.ec.ECPrivateKeyImpl", + "sun.security.rsa.RSAPrivateCrtKeyImpl", + "sun.security.rsa.RSAPublicKeyImpl", + "sun.security.x509.X500Name", + "sun.security.x509.X509CertImpl", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableSet", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT", + "GROOVY" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_EVALUATE_SCOPE.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_EVALUATE_SCOPE.scripttype.json new file mode 100644 index 000000000..d12b588e2 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_EVALUATE_SCOPE.scripttype.json @@ -0,0 +1,371 @@ +{ + "scripttype": { + "OAUTH2_EVALUATE_SCOPE": { + "_id": "OAUTH2_EVALUATE_SCOPE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "OAUTH2_EVALUATE_SCOPE", + "allowLists": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl" + ], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{oauth2.evaluate.scope.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{oauth2.evaluate.scope.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{oauth2.evaluate.scope.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.ImmutableList", + "com.google.common.collect.Sets$1", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ReCaptchaCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.IdentifiableCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.PagePropertiesCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.common.CaseInsensitiveHashMap$Entry", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.idm.IdType", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.StringEscapeUtils", + "groovy.json.internal.LazyMap", + "java.io.ByteArrayInputStream", + "java.io.ByteArrayOutputStream", + "java.io.UnsupportedEncodingException", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.NullPointerException", + "java.lang.Number", + "java.lang.Object", + "java.lang.RuntimeException", + "java.lang.SecurityException", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.math.BigDecimal", + "java.math.BigInteger", + "java.net.URI", + "java.security.KeyFactory", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.MessageDigest", + "java.security.MessageDigest$Delegate", + "java.security.MessageDigest$Delegate$CloneableDelegate", + "java.security.NoSuchAlgorithmException", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.cert.CertificateFactory", + "java.security.cert.X509Certificate", + "java.security.spec.MGF1ParameterSpec", + "java.security.spec.PKCS8EncodedKeySpec", + "java.security.spec.X509EncodedKeySpec", + "java.text.SimpleDateFormat", + "java.time.Clock", + "java.time.Clock$FixedClock", + "java.time.Clock$OffsetClock", + "java.time.Clock$SystemClock", + "java.time.Clock$TickClock", + "java.time.temporal.ChronoUnit", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Arrays", + "java.util.Collections", + "java.util.Collections$*", + "java.util.Date", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap$LinkedKeySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "java.util.UUID", + "javax.crypto.Cipher", + "javax.crypto.Mac", + "javax.crypto.spec.IvParameterSpec", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.crypto.spec.SecretKeySpec", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "org.apache.groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.guice.core.IdentityProvider", + "org.forgerock.guice.core.InjectorHolder", + "org.forgerock.http.Client", + "org.forgerock.http.Context", + "org.forgerock.http.Handler", + "org.forgerock.http.client.*", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.json.jose.builders.EncryptedJwtBuilder", + "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", + "org.forgerock.json.jose.builders.JweHeaderBuilder", + "org.forgerock.json.jose.builders.JwsHeaderBuilder", + "org.forgerock.json.jose.builders.JwtBuilderFactory", + "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", + "org.forgerock.json.jose.jwe.EncryptedJwt", + "org.forgerock.json.jose.jwe.EncryptionMethod", + "org.forgerock.json.jose.jwe.JweAlgorithm", + "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", + "org.forgerock.json.jose.jwk.JWKSet", + "org.forgerock.json.jose.jwk.RsaJWK", + "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", + "org.forgerock.json.jose.jws.JwsAlgorithm", + "org.forgerock.json.jose.jws.JwsHeader", + "org.forgerock.json.jose.jws.SignedEncryptedJwt", + "org.forgerock.json.jose.jws.SignedJwt", + "org.forgerock.json.jose.jws.SigningManager", + "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.RSASigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", + "org.forgerock.json.jose.jwt.JwtClaimsSet", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", + "org.forgerock.openam.auth.nodes.IdentityProvider", + "org.forgerock.openam.auth.nodes.InjectorHolder", + "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", + "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", + "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.secrets.SecretBuilder", + "org.forgerock.secrets.keys.SigningKey", + "org.forgerock.secrets.keys.VerificationKey", + "org.forgerock.util.encode.Base64", + "org.forgerock.util.encode.Base64url", + "org.forgerock.util.encode.Hex", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.ConsString", + "org.mozilla.javascript.JavaScriptException", + "org.mozilla.javascript.WrappedException", + "sun.security.ec.ECPrivateKeyImpl", + "sun.security.rsa.RSAPrivateCrtKeyImpl", + "sun.security.rsa.RSAPublicKeyImpl", + "sun.security.x509.X500Name", + "sun.security.x509.X509CertImpl", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableSet", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT", + "GROOVY" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_MAY_ACT.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_MAY_ACT.scripttype.json new file mode 100644 index 000000000..823cb1039 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_MAY_ACT.scripttype.json @@ -0,0 +1,373 @@ +{ + "scripttype": { + "OAUTH2_MAY_ACT": { + "_id": "OAUTH2_MAY_ACT", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "OAUTH2_MAY_ACT", + "allowLists": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl" + ], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{oauth2.may.act.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{oauth2.may.act.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{oauth2.may.act.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.ImmutableList", + "com.google.common.collect.Sets$1", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ReCaptchaCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.IdentifiableCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.PagePropertiesCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.common.CaseInsensitiveHashMap$Entry", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.idm.IdType", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.StringEscapeUtils", + "groovy.json.internal.LazyMap", + "java.io.ByteArrayInputStream", + "java.io.ByteArrayOutputStream", + "java.io.UnsupportedEncodingException", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.NullPointerException", + "java.lang.Number", + "java.lang.Object", + "java.lang.RuntimeException", + "java.lang.SecurityException", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.math.BigDecimal", + "java.math.BigInteger", + "java.net.URI", + "java.security.KeyFactory", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.MessageDigest", + "java.security.MessageDigest$Delegate", + "java.security.MessageDigest$Delegate$CloneableDelegate", + "java.security.NoSuchAlgorithmException", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.cert.CertificateFactory", + "java.security.cert.X509Certificate", + "java.security.spec.MGF1ParameterSpec", + "java.security.spec.PKCS8EncodedKeySpec", + "java.security.spec.X509EncodedKeySpec", + "java.text.SimpleDateFormat", + "java.time.Clock", + "java.time.Clock$FixedClock", + "java.time.Clock$OffsetClock", + "java.time.Clock$SystemClock", + "java.time.Clock$TickClock", + "java.time.temporal.ChronoUnit", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Arrays", + "java.util.Collections", + "java.util.Collections$*", + "java.util.Date", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap$LinkedKeySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "java.util.UUID", + "javax.crypto.Cipher", + "javax.crypto.Mac", + "javax.crypto.spec.IvParameterSpec", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.crypto.spec.SecretKeySpec", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "org.apache.groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.guice.core.IdentityProvider", + "org.forgerock.guice.core.InjectorHolder", + "org.forgerock.http.Client", + "org.forgerock.http.Context", + "org.forgerock.http.Handler", + "org.forgerock.http.client.*", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.json.jose.builders.EncryptedJwtBuilder", + "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", + "org.forgerock.json.jose.builders.JweHeaderBuilder", + "org.forgerock.json.jose.builders.JwsHeaderBuilder", + "org.forgerock.json.jose.builders.JwtBuilderFactory", + "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", + "org.forgerock.json.jose.jwe.EncryptedJwt", + "org.forgerock.json.jose.jwe.EncryptionMethod", + "org.forgerock.json.jose.jwe.JweAlgorithm", + "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", + "org.forgerock.json.jose.jwk.JWKSet", + "org.forgerock.json.jose.jwk.RsaJWK", + "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", + "org.forgerock.json.jose.jws.JwsAlgorithm", + "org.forgerock.json.jose.jws.JwsHeader", + "org.forgerock.json.jose.jws.SignedEncryptedJwt", + "org.forgerock.json.jose.jws.SignedJwt", + "org.forgerock.json.jose.jws.SigningManager", + "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.RSASigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", + "org.forgerock.json.jose.jwt.JwtClaimsSet", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", + "org.forgerock.openam.auth.nodes.IdentityProvider", + "org.forgerock.openam.auth.nodes.InjectorHolder", + "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", + "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", + "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.secrets.SecretBuilder", + "org.forgerock.secrets.keys.SigningKey", + "org.forgerock.secrets.keys.VerificationKey", + "org.forgerock.util.encode.Base64", + "org.forgerock.util.encode.Base64url", + "org.forgerock.util.encode.Hex", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.ConsString", + "org.mozilla.javascript.JavaScriptException", + "org.mozilla.javascript.WrappedException", + "sun.security.ec.ECPrivateKeyImpl", + "sun.security.rsa.RSAPrivateCrtKeyImpl", + "sun.security.rsa.RSAPublicKeyImpl", + "sun.security.x509.X500Name", + "sun.security.x509.X509CertImpl", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableSet", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT", + "GROOVY" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_SCRIPTED_JWT_ISSUER.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_SCRIPTED_JWT_ISSUER.scripttype.json new file mode 100644 index 000000000..aa77d9a3a --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_SCRIPTED_JWT_ISSUER.scripttype.json @@ -0,0 +1,207 @@ +{ + "scripttype": { + "OAUTH2_SCRIPTED_JWT_ISSUER": { + "_id": "OAUTH2_SCRIPTED_JWT_ISSUER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "OAUTH2_SCRIPTED_JWT_ISSUER", + "allowLists": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl" + ], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "400e48ba-3f13-4144-ac7b-f824ea8e98c5", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{oauth2.scripted.jwt.issuer.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{oauth2.scripted.jwt.issuer.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{oauth2.scripted.jwt.issuer.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.TrustedJwtIssuerConfig", + "org.forgerock.oauth2.core.exceptions.ServerException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.openam.scripting.api.ScriptedIdentity", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT", + "GROOVY" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_VALIDATE_SCOPE.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_VALIDATE_SCOPE.scripttype.json new file mode 100644 index 000000000..f54d0dbe9 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/OAUTH2_VALIDATE_SCOPE.scripttype.json @@ -0,0 +1,360 @@ +{ + "scripttype": { + "OAUTH2_VALIDATE_SCOPE": { + "_id": "OAUTH2_VALIDATE_SCOPE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "OAUTH2_VALIDATE_SCOPE", + "allowLists": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.exceptions.InvalidScopeException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl" + ], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{oauth2.validate.scope.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{oauth2.validate.scope.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{oauth2.validate.scope.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.ImmutableList", + "com.google.common.collect.Sets$1", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ReCaptchaCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.IdentifiableCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.PagePropertiesCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.common.CaseInsensitiveHashMap$Entry", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.idm.IdType", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.StringEscapeUtils", + "groovy.json.internal.LazyMap", + "java.io.ByteArrayInputStream", + "java.io.ByteArrayOutputStream", + "java.io.UnsupportedEncodingException", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.NullPointerException", + "java.lang.Number", + "java.lang.Object", + "java.lang.RuntimeException", + "java.lang.SecurityException", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.math.BigDecimal", + "java.math.BigInteger", + "java.net.URI", + "java.security.KeyFactory", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.MessageDigest", + "java.security.MessageDigest$Delegate", + "java.security.MessageDigest$Delegate$CloneableDelegate", + "java.security.NoSuchAlgorithmException", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.cert.CertificateFactory", + "java.security.cert.X509Certificate", + "java.security.spec.MGF1ParameterSpec", + "java.security.spec.PKCS8EncodedKeySpec", + "java.security.spec.X509EncodedKeySpec", + "java.text.SimpleDateFormat", + "java.time.Clock", + "java.time.Clock$FixedClock", + "java.time.Clock$OffsetClock", + "java.time.Clock$SystemClock", + "java.time.Clock$TickClock", + "java.time.temporal.ChronoUnit", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Arrays", + "java.util.Collections", + "java.util.Collections$*", + "java.util.Date", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap$LinkedKeySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "java.util.UUID", + "javax.crypto.Cipher", + "javax.crypto.Mac", + "javax.crypto.spec.IvParameterSpec", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.crypto.spec.SecretKeySpec", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "org.apache.groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.guice.core.IdentityProvider", + "org.forgerock.guice.core.InjectorHolder", + "org.forgerock.http.Client", + "org.forgerock.http.Context", + "org.forgerock.http.Handler", + "org.forgerock.http.client.*", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.json.jose.builders.EncryptedJwtBuilder", + "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", + "org.forgerock.json.jose.builders.JweHeaderBuilder", + "org.forgerock.json.jose.builders.JwsHeaderBuilder", + "org.forgerock.json.jose.builders.JwtBuilderFactory", + "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", + "org.forgerock.json.jose.jwe.EncryptedJwt", + "org.forgerock.json.jose.jwe.EncryptionMethod", + "org.forgerock.json.jose.jwe.JweAlgorithm", + "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", + "org.forgerock.json.jose.jwk.JWKSet", + "org.forgerock.json.jose.jwk.RsaJWK", + "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", + "org.forgerock.json.jose.jws.JwsAlgorithm", + "org.forgerock.json.jose.jws.JwsHeader", + "org.forgerock.json.jose.jws.SignedEncryptedJwt", + "org.forgerock.json.jose.jws.SignedJwt", + "org.forgerock.json.jose.jws.SigningManager", + "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.RSASigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", + "org.forgerock.json.jose.jwt.JwtClaimsSet", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", + "org.forgerock.openam.auth.nodes.IdentityProvider", + "org.forgerock.openam.auth.nodes.InjectorHolder", + "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", + "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", + "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.secrets.SecretBuilder", + "org.forgerock.secrets.keys.SigningKey", + "org.forgerock.secrets.keys.VerificationKey", + "org.forgerock.util.encode.Base64", + "org.forgerock.util.encode.Base64url", + "org.forgerock.util.encode.Hex", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.ConsString", + "org.mozilla.javascript.JavaScriptException", + "org.mozilla.javascript.WrappedException", + "sun.security.ec.ECPrivateKeyImpl", + "sun.security.rsa.RSAPrivateCrtKeyImpl", + "sun.security.rsa.RSAPublicKeyImpl", + "sun.security.x509.X500Name", + "sun.security.x509.X509CertImpl", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableSet", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT", + "GROOVY" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/OIDC_CLAIMS.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/OIDC_CLAIMS.scripttype.json new file mode 100644 index 000000000..9e3ac7f9a --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/OIDC_CLAIMS.scripttype.json @@ -0,0 +1,368 @@ +{ + "scripttype": { + "OIDC_CLAIMS": { + "_id": "OIDC_CLAIMS", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "OIDC_CLAIMS", + "allowLists": [ + "com.google.common.collect.Sets$1", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.net.URI", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableSet", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl" + ], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{oidc.claims.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{oidc.claims.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{oidc.claims.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.ImmutableList", + "com.google.common.collect.Sets$1", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ReCaptchaCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.IdentifiableCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.PagePropertiesCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.common.CaseInsensitiveHashMap$Entry", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.idm.IdType", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.StringEscapeUtils", + "groovy.json.internal.LazyMap", + "java.io.ByteArrayInputStream", + "java.io.ByteArrayOutputStream", + "java.io.UnsupportedEncodingException", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.NullPointerException", + "java.lang.Number", + "java.lang.Object", + "java.lang.RuntimeException", + "java.lang.SecurityException", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.math.BigDecimal", + "java.math.BigInteger", + "java.net.URI", + "java.security.KeyFactory", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.MessageDigest", + "java.security.MessageDigest$Delegate", + "java.security.MessageDigest$Delegate$CloneableDelegate", + "java.security.NoSuchAlgorithmException", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.cert.CertificateFactory", + "java.security.cert.X509Certificate", + "java.security.spec.MGF1ParameterSpec", + "java.security.spec.PKCS8EncodedKeySpec", + "java.security.spec.X509EncodedKeySpec", + "java.text.SimpleDateFormat", + "java.time.Clock", + "java.time.Clock$FixedClock", + "java.time.Clock$OffsetClock", + "java.time.Clock$SystemClock", + "java.time.Clock$TickClock", + "java.time.temporal.ChronoUnit", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Arrays", + "java.util.Collections", + "java.util.Collections$*", + "java.util.Date", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap$LinkedKeySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "java.util.UUID", + "javax.crypto.Cipher", + "javax.crypto.Mac", + "javax.crypto.spec.IvParameterSpec", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.crypto.spec.SecretKeySpec", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "org.apache.groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.guice.core.IdentityProvider", + "org.forgerock.guice.core.InjectorHolder", + "org.forgerock.http.Client", + "org.forgerock.http.Context", + "org.forgerock.http.Handler", + "org.forgerock.http.client.*", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.json.jose.builders.EncryptedJwtBuilder", + "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", + "org.forgerock.json.jose.builders.JweHeaderBuilder", + "org.forgerock.json.jose.builders.JwsHeaderBuilder", + "org.forgerock.json.jose.builders.JwtBuilderFactory", + "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", + "org.forgerock.json.jose.jwe.EncryptedJwt", + "org.forgerock.json.jose.jwe.EncryptionMethod", + "org.forgerock.json.jose.jwe.JweAlgorithm", + "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", + "org.forgerock.json.jose.jwk.JWKSet", + "org.forgerock.json.jose.jwk.RsaJWK", + "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", + "org.forgerock.json.jose.jws.JwsAlgorithm", + "org.forgerock.json.jose.jws.JwsHeader", + "org.forgerock.json.jose.jws.SignedEncryptedJwt", + "org.forgerock.json.jose.jws.SignedJwt", + "org.forgerock.json.jose.jws.SigningManager", + "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.RSASigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", + "org.forgerock.json.jose.jwt.JwtClaimsSet", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", + "org.forgerock.openam.auth.nodes.IdentityProvider", + "org.forgerock.openam.auth.nodes.InjectorHolder", + "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", + "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", + "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.secrets.SecretBuilder", + "org.forgerock.secrets.keys.SigningKey", + "org.forgerock.secrets.keys.VerificationKey", + "org.forgerock.util.encode.Base64", + "org.forgerock.util.encode.Base64url", + "org.forgerock.util.encode.Hex", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.ConsString", + "org.mozilla.javascript.JavaScriptException", + "org.mozilla.javascript.WrappedException", + "sun.security.ec.ECPrivateKeyImpl", + "sun.security.rsa.RSAPrivateCrtKeyImpl", + "sun.security.rsa.RSAPublicKeyImpl", + "sun.security.x509.X500Name", + "sun.security.x509.X509CertImpl", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableMap", + "java.util.Collections$UnmodifiableSet", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT", + "GROOVY" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/PINGONE_VERIFY_COMPLETION_DECISION_NODE.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/PINGONE_VERIFY_COMPLETION_DECISION_NODE.scripttype.json new file mode 100644 index 000000000..fff28594e --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/PINGONE_VERIFY_COMPLETION_DECISION_NODE.scripttype.json @@ -0,0 +1,1431 @@ +{ + "scripttype": { + "PINGONE_VERIFY_COMPLETION_DECISION_NODE": { + "_id": "PINGONE_VERIFY_COMPLETION_DECISION_NODE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "PINGONE_VERIFY_COMPLETION_DECISION_NODE", + "allowLists": [ + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.util.promise.Promises$*", + "java.lang.Object" + ], + "bindings": [ + { + "elements": [ + { + "elementType": "method", + "name": "send", + "parameters": [ + { + "javaScriptType": "string", + "name": "uri" + }, + { + "javaScriptType": "object", + "name": "requestOptions" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "send", + "parameters": [ + { + "javaScriptType": "string", + "name": "uri" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.wrappers.HttpClientScriptWrapper", + "javaScriptType": "object", + "name": "httpClient" + }, + { + "elements": [ + { + "elementType": "method", + "name": "remove", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "get", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "keys", + "parameters": [], + "returnType": "object" + }, + { + "elementType": "method", + "name": "getObject", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "isDefined", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "putShared", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + }, + { + "javaScriptType": "object", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "mergeShared", + "parameters": [ + { + "javaScriptType": "object", + "name": "object" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "putTransient", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + }, + { + "javaScriptType": "object", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "mergeTransient", + "parameters": [ + { + "javaScriptType": "object", + "name": "object" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.auth.node.api.NodeStateScriptWrapper", + "javaScriptType": "object", + "name": "nodeState" + }, + { + "javaScriptType": "unknown", + "name": "verifyTransactionsHelper" + }, + { + "elements": [ + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "randomUUID", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "getRandomValues", + "parameters": [ + { + "javaScriptType": "array", + "name": "array" + } + ], + "returnType": "array" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptCryptoService", + "javaScriptType": "object", + "name": "crypto" + }, + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "decode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "encode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "btoa", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "atob", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64Service", + "javaScriptType": "object", + "name": "base64" + }, + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "decode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "encode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "btoa", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "atob", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64UrlService", + "javaScriptType": "object", + "name": "base64url" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptUtilityService", + "javaScriptType": "object", + "name": "utils" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getName", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "isTraceEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isDebugEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isErrorEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isInfoEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isWarnEnabled", + "parameters": [], + "returnType": "boolean" + } + ], + "javaClass": "org.forgerock.openam.scripting.logging.ScriptedLoggerWrapper", + "javaScriptType": "object", + "name": "logger" + }, + { + "elements": [ + { + "elementType": "method", + "name": "withIdentifiedUser", + "parameters": [ + { + "javaScriptType": "string", + "name": "username" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withIdentifiedAgent", + "parameters": [ + { + "javaScriptType": "string", + "name": "agentName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "suspend", + "parameters": [ + { + "javaScriptType": "string", + "name": "callbackTextFormat" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "suspend", + "parameters": [ + { + "javaScriptType": "string", + "name": "callbackTextFormat" + }, + { + "javaScriptType": "object", + "name": "additionalLogic" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "goTo", + "parameters": [ + { + "javaScriptType": "string", + "name": "outcome" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "putSessionProperty", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + }, + { + "javaScriptType": "string", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withHeader", + "parameters": [ + { + "javaScriptType": "string", + "name": "header" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withDescription", + "parameters": [ + { + "javaScriptType": "string", + "name": "description" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withStage", + "parameters": [ + { + "javaScriptType": "string", + "name": "stage" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withErrorMessage", + "parameters": [ + { + "javaScriptType": "string", + "name": "errorMessage" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withLockoutMessage", + "parameters": [ + { + "javaScriptType": "string", + "name": "lockoutMessage" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "removeSessionProperty", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.ActionWrapper", + "javaScriptType": "object", + "name": "action" + }, + { + "javaScriptType": "string", + "name": "scriptName" + }, + { + "javaScriptType": "string", + "name": "realm" + }, + { + "elements": [ + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "query", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "query", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.wrappers.IdmIntegrationServiceScriptWrapper", + "javaScriptType": "object", + "name": "openidm" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getGenericSecret", + "parameters": [ + { + "javaScriptType": "string", + "name": "secretId" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "javaScriptType": "object", + "name": "secrets" + }, + { + "javaScriptType": "string", + "name": "cookieName" + } + ], + "evaluatorVersions": { + "JAVASCRIPT": [ + "2.0" + ] + } + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.security.AccessController", + "java.lang.reflect.*" + ], + "coreThreads": { + "$int": "&{pingone.verify.completion.decision.node.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{pingone.verify.completion.decision.node.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{pingone.verify.completion.decision.node.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Float", + "org.forgerock.http.protocol.Header", + "java.lang.Integer", + "org.forgerock.http.Client", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Long", + "java.lang.Short", + "java.util.Map", + "org.forgerock.http.client.*", + "java.lang.Math", + "org.forgerock.opendj.ldap.Dn", + "java.lang.Byte", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "java.lang.StrictMath", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.http.Context", + "java.lang.Void", + "org.codehaus.groovy.runtime.GStringImpl", + "groovy.json.JsonSlurper", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.context.RootContext", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "java.util.List", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Responses", + "org.forgerock.util.promise.Promise", + "java.util.HashMap$KeyIterator", + "com.sun.identity.shared.debug.Debug", + "java.lang.Double", + "org.forgerock.http.protocol.Headers", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.http.protocol.Status", + "java.util.HashMap", + "java.lang.Character$Subset", + "java.util.TreeSet", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.LinkedHashMap", + "org.forgerock.http.protocol.ResponseException", + "java.util.Collections$UnmodifiableRandomAccessList", + "org.forgerock.http.protocol.Message", + "java.lang.Boolean", + "java.lang.String", + "java.lang.Number", + "java.util.LinkedList", + "java.util.LinkedHashSet", + "org.forgerock.http.protocol.Response", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.TreeMap", + "java.util.Collections$EmptyList", + "org.forgerock.openam.scripting.api.ScriptedSession", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.http.Handler", + "java.lang.Object", + "org.forgerock.http.protocol.Form" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/POLICY_CONDITION.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/POLICY_CONDITION.scripttype.json new file mode 100644 index 000000000..6cfe33c21 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/POLICY_CONDITION.scripttype.json @@ -0,0 +1,283 @@ +{ + "scripttype": { + "POLICY_CONDITION": { + "_id": "POLICY_CONDITION", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "POLICY_CONDITION", + "allowLists": [], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "9de3eb62-f131-4fac-a294-7bd170fd4acb", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{policy.condition.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{policy.condition.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{policy.condition.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.ImmutableList", + "com.google.common.collect.Sets$1", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ReCaptchaCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.IdentifiableCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.PagePropertiesCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.common.CaseInsensitiveHashMap$Entry", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.idm.IdType", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.StringEscapeUtils", + "groovy.json.internal.LazyMap", + "java.io.ByteArrayInputStream", + "java.io.ByteArrayOutputStream", + "java.io.UnsupportedEncodingException", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.NullPointerException", + "java.lang.Number", + "java.lang.Object", + "java.lang.RuntimeException", + "java.lang.SecurityException", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.math.BigDecimal", + "java.math.BigInteger", + "java.net.URI", + "java.security.KeyFactory", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.MessageDigest", + "java.security.MessageDigest$Delegate", + "java.security.MessageDigest$Delegate$CloneableDelegate", + "java.security.NoSuchAlgorithmException", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.cert.CertificateFactory", + "java.security.cert.X509Certificate", + "java.security.spec.MGF1ParameterSpec", + "java.security.spec.PKCS8EncodedKeySpec", + "java.security.spec.X509EncodedKeySpec", + "java.text.SimpleDateFormat", + "java.time.Clock", + "java.time.Clock$FixedClock", + "java.time.Clock$OffsetClock", + "java.time.Clock$SystemClock", + "java.time.Clock$TickClock", + "java.time.temporal.ChronoUnit", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Arrays", + "java.util.Collections", + "java.util.Collections$*", + "java.util.Date", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap$LinkedKeySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "java.util.UUID", + "javax.crypto.Cipher", + "javax.crypto.Mac", + "javax.crypto.spec.IvParameterSpec", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.crypto.spec.SecretKeySpec", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "org.apache.groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.guice.core.IdentityProvider", + "org.forgerock.guice.core.InjectorHolder", + "org.forgerock.http.Client", + "org.forgerock.http.Context", + "org.forgerock.http.Handler", + "org.forgerock.http.client.*", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.json.jose.builders.EncryptedJwtBuilder", + "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", + "org.forgerock.json.jose.builders.JweHeaderBuilder", + "org.forgerock.json.jose.builders.JwsHeaderBuilder", + "org.forgerock.json.jose.builders.JwtBuilderFactory", + "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", + "org.forgerock.json.jose.jwe.EncryptedJwt", + "org.forgerock.json.jose.jwe.EncryptionMethod", + "org.forgerock.json.jose.jwe.JweAlgorithm", + "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", + "org.forgerock.json.jose.jwk.JWKSet", + "org.forgerock.json.jose.jwk.RsaJWK", + "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", + "org.forgerock.json.jose.jws.JwsAlgorithm", + "org.forgerock.json.jose.jws.JwsHeader", + "org.forgerock.json.jose.jws.SignedEncryptedJwt", + "org.forgerock.json.jose.jws.SignedJwt", + "org.forgerock.json.jose.jws.SigningManager", + "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.RSASigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", + "org.forgerock.json.jose.jwt.JwtClaimsSet", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", + "org.forgerock.openam.auth.nodes.IdentityProvider", + "org.forgerock.openam.auth.nodes.InjectorHolder", + "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", + "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", + "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.secrets.SecretBuilder", + "org.forgerock.secrets.keys.SigningKey", + "org.forgerock.secrets.keys.VerificationKey", + "org.forgerock.util.encode.Base64", + "org.forgerock.util.encode.Base64url", + "org.forgerock.util.encode.Hex", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.ConsString", + "org.mozilla.javascript.JavaScriptException", + "org.mozilla.javascript.WrappedException", + "sun.security.ec.ECPrivateKeyImpl", + "sun.security.rsa.RSAPrivateCrtKeyImpl", + "sun.security.rsa.RSAPublicKeyImpl", + "sun.security.x509.X500Name", + "sun.security.x509.X509CertImpl", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT", + "GROOVY" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/POLICY_CONDITION_NEXT_GEN.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/POLICY_CONDITION_NEXT_GEN.scripttype.json new file mode 100644 index 000000000..c70e6ba83 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/POLICY_CONDITION_NEXT_GEN.scripttype.json @@ -0,0 +1,1286 @@ +{ + "scripttype": { + "POLICY_CONDITION_NEXT_GEN": { + "_id": "POLICY_CONDITION_NEXT_GEN", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "POLICY_CONDITION_NEXT_GEN", + "allowLists": [ + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.util.promise.Promises$*", + "java.lang.Object" + ], + "bindings": [ + { + "elements": [ + { + "elementType": "method", + "name": "send", + "parameters": [ + { + "javaScriptType": "string", + "name": "uri" + }, + { + "javaScriptType": "object", + "name": "requestOptions" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "send", + "parameters": [ + { + "javaScriptType": "string", + "name": "uri" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.wrappers.HttpClientScriptWrapper", + "javaScriptType": "object", + "name": "httpClient" + }, + { + "elements": [], + "javaScriptType": "object", + "name": "advice" + }, + { + "elements": [], + "javaScriptType": "object", + "name": "responseAttributes" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getProperty", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.api.ScriptedSession", + "javaScriptType": "object", + "name": "session" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getName", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "isTraceEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isDebugEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isErrorEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isInfoEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isWarnEnabled", + "parameters": [], + "returnType": "boolean" + } + ], + "javaClass": "org.forgerock.openam.scripting.logging.ScriptedLoggerWrapper", + "javaScriptType": "object", + "name": "logger" + }, + { + "javaScriptType": "string", + "name": "resourceURI" + }, + { + "javaScriptType": "number", + "name": "ttl" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getGenericSecret", + "parameters": [ + { + "javaScriptType": "string", + "name": "secretId" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "javaScriptType": "object", + "name": "secrets" + }, + { + "elements": [], + "javaScriptType": "object", + "name": "environment" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getName", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "store", + "parameters": [], + "returnType": "void" + }, + { + "elementType": "method", + "name": "setAttribute", + "parameters": [ + { + "javaScriptType": "string", + "name": "attributeName" + }, + { + "javaScriptType": "array", + "name": "attributeValues" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "addAttribute", + "parameters": [ + { + "javaScriptType": "string", + "name": "attributeName" + }, + { + "javaScriptType": "string", + "name": "attributeValue" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "getAttributeValues", + "parameters": [ + { + "javaScriptType": "string", + "name": "attributeName" + } + ], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getUniversalId", + "parameters": [], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.api.identity.ScriptedIdentityScriptWrapper", + "javaScriptType": "object", + "name": "identity" + }, + { + "elements": [ + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "randomUUID", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "getRandomValues", + "parameters": [ + { + "javaScriptType": "array", + "name": "array" + } + ], + "returnType": "array" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptCryptoService", + "javaScriptType": "object", + "name": "crypto" + }, + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "decode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "encode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "btoa", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "atob", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64Service", + "javaScriptType": "object", + "name": "base64" + }, + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "decode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "encode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "btoa", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "atob", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64UrlService", + "javaScriptType": "object", + "name": "base64url" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptUtilityService", + "javaScriptType": "object", + "name": "utils" + }, + { + "javaScriptType": "boolean", + "name": "authorized" + }, + { + "javaScriptType": "string", + "name": "scriptName" + }, + { + "javaScriptType": "string", + "name": "realm" + }, + { + "elements": [ + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "query", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "query", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.wrappers.IdmIntegrationServiceScriptWrapper", + "javaScriptType": "object", + "name": "openidm" + }, + { + "javaScriptType": "string", + "name": "cookieName" + }, + { + "javaScriptType": "string", + "name": "username" + } + ], + "evaluatorVersions": { + "JAVASCRIPT": [ + "2.0" + ] + } + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.security.AccessController", + "java.lang.reflect.*" + ], + "coreThreads": { + "$int": "&{policy.condition.next.gen.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{policy.condition.next.gen.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{policy.condition.next.gen.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Float", + "org.forgerock.http.protocol.Header", + "java.lang.Integer", + "org.forgerock.http.Client", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Long", + "java.lang.Short", + "java.util.Map", + "org.forgerock.http.client.*", + "java.lang.Math", + "org.forgerock.opendj.ldap.Dn", + "java.lang.Byte", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "java.lang.StrictMath", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.http.Context", + "java.lang.Void", + "org.codehaus.groovy.runtime.GStringImpl", + "groovy.json.JsonSlurper", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.context.RootContext", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "java.util.List", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Responses", + "org.forgerock.util.promise.Promise", + "java.util.HashMap$KeyIterator", + "com.sun.identity.shared.debug.Debug", + "java.lang.Double", + "org.forgerock.http.protocol.Headers", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.http.protocol.Status", + "java.util.HashMap", + "java.lang.Character$Subset", + "java.util.TreeSet", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.LinkedHashMap", + "org.forgerock.http.protocol.ResponseException", + "java.util.Collections$UnmodifiableRandomAccessList", + "org.forgerock.http.protocol.Message", + "java.lang.Boolean", + "java.lang.String", + "java.lang.Number", + "java.util.LinkedList", + "java.util.LinkedHashSet", + "org.forgerock.http.protocol.Response", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.TreeMap", + "java.util.Collections$EmptyList", + "org.forgerock.openam.scripting.api.ScriptedSession", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.http.Handler", + "java.lang.Object", + "org.forgerock.http.protocol.Form" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/SAML2_IDP_ADAPTER.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/SAML2_IDP_ADAPTER.scripttype.json new file mode 100644 index 000000000..94589dc55 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/SAML2_IDP_ADAPTER.scripttype.json @@ -0,0 +1,208 @@ +{ + "scripttype": { + "SAML2_IDP_ADAPTER": { + "_id": "SAML2_IDP_ADAPTER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "SAML2_IDP_ADAPTER", + "allowLists": [ + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "com.sun.identity.shared.debug.Debug", + "java.io.PrintWriter", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.util.Collections$EmptyMap", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "groovy.json.internal.LazyMap", + "groovy.json.JsonSlurper", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.json.JsonValue", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "com.sun.identity.saml2.plugins.scripted.IdpAdapterScriptHelper" + ], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{saml2.idp.adapter.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{saml2.idp.adapter.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{saml2.idp.adapter.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "com.sun.identity.shared.debug.Debug", + "java.io.PrintWriter", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.util.Collections$EmptyMap", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "groovy.json.internal.LazyMap", + "groovy.json.JsonSlurper", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.json.JsonValue", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "com.sun.identity.saml2.plugins.scripted.IdpAdapterScriptHelper", + "java.util.List", + "java.util.Map", + "javax.servlet.http.Cookie", + "javax.xml.parsers.DocumentBuilder", + "javax.xml.parsers.DocumentBuilderFactory", + "org.w3c.dom.Document", + "org.w3c.dom.Element", + "org.xml.sax.InputSource", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT", + "GROOVY" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/SAML2_IDP_ATTRIBUTE_MAPPER.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/SAML2_IDP_ATTRIBUTE_MAPPER.scripttype.json new file mode 100644 index 000000000..2e26cf05a --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/SAML2_IDP_ATTRIBUTE_MAPPER.scripttype.json @@ -0,0 +1,349 @@ +{ + "scripttype": { + "SAML2_IDP_ATTRIBUTE_MAPPER": { + "_id": "SAML2_IDP_ATTRIBUTE_MAPPER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "SAML2_IDP_ATTRIBUTE_MAPPER", + "allowLists": [ + "com.iplanet.am.sdk.AMHashMap", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.util.Collections$EmptyMap", + "java.lang.Double", + "java.lang.Float", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.json.JsonValue", + "com.sun.identity.saml2.common.SAML2Exception", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException", + "javax.servlet.http.Cookie", + "javax.xml.parsers.DocumentBuilder", + "javax.xml.parsers.DocumentBuilderFactory", + "org.w3c.dom.Document", + "org.w3c.dom.Element", + "org.xml.sax.InputSource" + ], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{saml2.idp.attribute.mapper.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{saml2.idp.attribute.mapper.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{saml2.idp.attribute.mapper.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.ImmutableList", + "com.google.common.collect.Sets$1", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ReCaptchaCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.IdentifiableCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.PagePropertiesCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.common.CaseInsensitiveHashMap$Entry", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.idm.IdType", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.StringEscapeUtils", + "groovy.json.internal.LazyMap", + "java.io.ByteArrayInputStream", + "java.io.ByteArrayOutputStream", + "java.io.UnsupportedEncodingException", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.NullPointerException", + "java.lang.Number", + "java.lang.Object", + "java.lang.RuntimeException", + "java.lang.SecurityException", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.math.BigDecimal", + "java.math.BigInteger", + "java.net.URI", + "java.security.KeyFactory", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.MessageDigest", + "java.security.MessageDigest$Delegate", + "java.security.MessageDigest$Delegate$CloneableDelegate", + "java.security.NoSuchAlgorithmException", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.cert.CertificateFactory", + "java.security.cert.X509Certificate", + "java.security.spec.MGF1ParameterSpec", + "java.security.spec.PKCS8EncodedKeySpec", + "java.security.spec.X509EncodedKeySpec", + "java.text.SimpleDateFormat", + "java.time.Clock", + "java.time.Clock$FixedClock", + "java.time.Clock$OffsetClock", + "java.time.Clock$SystemClock", + "java.time.Clock$TickClock", + "java.time.temporal.ChronoUnit", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Arrays", + "java.util.Collections", + "java.util.Collections$*", + "java.util.Date", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap$LinkedKeySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "java.util.UUID", + "javax.crypto.Cipher", + "javax.crypto.Mac", + "javax.crypto.spec.IvParameterSpec", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.crypto.spec.SecretKeySpec", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "org.apache.groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.guice.core.IdentityProvider", + "org.forgerock.guice.core.InjectorHolder", + "org.forgerock.http.Client", + "org.forgerock.http.Context", + "org.forgerock.http.Handler", + "org.forgerock.http.client.*", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.json.jose.builders.EncryptedJwtBuilder", + "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", + "org.forgerock.json.jose.builders.JweHeaderBuilder", + "org.forgerock.json.jose.builders.JwsHeaderBuilder", + "org.forgerock.json.jose.builders.JwtBuilderFactory", + "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", + "org.forgerock.json.jose.jwe.EncryptedJwt", + "org.forgerock.json.jose.jwe.EncryptionMethod", + "org.forgerock.json.jose.jwe.JweAlgorithm", + "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", + "org.forgerock.json.jose.jwk.JWKSet", + "org.forgerock.json.jose.jwk.RsaJWK", + "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", + "org.forgerock.json.jose.jws.JwsAlgorithm", + "org.forgerock.json.jose.jws.JwsHeader", + "org.forgerock.json.jose.jws.SignedEncryptedJwt", + "org.forgerock.json.jose.jws.SignedJwt", + "org.forgerock.json.jose.jws.SigningManager", + "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.RSASigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", + "org.forgerock.json.jose.jwt.JwtClaimsSet", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", + "org.forgerock.openam.auth.nodes.IdentityProvider", + "org.forgerock.openam.auth.nodes.InjectorHolder", + "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", + "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", + "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.secrets.SecretBuilder", + "org.forgerock.secrets.keys.SigningKey", + "org.forgerock.secrets.keys.VerificationKey", + "org.forgerock.util.encode.Base64", + "org.forgerock.util.encode.Base64url", + "org.forgerock.util.encode.Hex", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.ConsString", + "org.mozilla.javascript.JavaScriptException", + "org.mozilla.javascript.WrappedException", + "sun.security.ec.ECPrivateKeyImpl", + "sun.security.rsa.RSAPrivateCrtKeyImpl", + "sun.security.rsa.RSAPublicKeyImpl", + "sun.security.x509.X500Name", + "sun.security.x509.X509CertImpl", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT", + "GROOVY" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/SAML2_NAMEID_MAPPER.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/SAML2_NAMEID_MAPPER.scripttype.json new file mode 100644 index 000000000..20b283195 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/SAML2_NAMEID_MAPPER.scripttype.json @@ -0,0 +1,1297 @@ +{ + "scripttype": { + "SAML2_NAMEID_MAPPER": { + "_id": "SAML2_NAMEID_MAPPER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "SAML2_NAMEID_MAPPER", + "allowLists": [ + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.util.promise.Promises$*", + "java.lang.Object", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Float", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$EmptyMap", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "com.sun.identity.common.CaseInsensitiveHashMap", + "org.forgerock.json.JsonValue", + "org.mozilla.javascript.JavaScriptException", + "javax.servlet.http.Cookie", + "org.xml.sax.InputSource", + "java.security.cert.CertificateFactory", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.io.PrintWriter", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "sun.security.ec.ECPrivateKeyImpl" + ], + "bindings": [ + { + "elements": [ + { + "elementType": "method", + "name": "send", + "parameters": [ + { + "javaScriptType": "string", + "name": "uri" + }, + { + "javaScriptType": "object", + "name": "requestOptions" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "send", + "parameters": [ + { + "javaScriptType": "string", + "name": "uri" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.wrappers.HttpClientScriptWrapper", + "javaScriptType": "object", + "name": "httpClient" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getName", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "isTraceEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isDebugEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isErrorEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isInfoEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isWarnEnabled", + "parameters": [], + "returnType": "boolean" + } + ], + "javaClass": "org.forgerock.openam.scripting.logging.ScriptedLoggerWrapper", + "javaScriptType": "object", + "name": "logger" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getGenericSecret", + "parameters": [ + { + "javaScriptType": "string", + "name": "secretId" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "javaScriptType": "object", + "name": "secrets" + }, + { + "javaScriptType": "unknown", + "name": "nameIDScriptHelper" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getName", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "store", + "parameters": [], + "returnType": "void" + }, + { + "elementType": "method", + "name": "setAttribute", + "parameters": [ + { + "javaScriptType": "string", + "name": "attributeName" + }, + { + "javaScriptType": "array", + "name": "attributeValues" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "addAttribute", + "parameters": [ + { + "javaScriptType": "string", + "name": "attributeName" + }, + { + "javaScriptType": "string", + "name": "attributeValue" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "getAttributeValues", + "parameters": [ + { + "javaScriptType": "string", + "name": "attributeName" + } + ], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getUniversalId", + "parameters": [], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.api.identity.ScriptedIdentityScriptWrapper", + "javaScriptType": "object", + "name": "identity" + }, + { + "elements": [ + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "randomUUID", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "getRandomValues", + "parameters": [ + { + "javaScriptType": "array", + "name": "array" + } + ], + "returnType": "array" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptCryptoService", + "javaScriptType": "object", + "name": "crypto" + }, + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "decode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "encode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "btoa", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "atob", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64Service", + "javaScriptType": "object", + "name": "base64" + }, + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "decode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "encode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "btoa", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "atob", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64UrlService", + "javaScriptType": "object", + "name": "base64url" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptUtilityService", + "javaScriptType": "object", + "name": "utils" + }, + { + "javaScriptType": "string", + "name": "nameIDFormat" + }, + { + "javaScriptType": "string", + "name": "scriptName" + }, + { + "javaScriptType": "string", + "name": "realm" + }, + { + "javaScriptType": "string", + "name": "remoteEntityId" + }, + { + "elements": [ + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "query", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "query", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.wrappers.IdmIntegrationServiceScriptWrapper", + "javaScriptType": "object", + "name": "openidm" + }, + { + "javaScriptType": "string", + "name": "hostedEntityId" + }, + { + "javaScriptType": "string", + "name": "cookieName" + } + ], + "evaluatorVersions": { + "JAVASCRIPT": [ + "2.0" + ] + } + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.security.AccessController", + "java.lang.reflect.*" + ], + "coreThreads": 10, + "idleTimeout": 60, + "maxThreads": 50, + "propertyNamePrefix": "script", + "queueSize": 10, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "java.lang.Float", + "org.forgerock.http.protocol.Header", + "java.lang.Integer", + "org.forgerock.http.Client", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Long", + "java.lang.Short", + "java.util.Map", + "org.forgerock.http.client.*", + "java.lang.Math", + "org.forgerock.opendj.ldap.Dn", + "java.lang.Byte", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "java.lang.StrictMath", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.http.Context", + "java.lang.Void", + "org.codehaus.groovy.runtime.GStringImpl", + "groovy.json.JsonSlurper", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.context.RootContext", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "java.util.List", + "org.forgerock.http.protocol.RequestCookies", + "org.forgerock.http.protocol.Responses", + "org.forgerock.util.promise.Promise", + "java.util.HashMap$KeyIterator", + "com.sun.identity.shared.debug.Debug", + "java.lang.Double", + "org.forgerock.http.protocol.Headers", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.http.protocol.Status", + "java.util.HashMap", + "java.lang.Character$Subset", + "java.util.TreeSet", + "java.util.ArrayList", + "java.util.HashSet", + "java.util.LinkedHashMap", + "org.forgerock.http.protocol.ResponseException", + "java.util.Collections$UnmodifiableRandomAccessList", + "org.forgerock.http.protocol.Message", + "java.lang.Boolean", + "java.lang.String", + "java.lang.Number", + "java.util.LinkedList", + "java.util.LinkedHashSet", + "org.forgerock.http.protocol.Response", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.TreeMap", + "java.util.Collections$EmptyList", + "org.forgerock.openam.scripting.api.ScriptedSession", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.http.Handler", + "java.lang.Object", + "org.forgerock.http.protocol.Form" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/SAML2_SP_ADAPTER.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/SAML2_SP_ADAPTER.scripttype.json new file mode 100644 index 000000000..2a2ea1177 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/SAML2_SP_ADAPTER.scripttype.json @@ -0,0 +1,201 @@ +{ + "scripttype": { + "SAML2_SP_ADAPTER": { + "_id": "SAML2_SP_ADAPTER", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "SAML2_SP_ADAPTER", + "allowLists": [ + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "com.sun.identity.shared.debug.Debug", + "java.io.PrintWriter", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.util.Collections$EmptyMap", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "groovy.json.internal.LazyMap", + "groovy.json.JsonSlurper", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.json.JsonValue", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "com.sun.identity.saml2.plugins.scripted.SpAdapterScriptHelper" + ], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "[Empty]", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{saml2.sp.adapter.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{saml2.sp.adapter.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{saml2.sp.adapter.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.saml2.assertion.*", + "com.sun.identity.saml2.assertion.impl.*", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.ScriptEntitlementInfo", + "com.sun.identity.saml2.protocol.*", + "com.sun.identity.saml2.protocol.impl.*", + "com.sun.identity.shared.debug.Debug", + "java.io.PrintWriter", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.util.Collections$EmptyMap", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "java.net.URI", + "javax.security.auth.Subject", + "javax.servlet.http.HttpServletRequestWrapper", + "javax.servlet.http.HttpServletResponseWrapper", + "groovy.json.internal.LazyMap", + "groovy.json.JsonSlurper", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.Client", + "org.forgerock.http.client.*", + "org.forgerock.json.JsonValue", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "com.sun.identity.saml2.plugins.scripted.SpAdapterScriptHelper", + "java.util.List", + "java.util.Map", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/SCRIPTED_DECISION_NODE.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/SCRIPTED_DECISION_NODE.scripttype.json new file mode 100644 index 000000000..2db340722 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/SCRIPTED_DECISION_NODE.scripttype.json @@ -0,0 +1,2802 @@ +{ + "scripttype": { + "SCRIPTED_DECISION_NODE": { + "_id": "SCRIPTED_DECISION_NODE", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "SCRIPTED_DECISION_NODE", + "allowLists": [ + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.util.promise.Promises$*", + "java.lang.Object", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Float", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.Void", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.Collections", + "java.util.concurrent.TimeUnit", + "java.util.Collections$*", + "java.util.HashSet", + "java.util.HashMap$KeyIterator", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeSet", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.spec.X509EncodedKeySpec", + "java.security.spec.MGF1ParameterSpec", + "javax.crypto.SecretKeyFactory", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PBEKeySpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "org.forgerock.json.JsonValue", + "org.forgerock.util.promise.NeverThrowsException", + "java.util.concurrent.ExecutionException", + "java.util.concurrent.TimeoutException", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "com.sun.crypto.provider.PBKDF2KeyImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "sun.security.ec.ECPrivateKeyImpl", + "ch.qos.logback.classic.Logger", + "com.sun.proxy.$*", + "java.util.Date", + "java.security.spec.InvalidKeySpecException", + "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper" + ], + "bindings": [ + { + "elements": [ + { + "elementType": "method", + "name": "getSpAttributes", + "parameters": [], + "returnType": "object" + }, + { + "elementType": "method", + "name": "getIdpAttributes", + "parameters": [], + "returnType": "object" + }, + { + "elementType": "method", + "name": "getFlowInitiator", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "getAuthnRequest", + "parameters": [], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.saml2.SAMLScriptedBindingObjectImpl", + "javaScriptType": "object", + "name": "samlApplication" + }, + { + "elements": [ + { + "elementType": "method", + "name": "send", + "parameters": [ + { + "javaScriptType": "string", + "name": "uri" + }, + { + "javaScriptType": "object", + "name": "requestOptions" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "send", + "parameters": [ + { + "javaScriptType": "string", + "name": "uri" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.wrappers.HttpClientScriptWrapper", + "javaScriptType": "object", + "name": "httpClient" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getName", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "info", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "trace", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "debug", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "error", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "array", + "name": "arguments" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + }, + { + "javaScriptType": "object", + "name": "t" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "msg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg1" + }, + { + "javaScriptType": "object", + "name": "arg2" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "warn", + "parameters": [ + { + "javaScriptType": "string", + "name": "format" + }, + { + "javaScriptType": "object", + "name": "arg" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "isTraceEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isDebugEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isErrorEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isInfoEnabled", + "parameters": [], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "isWarnEnabled", + "parameters": [], + "returnType": "boolean" + } + ], + "javaClass": "org.forgerock.openam.scripting.logging.ScriptedLoggerWrapper", + "javaScriptType": "object", + "name": "logger" + }, + { + "elements": [], + "javaScriptType": "object", + "name": "requestParameters" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getStringAttributeInputCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getNumberAttributeInputCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getBooleanAttributeInputCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getConfirmationCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getLanguageCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getIdpCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getValidatedPasswordCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getValidatedUsernameCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getHttpCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getX509CertificateCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getConsentMappingCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getDeviceProfileCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getKbaCreateCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getSelectIdPCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getTermsAndConditionsCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getChoiceCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getNameCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getPasswordCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "getHiddenValueCallbacks", + "parameters": [], + "returnType": "object" + }, + { + "elementType": "method", + "name": "getTextInputCallbacks", + "parameters": [], + "returnType": "array" + }, + { + "elementType": "method", + "name": "isEmpty", + "parameters": [], + "returnType": "boolean" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.ScriptedCallbacksWrapper", + "javaScriptType": "object", + "name": "callbacks" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getGenericSecret", + "parameters": [ + { + "javaScriptType": "string", + "name": "secretId" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "javaScriptType": "object", + "name": "secrets" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getIdentity", + "parameters": [ + { + "javaScriptType": "string", + "name": "userName" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepositoryScriptWrapper", + "javaScriptType": "object", + "name": "idRepository" + }, + { + "elements": [ + { + "elementType": "method", + "name": "getClientProperties", + "parameters": [], + "returnType": "object" + }, + { + "elementType": "method", + "name": "getRequestProperties", + "parameters": [], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.oauth2.core.application.tree.OAuthScriptedBindingObjectImpl", + "javaScriptType": "object", + "name": "oauthApplication" + }, + { + "elements": [], + "javaScriptType": "object", + "name": "requestHeaders" + }, + { + "elements": [ + { + "elementType": "method", + "name": "generateJwt", + "parameters": [ + { + "javaScriptType": "object", + "name": "jwtData" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.JwtAssertionScriptWrapper", + "javaScriptType": "object", + "name": "jwtAssertion" + }, + { + "elements": [ + { + "elementType": "method", + "name": "remove", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "get", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "keys", + "parameters": [], + "returnType": "object" + }, + { + "elementType": "method", + "name": "getObject", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "isDefined", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "boolean" + }, + { + "elementType": "method", + "name": "putShared", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + }, + { + "javaScriptType": "object", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "mergeShared", + "parameters": [ + { + "javaScriptType": "object", + "name": "object" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "putTransient", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + }, + { + "javaScriptType": "object", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "mergeTransient", + "parameters": [ + { + "javaScriptType": "object", + "name": "object" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.auth.node.api.NodeStateScriptWrapper", + "javaScriptType": "object", + "name": "nodeState" + }, + { + "javaScriptType": "boolean", + "name": "resumedFromSuspend" + }, + { + "elements": [ + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "randomUUID", + "parameters": [], + "returnType": "string" + }, + { + "elementType": "method", + "name": "getRandomValues", + "parameters": [ + { + "javaScriptType": "array", + "name": "array" + } + ], + "returnType": "array" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptCryptoService", + "javaScriptType": "object", + "name": "crypto" + }, + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "decode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "encode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "btoa", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "atob", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64Service", + "javaScriptType": "object", + "name": "base64" + }, + { + "elementType": "field", + "elements": [ + { + "elementType": "method", + "name": "decode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "encode", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "btoa", + "parameters": [ + { + "javaScriptType": "string", + "name": "toEncode" + } + ], + "returnType": "string" + }, + { + "elementType": "method", + "name": "atob", + "parameters": [ + { + "javaScriptType": "string", + "name": "toDecode" + } + ], + "returnType": "string" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptBase64UrlService", + "javaScriptType": "object", + "name": "base64url" + } + ], + "javaClass": "org.forgerock.openam.scripting.bindings.ScriptUtilityService", + "javaScriptType": "object", + "name": "utils" + }, + { + "elements": [ + { + "elementType": "method", + "name": "withIdentifiedUser", + "parameters": [ + { + "javaScriptType": "string", + "name": "username" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withIdentifiedAgent", + "parameters": [ + { + "javaScriptType": "string", + "name": "agentName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "suspend", + "parameters": [ + { + "javaScriptType": "string", + "name": "callbackTextFormat" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "suspend", + "parameters": [ + { + "javaScriptType": "string", + "name": "callbackTextFormat" + }, + { + "javaScriptType": "object", + "name": "additionalLogic" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "goTo", + "parameters": [ + { + "javaScriptType": "string", + "name": "outcome" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "putSessionProperty", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + }, + { + "javaScriptType": "string", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withHeader", + "parameters": [ + { + "javaScriptType": "string", + "name": "header" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withDescription", + "parameters": [ + { + "javaScriptType": "string", + "name": "description" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withStage", + "parameters": [ + { + "javaScriptType": "string", + "name": "stage" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withErrorMessage", + "parameters": [ + { + "javaScriptType": "string", + "name": "errorMessage" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "withLockoutMessage", + "parameters": [ + { + "javaScriptType": "string", + "name": "lockoutMessage" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "removeSessionProperty", + "parameters": [ + { + "javaScriptType": "string", + "name": "key" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.ActionWrapper", + "javaScriptType": "object", + "name": "action" + }, + { + "javaScriptType": "string", + "name": "scriptName" + }, + { + "javaScriptType": "string", + "name": "realm" + }, + { + "elements": [ + { + "elementType": "method", + "name": "validateJwtClaims", + "parameters": [ + { + "javaScriptType": "object", + "name": "jwtData" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.JwtValidatorScriptWrapper", + "javaScriptType": "object", + "name": "jwtValidator" + }, + { + "elements": [ + { + "elementType": "method", + "name": "suspendedTextOutputCallback", + "parameters": [ + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "string", + "name": "message" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "textInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "defaultText" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "textInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "scriptTextOutputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "message" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "metadataCallback", + "parameters": [ + { + "javaScriptType": "object", + "name": "outputValue" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "stringAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "stringAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "stringAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "stringAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "numberAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "numberAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "numberAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "numberAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "booleanAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "booleanAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "booleanAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "booleanAttributeInputCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "value" + }, + { + "javaScriptType": "boolean", + "name": "required" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "languageCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "language" + }, + { + "javaScriptType": "string", + "name": "country" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "idPCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "provider" + }, + { + "javaScriptType": "string", + "name": "clientId" + }, + { + "javaScriptType": "string", + "name": "redirectUri" + }, + { + "javaScriptType": "array", + "name": "scope" + }, + { + "javaScriptType": "string", + "name": "nonce" + }, + { + "javaScriptType": "string", + "name": "request" + }, + { + "javaScriptType": "string", + "name": "requestUri" + }, + { + "javaScriptType": "array", + "name": "acrValues" + }, + { + "javaScriptType": "boolean", + "name": "requestNativeAppForUserInfo" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "idPCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "provider" + }, + { + "javaScriptType": "string", + "name": "clientId" + }, + { + "javaScriptType": "string", + "name": "redirectUri" + }, + { + "javaScriptType": "array", + "name": "scope" + }, + { + "javaScriptType": "string", + "name": "nonce" + }, + { + "javaScriptType": "string", + "name": "request" + }, + { + "javaScriptType": "string", + "name": "requestUri" + }, + { + "javaScriptType": "array", + "name": "acrValues" + }, + { + "javaScriptType": "boolean", + "name": "requestNativeAppForUserInfo" + }, + { + "javaScriptType": "string", + "name": "token" + }, + { + "javaScriptType": "string", + "name": "tokenType" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "httpCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "authRHeader" + }, + { + "javaScriptType": "string", + "name": "negoName" + }, + { + "javaScriptType": "string", + "name": "negoValue" + }, + { + "javaScriptType": "number", + "name": "errorCode" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "httpCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "authorizationHeader" + }, + { + "javaScriptType": "string", + "name": "negotiationHeader" + }, + { + "javaScriptType": "string", + "name": "errorCode" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "x509CertificateCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "x509CertificateCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "object", + "name": "certificate" + }, + { + "javaScriptType": "boolean", + "name": "requestSignature" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "x509CertificateCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "object", + "name": "certificate" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "consentMappingCallback", + "parameters": [ + { + "javaScriptType": "object", + "name": "config" + }, + { + "javaScriptType": "string", + "name": "message" + }, + { + "javaScriptType": "boolean", + "name": "isRequired" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "consentMappingCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "name" + }, + { + "javaScriptType": "string", + "name": "displayName" + }, + { + "javaScriptType": "string", + "name": "icon" + }, + { + "javaScriptType": "string", + "name": "accessLevel" + }, + { + "javaScriptType": "array", + "name": "titles" + }, + { + "javaScriptType": "string", + "name": "message" + }, + { + "javaScriptType": "boolean", + "name": "isRequired" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "deviceProfileCallback", + "parameters": [ + { + "javaScriptType": "boolean", + "name": "metadata" + }, + { + "javaScriptType": "boolean", + "name": "location" + }, + { + "javaScriptType": "string", + "name": "message" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "kbaCreateCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "array", + "name": "predefinedQuestions" + }, + { + "javaScriptType": "boolean", + "name": "allowUserDefinedQuestions" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "selectIdPCallback", + "parameters": [ + { + "javaScriptType": "object", + "name": "providers" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "termsAndConditionsCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "version" + }, + { + "javaScriptType": "string", + "name": "terms" + }, + { + "javaScriptType": "string", + "name": "createDate" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "confirmationCallback", + "parameters": [ + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "array", + "name": "options" + }, + { + "javaScriptType": "number", + "name": "defaultOption" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "confirmationCallback", + "parameters": [ + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "number", + "name": "optionType" + }, + { + "javaScriptType": "number", + "name": "defaultOption" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "confirmationCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "number", + "name": "optionType" + }, + { + "javaScriptType": "number", + "name": "defaultOption" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "confirmationCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "array", + "name": "options" + }, + { + "javaScriptType": "number", + "name": "defaultOption" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "textOutputCallback", + "parameters": [ + { + "javaScriptType": "number", + "name": "messageType" + }, + { + "javaScriptType": "string", + "name": "message" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "choiceCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "array", + "name": "choices" + }, + { + "javaScriptType": "number", + "name": "defaultChoice" + }, + { + "javaScriptType": "boolean", + "name": "multipleSelectionsAllowed" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "redirectCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "redirectUrl" + }, + { + "javaScriptType": "object", + "name": "redirectData" + }, + { + "javaScriptType": "string", + "name": "method" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "redirectCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "redirectUrl" + }, + { + "javaScriptType": "object", + "name": "redirectData" + }, + { + "javaScriptType": "string", + "name": "method" + }, + { + "javaScriptType": "string", + "name": "statusParameter" + }, + { + "javaScriptType": "string", + "name": "redirectBackUrlCookie" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "redirectCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "redirectUrl" + }, + { + "javaScriptType": "object", + "name": "redirectData" + }, + { + "javaScriptType": "string", + "name": "method" + }, + { + "javaScriptType": "boolean", + "name": "setTrackingCookie" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "redirectCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "redirectUrl" + }, + { + "javaScriptType": "object", + "name": "redirectData" + }, + { + "javaScriptType": "string", + "name": "method" + }, + { + "javaScriptType": "string", + "name": "statusParameter" + }, + { + "javaScriptType": "string", + "name": "redirectBackUrlCookie" + }, + { + "javaScriptType": "boolean", + "name": "setTrackingCookie" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "hiddenValueCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "value" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "nameCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "string", + "name": "defaultName" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "nameCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "passwordCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "echoOn" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "pollingWaitCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "waitTime" + }, + { + "javaScriptType": "string", + "name": "message" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "validatedUsernameCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "validatedUsernameCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "validatedPasswordCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "echoOn" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + } + ], + "returnType": "void" + }, + { + "elementType": "method", + "name": "validatedPasswordCallback", + "parameters": [ + { + "javaScriptType": "string", + "name": "prompt" + }, + { + "javaScriptType": "boolean", + "name": "echoOn" + }, + { + "javaScriptType": "object", + "name": "policies" + }, + { + "javaScriptType": "boolean", + "name": "validateOnly" + }, + { + "javaScriptType": "array", + "name": "failedPolicies" + } + ], + "returnType": "void" + } + ], + "javaClass": "org.forgerock.openam.auth.nodes.script.ScriptedCallbacksBuilder", + "javaScriptType": "object", + "name": "callbacksBuilder" + }, + { + "elements": [ + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "update", + "parameters": [ + { + "javaScriptType": "string", + "name": "id" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "value" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "read", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "delete", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "action", + "parameters": [ + { + "javaScriptType": "string", + "name": "resource" + }, + { + "javaScriptType": "string", + "name": "actionName" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "query", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "query", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "create", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "newResourceId" + }, + { + "javaScriptType": "object", + "name": "content" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + }, + { + "javaScriptType": "object", + "name": "params" + }, + { + "javaScriptType": "array", + "name": "fields" + } + ], + "returnType": "object" + }, + { + "elementType": "method", + "name": "patch", + "parameters": [ + { + "javaScriptType": "string", + "name": "resourceName" + }, + { + "javaScriptType": "string", + "name": "rev" + }, + { + "javaScriptType": "array", + "name": "patch" + }, + { + "javaScriptType": "object", + "name": "params" + } + ], + "returnType": "object" + } + ], + "javaClass": "org.forgerock.openam.scripting.wrappers.IdmIntegrationServiceScriptWrapper", + "javaScriptType": "object", + "name": "openidm" + }, + { + "elements": [], + "javaScriptType": "object", + "name": "requestCookies" + }, + { + "javaScriptType": "string", + "name": "cookieName" + } + ], + "evaluatorVersions": { + "JAVASCRIPT": [ + "2.0" + ] + } + }, + "defaultScript": "11e1a3c0-038b-4c16-956a-6c9d89328cff", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{scripted.decision.node.script.context.core.threads|&{authentication.tree.decision.node.script.context.core.threads|10}}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{scripted.decision.node.script.context.max.threads|&{authentication.tree.decision.node.script.context.max.threads|50}}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{scripted.decision.node.script.context.queue.size|&{authentication.tree.decision.node.script.context.queue.size|10}}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "jdk.proxy*", + "org.mozilla.javascript.WrappedException", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.mozilla.javascript.JavaScriptException" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/scripttype/SOCIAL_IDP_PROFILE_TRANSFORMATION.scripttype.json b/test/e2e/exports/full-export-separate/global/scripttype/SOCIAL_IDP_PROFILE_TRANSFORMATION.scripttype.json new file mode 100644 index 000000000..995630213 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/scripttype/SOCIAL_IDP_PROFILE_TRANSFORMATION.scripttype.json @@ -0,0 +1,346 @@ +{ + "scripttype": { + "SOCIAL_IDP_PROFILE_TRANSFORMATION": { + "_id": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "_type": { + "_id": "contexts", + "collection": true, + "name": "scriptContext" + }, + "context": { + "_id": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "allowLists": [ + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Character", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.Number", + "java.lang.Object", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.util.AbstractMap$SimpleImmutableEntry", + "java.util.ArrayList$Itr", + "java.util.ArrayList", + "java.util.Collections$1", + "java.util.Collections$EmptyList", + "java.util.Collections$SingletonList", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$Node", + "java.util.HashMap", + "java.util.HashSet", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.TreeMap", + "java.util.TreeSet", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.http.client.*", + "org.forgerock.http.protocol.Entity", + "org.forgerock.http.protocol.Request", + "org.forgerock.http.protocol.Response", + "org.forgerock.json.JsonValue", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.shared.security.crypto.CertificateService", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.util.promise.PromiseImpl", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "java.util.List", + "java.util.Map", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.oauth.clients.oidc.Claim", + "java.util.Locale", + "org.mozilla.javascript.JavaScriptException", + "sun.security.ec.ECPrivateKeyImpl", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn" + ], + "bindings": [], + "evaluatorVersions": { + "GROOVY": [ + "1.0" + ], + "JAVASCRIPT": [ + "1.0" + ] + } + }, + "defaultScript": "1d475815-72cb-42eb-aafd-4026989d28a7", + "engineConfiguration": { + "_id": "engineConfiguration", + "_type": { + "_id": "engineConfiguration", + "collection": false, + "name": "Scripting engine configuration" + }, + "blackList": [ + "java.lang.Class", + "java.lang.Thread", + "java.lang.invoke.*", + "java.lang.reflect.*", + "java.security.AccessController" + ], + "coreThreads": { + "$int": "&{social.idp.profile.transformation.script.context.core.threads|10}" + }, + "idleTimeout": 60, + "maxThreads": { + "$int": "&{social.idp.profile.transformation.script.context.max.threads|50}" + }, + "propertyNamePrefix": "esv.", + "queueSize": { + "$int": "&{social.idp.profile.transformation.script.context.queue.size|10}" + }, + "serverTimeout": 0, + "useSecurityManager": true, + "whiteList": [ + "com.google.common.collect.ImmutableList", + "com.google.common.collect.Sets$1", + "com.iplanet.am.sdk.AMHashMap", + "com.iplanet.sso.providers.dpro.SSOTokenIDImpl", + "com.iplanet.sso.providers.dpro.SessionSsoToken", + "com.sun.identity.authentication.callbacks.HiddenValueCallback", + "com.sun.identity.authentication.callbacks.ReCaptchaCallback", + "com.sun.identity.authentication.callbacks.ScriptTextOutputCallback", + "com.sun.identity.authentication.spi.HttpCallback", + "com.sun.identity.authentication.spi.IdentifiableCallback", + "com.sun.identity.authentication.spi.MetadataCallback", + "com.sun.identity.authentication.spi.PagePropertiesCallback", + "com.sun.identity.authentication.spi.RedirectCallback", + "com.sun.identity.authentication.spi.X509CertificateCallback", + "com.sun.identity.common.CaseInsensitiveHashMap", + "com.sun.identity.common.CaseInsensitiveHashMap$Entry", + "com.sun.identity.idm.AMIdentity", + "com.sun.identity.idm.IdType", + "com.sun.identity.saml2.assertion.impl.AttributeImpl", + "com.sun.identity.saml2.common.SAML2Exception", + "com.sun.identity.saml2.plugins.scripted.IdpAttributeMapperScriptHelper", + "com.sun.identity.shared.debug.Debug", + "groovy.json.JsonSlurper", + "groovy.json.StringEscapeUtils", + "groovy.json.internal.LazyMap", + "java.io.ByteArrayInputStream", + "java.io.ByteArrayOutputStream", + "java.io.UnsupportedEncodingException", + "java.lang.Boolean", + "java.lang.Byte", + "java.lang.Character", + "java.lang.Character$Subset", + "java.lang.Character$UnicodeBlock", + "java.lang.Double", + "java.lang.Float", + "java.lang.Integer", + "java.lang.Long", + "java.lang.Math", + "java.lang.NullPointerException", + "java.lang.Number", + "java.lang.Object", + "java.lang.RuntimeException", + "java.lang.SecurityException", + "java.lang.Short", + "java.lang.StrictMath", + "java.lang.String", + "java.lang.Void", + "java.math.BigDecimal", + "java.math.BigInteger", + "java.net.URI", + "java.security.KeyFactory", + "java.security.KeyPair", + "java.security.KeyPairGenerator", + "java.security.KeyPairGenerator$*", + "java.security.MessageDigest", + "java.security.MessageDigest$Delegate", + "java.security.MessageDigest$Delegate$CloneableDelegate", + "java.security.NoSuchAlgorithmException", + "java.security.PrivateKey", + "java.security.PublicKey", + "java.security.cert.CertificateFactory", + "java.security.cert.X509Certificate", + "java.security.spec.MGF1ParameterSpec", + "java.security.spec.PKCS8EncodedKeySpec", + "java.security.spec.X509EncodedKeySpec", + "java.text.SimpleDateFormat", + "java.time.Clock", + "java.time.Clock$FixedClock", + "java.time.Clock$OffsetClock", + "java.time.Clock$SystemClock", + "java.time.Clock$TickClock", + "java.time.temporal.ChronoUnit", + "java.util.AbstractMap$*", + "java.util.ArrayList", + "java.util.ArrayList$Itr", + "java.util.Arrays", + "java.util.Collections", + "java.util.Collections$*", + "java.util.Date", + "java.util.HashMap", + "java.util.HashMap$Entry", + "java.util.HashMap$KeyIterator", + "java.util.HashMap$KeySet", + "java.util.HashMap$Node", + "java.util.HashSet", + "java.util.LinkedHashMap", + "java.util.LinkedHashMap$Entry", + "java.util.LinkedHashMap$LinkedEntryIterator", + "java.util.LinkedHashMap$LinkedEntrySet", + "java.util.LinkedHashMap$LinkedKeySet", + "java.util.LinkedHashSet", + "java.util.LinkedList", + "java.util.List", + "java.util.Locale", + "java.util.Map", + "java.util.TreeMap", + "java.util.TreeSet", + "java.util.UUID", + "javax.crypto.Cipher", + "javax.crypto.Mac", + "javax.crypto.spec.IvParameterSpec", + "javax.crypto.spec.OAEPParameterSpec", + "javax.crypto.spec.PSource", + "javax.crypto.spec.PSource$*", + "javax.crypto.spec.SecretKeySpec", + "javax.security.auth.callback.ChoiceCallback", + "javax.security.auth.callback.ConfirmationCallback", + "javax.security.auth.callback.LanguageCallback", + "javax.security.auth.callback.NameCallback", + "javax.security.auth.callback.PasswordCallback", + "javax.security.auth.callback.TextInputCallback", + "javax.security.auth.callback.TextOutputCallback", + "org.apache.groovy.json.internal.LazyMap", + "org.codehaus.groovy.runtime.GStringImpl", + "org.codehaus.groovy.runtime.ScriptBytecodeAdapter", + "org.forgerock.guice.core.IdentityProvider", + "org.forgerock.guice.core.InjectorHolder", + "org.forgerock.http.Client", + "org.forgerock.http.Context", + "org.forgerock.http.Handler", + "org.forgerock.http.client.*", + "org.forgerock.http.context.RootContext", + "org.forgerock.http.header.*", + "org.forgerock.http.header.authorization.*", + "org.forgerock.http.protocol.*", + "org.forgerock.json.JsonValue", + "org.forgerock.json.jose.builders.EncryptedJwtBuilder", + "org.forgerock.json.jose.builders.EncryptedThenSignedJwtBuilder", + "org.forgerock.json.jose.builders.JweHeaderBuilder", + "org.forgerock.json.jose.builders.JwsHeaderBuilder", + "org.forgerock.json.jose.builders.JwtBuilderFactory", + "org.forgerock.json.jose.builders.SignedJwtBuilderImpl", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtBuilder", + "org.forgerock.json.jose.builders.SignedThenEncryptedJwtHeaderBuilder", + "org.forgerock.json.jose.jwe.EncryptedJwt", + "org.forgerock.json.jose.jwe.EncryptionMethod", + "org.forgerock.json.jose.jwe.JweAlgorithm", + "org.forgerock.json.jose.jwe.SignedThenEncryptedJwt", + "org.forgerock.json.jose.jwk.JWKSet", + "org.forgerock.json.jose.jwk.RsaJWK", + "org.forgerock.json.jose.jws.EncryptedThenSignedJwt", + "org.forgerock.json.jose.jws.JwsAlgorithm", + "org.forgerock.json.jose.jws.JwsHeader", + "org.forgerock.json.jose.jws.SignedEncryptedJwt", + "org.forgerock.json.jose.jws.SignedJwt", + "org.forgerock.json.jose.jws.SigningManager", + "org.forgerock.json.jose.jws.handlers.HmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.RSASigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretHmacSigningHandler", + "org.forgerock.json.jose.jws.handlers.SecretRSASigningHandler", + "org.forgerock.json.jose.jwt.JwtClaimsSet", + "org.forgerock.macaroons.Macaroon", + "org.forgerock.oauth.clients.oidc.Claim", + "org.forgerock.oauth2.core.GrantType", + "org.forgerock.oauth2.core.StatefulAccessToken", + "org.forgerock.oauth2.core.UserInfoClaims", + "org.forgerock.oauth2.core.exceptions.InvalidRequestException", + "org.forgerock.oauth2.core.tokenexchange.ExchangeableToken", + "org.forgerock.openam.auth.node.api.Action", + "org.forgerock.openam.auth.node.api.Action$ActionBuilder", + "org.forgerock.openam.auth.node.api.NodeState", + "org.forgerock.openam.auth.node.api.SuspendedTextOutputCallback", + "org.forgerock.openam.auth.nodes.IdentityProvider", + "org.forgerock.openam.auth.nodes.InjectorHolder", + "org.forgerock.openam.authentication.callbacks.AbstractValidatedCallback", + "org.forgerock.openam.authentication.callbacks.AttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.BooleanAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.ConsentMappingCallback", + "org.forgerock.openam.authentication.callbacks.DeviceProfileCallback", + "org.forgerock.openam.authentication.callbacks.IdPCallback", + "org.forgerock.openam.authentication.callbacks.KbaCreateCallback", + "org.forgerock.openam.authentication.callbacks.NumberAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.PollingWaitCallback", + "org.forgerock.openam.authentication.callbacks.SelectIdPCallback", + "org.forgerock.openam.authentication.callbacks.StringAttributeInputCallback", + "org.forgerock.openam.authentication.callbacks.TermsAndConditionsCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedPasswordCallback", + "org.forgerock.openam.authentication.callbacks.ValidatedUsernameCallback", + "org.forgerock.openam.authentication.modules.scripted.*", + "org.forgerock.openam.core.rest.authn.callbackhandlers.*", + "org.forgerock.openam.core.rest.devices.deviceprint.DeviceIdDao", + "org.forgerock.openam.core.rest.devices.profile.DeviceProfilesDao", + "org.forgerock.openam.oauth2.OpenAMAccessToken", + "org.forgerock.openam.oauth2.token.grantset.Authorization$ModifiedAccessToken", + "org.forgerock.openam.oauth2.token.macaroon.MacaroonAccessToken", + "org.forgerock.openam.oauth2.token.stateless.StatelessAccessToken", + "org.forgerock.openam.scripting.api.PrefixedScriptPropertyResolver", + "org.forgerock.openam.scripting.api.ScriptedIdentity", + "org.forgerock.openam.scripting.api.ScriptedSession", + "org.forgerock.openam.scripting.api.http.GroovyHttpClient", + "org.forgerock.openam.scripting.api.http.JavaScriptHttpClient", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentity", + "org.forgerock.openam.scripting.api.identity.ScriptedIdentityRepository", + "org.forgerock.openam.scripting.api.secrets.ScriptedSecrets", + "org.forgerock.openam.scripting.api.secrets.Secret", + "org.forgerock.openam.scripting.idrepo.ScriptIdentityRepository", + "org.forgerock.openam.shared.security.ThreadLocalSecureRandom", + "org.forgerock.openidconnect.Claim", + "org.forgerock.openidconnect.OpenIdConnectToken", + "org.forgerock.openidconnect.ssoprovider.OpenIdConnectSSOToken", + "org.forgerock.secrets.SecretBuilder", + "org.forgerock.secrets.keys.SigningKey", + "org.forgerock.secrets.keys.VerificationKey", + "org.forgerock.util.encode.Base64", + "org.forgerock.util.encode.Base64url", + "org.forgerock.util.encode.Hex", + "org.forgerock.util.promise.NeverThrowsException", + "org.forgerock.util.promise.Promise", + "org.forgerock.util.promise.PromiseImpl", + "org.mozilla.javascript.ConsString", + "org.mozilla.javascript.JavaScriptException", + "org.mozilla.javascript.WrappedException", + "sun.security.ec.ECPrivateKeyImpl", + "sun.security.rsa.RSAPrivateCrtKeyImpl", + "sun.security.rsa.RSAPublicKeyImpl", + "sun.security.x509.X500Name", + "sun.security.x509.X509CertImpl", + "java.util.Collections$UnmodifiableRandomAccessList", + "java.util.Collections$UnmodifiableCollection$1", + "org.forgerock.opendj.ldap.Rdn", + "org.forgerock.opendj.ldap.Dn", + "org.forgerock.openam.auth.nodes.VerifyTransactionsHelper" + ] + }, + "isHidden": false, + "languages": [ + "JAVASCRIPT", + "GROOVY" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/secret/esv-admin-token.secret.json b/test/e2e/exports/full-export-separate/global/secret/esv-admin-token.secret.json new file mode 100644 index 000000000..7cade5c02 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/secret/esv-admin-token.secret.json @@ -0,0 +1,15 @@ +{ + "secret": { + "esv-admin-token": { + "_id": "esv-admin-token", + "activeVersion": "1", + "description": "Long-lived admin token", + "encoding": "generic", + "lastChangeDate": "2024-03-20T14:46:13.461793Z", + "lastChangedBy": "ba58ff99-76d3-4c69-9c4a-7f150ac70e2c", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/secret/esv-brando-pingone.secret.json b/test/e2e/exports/full-export-separate/global/secret/esv-brando-pingone.secret.json new file mode 100644 index 000000000..ab31eae3b --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/secret/esv-brando-pingone.secret.json @@ -0,0 +1,15 @@ +{ + "secret": { + "esv-brando-pingone": { + "_id": "esv-brando-pingone", + "activeVersion": "4", + "description": "This is to show the connection between PingOne and AIC. ", + "encoding": "generic", + "lastChangeDate": "2024-06-24T00:44:06.154598Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "4", + "useInPlaceholders": true + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/secret/esv-secret-import-test1.secret.json b/test/e2e/exports/full-export-separate/global/secret/esv-secret-import-test1.secret.json new file mode 100644 index 000000000..2c6ef995e --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/secret/esv-secret-import-test1.secret.json @@ -0,0 +1,15 @@ +{ + "secret": { + "esv-secret-import-test1": { + "_id": "esv-secret-import-test1", + "activeVersion": "1", + "description": "Secret Import Test 1", + "encoding": "generic", + "lastChangeDate": "2024-06-22T01:13:13.904591Z", + "lastChangedBy": "volker.scheuber@forgerock.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/secret/esv-secret-import-test2.secret.json b/test/e2e/exports/full-export-separate/global/secret/esv-secret-import-test2.secret.json new file mode 100644 index 000000000..091b6bd49 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/secret/esv-secret-import-test2.secret.json @@ -0,0 +1,15 @@ +{ + "secret": { + "esv-secret-import-test2": { + "_id": "esv-secret-import-test2", + "activeVersion": "1", + "description": "Secret Import Test 2", + "encoding": "generic", + "lastChangeDate": "2024-06-22T01:13:41.914076Z", + "lastChangedBy": "volker.scheuber@forgerock.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-cert-pem-raw.secret.json b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-cert-pem-raw.secret.json new file mode 100644 index 000000000..c75b85f80 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-cert-pem-raw.secret.json @@ -0,0 +1,15 @@ +{ + "secret": { + "esv-test-secret-cert-pem-raw": { + "_id": "esv-test-secret-cert-pem-raw", + "activeVersion": "1", + "description": "This is a test secret from a pem encoded cert file (raw).", + "encoding": "pem", + "lastChangeDate": "2024-01-20T03:49:20.270526Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-cert-pem.secret.json b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-cert-pem.secret.json new file mode 100644 index 000000000..26b83a3a4 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-cert-pem.secret.json @@ -0,0 +1,15 @@ +{ + "secret": { + "esv-test-secret-cert-pem": { + "_id": "esv-test-secret-cert-pem", + "activeVersion": "1", + "description": "This is a test secret from a pem encoded cert file.", + "encoding": "pem", + "lastChangeDate": "2024-01-20T03:48:49.005574Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-euler.secret.json b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-euler.secret.json new file mode 100644 index 000000000..9326444d9 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-euler.secret.json @@ -0,0 +1,15 @@ +{ + "secret": { + "esv-test-secret-euler": { + "_id": "esv-test-secret-euler", + "activeVersion": "1", + "description": "A test secret containing the value of Euler's number", + "encoding": "generic", + "lastChangeDate": "2023-12-14T15:27:34.607038Z", + "lastChangedBy": "phales@trivir.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-file-base64hmac-raw.secret.json b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-file-base64hmac-raw.secret.json new file mode 100644 index 000000000..84efa5121 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-file-base64hmac-raw.secret.json @@ -0,0 +1,15 @@ +{ + "secret": { + "esv-test-secret-file-base64hmac-raw": { + "_id": "esv-test-secret-file-base64hmac-raw", + "activeVersion": "1", + "description": "This is a test secret from base64 encoded hmac key file (raw).", + "encoding": "base64hmac", + "lastChangeDate": "2024-01-20T03:47:03.695151Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-file-base64hmac.secret.json b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-file-base64hmac.secret.json new file mode 100644 index 000000000..e405d1705 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-file-base64hmac.secret.json @@ -0,0 +1,15 @@ +{ + "secret": { + "esv-test-secret-file-base64hmac": { + "_id": "esv-test-secret-file-base64hmac", + "activeVersion": "1", + "description": "This is a test secret from base64 encoded hmac key file.", + "encoding": "base64hmac", + "lastChangeDate": "2024-01-20T03:46:37.42544Z", + "lastChangedBy": "6bac97fb-0665-4ba9-b66c-1cf70e074d72", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-pi-generic.secret.json b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-pi-generic.secret.json new file mode 100644 index 000000000..66a3fccc2 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-pi-generic.secret.json @@ -0,0 +1,15 @@ +{ + "secret": { + "esv-test-secret-pi-generic": { + "_id": "esv-test-secret-pi-generic", + "activeVersion": "3", + "description": "", + "encoding": "generic", + "lastChangeDate": "2024-07-15T03:20:09.136266Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "3", + "useInPlaceholders": true + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-pi.secret.json b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-pi.secret.json new file mode 100644 index 000000000..9a89af392 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret-pi.secret.json @@ -0,0 +1,15 @@ +{ + "secret": { + "esv-test-secret-pi": { + "_id": "esv-test-secret-pi", + "activeVersion": "1", + "description": "Secret that contains the value of pi", + "encoding": "generic", + "lastChangeDate": "2023-12-14T15:22:28.519043Z", + "lastChangedBy": "phales@trivir.com", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/secret/esv-test-secret.secret.json b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret.secret.json new file mode 100644 index 000000000..f79ef87c4 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/secret/esv-test-secret.secret.json @@ -0,0 +1,15 @@ +{ + "secret": { + "esv-test-secret": { + "_id": "esv-test-secret", + "activeVersion": "1", + "description": "This is a test secret containing a simple string value.", + "encoding": "generic", + "lastChangeDate": "2024-07-05T17:53:53.682578Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "1", + "useInPlaceholders": true + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/secret/esv-volkers-test-secret.secret.json b/test/e2e/exports/full-export-separate/global/secret/esv-volkers-test-secret.secret.json new file mode 100644 index 000000000..a4c0fbd17 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/secret/esv-volkers-test-secret.secret.json @@ -0,0 +1,15 @@ +{ + "secret": { + "esv-volkers-test-secret": { + "_id": "esv-volkers-test-secret", + "activeVersion": "10", + "description": "Volker's test secret", + "encoding": "generic", + "lastChangeDate": "2024-06-26T01:37:06.116117Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "loadedVersion": "10", + "useInPlaceholders": true + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/serverInformation/information.serverInformation.json b/test/e2e/exports/full-export-separate/global/serverInformation/information.serverInformation.json new file mode 100644 index 000000000..d930f143a --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/serverInformation/information.serverInformation.json @@ -0,0 +1,35 @@ +{ + "serverInformation": { + "*": { + "_id": "*", + "cookieName": "6ac6499e9da2071", + "domains": [ + "openam-frodo-dev.forgeblocks.com" + ], + "fileBasedConfiguration": true, + "forgotPassword": "false", + "forgotUsername": "false", + "kbaEnabled": "false", + "lang": "en-US", + "protectedUserAttributes": [ + "telephoneNumber", + "mail" + ], + "realm": "/", + "referralsEnabled": "false", + "secureCookie": true, + "selfRegistration": "false", + "socialImplementations": [], + "successfulUserRegistrationDestination": "default", + "userIdAttributes": [ + "fr-idm-uuid" + ], + "xuiUserSessionValidationEnabled": true, + "zeroPageLogin": { + "allowedWithoutReferer": true, + "enabled": false, + "refererWhitelist": [] + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/serverVersion/version.serverVersion.json b/test/e2e/exports/full-export-separate/global/serverVersion/version.serverVersion.json new file mode 100644 index 000000000..3450d583a --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/serverVersion/version.serverVersion.json @@ -0,0 +1,11 @@ +{ + "serverVersion": { + "version": { + "_id": "version", + "date": "2024-November-21 17:06", + "fullVersion": "ForgeRock Access Management 8.0.0-SNAPSHOT Build 2289350edb3c4f70e3ea1ea1f5f0f8d78bab1a0e (2024-November-21 17:06)", + "revision": "2289350edb3c4f70e3ea1ea1f5f0f8d78bab1a0e", + "version": "8.0.0-SNAPSHOT" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/service/CorsService.service.json b/test/e2e/exports/full-export-separate/global/service/CorsService.service.json new file mode 100644 index 000000000..d81cc9a43 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/service/CorsService.service.json @@ -0,0 +1,15 @@ +{ + "service": { + "CorsService": { + "_id": "", + "_type": { + "_id": "CorsService", + "collection": false, + "name": "CORS Service" + }, + "enabled": true, + "location": "global", + "nextDescendents": [] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/service/dashboard.service.json b/test/e2e/exports/full-export-separate/global/service/dashboard.service.json new file mode 100644 index 000000000..08b49b514 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/service/dashboard.service.json @@ -0,0 +1,73 @@ +{ + "service": { + "dashboard": { + "_id": "", + "_type": { + "_id": "dashboard", + "collection": false, + "name": "Dashboard" + }, + "defaults": { + "assignedDashboard": [] + }, + "location": "global", + "nextDescendents": [ + { + "_id": "Google", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance" + }, + "className": "SAML2ApplicationClass", + "displayName": "Google", + "icfIdentifier": "idm magic 34", + "icon": "images/logos/googleplus.png", + "login": "http://www.google.com", + "name": "Google" + }, + { + "_id": "SalesForce", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance" + }, + "className": "SAML2ApplicationClass", + "displayName": "SalesForce", + "icfIdentifier": "idm magic 12", + "icon": "images/logos/salesforce.png", + "login": "http://www.salesforce.com", + "name": "SalesForce" + }, + { + "_id": "ZenDesk", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance" + }, + "className": "SAML2ApplicationClass", + "displayName": "ZenDesk", + "icfIdentifier": "idm magic 56", + "icon": "images/logos/zendesk.png", + "login": "http://www.ZenDesk.com", + "name": "ZenDesk" + }, + { + "_id": "2e4663b7-aed2-4521-8819-d379449d91b0", + "_type": { + "_id": "instances", + "collection": true, + "name": "instance" + }, + "className": "BookmarkApplicationClass", + "displayName": "Google", + "icon": "app-bookmark.svg", + "login": "https://www.google.com/", + "name": "Google" + } + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/sync/sync.idm.json b/test/e2e/exports/full-export-separate/global/sync/sync.idm.json new file mode 100644 index 000000000..28feb268d --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/sync/sync.idm.json @@ -0,0 +1,8 @@ +{ + "idm": { + "sync": { + "_id": "sync", + "mappings": [] + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/variable/esv-blue-piller.variable.json b/test/e2e/exports/full-export-separate/global/variable/esv-blue-piller.variable.json new file mode 100644 index 000000000..805654223 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/variable/esv-blue-piller.variable.json @@ -0,0 +1,13 @@ +{ + "variable": { + "esv-blue-piller": { + "_id": "esv-blue-piller", + "description": "Zion membership criteria.", + "expressionType": "bool", + "lastChangeDate": "2024-07-05T20:01:11.78347Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "false" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/variable/esv-ipv4-cidr-access-rules.variable.json b/test/e2e/exports/full-export-separate/global/variable/esv-ipv4-cidr-access-rules.variable.json new file mode 100644 index 000000000..2752b1d20 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/variable/esv-ipv4-cidr-access-rules.variable.json @@ -0,0 +1,13 @@ +{ + "variable": { + "esv-ipv4-cidr-access-rules": { + "_id": "esv-ipv4-cidr-access-rules", + "description": "IPv4 CIDR access rules: { \"allow\": [ \"address/mask\" ] }", + "expressionType": "object", + "lastChangeDate": "2024-07-05T20:01:13.987057Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "{ \"allow\": [ \"145.118.0.0/16\", \"132.35.0.0/16\", \"101.226.0.0/16\", \"99.72.28.182/32\" ] }" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/variable/esv-nebuchadnezzar-crew-structure.variable.json b/test/e2e/exports/full-export-separate/global/variable/esv-nebuchadnezzar-crew-structure.variable.json new file mode 100644 index 000000000..eb7ee0dd9 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/variable/esv-nebuchadnezzar-crew-structure.variable.json @@ -0,0 +1,13 @@ +{ + "variable": { + "esv-nebuchadnezzar-crew-structure": { + "_id": "esv-nebuchadnezzar-crew-structure", + "description": "The structure of the crew of the Nebuchadnezzar hovercraft.", + "expressionType": "object", + "lastChangeDate": "2024-07-05T20:01:07.343325Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "{\"Captain\":\"Morpheus\",\"FirstMate\":\"Trinity\",\"Operator\":[\"Link\",\"Tank\"],\"Medic\":\"Dozer\",\"Crewmen\":[\"Apoc\",\"Cypher\",\"Mouse\",\"Neo\",\"Switch\"]}" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/variable/esv-nebuchadnezzar-crew.variable.json b/test/e2e/exports/full-export-separate/global/variable/esv-nebuchadnezzar-crew.variable.json new file mode 100644 index 000000000..9abd3e77d --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/variable/esv-nebuchadnezzar-crew.variable.json @@ -0,0 +1,13 @@ +{ + "variable": { + "esv-nebuchadnezzar-crew": { + "_id": "esv-nebuchadnezzar-crew", + "description": "The crew of the Nebuchadnezzar hovercraft.", + "expressionType": "array", + "lastChangeDate": "2024-07-05T20:01:05.216699Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "[\"Morpheus\",\"Trinity\",\"Link\",\"Tank\",\"Dozer\",\"Apoc\",\"Cypher\",\"Mouse\",\"Neo\",\"Switch\"]" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/variable/esv-neo-age.variable.json b/test/e2e/exports/full-export-separate/global/variable/esv-neo-age.variable.json new file mode 100644 index 000000000..96a708986 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/variable/esv-neo-age.variable.json @@ -0,0 +1,13 @@ +{ + "variable": { + "esv-neo-age": { + "_id": "esv-neo-age", + "description": "Neo's age in the matrix.", + "expressionType": "int", + "lastChangeDate": "2024-11-01T16:21:14.46187Z", + "lastChangedBy": "Frodo-SA-1730238488278", + "loaded": true, + "value": "28" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/variable/esv-number.variable.json b/test/e2e/exports/full-export-separate/global/variable/esv-number.variable.json new file mode 100644 index 000000000..b9097e55e --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/variable/esv-number.variable.json @@ -0,0 +1,13 @@ +{ + "variable": { + "esv-number": { + "_id": "esv-number", + "description": "test number", + "expressionType": "number", + "lastChangeDate": "2024-07-05T19:42:20.943131Z", + "lastChangedBy": "volker.scheuber@forgerock.com", + "loaded": true, + "value": "1.134" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/variable/esv-test-var-pi-string.variable.json b/test/e2e/exports/full-export-separate/global/variable/esv-test-var-pi-string.variable.json new file mode 100644 index 000000000..1480dfdfb --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/variable/esv-test-var-pi-string.variable.json @@ -0,0 +1,13 @@ +{ + "variable": { + "esv-test-var-pi-string": { + "_id": "esv-test-var-pi-string", + "description": "This is another test variable.", + "expressionType": "string", + "lastChangeDate": "2024-07-05T20:01:16.11117Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "3.1415926" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/variable/esv-test-var-pi.variable.json b/test/e2e/exports/full-export-separate/global/variable/esv-test-var-pi.variable.json new file mode 100644 index 000000000..d3b16e797 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/variable/esv-test-var-pi.variable.json @@ -0,0 +1,13 @@ +{ + "variable": { + "esv-test-var-pi": { + "_id": "esv-test-var-pi", + "description": "This is another test variable.", + "expressionType": "number", + "lastChangeDate": "2024-07-12T17:40:41.283412Z", + "lastChangedBy": "Frodo-SA-1720799681233", + "loaded": true, + "value": "3.1415926" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/variable/esv-test-var.variable.json b/test/e2e/exports/full-export-separate/global/variable/esv-test-var.variable.json new file mode 100644 index 000000000..55fc7ff62 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/variable/esv-test-var.variable.json @@ -0,0 +1,13 @@ +{ + "variable": { + "esv-test-var": { + "_id": "esv-test-var", + "description": "this is a test description", + "expressionType": "string", + "lastChangeDate": "2024-11-01T16:21:15.469328Z", + "lastChangedBy": "Frodo-SA-1730238488278", + "loaded": true, + "value": "this is a test variable" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/variable/esv-test-variable-light.variable.json b/test/e2e/exports/full-export-separate/global/variable/esv-test-variable-light.variable.json new file mode 100644 index 000000000..045d7386c --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/variable/esv-test-variable-light.variable.json @@ -0,0 +1,13 @@ +{ + "variable": { + "esv-test-variable-light": { + "_id": "esv-test-variable-light", + "description": "Test variable containing the speed of light in meters per second (as an int).", + "expressionType": "int", + "lastChangeDate": "2023-12-14T15:34:13.446903Z", + "lastChangedBy": "phales@trivir.com", + "loaded": true, + "value": "299792458" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/variable/esv-test.variable.json b/test/e2e/exports/full-export-separate/global/variable/esv-test.variable.json new file mode 100644 index 000000000..0a6a67398 --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/variable/esv-test.variable.json @@ -0,0 +1,13 @@ +{ + "variable": { + "esv-test": { + "_id": "esv-test", + "description": "list", + "expressionType": "list", + "lastChangeDate": "2024-11-01T21:00:21.315828Z", + "lastChangedBy": "phales@trivir.com", + "loaded": true, + "value": "a,b,c,d" + } + } +} diff --git a/test/e2e/exports/full-export-separate/global/variable/esv-trinity-phone.variable.json b/test/e2e/exports/full-export-separate/global/variable/esv-trinity-phone.variable.json new file mode 100644 index 000000000..6f34bd79c --- /dev/null +++ b/test/e2e/exports/full-export-separate/global/variable/esv-trinity-phone.variable.json @@ -0,0 +1,13 @@ +{ + "variable": { + "esv-trinity-phone": { + "_id": "esv-trinity-phone", + "description": "In the opening of The Matrix (1999), the phone number Trinity is calling from is traced to (312)-555-0690", + "expressionType": "string", + "lastChangeDate": "2024-07-05T20:01:03.141204Z", + "lastChangedBy": "Frodo-SA-1701393386423", + "loaded": true, + "value": "(312)-555-0690" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/agent/cdsso-ig-agent.agent.json b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/cdsso-ig-agent.agent.json new file mode 100644 index 000000000..c3d2bccd4 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/cdsso-ig-agent.agent.json @@ -0,0 +1,25 @@ +{ + "agent": { + "cdsso-ig-agent": { + "_id": "cdsso-ig-agent", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents" + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": null, + "igCdssoRedirectUrls": [ + "https://volker-demo.encore.forgerock.com:443/apps/hrlite/redirect", + "https://volker-demo.encore.forgerock.com/apps/hrlite/redirect", + "https://volker-demo.encore.forgerock.com:443/apps/hrlite-rest/redirect", + "https://volker-demo.encore.forgerock.com:443/apps/contractor/redirect", + "https://volker-demo.encore.forgerock.com/apps/hrlite-rest/redirect", + "https://volker-demo.encore.forgerock.com/apps/contractor/redirect" + ], + "igTokenIntrospection": "Realm_Subs", + "secretLabelIdentifier": null, + "status": "Active" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-ig-agent.agent.json b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-ig-agent.agent.json new file mode 100644 index 000000000..907f25cd2 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-ig-agent.agent.json @@ -0,0 +1,20 @@ +{ + "agent": { + "frodo-test-ig-agent": { + "_id": "frodo-test-ig-agent", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents" + }, + "agentgroup": "test_ig_group", + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo" + ], + "igTokenIntrospection": "Realm", + "secretLabelIdentifier": null, + "status": "Inactive" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-ig-agent2.agent.json b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-ig-agent2.agent.json new file mode 100644 index 000000000..d2e20a746 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-ig-agent2.agent.json @@ -0,0 +1,20 @@ +{ + "agent": { + "frodo-test-ig-agent2": { + "_id": "frodo-test-ig-agent2", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents" + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": "http://testurl.com:8080/frodo", + "igCdssoRedirectUrls": [ + "http://testurl.com:8080/frodo" + ], + "igTokenIntrospection": "Realm", + "secretLabelIdentifier": null, + "status": "Inactive" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-java-agent.agent.json b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-java-agent.agent.json new file mode 100644 index 000000000..285de1981 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-java-agent.agent.json @@ -0,0 +1,230 @@ +{ + "agent": { + "frodo-test-java-agent": { + "_id": "frodo-test-java-agent", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents" + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "" + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "" + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataPreserveMultipartLimitBytes": 104857600, + "postDataPreserveMultipartParameterLimitBytes": 104857600, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "retainPreviousOverrideBehavior": true, + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {} + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "" + ], + "conditionalLogoutUrl": [ + "" + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "" + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", + "urlPolicyEnvGetParameters": [ + "" + ], + "urlPolicyEnvJsessionParameters": [ + "" + ], + "urlPolicyEnvPostParameters": [ + "" + ] + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF" + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "" + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "" + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {} + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/" + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL" + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "secretLabelIdentifier": null, + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30 + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "" + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*" + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http" + }, + "unwantedHttpUrlParams": [ + "" + ], + "unwantedHttpUrlRegexParams": [ + "" + ], + "wantedHttpUrlParams": [ + "" + ], + "wantedHttpUrlRegexParams": [ + "" + ] + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "" + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "" + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "" + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {} + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-java-agent2.agent.json b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-java-agent2.agent.json new file mode 100644 index 000000000..c9c21ddb3 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-java-agent2.agent.json @@ -0,0 +1,230 @@ +{ + "agent": { + "frodo-test-java-agent2": { + "_id": "frodo-test-java-agent2", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents" + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "" + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "" + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataPreserveMultipartLimitBytes": 104857600, + "postDataPreserveMultipartParameterLimitBytes": 104857600, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "retainPreviousOverrideBehavior": true, + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {} + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "" + ], + "conditionalLogoutUrl": [ + "" + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "" + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", + "urlPolicyEnvGetParameters": [ + "" + ], + "urlPolicyEnvJsessionParameters": [ + "" + ], + "urlPolicyEnvPostParameters": [ + "" + ] + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF" + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "" + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "" + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {} + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "agentgroup": null, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testurl.com:8080/" + ], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL" + }, + "fqdnCheck": false, + "fqdnDefault": "testurl.com", + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "repositoryLocation": "centralized", + "secretLabelIdentifier": null, + "status": "Inactive", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30 + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "" + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": "/agent/sunwLegacySupportURI", + "legacyUserAgentList": [ + "Mozilla/4.7*" + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": { + "8080": "http" + }, + "unwantedHttpUrlParams": [ + "" + ], + "unwantedHttpUrlRegexParams": [ + "" + ], + "wantedHttpUrlParams": [ + "" + ], + "wantedHttpUrlRegexParams": [ + "" + ] + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "" + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "" + ], + "cdssoRedirectUri": "/agent/post-authn-redirect", + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "" + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {} + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-web-agent.agent.json b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-web-agent.agent.json new file mode 100644 index 000000000..664d14026 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-web-agent.agent.json @@ -0,0 +1,166 @@ +{ + "agent": { + "frodo-test-web-agent": { + "_id": "frodo-test-web-agent", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents" + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "" + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout" + ], + "applicationLogoutUrls": [ + "" + ], + "conditionalLoginUrl": [ + "" + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "" + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "" + ], + "regexConditionalLoginUrl": [ + "" + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session" + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "" + ], + "notEnforcedIpsList": [ + "" + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "" + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {} + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/" + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "secretLabelIdentifier": null, + "ssoOnlyMode": false, + "status": "Inactive", + "webSocketConnectionIntervalInMinutes": 30 + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "" + ] + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "" + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "" + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-web-agent2.agent.json b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-web-agent2.agent.json new file mode 100644 index 000000000..3d58a0991 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/frodo-test-web-agent2.agent.json @@ -0,0 +1,166 @@ +{ + "agent": { + "frodo-test-web-agent2": { + "_id": "frodo-test-web-agent2", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents" + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "" + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testserverurl.com:8080/UI/Logout" + ], + "applicationLogoutUrls": [ + "" + ], + "conditionalLoginUrl": [ + "" + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "" + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "" + ], + "regexConditionalLoginUrl": [ + "" + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session" + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "" + ], + "notEnforcedIpsList": [ + "" + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "" + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {} + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": "http://testagenturl.com:8080/amagent", + "agentgroup": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [ + "agentRootURL=http://testagenturl.com:8080/" + ], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": "testagenturl.com", + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "repositoryLocation": "centralized", + "resetIdleTime": false, + "secretLabelIdentifier": null, + "ssoOnlyMode": false, + "status": "Inactive", + "webSocketConnectionIntervalInMinutes": 30 + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "" + ] + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "" + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "" + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/agent/ig-agent.agent.json b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/ig-agent.agent.json new file mode 100644 index 000000000..eee312d2d --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/ig-agent.agent.json @@ -0,0 +1,18 @@ +{ + "agent": { + "ig-agent": { + "_id": "ig-agent", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents" + }, + "agentgroup": null, + "igCdssoLoginUrlTemplate": null, + "igCdssoRedirectUrls": [], + "igTokenIntrospection": "Realm_Subs", + "secretLabelIdentifier": null, + "status": "Active" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/agent/my-policy-agent.agent.json b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/my-policy-agent.agent.json new file mode 100644 index 000000000..373969f1c --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/my-policy-agent.agent.json @@ -0,0 +1,15 @@ +{ + "agent": { + "my-policy-agent": { + "_id": "my-policy-agent", + "_type": { + "_id": "2.2_Agent", + "collection": true, + "name": "Policy Agents" + }, + "cdssoRootUrl": [], + "description": null, + "status": "Active" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/agent/test-software-publisher.agent.json b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/test-software-publisher.agent.json new file mode 100644 index 000000000..3893f79ef --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/test-software-publisher.agent.json @@ -0,0 +1,20 @@ +{ + "agent": { + "test software publisher": { + "_id": "test software publisher", + "_type": { + "_id": "SoftwarePublisher", + "collection": true, + "name": "OAuth2 Software Publisher" + }, + "agentgroup": null, + "issuer": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "softwareStatementSigningAlgorithm": "RS256" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/agent/test.agent.json b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/test.agent.json new file mode 100644 index 000000000..0a7afb60f --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/agent/test.agent.json @@ -0,0 +1,27 @@ +{ + "agent": { + "test": { + "_id": "test", + "_type": { + "_id": "RemoteConsentAgent", + "collection": true, + "name": "OAuth2 Remote Consent Service" + }, + "agentgroup": null, + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "publicKeyLocation": "jwks_uri", + "remoteConsentRedirectUrl": null, + "remoteConsentRequestEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentRequestEncryptionEnabled": true, + "remoteConsentRequestEncryptionMethod": "A128GCM", + "remoteConsentRequestSigningAlgorithm": "RS256", + "remoteConsentResponseEncryptionAlgorithm": "RSA-OAEP-256", + "remoteConsentResponseEncryptionMethod": "A128GCM", + "remoteConsentResponseSigningAlg": "RS256", + "requestTimeLimit": 180 + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/agentGroup/test_ig_group.agentGroup.json b/test/e2e/exports/full-export-separate/realm/root-alpha/agentGroup/test_ig_group.agentGroup.json new file mode 100644 index 000000000..f449b614e --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/agentGroup/test_ig_group.agentGroup.json @@ -0,0 +1,16 @@ +{ + "agentGroup": { + "test_ig_group": { + "_id": "test_ig_group", + "_type": { + "_id": "IdentityGatewayAgent", + "collection": true, + "name": "Identity Gateway Agents" + }, + "igCdssoLoginUrlTemplate": null, + "igCdssoRedirectUrls": [], + "igTokenIntrospection": "None", + "status": "Active" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/agentGroup/test_java_group.agentGroup.json b/test/e2e/exports/full-export-separate/realm/root-alpha/agentGroup/test_java_group.agentGroup.json new file mode 100644 index 000000000..c41547def --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/agentGroup/test_java_group.agentGroup.json @@ -0,0 +1,223 @@ +{ + "agentGroup": { + "test_java_group": { + "_id": "test_java_group", + "_type": { + "_id": "J2EEAgent", + "collection": true, + "name": "J2EE Agents" + }, + "advancedJ2EEAgentConfig": { + "alternativeAgentHostname": null, + "alternativeAgentPort": null, + "alternativeAgentProtocol": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "expiredSessionCacheSize": 500, + "expiredSessionCacheTTL": 20, + "fragmentRelayUri": null, + "idleTimeRefreshWindow": 1, + "jwtCacheSize": 5000, + "jwtCacheTTL": 30, + "missingPostDataPreservationEntryUri": [ + "" + ], + "monitoringToCSV": false, + "policyCachePerUser": 50, + "policyCacheSize": 5000, + "policyClientPollingInterval": 3, + "possibleXssCodeElements": [ + "" + ], + "postDataCacheTtlMin": 5, + "postDataPreservation": false, + "postDataPreserveCacheEntryMaxEntries": 1000, + "postDataPreserveCacheEntryMaxTotalSizeMb": -1, + "postDataPreserveMultipartLimitBytes": 104857600, + "postDataPreserveMultipartParameterLimitBytes": 104857600, + "postDataStickySessionKeyValue": null, + "postDataStickySessionMode": "URL", + "retainPreviousOverrideBehavior": true, + "sessionCacheTTL": 15, + "ssoExchangeCacheSize": 100, + "ssoExchangeCacheTTL": 5, + "xssDetectionRedirectUri": {} + }, + "amServicesJ2EEAgent": { + "agentAdviceEncode": false, + "amLoginUrl": [], + "authServiceHost": "testurl.com", + "authServicePort": 8080, + "authServiceProtocol": "http", + "authSuccessRedirectUrl": false, + "conditionalLoginUrl": [ + "" + ], + "conditionalLogoutUrl": [ + "" + ], + "customLoginEnabled": false, + "legacyLoginUrlList": [ + "" + ], + "overridePolicyEvaluationRealmEnabled": false, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "policyNotifications": true, + "restrictToRealm": {}, + "strategyWhenAMUnavailable": "EVAL_NER_USE_CACHE_UNTIL_EXPIRED_ELSE_503", + "urlPolicyEnvGetParameters": [ + "" + ], + "urlPolicyEnvJsessionParameters": [ + "" + ], + "urlPolicyEnvPostParameters": [ + "" + ] + }, + "applicationJ2EEAgentConfig": { + "applicationLogoutUris": {}, + "clientIpValidationMode": { + "": "OFF" + }, + "clientIpValidationRange": {}, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "cookieAttributeMultiValueSeparator": "|", + "cookieAttributeUrlEncoded": true, + "headerAttributeDateFormat": "EEE, d MMM yyyy hh:mm:ss z", + "invertNotEnforcedIps": false, + "invertNotEnforcedUris": false, + "logoutEntryUri": {}, + "logoutIntrospection": false, + "logoutRequestParameters": {}, + "notEnforcedFavicon": true, + "notEnforcedIps": [ + "" + ], + "notEnforcedIpsCacheEnabled": true, + "notEnforcedIpsCacheSize": 1000, + "notEnforcedRuleCompoundSeparator": "|", + "notEnforcedUris": [ + "" + ], + "notEnforcedUrisCacheEnabled": true, + "notEnforcedUrisCacheSize": 1000, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "resourceAccessDeniedUri": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {} + }, + "globalJ2EEAgentConfig": { + "agentConfigChangeNotificationsEnabled": true, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [], + "configurationReloadInterval": 0, + "customResponseHeader": {}, + "debugLevel": "error", + "debugLogfilePrefix": null, + "debugLogfileRetentionCount": -1, + "debugLogfileRotationMinutes": -1, + "debugLogfileRotationSize": 52428800, + "debugLogfileSuffix": "-yyyy.MM.dd-HH.mm.ss", + "filterMode": { + "": "ALL" + }, + "fqdnCheck": false, + "fqdnDefault": null, + "fqdnMapping": {}, + "httpSessionBinding": true, + "jwtName": "am-auth-jwt", + "lbCookieEnabled": false, + "lbCookieName": "amlbcookie", + "localAuditLogRotation": false, + "localAuditLogfileRetentionCount": -1, + "localAuditRotationSize": 52428800, + "loginAttemptLimit": 0, + "loginAttemptLimitCookieName": "amFilterParam", + "preAuthCookieMaxAge": 300, + "preAuthCookieName": "amFilterCDSSORequest", + "recheckAmUnavailabilityInSeconds": 5, + "redirectAttemptLimit": 0, + "redirectAttemptLimitCookieName": "amFilterRDParam", + "status": "Active", + "userAttributeName": "employeenumber", + "userMappingMode": "USER_ID", + "userPrincipalFlag": false, + "userTokenName": "UserToken", + "webSocketConnectionIntervalInMinutes": 30 + }, + "miscJ2EEAgentConfig": { + "agent302RedirectContentType": "application/json", + "agent302RedirectEnabled": true, + "agent302RedirectHttpData": "{redirect:{requestUri:%REQUEST_URI%,requestUrl:%REQUEST_URL%,targetUrl:%TARGET%}}", + "agent302RedirectInvertEnabled": false, + "agent302RedirectNerList": [ + "" + ], + "agent302RedirectStatusCode": 200, + "authFailReasonParameterName": null, + "authFailReasonParameterRemapper": {}, + "authFailReasonUrl": null, + "gotoParameterName": "goto", + "gotoUrl": null, + "ignorePathInfo": false, + "legacyRedirectUri": null, + "legacyUserAgentList": [ + "Mozilla/4.7*" + ], + "legacyUserAgentSupport": false, + "localeCountry": "US", + "localeLanguage": "en", + "loginReasonMap": {}, + "loginReasonParameterName": null, + "portCheckEnabled": false, + "portCheckFile": "PortCheckContent.txt", + "portCheckSetting": {}, + "unwantedHttpUrlParams": [ + "" + ], + "unwantedHttpUrlRegexParams": [ + "" + ], + "wantedHttpUrlParams": [ + "" + ], + "wantedHttpUrlRegexParams": [ + "" + ] + }, + "ssoJ2EEAgentConfig": { + "acceptIPDPCookie": false, + "acceptSsoTokenDomainList": [ + "" + ], + "acceptSsoTokenEnabled": false, + "authExchangeCookieName": null, + "authExchangeUri": null, + "cdssoDomainList": [ + "" + ], + "cdssoRedirectUri": null, + "cdssoSecureCookies": false, + "cookieResetDomains": {}, + "cookieResetEnabled": false, + "cookieResetNames": [ + "" + ], + "cookieResetPaths": {}, + "encodeCookies": false, + "excludedUserAgentsList": [], + "httpOnly": true, + "setCookieAttributeMap": {}, + "setCookieInternalMap": {} + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/agentGroup/test_web_agent_group.agentGroup.json b/test/e2e/exports/full-export-separate/realm/root-alpha/agentGroup/test_web_agent_group.agentGroup.json new file mode 100644 index 000000000..c1b5d1e92 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/agentGroup/test_web_agent_group.agentGroup.json @@ -0,0 +1,161 @@ +{ + "agentGroup": { + "test_web_agent_group": { + "_id": "test_web_agent_group", + "_type": { + "_id": "WebAgent", + "collection": true, + "name": "Web Agents" + }, + "advancedWebAgentConfig": { + "apacheAuthDirectives": null, + "clientHostnameHeader": null, + "clientIpHeader": null, + "customProperties": [], + "fragmentRedirectEnabled": false, + "hostnameToIpAddress": [], + "logonAndImpersonation": false, + "overrideRequestHost": false, + "overrideRequestPort": false, + "overrideRequestProtocol": false, + "pdpJavascriptRepost": false, + "pdpSkipPostUrl": [ + "" + ], + "pdpStickySessionCookieName": null, + "pdpStickySessionMode": "OFF", + "pdpStickySessionValue": null, + "postDataCachePeriod": 10, + "postDataPreservation": false, + "replayPasswordKey": null, + "retainSessionCache": false, + "showPasswordInHeader": false + }, + "amServicesWebAgent": { + "amLoginUrl": [], + "amLogoutUrl": [ + "http://testurl.com:8080/UI/Logout" + ], + "applicationLogoutUrls": [ + "" + ], + "conditionalLoginUrl": [ + "" + ], + "customLoginMode": 0, + "enableLogoutRegex": false, + "fetchPoliciesFromRootResource": false, + "invalidateLogoutSession": true, + "logoutRedirectDisabled": false, + "logoutRedirectUrl": null, + "logoutResetCookies": [ + "" + ], + "logoutUrlRegex": null, + "policyCachePollingInterval": 3, + "policyClockSkew": 0, + "policyEvaluationApplication": "iPlanetAMWebAgentService", + "policyEvaluationRealm": "/", + "publicAmUrl": null, + "regexConditionalLoginPattern": [ + "" + ], + "regexConditionalLoginUrl": [ + "" + ], + "retrieveClientHostname": false, + "ssoCachePollingInterval": 3, + "userIdParameter": "UserToken", + "userIdParameterType": "session" + }, + "applicationWebAgentConfig": { + "attributeMultiValueSeparator": "|", + "clientIpValidation": false, + "continuousSecurityCookies": {}, + "continuousSecurityHeaders": {}, + "fetchAttributesForNotEnforcedUrls": false, + "ignorePathInfoForNotEnforcedUrls": true, + "invertNotEnforcedUrls": false, + "notEnforcedIps": [ + "" + ], + "notEnforcedIpsList": [ + "" + ], + "notEnforcedIpsRegex": false, + "notEnforcedUrls": [ + "" + ], + "notEnforcedUrlsRegex": false, + "profileAttributeFetchMode": "NONE", + "profileAttributeMap": {}, + "responseAttributeFetchMode": "NONE", + "responseAttributeMap": {}, + "sessionAttributeFetchMode": "NONE", + "sessionAttributeMap": {} + }, + "globalWebAgentConfig": { + "accessDeniedUrl": null, + "agentConfigChangeNotificationsEnabled": true, + "agentDebugLevel": "Error", + "agentUriPrefix": null, + "amLbCookieEnable": false, + "auditAccessType": "LOG_NONE", + "auditLogLocation": "REMOTE", + "cdssoRootUrl": [], + "configurationPollingInterval": 60, + "disableJwtAudit": false, + "fqdnCheck": false, + "fqdnDefault": null, + "fqdnMapping": {}, + "jwtAuditWhitelist": null, + "jwtName": "am-auth-jwt", + "notificationsEnabled": true, + "resetIdleTime": false, + "ssoOnlyMode": false, + "status": "Active", + "webSocketConnectionIntervalInMinutes": 30 + }, + "miscWebAgentConfig": { + "addCacheControlHeader": false, + "anonymousUserEnabled": false, + "anonymousUserId": "anonymous", + "caseInsensitiveUrlComparison": true, + "compositeAdviceEncode": false, + "compositeAdviceRedirect": false, + "encodeSpecialCharsInCookies": false, + "encodeUrlSpecialCharacters": false, + "gotoParameterName": "goto", + "headerJsonResponse": {}, + "ignorePathInfo": false, + "invalidUrlRegex": null, + "invertUrlJsonResponse": false, + "mineEncodeHeader": 0, + "profileAttributesCookieMaxAge": 300, + "profileAttributesCookiePrefix": "HTTP_", + "statusCodeJsonResponse": 202, + "urlJsonResponse": [ + "" + ] + }, + "ssoWebAgentConfig": { + "acceptSsoToken": false, + "cdssoCookieDomain": [ + "" + ], + "cdssoRedirectUri": "agent/cdsso-oauth2", + "cookieName": "iPlanetDirectoryPro", + "cookieResetEnabled": false, + "cookieResetList": [ + "" + ], + "cookieResetOnRedirect": false, + "httpOnly": true, + "multivaluePreAuthnCookie": false, + "persistentJwtCookie": false, + "sameSite": null, + "secureCookies": false + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/application/Azure.application.json b/test/e2e/exports/full-export-separate/realm/root-alpha/application/Azure.application.json new file mode 100644 index 000000000..22931acb6 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/application/Azure.application.json @@ -0,0 +1,282 @@ +{ + "managedApplication": { + "0f357b7e-6c54-4351-a094-43916877d7e5": { + "_id": "0f357b7e-6c54-4351-a094-43916877d7e5", + "authoritative": false, + "connectorId": "Azure", + "description": "Azure", + "icon": "", + "mappingNames": [ + "systemAzureUser_managedAlpha_user", + "managedAlpha_user_systemAzureUser", + "systemAzure__group___managedAlpha_assignment", + "systemAzureDirectoryrole_managedAlpha_assignment", + "systemAzureServiceplan_managedAlpha_assignment" + ], + "name": "Azure", + "templateName": "azure.ad", + "templateVersion": "3.3", + "uiConfig": { + "objectTypes": { + "User": { + "properties": { + "__PASSWORD__": { + "displayName": "Password", + "order": 17, + "userSpecific": true + }, + "__roles__": { + "displayName": "Roles", + "nonAccountObject": "directoryRole", + "order": 3, + "userSpecific": true + }, + "__servicePlanIds__": { + "displayName": "Service Plan Ids", + "nonAccountObject": "servicePlan", + "order": 27, + "userSpecific": true + }, + "accountEnabled": { + "displayName": "Account Enabled", + "order": 0, + "userSpecific": true + }, + "city": { + "displayName": "City", + "order": 5, + "userSpecific": true + }, + "companyName": { + "displayName": "Company Name", + "order": 4, + "userSpecific": true + }, + "country": { + "displayName": "Country", + "order": 6, + "userSpecific": true + }, + "department": { + "displayName": "Department", + "order": 7, + "userSpecific": true + }, + "displayName": { + "displayName": "Display Name", + "order": 8, + "userSpecific": true + }, + "givenName": { + "displayName": "Given Name", + "order": 9, + "userSpecific": true + }, + "jobTitle": { + "displayName": "Job Title", + "order": 11, + "userSpecific": true + }, + "mail": { + "displayName": "Mail", + "isDisplay": true, + "isMail": true, + "order": 1, + "userSpecific": true + }, + "mailNickname": { + "displayName": "Mail Nickname", + "order": 12, + "userSpecific": true + }, + "manager": { + "displayName": "Manager", + "order": 13, + "userSpecific": true + }, + "memberOf": { + "displayName": "Member Of", + "nonAccountObject": "__GROUP__", + "order": 2, + "userSpecific": true + }, + "mobilePhone": { + "displayName": "Mobile Phone", + "order": 14, + "userSpecific": true + }, + "onPremisesImmutableId": { + "displayName": "On Premises Immutable Id", + "order": 10, + "userSpecific": true + }, + "onPremisesSecurityIdentifier": { + "displayName": "On Premises Security Identifier", + "order": 15, + "userSpecific": true + }, + "otherMails": { + "displayName": "Other Mails", + "order": 16, + "userSpecific": true + }, + "postalCode": { + "displayName": "Postal Code", + "order": 18, + "userSpecific": true + }, + "preferredLanguage": { + "displayName": "Preferred Language", + "order": 19, + "userSpecific": true + }, + "proxyAddresses": { + "displayName": "Proxy Addresses", + "order": 20, + "userSpecific": true + }, + "state": { + "displayName": "State", + "order": 21, + "userSpecific": true + }, + "streetAddress": { + "displayName": "Street Address", + "order": 22, + "userSpecific": true + }, + "surname": { + "displayName": "Surname", + "order": 23, + "userSpecific": true + }, + "usageLocation": { + "displayName": "Usage Location", + "order": 24, + "userSpecific": true + }, + "userPrincipalName": { + "displayName": "User Principal Name", + "isUsername": true, + "order": 25, + "userSpecific": true + }, + "userType": { + "displayName": "User Type", + "order": 26, + "userSpecific": true + } + } + }, + "__GROUP__": { + "properties": { + "__NAME__": { + "displayName": "Name", + "order": 2, + "userSpecific": true + }, + "description": { + "displayName": "Description", + "order": 4, + "userSpecific": true + }, + "displayName": { + "displayName": "Display Name", + "order": 3, + "userSpecific": true + }, + "groupTypes": { + "displayName": "Group Types", + "order": 10, + "userSpecific": true + }, + "id": { + "displayName": "Id", + "order": 0, + "userSpecific": true + }, + "mail": { + "displayName": "Mail", + "order": 5, + "userSpecific": true + }, + "mailEnabled": { + "displayName": "Mail Enabled", + "order": 6, + "userSpecific": true + }, + "onPremisesSecurityIdentifier": { + "displayName": "On Premises Security Identifier", + "order": 7, + "userSpecific": true + }, + "proxyAddresses": { + "displayName": "Proxy Addresses", + "order": 8, + "userSpecific": true + }, + "securityEnabled": { + "displayName": "Security Enabled", + "order": 9, + "userSpecific": true + }, + "type": { + "displayName": "Type", + "order": 1, + "userSpecific": true + } + } + }, + "directoryRole": { + "properties": { + "description": { + "displayName": "description", + "order": 0, + "userSpecific": true + }, + "displayName": { + "displayName": "displayName", + "order": 1, + "userSpecific": true + } + } + }, + "servicePlan": { + "properties": { + "__NAME__": { + "displayName": "__NAME__", + "order": 5, + "userSpecific": true + }, + "appliesTo": { + "displayName": "appliesTo", + "order": 0, + "userSpecific": true + }, + "provisioningStatus": { + "displayName": "provisioningStatus", + "order": 2, + "userSpecific": true + }, + "servicePlanId": { + "displayName": "servicePlanId", + "order": 1, + "userSpecific": true + }, + "servicePlanName": { + "displayName": "servicePlanName", + "order": 4, + "userSpecific": true + }, + "subscriberSkuId": { + "displayName": "subscriberSkuId", + "order": 3, + "userSpecific": true + } + } + } + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/application/Google.application.json b/test/e2e/exports/full-export-separate/realm/root-alpha/application/Google.application.json new file mode 100644 index 000000000..0f4def2d0 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/application/Google.application.json @@ -0,0 +1,13 @@ +{ + "managedApplication": { + "2e4663b7-aed2-4521-8819-d379449d91b0": { + "_id": "2e4663b7-aed2-4521-8819-d379449d91b0", + "description": "Link to Google", + "name": "Google", + "ssoEntities": {}, + "templateName": "bookmark", + "templateVersion": "1.0", + "url": "https://www.google.com/" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/application/testLDAP.application.json b/test/e2e/exports/full-export-separate/realm/root-alpha/application/testLDAP.application.json new file mode 100644 index 000000000..627d59dc0 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/application/testLDAP.application.json @@ -0,0 +1,13 @@ +{ + "managedApplication": { + "e124e6f6-e25a-4180-a6c3-ff8b782a422c": { + "_id": "e124e6f6-e25a-4180-a6c3-ff8b782a422c", + "authoritative": true, + "description": "desc", + "icon": "", + "name": "testLDAP", + "templateName": "ldap", + "templateVersion": "2.1" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/application/testmeout.application.json b/test/e2e/exports/full-export-separate/realm/root-alpha/application/testmeout.application.json new file mode 100644 index 000000000..d8678b43a --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/application/testmeout.application.json @@ -0,0 +1,13 @@ +{ + "managedApplication": { + "bf9e7fcc-cb00-4a96-8ee5-c8de5daf10b8": { + "_id": "bf9e7fcc-cb00-4a96-8ee5-c8de5daf10b8", + "name": "testmeout", + "ssoEntities": { + "oidcId": "testmeout" + }, + "templateName": "native", + "templateVersion": "1.0" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/applicationTypes/iPlanetAMWebAgentService.applicationTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/applicationTypes/iPlanetAMWebAgentService.applicationTypes.json new file mode 100644 index 000000000..4cfb431a6 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/applicationTypes/iPlanetAMWebAgentService.applicationTypes.json @@ -0,0 +1,21 @@ +{ + "applicationTypes": { + "iPlanetAMWebAgentService": { + "_id": "iPlanetAMWebAgentService", + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true + }, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "iPlanetAMWebAgentService", + "resourceComparator": "com.sun.identity.entitlement.URLResourceName", + "saveIndex": "org.forgerock.openam.entitlement.indextree.TreeSaveIndex", + "searchIndex": "org.forgerock.openam.entitlement.indextree.TreeSearchIndex" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/applicationTypes/sunAMDelegationService.applicationTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/applicationTypes/sunAMDelegationService.applicationTypes.json new file mode 100644 index 000000000..81983ac8d --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/applicationTypes/sunAMDelegationService.applicationTypes.json @@ -0,0 +1,17 @@ +{ + "applicationTypes": { + "sunAMDelegationService": { + "_id": "sunAMDelegationService", + "actions": { + "DELEGATE": true, + "MODIFY": true, + "READ": true + }, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "sunAMDelegationService", + "resourceComparator": "com.sun.identity.entitlement.RegExResourceName", + "saveIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameIndexGenerator", + "searchIndex": "com.sun.identity.entitlement.opensso.DelegationResourceNameSplitter" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/applicationTypes/umaApplicationType.applicationTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/applicationTypes/umaApplicationType.applicationTypes.json new file mode 100644 index 000000000..fc804fd08 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/applicationTypes/umaApplicationType.applicationTypes.json @@ -0,0 +1,13 @@ +{ + "applicationTypes": { + "umaApplicationType": { + "_id": "umaApplicationType", + "actions": {}, + "applicationClassName": "com.sun.identity.entitlement.Application", + "name": "umaApplicationType", + "resourceComparator": "org.forgerock.openam.uma.UmaPolicyResourceMatcher", + "saveIndex": "org.forgerock.openam.uma.UmaPolicySaveIndex", + "searchIndex": "org.forgerock.openam.uma.UmaPolicySearchIndex" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/authentication/root-alpha.authentication.settings.json b/test/e2e/exports/full-export-separate/realm/root-alpha/authentication/root-alpha.authentication.settings.json new file mode 100644 index 000000000..ef0ba45c9 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/authentication/root-alpha.authentication.settings.json @@ -0,0 +1,70 @@ +{ + "authentication": { + "_id": "", + "_type": { + "_id": "EMPTY", + "collection": false, + "name": "Core" + }, + "accountlockout": { + "lockoutDuration": 0, + "lockoutDurationMultiplier": 1, + "lockoutWarnUserCount": 0, + "loginFailureCount": 5, + "loginFailureDuration": 300, + "loginFailureLockoutMode": false, + "storeInvalidAttemptsInDataStore": true + }, + "core": { + "adminAuthModule": "Login", + "orgConfig": "Login" + }, + "general": { + "defaultAuthLevel": 0, + "externalLoginPageUrl": "https://volker-demo.encore.forgerock.com/demo/webapp/en/home/redirect", + "identityType": [ + "agent", + "user" + ], + "locale": "en_US", + "statelessSessionsEnabled": false, + "twoFactorRequired": false, + "userStatusCallbackPlugins": [] + }, + "postauthprocess": { + "loginFailureUrl": [], + "loginPostProcessClass": [], + "loginSuccessUrl": [ + "/enduser/?realm=/alpha" + ], + "userAttributeSessionMapping": [], + "usernameGeneratorClass": "com.sun.identity.authentication.spi.DefaultUserIDGenerator", + "usernameGeneratorEnabled": true + }, + "security": { + "addClearSiteDataHeader": true, + "keyAlias": "test", + "moduleBasedAuthEnabled": false, + "sharedSecret": { + "$string": "&{am.authentication.shared.secret}" + }, + "zeroPageLoginAllowedWithoutReferrer": true, + "zeroPageLoginEnabled": false, + "zeroPageLoginReferrerWhiteList": [] + }, + "trees": { + "authenticationSessionsMaxDuration": 5, + "authenticationSessionsStateManagement": "JWT", + "authenticationSessionsWhitelist": false, + "authenticationTreeCookieHttpOnly": true, + "suspendedAuthenticationTimeout": 1440 + }, + "userprofile": { + "aliasAttributeName": [ + "uid" + ], + "defaultRole": [], + "dynamicProfileCreation": "false" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/amster.authenticationModules.json b/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/amster.authenticationModules.json new file mode 100644 index 000000000..1ad59cb90 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/amster.authenticationModules.json @@ -0,0 +1,15 @@ +{ + "authenticationModules": { + "amster": { + "_id": "amster", + "_type": { + "_id": "amster", + "collection": true, + "name": "ForgeRock Amster" + }, + "authenticationLevel": 0, + "authorizedKeys": "/home/forgerock/openam/security/keys/amster/authorized_keys", + "enabled": true + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/datastore.authenticationModules.json b/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/datastore.authenticationModules.json new file mode 100644 index 000000000..d7e97d61f --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/datastore.authenticationModules.json @@ -0,0 +1,13 @@ +{ + "authenticationModules": { + "datastore": { + "_id": "datastore", + "_type": { + "_id": "datastore", + "collection": true, + "name": "Data Store" + }, + "authenticationLevel": 0 + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/federation.authenticationModules.json b/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/federation.authenticationModules.json new file mode 100644 index 000000000..57bce1d99 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/federation.authenticationModules.json @@ -0,0 +1,13 @@ +{ + "authenticationModules": { + "federation": { + "_id": "federation", + "_type": { + "_id": "federation", + "collection": true, + "name": "Federation" + }, + "authenticationLevel": 0 + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/hotp.authenticationModules.json b/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/hotp.authenticationModules.json new file mode 100644 index 000000000..f432ebff2 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/hotp.authenticationModules.json @@ -0,0 +1,27 @@ +{ + "authenticationModules": { + "hotp": { + "_id": "hotp", + "_type": { + "_id": "hotp", + "collection": true, + "name": "HOTP" + }, + "authenticationLevel": 0, + "autoSendOTP": false, + "otpDeliveryMethod": "SMS and E-mail", + "otpLength": "8", + "otpMaxRetry": 3, + "otpValidityDuration": 5, + "smsGatewayClass": "com.sun.identity.authentication.modules.hotp.DefaultSMSGatewayImpl", + "smtpFromAddress": "no-reply@openam.org", + "smtpHostPort": 465, + "smtpHostname": "smtp.gmail.com", + "smtpSslEnabled": "SSL", + "smtpUserPassword": null, + "smtpUsername": "opensso.sun", + "userProfileEmailAttribute": "mail", + "userProfileTelephoneAttribute": "telephoneNumber" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/ldap.authenticationModules.json b/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/ldap.authenticationModules.json new file mode 100644 index 000000000..5fe2df90b --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/ldap.authenticationModules.json @@ -0,0 +1,39 @@ +{ + "authenticationModules": { + "ldap": { + "_id": "ldap", + "_type": { + "_id": "ldap", + "collection": true, + "name": "LDAP" + }, + "authenticationLevel": 0, + "beheraPasswordPolicySupportEnabled": true, + "connectionHeartbeatInterval": 10, + "connectionHeartbeatTimeUnit": "SECONDS", + "minimumPasswordLength": "8", + "openam-auth-ldap-connection-mode": "LDAP", + "operationTimeout": 0, + "primaryLdapServer": [ + "userstore-1.userstore:1389", + "userstore-0.userstore:1389", + "userstore-2.userstore:1389" + ], + "profileAttributeMappings": [], + "returnUserDN": true, + "searchScope": "SUBTREE", + "secondaryLdapServer": [], + "stopLdapbindAfterInmemoryLockedEnabled": false, + "trustAllServerCertificates": false, + "userBindDN": "uid=admin", + "userBindPassword": null, + "userProfileRetrievalAttribute": "uid", + "userSearchAttributes": [ + "uid" + ], + "userSearchStartDN": [ + "ou=identities" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/oath.authenticationModules.json b/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/oath.authenticationModules.json new file mode 100644 index 000000000..e12d27857 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/oath.authenticationModules.json @@ -0,0 +1,24 @@ +{ + "authenticationModules": { + "oath": { + "_id": "oath", + "_type": { + "_id": "oath", + "collection": true, + "name": "OATH" + }, + "addChecksum": "False", + "authenticationLevel": 0, + "forgerock-oath-maximum-clock-drift": 0, + "forgerock-oath-sharedsecret-implementation-class": "org.forgerock.openam.authentication.modules.oath.plugins.DefaultSharedSecretProvider", + "hotpWindowSize": 100, + "minimumSecretKeyLength": "32", + "oathAlgorithm": "HOTP", + "oathOtpMaxRetry": 3, + "passwordLength": "6", + "stepsInWindow": 2, + "timeStepSize": 30, + "truncationOffset": -1 + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/sae.authenticationModules.json b/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/sae.authenticationModules.json new file mode 100644 index 000000000..fe57fd499 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/authenticationModules/sae.authenticationModules.json @@ -0,0 +1,13 @@ +{ + "authenticationModules": { + "sae": { + "_id": "sae", + "_type": { + "_id": "sae", + "collection": true, + "name": "SAE" + }, + "authenticationLevel": 0 + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AMIdentityMembership.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AMIdentityMembership.conditionTypes.json new file mode 100644 index 000000000..42eea5a6a --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AMIdentityMembership.conditionTypes.json @@ -0,0 +1,20 @@ +{ + "conditionTypes": { + "AMIdentityMembership": { + "_id": "AMIdentityMembership", + "config": { + "properties": { + "amIdentityName": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "logical": false, + "title": "AMIdentityMembership" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AND.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AND.conditionTypes.json new file mode 100644 index 000000000..21b4be2bd --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AND.conditionTypes.json @@ -0,0 +1,17 @@ +{ + "conditionTypes": { + "AND": { + "_id": "AND", + "config": { + "properties": { + "conditions": { + "type": "array" + } + }, + "type": "object" + }, + "logical": true, + "title": "AND" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AuthLevel.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AuthLevel.conditionTypes.json new file mode 100644 index 000000000..adfe33c7b --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AuthLevel.conditionTypes.json @@ -0,0 +1,17 @@ +{ + "conditionTypes": { + "AuthLevel": { + "_id": "AuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer" + } + }, + "type": "object" + }, + "logical": false, + "title": "AuthLevel" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AuthScheme.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AuthScheme.conditionTypes.json new file mode 100644 index 000000000..95ac511fa --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AuthScheme.conditionTypes.json @@ -0,0 +1,26 @@ +{ + "conditionTypes": { + "AuthScheme": { + "_id": "AuthScheme", + "config": { + "properties": { + "applicationIdleTimeout": { + "type": "integer" + }, + "applicationName": { + "type": "string" + }, + "authScheme": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "logical": false, + "title": "AuthScheme" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AuthenticateToRealm.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AuthenticateToRealm.conditionTypes.json new file mode 100644 index 000000000..ebf57539b --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AuthenticateToRealm.conditionTypes.json @@ -0,0 +1,17 @@ +{ + "conditionTypes": { + "AuthenticateToRealm": { + "_id": "AuthenticateToRealm", + "config": { + "properties": { + "authenticateToRealm": { + "type": "string" + } + }, + "type": "object" + }, + "logical": false, + "title": "AuthenticateToRealm" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AuthenticateToService.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AuthenticateToService.conditionTypes.json new file mode 100644 index 000000000..3b090d061 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/AuthenticateToService.conditionTypes.json @@ -0,0 +1,17 @@ +{ + "conditionTypes": { + "AuthenticateToService": { + "_id": "AuthenticateToService", + "config": { + "properties": { + "authenticateToService": { + "type": "string" + } + }, + "type": "object" + }, + "logical": false, + "title": "AuthenticateToService" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/IPv4.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/IPv4.conditionTypes.json new file mode 100644 index 000000000..390432856 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/IPv4.conditionTypes.json @@ -0,0 +1,26 @@ +{ + "conditionTypes": { + "IPv4": { + "_id": "IPv4", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string" + }, + "type": "array" + }, + "endIp": { + "type": "string" + }, + "startIp": { + "type": "string" + } + }, + "type": "object" + }, + "logical": false, + "title": "IPv4" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/IPv6.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/IPv6.conditionTypes.json new file mode 100644 index 000000000..a2d115225 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/IPv6.conditionTypes.json @@ -0,0 +1,26 @@ +{ + "conditionTypes": { + "IPv6": { + "_id": "IPv6", + "config": { + "properties": { + "dnsName": { + "items": { + "type": "string" + }, + "type": "array" + }, + "endIp": { + "type": "string" + }, + "startIp": { + "type": "string" + } + }, + "type": "object" + }, + "logical": false, + "title": "IPv6" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/LDAPFilter.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/LDAPFilter.conditionTypes.json new file mode 100644 index 000000000..3e4927c34 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/LDAPFilter.conditionTypes.json @@ -0,0 +1,17 @@ +{ + "conditionTypes": { + "LDAPFilter": { + "_id": "LDAPFilter", + "config": { + "properties": { + "ldapFilter": { + "type": "string" + } + }, + "type": "object" + }, + "logical": false, + "title": "LDAPFilter" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/LEAuthLevel.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/LEAuthLevel.conditionTypes.json new file mode 100644 index 000000000..0ecb0a436 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/LEAuthLevel.conditionTypes.json @@ -0,0 +1,17 @@ +{ + "conditionTypes": { + "LEAuthLevel": { + "_id": "LEAuthLevel", + "config": { + "properties": { + "authLevel": { + "type": "integer" + } + }, + "type": "object" + }, + "logical": false, + "title": "LEAuthLevel" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/NOT.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/NOT.conditionTypes.json new file mode 100644 index 000000000..b590ce0fd --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/NOT.conditionTypes.json @@ -0,0 +1,18 @@ +{ + "conditionTypes": { + "NOT": { + "_id": "NOT", + "config": { + "properties": { + "condition": { + "properties": {}, + "type": "object" + } + }, + "type": "object" + }, + "logical": true, + "title": "NOT" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/OAuth2Scope.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/OAuth2Scope.conditionTypes.json new file mode 100644 index 000000000..3ca68fdef --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/OAuth2Scope.conditionTypes.json @@ -0,0 +1,20 @@ +{ + "conditionTypes": { + "OAuth2Scope": { + "_id": "OAuth2Scope", + "config": { + "properties": { + "requiredScopes": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "logical": false, + "title": "OAuth2Scope" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/OR.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/OR.conditionTypes.json new file mode 100644 index 000000000..e695c3884 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/OR.conditionTypes.json @@ -0,0 +1,17 @@ +{ + "conditionTypes": { + "OR": { + "_id": "OR", + "config": { + "properties": { + "conditions": { + "type": "array" + } + }, + "type": "object" + }, + "logical": true, + "title": "OR" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/Policy.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/Policy.conditionTypes.json new file mode 100644 index 000000000..abae26163 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/Policy.conditionTypes.json @@ -0,0 +1,20 @@ +{ + "conditionTypes": { + "Policy": { + "_id": "Policy", + "config": { + "properties": { + "className": { + "type": "string" + }, + "properties": { + "type": "object" + } + }, + "type": "object" + }, + "logical": false, + "title": "Policy" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/ResourceEnvIP.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/ResourceEnvIP.conditionTypes.json new file mode 100644 index 000000000..cf397d375 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/ResourceEnvIP.conditionTypes.json @@ -0,0 +1,20 @@ +{ + "conditionTypes": { + "ResourceEnvIP": { + "_id": "ResourceEnvIP", + "config": { + "properties": { + "resourceEnvIPConditionValue": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "logical": false, + "title": "ResourceEnvIP" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/Script.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/Script.conditionTypes.json new file mode 100644 index 000000000..a761e9268 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/Script.conditionTypes.json @@ -0,0 +1,17 @@ +{ + "conditionTypes": { + "Script": { + "_id": "Script", + "config": { + "properties": { + "scriptId": { + "type": "string" + } + }, + "type": "object" + }, + "logical": false, + "title": "Script" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/Session.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/Session.conditionTypes.json new file mode 100644 index 000000000..e252719d8 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/Session.conditionTypes.json @@ -0,0 +1,21 @@ +{ + "conditionTypes": { + "Session": { + "_id": "Session", + "config": { + "properties": { + "maxSessionTime": { + "type": "integer" + }, + "terminateSession": { + "required": true, + "type": "boolean" + } + }, + "type": "object" + }, + "logical": false, + "title": "Session" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/SessionProperty.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/SessionProperty.conditionTypes.json new file mode 100644 index 000000000..21751a42e --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/SessionProperty.conditionTypes.json @@ -0,0 +1,21 @@ +{ + "conditionTypes": { + "SessionProperty": { + "_id": "SessionProperty", + "config": { + "properties": { + "ignoreValueCase": { + "required": true, + "type": "boolean" + }, + "properties": { + "type": "object" + } + }, + "type": "object" + }, + "logical": false, + "title": "SessionProperty" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/SimpleTime.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/SimpleTime.conditionTypes.json new file mode 100644 index 000000000..6290d3337 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/SimpleTime.conditionTypes.json @@ -0,0 +1,35 @@ +{ + "conditionTypes": { + "SimpleTime": { + "_id": "SimpleTime", + "config": { + "properties": { + "endDate": { + "type": "string" + }, + "endDay": { + "type": "string" + }, + "endTime": { + "type": "string" + }, + "enforcementTimeZone": { + "type": "string" + }, + "startDate": { + "type": "string" + }, + "startDay": { + "type": "string" + }, + "startTime": { + "type": "string" + } + }, + "type": "object" + }, + "logical": false, + "title": "SimpleTime" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/Transaction.conditionTypes.json b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/Transaction.conditionTypes.json new file mode 100644 index 000000000..4a269b680 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/conditionTypes/Transaction.conditionTypes.json @@ -0,0 +1,27 @@ +{ + "conditionTypes": { + "Transaction": { + "_id": "Transaction", + "config": { + "properties": { + "authenticationStrategy": { + "enum": [ + "AuthenticateToServiceConditionAdvice", + "AuthenticateToRealmConditionAdvice", + "AuthenticateToTreeConditionAdvice", + "AuthSchemeConditionAdvice", + "AuthLevelConditionAdvice" + ], + "type": "string" + }, + "strategySpecifier": { + "type": "string" + } + }, + "type": "object" + }, + "logical": false, + "title": "Transaction" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/cot/2f04818d-561e-4f8a-82e8-af2426112138.cot.saml.json b/test/e2e/exports/full-export-separate/realm/root-alpha/cot/2f04818d-561e-4f8a-82e8-af2426112138.cot.saml.json new file mode 100644 index 000000000..bd684c706 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/cot/2f04818d-561e-4f8a-82e8-af2426112138.cot.saml.json @@ -0,0 +1,22 @@ +{ + "saml": { + "cot": { + "2f04818d-561e-4f8a-82e8-af2426112138": { + "_id": "2f04818d-561e-4f8a-82e8-af2426112138", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust" + }, + "status": "active", + "trustedProviders": [ + "benefits-IDP|saml2", + "iSPAzure|saml2" + ] + } + }, + "hosted": {}, + "metadata": {}, + "remote": {} + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/cot/AzureCOT.cot.saml.json b/test/e2e/exports/full-export-separate/realm/root-alpha/cot/AzureCOT.cot.saml.json new file mode 100644 index 000000000..fde293721 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/cot/AzureCOT.cot.saml.json @@ -0,0 +1,25 @@ +{ + "saml": { + "cot": { + "AzureCOT": { + "_id": "AzureCOT", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust" + }, + "status": "active", + "trustedProviders": [ + "iSPAzure|saml2", + "urn:federation:MicrosoftOnline|saml2", + "https://sts.windows.net/711ffa9c-5972-4713-ace3-688c9732614a/|saml2", + "SPAzure|saml2", + "https://idc.scheuber.io/am/saml2/IDPAzure|saml2" + ] + } + }, + "hosted": {}, + "metadata": {}, + "remote": {} + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/cot/affiliation-test.cot.saml.json b/test/e2e/exports/full-export-separate/realm/root-alpha/cot/affiliation-test.cot.saml.json new file mode 100644 index 000000000..4aac2eb9d --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/cot/affiliation-test.cot.saml.json @@ -0,0 +1,19 @@ +{ + "saml": { + "cot": { + "affiliation-test": { + "_id": "affiliation-test", + "_type": { + "_id": "circlesoftrust", + "collection": true, + "name": "Circle of Trust" + }, + "status": "active", + "trustedProviders": [] + } + }, + "hosted": {}, + "metadata": {}, + "remote": {} + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/decisionCombiners/DenyOverride.decisionCombiners.json b/test/e2e/exports/full-export-separate/realm/root-alpha/decisionCombiners/DenyOverride.decisionCombiners.json new file mode 100644 index 000000000..a83167550 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/decisionCombiners/DenyOverride.decisionCombiners.json @@ -0,0 +1,8 @@ +{ + "decisionCombiners": { + "DenyOverride": { + "_id": "DenyOverride", + "title": "DenyOverride" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/idp/adfs.idp.json b/test/e2e/exports/full-export-separate/realm/root-alpha/idp/adfs.idp.json new file mode 100644 index 000000000..dab490208 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/idp/adfs.idp.json @@ -0,0 +1,54 @@ +{ + "idp": { + "adfs": { + "_id": "adfs", + "_type": { + "_id": "oidcConfig", + "collection": true, + "name": "Client configuration for providers that implement the OpenID Connect specification." + }, + "acrValues": [], + "authenticationIdKey": "sub", + "authorizationEndpoint": "https://adfs.mytestrun.com/adfs/oauth2/authorize", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "aa9a179e-cdba-4db8-8477-3d1069d5ec04", + "enableNativeNonce": true, + "enabled": true, + "encryptJwtRequestParameter": false, + "encryptedIdTokens": false, + "issuer": "https://adfs.mytestrun.com/adfs", + "issuerComparisonCheckType": "EXACT", + "jwksUriEndpoint": "https://adfs.mytestrun.com/adfs/discovery/keys", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtRequestParameterOption": "NONE", + "jwtSigningAlgorithm": "RS256", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectURI": "https://idc.scheuber.io/login", + "responseMode": "DEFAULT", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "openid", + "profile", + "email" + ], + "tokenEndpoint": "https://adfs.mytestrun.com/adfs/oauth2/token", + "transform": "dbe0bf9a-72aa-49d5-8483-9db147985a47", + "uiConfig": { + "buttonClass": "", + "buttonCustomStyle": "background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;", + "buttonCustomStyleHover": "background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;", + "buttonDisplayName": "Microsoft ADFS", + "buttonImage": "/login/images/microsoft-logo.png", + "iconBackground": "#0078d7", + "iconClass": "fa-windows", + "iconFontColor": "white" + }, + "useCustomTrustStore": false, + "userInfoResponseType": "JSON", + "wellKnownEndpoint": "https://adfs.mytestrun.com/adfs/.well-known/openid-configuration" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/idp/apple-stoyan.idp.json b/test/e2e/exports/full-export-separate/realm/root-alpha/idp/apple-stoyan.idp.json new file mode 100644 index 000000000..ff0292bb2 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/idp/apple-stoyan.idp.json @@ -0,0 +1,55 @@ +{ + "idp": { + "apple-stoyan": { + "_id": "apple-stoyan", + "_type": { + "_id": "appleConfig", + "collection": true, + "name": "Client configuration for Apple." + }, + "acrValues": [], + "authenticationIdKey": "sub", + "authorizationEndpoint": "https://appleid.apple.com/auth/authorize", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "CHANGE ME", + "enableNativeNonce": true, + "enabled": false, + "encryptJwtRequestParameter": false, + "encryptedIdTokens": false, + "issuer": "https://appleid.apple.com", + "issuerComparisonCheckType": "EXACT", + "jwksUriEndpoint": "https://appleid.apple.com/auth/keys", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtRequestParameterOption": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectAfterFormPostURI": "https://openam-volker-dev.forgeblocks.com/login", + "redirectURI": "https://openam-volker-dev.forgeblocks.com/am/oauth2/alpha/client/form_post/apple-stoyan", + "requestNativeAppForUserInfo": false, + "responseMode": "FORM_POST", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "name", + "email" + ], + "tokenEndpoint": "https://appleid.apple.com/auth/token", + "transform": "484e6246-dbc6-4288-97e6-54e55431402e", + "uiConfig": { + "buttonClass": "", + "buttonCustomStyle": "background-color: #000000; color: #ffffff; border-color: #000000;", + "buttonCustomStyleHover": "background-color: #000000; color: #ffffff; border-color: #000000;", + "buttonDisplayName": "Apple", + "buttonImage": "/login/images/apple-logo.png", + "iconBackground": "#000000", + "iconClass": "fa-apple", + "iconFontColor": "white" + }, + "useCustomTrustStore": false, + "userInfoResponseType": "JSON", + "wellKnownEndpoint": "https://appleid.apple.com/.well-known/openid-configuration" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/idp/apple_web.idp.json b/test/e2e/exports/full-export-separate/realm/root-alpha/idp/apple_web.idp.json new file mode 100644 index 000000000..52404e6b6 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/idp/apple_web.idp.json @@ -0,0 +1,55 @@ +{ + "idp": { + "apple_web": { + "_id": "apple_web", + "_type": { + "_id": "appleConfig", + "collection": true, + "name": "Client configuration for Apple." + }, + "acrValues": [], + "authenticationIdKey": "sub", + "authorizationEndpoint": "https://appleid.apple.com/auth/authorize", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "io.scheuber.idc.signinWithApple.service", + "enableNativeNonce": true, + "enabled": true, + "encryptJwtRequestParameter": false, + "encryptedIdTokens": false, + "issuer": "https://appleid.apple.com", + "issuerComparisonCheckType": "EXACT", + "jwksUriEndpoint": "https://appleid.apple.com/auth/keys", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtRequestParameterOption": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectAfterFormPostURI": "https://idc.scheuber.io/login", + "redirectURI": "https://idc.scheuber.io/am/oauth2/client/form_post/apple_web", + "requestNativeAppForUserInfo": false, + "responseMode": "FORM_POST", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "name", + "email" + ], + "tokenEndpoint": "https://appleid.apple.com/auth/token", + "transform": "484e6246-dbc6-4288-97e6-54e55431402e", + "uiConfig": { + "buttonClass": "", + "buttonCustomStyle": "background-color: #000000; color: #ffffff; border-color: #000000;", + "buttonCustomStyleHover": "background-color: #000000; color: #ffffff; border-color: #000000;", + "buttonDisplayName": "Apple", + "buttonImage": "/login/images/apple-logo.png", + "iconBackground": "#000000", + "iconClass": "fa-apple", + "iconFontColor": "white" + }, + "useCustomTrustStore": false, + "userInfoResponseType": "JSON", + "wellKnownEndpoint": "https://appleid.apple.com/.well-known/openid-configuration" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/idp/azure.idp.json b/test/e2e/exports/full-export-separate/realm/root-alpha/idp/azure.idp.json new file mode 100644 index 000000000..48e2d4372 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/idp/azure.idp.json @@ -0,0 +1,45 @@ +{ + "idp": { + "azure": { + "_id": "azure", + "_type": { + "_id": "microsoftConfig", + "collection": true, + "name": "Client configuration for Microsoft." + }, + "authenticationIdKey": "id", + "authorizationEndpoint": "https://login.microsoftonline.com/711ffa9c-5972-4713-ace3-688c9732614a/oauth2/v2.0/authorize", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "c42a3dc8-f276-496b-a722-269f131cc21c", + "enabled": true, + "issuerComparisonCheckType": "EXACT", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectURI": "https://idc.scheuber.io/login", + "responseMode": "DEFAULT", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "User.Read", + "openid" + ], + "tokenEndpoint": "https://login.microsoftonline.com/711ffa9c-5972-4713-ace3-688c9732614a/oauth2/v2.0/token", + "transform": "73cecbfc-dad0-4395-be6a-6858ee3a80e5", + "uiConfig": { + "buttonClass": "", + "buttonCustomStyle": "background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;", + "buttonCustomStyleHover": "background-color: #fff; border-color: #8b8b8b; color: #8b8b8b;", + "buttonDisplayName": "Microsoft Azure", + "buttonImage": "/login/images/microsoft-logo.png", + "iconBackground": "#0078d7", + "iconClass": "fa-windows", + "iconFontColor": "white" + }, + "useCustomTrustStore": false, + "userInfoEndpoint": "https://graph.microsoft.com/v1.0/me" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/idp/github.idp.json b/test/e2e/exports/full-export-separate/realm/root-alpha/idp/github.idp.json new file mode 100644 index 000000000..13b814343 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/idp/github.idp.json @@ -0,0 +1,42 @@ +{ + "idp": { + "github": { + "_id": "github", + "_type": { + "_id": "oauth2Config", + "collection": true, + "name": "Client configuration for providers that implement the OAuth2 specification." + }, + "authenticationIdKey": "id", + "authorizationEndpoint": "https://github.com/login/oauth/authorize", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "bdae6d141d4dcf95a630", + "enabled": true, + "issuerComparisonCheckType": "EXACT", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectURI": "https://idc.scheuber.io/login", + "responseMode": "DEFAULT", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "user" + ], + "tokenEndpoint": "https://ig.mytestrun.com/login/oauth/access_token", + "transform": "23143919-6b78-40c3-b25e-beca19b229e0", + "uiConfig": { + "buttonCustomStyle": "background-color: #fff; color: #757575; border-color: #ddd;", + "buttonCustomStyleHover": "color: #6d6d6d; background-color: #eee; border-color: #ccc;", + "buttonDisplayName": "GitHub", + "buttonImage": "https://cdn-icons-png.flaticon.com/512/25/25231.png", + "iconBackground": "#4184f3", + "iconFontColor": "white" + }, + "useCustomTrustStore": false, + "userInfoEndpoint": "https://ig.mytestrun.com/user" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/idp/google.idp.json b/test/e2e/exports/full-export-separate/realm/root-alpha/idp/google.idp.json new file mode 100644 index 000000000..80cd28170 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/idp/google.idp.json @@ -0,0 +1,54 @@ +{ + "idp": { + "google": { + "_id": "google", + "_type": { + "_id": "googleConfig", + "collection": true, + "name": "Client configuration for Google." + }, + "acrValues": [], + "authenticationIdKey": "sub", + "authorizationEndpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "297338177925-mho17cgnm540s2gre8h27feb6sbs1msd.apps.googleusercontent.com", + "enableNativeNonce": true, + "enabled": true, + "encryptJwtRequestParameter": false, + "encryptedIdTokens": false, + "issuer": "https://accounts.google.com", + "issuerComparisonCheckType": "EXACT", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtRequestParameterOption": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectURI": "https://idc.scheuber.io/login", + "responseMode": "DEFAULT", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "openid", + "profile", + "email" + ], + "tokenEndpoint": "https://www.googleapis.com/oauth2/v4/token", + "transform": "58d29080-4563-480b-89bb-1e7719776a21", + "uiConfig": { + "buttonClass": "", + "buttonCustomStyle": "background-color: #fff; color: #757575; border-color: #ddd;", + "buttonCustomStyleHover": "color: #6d6d6d; background-color: #eee; border-color: #ccc;", + "buttonDisplayName": "Google", + "buttonImage": "images/g-logo.png", + "iconBackground": "#4184f3", + "iconClass": "fa-google", + "iconFontColor": "white" + }, + "useCustomTrustStore": false, + "userInfoEndpoint": "https://www.googleapis.com/oauth2/v3/userinfo", + "userInfoResponseType": "JSON", + "wellKnownEndpoint": "https://accounts.google.com/.well-known/openid-configuration" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/idp/okta-trial-5735851.idp.json b/test/e2e/exports/full-export-separate/realm/root-alpha/idp/okta-trial-5735851.idp.json new file mode 100644 index 000000000..10527282f --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/idp/okta-trial-5735851.idp.json @@ -0,0 +1,47 @@ +{ + "idp": { + "okta-trial-5735851": { + "_id": "okta-trial-5735851", + "_type": { + "_id": "oidcConfig", + "collection": true, + "name": "Client configuration for providers that implement the OpenID Connect specification." + }, + "acrValues": [], + "authenticationIdKey": "id", + "authorizationEndpoint": "https://trial-5735851.okta.com/oauth2/v1/authorize", + "clientAuthenticationMethod": "CLIENT_SECRET_POST", + "clientId": "0oa13r2cp29Rynmyw697", + "enableNativeNonce": true, + "enabled": true, + "encryptJwtRequestParameter": false, + "encryptedIdTokens": false, + "issuer": "https://trial-5735851.okta.com", + "issuerComparisonCheckType": "EXACT", + "jwtEncryptionAlgorithm": "NONE", + "jwtEncryptionMethod": "NONE", + "jwtRequestParameterOption": "NONE", + "jwtSigningAlgorithm": "NONE", + "pkceMethod": "S256", + "privateKeyJwtExpTime": 600, + "redirectURI": "https://idc.scheuber.io/login", + "responseMode": "DEFAULT", + "revocationCheckOptions": [], + "scopeDelimiter": " ", + "scopes": [ + "openid", + "profile", + "email" + ], + "tokenEndpoint": "https://trial-5735851.okta.com/oauth2/v1/token", + "transform": "6325cf19-a49b-471e-8d26-7e4df76df0e2", + "uiConfig": { + "buttonDisplayName": "Okta" + }, + "useCustomTrustStore": false, + "userInfoEndpoint": "https://trial-5735851.okta.com/oauth2/v1/userinfo", + "userInfoResponseType": "JSON", + "wellKnownEndpoint": "https://trial-5735851.okta.com/.well-known/openid-configuration" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/ForgottenUsername.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/ForgottenUsername.journey.json new file mode 100644 index 000000000..17f2ed102 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/ForgottenUsername.journey.json @@ -0,0 +1,189 @@ +{ + "trees": { + "ForgottenUsername": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "9f1e8d94-4922-481b-9e14-212b66548900": { + "_id": "9f1e8d94-4922-481b-9e14-212b66548900", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector" + }, + "attributesToCollect": [ + "mail" + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false + } + }, + "nodes": { + "5e2a7c95-94af-4b23-8724-deb13853726a": { + "_id": "5e2a7c95-94af-4b23-8724-deb13853726a", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node" + }, + "nodes": [ + { + "_id": "9f1e8d94-4922-481b-9e14-212b66548900", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode" + } + ], + "pageDescription": { + "en": "Enter your email address or Sign in" + }, + "pageHeader": { + "en": "Forgotten Username" + } + }, + "b93ce36e-1976-4610-b24f-8d6760b5463b": { + "_id": "b93ce36e-1976-4610-b24f-8d6760b5463b", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator" + }, + "tree": "Login" + }, + "bf9ea8d5-9802-4f26-9664-a21840faac23": { + "_id": "bf9ea8d5-9802-4f26-9664-a21840faac23", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User" + }, + "identifier": "userName", + "identityAttribute": "mail" + }, + "d9a79f01-2ce3-4be2-a28a-975f35c3c8ca": { + "_id": "d9a79f01-2ce3-4be2-a28a-975f35c3c8ca", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node" + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed." + }, + "emailTemplateName": "forgottenUsername", + "identityAttribute": "mail", + "objectLookup": true + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "ForgottenUsername", + "description": "Forgotten Username Tree", + "enabled": true, + "entryNodeId": "5e2a7c95-94af-4b23-8724-deb13853726a", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "5e2a7c95-94af-4b23-8724-deb13853726a": { + "connections": { + "outcome": "bf9ea8d5-9802-4f26-9664-a21840faac23" + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 0, + "y": 0 + }, + "b93ce36e-1976-4610-b24f-8d6760b5463b": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0" + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + "x": 0, + "y": 0 + }, + "bf9ea8d5-9802-4f26-9664-a21840faac23": { + "connections": { + "false": "d9a79f01-2ce3-4be2-a28a-975f35c3c8ca", + "true": "d9a79f01-2ce3-4be2-a28a-975f35c3c8ca" + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + "x": 0, + "y": 0 + }, + "d9a79f01-2ce3-4be2-a28a-975f35c3c8ca": { + "connections": { + "outcome": "b93ce36e-1976-4610-b24f-8d6760b5463b" + }, + "displayName": "Email Suspend Node", + "nodeType": "EmailSuspendNode", + "x": 0, + "y": 0 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 970, + "y": 149 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 982, + "y": 252 + }, + "startNode": { + "x": 50, + "y": 25 + } + }, + "uiConfig": { + "categories": "[\"Username Reset\"]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/FrodoTest.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/FrodoTest.journey.json new file mode 100644 index 000000000..84c8c208c --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/FrodoTest.journey.json @@ -0,0 +1,414 @@ +{ + "trees": { + "FrodoTest": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "038f9b2a-36b2-489b-9e03-386c9a62ea21": { + "_id": "038f9b2a-36b2-489b-9e03-386c9a62ea21", + "_outcomes": [ + { + "displayName": "Social Authentication", + "id": "socialAuthentication" + }, + { + "displayName": "Local Authentication", + "id": "localAuthentication" + } + ], + "_type": { + "_id": "SelectIdPNode", + "collection": true, + "name": "Select Identity Provider" + }, + "filteredProviders": [], + "identityAttribute": "mail", + "includeLocalAuthentication": true, + "offerOnlyExisting": false, + "passwordAttribute": "password" + }, + "228a44d5-fd78-4278-8999-fdd470ea7ebf": { + "_id": "228a44d5-fd78-4278-8999-fdd470ea7ebf", + "_outcomes": [ + { + "displayName": "Social Authentication", + "id": "socialAuthentication" + }, + { + "displayName": "Local Authentication", + "id": "localAuthentication" + } + ], + "_type": { + "_id": "SelectIdPNode", + "collection": true, + "name": "Select Identity Provider" + }, + "filteredProviders": [], + "identityAttribute": "mail", + "includeLocalAuthentication": true, + "offerOnlyExisting": false, + "passwordAttribute": "password" + }, + "7a351800-fb7e-4145-903c-388554747556": { + "_id": "7a351800-fb7e-4145-903c-388554747556", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username" + }, + "usernameAttribute": "userName", + "validateInput": false + }, + "804e6a68-1720-442b-926a-007e90f02782": { + "_id": "804e6a68-1720-442b-926a-007e90f02782", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password" + }, + "passwordAttribute": "password", + "validateInput": false + }, + "dd16c8d4-baca-4ae0-bcd8-fb98b9040524": { + "_id": "dd16c8d4-baca-4ae0-bcd8-fb98b9040524", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password" + }, + "passwordAttribute": "password", + "validateInput": false + } + }, + "nodes": { + "278bf084-9eea-46fe-8ce9-2600dde3b046": { + "_id": "278bf084-9eea-46fe-8ce9-2600dde3b046", + "_outcomes": [ + { + "displayName": "Social Authentication", + "id": "socialAuthentication" + }, + { + "displayName": "Local Authentication", + "id": "localAuthentication" + } + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node" + }, + "nodes": [ + { + "_id": "7a351800-fb7e-4145-903c-388554747556", + "displayName": "Username", + "nodeType": "ValidatedUsernameNode" + }, + { + "_id": "804e6a68-1720-442b-926a-007e90f02782", + "displayName": "Password", + "nodeType": "ValidatedPasswordNode" + }, + { + "_id": "228a44d5-fd78-4278-8999-fdd470ea7ebf", + "displayName": "Select IDP", + "nodeType": "SelectIdPNode" + } + ], + "pageDescription": {}, + "pageHeader": {} + }, + "64157fca-bd5b-4405-a4c8-64ffd98a5461": { + "_id": "64157fca-bd5b-4405-a4c8-64ffd98a5461", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS" + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT" + } + ], + "_type": { + "_id": "product-Saml2Node", + "collection": true, + "name": "SAML2 Authentication" + }, + "allowCreate": true, + "authComparison": "MINIMUM", + "authnContextClassRef": [], + "authnContextDeclRef": [], + "binding": "HTTP_ARTIFACT", + "forceAuthn": false, + "idpEntityId": "urn:federation:MicrosoftOnline", + "isPassive": false, + "metaAlias": "/alpha/iSPAzure", + "nameIdFormat": "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "requestBinding": "HTTP_REDIRECT" + }, + "731c5810-020b-45c8-a7fc-3c21903ae2b3": { + "_id": "731c5810-020b-45c8-a7fc-3c21903ae2b3", + "_outcomes": [ + { + "displayName": "Social Authentication", + "id": "socialAuthentication" + }, + { + "displayName": "Local Authentication", + "id": "localAuthentication" + } + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node" + }, + "nodes": [ + { + "_id": "dd16c8d4-baca-4ae0-bcd8-fb98b9040524", + "displayName": "Password", + "nodeType": "ValidatedPasswordNode" + }, + { + "_id": "038f9b2a-36b2-489b-9e03-386c9a62ea21", + "displayName": "Select IDP", + "nodeType": "SelectIdPNode" + } + ], + "pageDescription": {}, + "pageHeader": {} + }, + "bf153f37-83dd-4f39-aa0c-74135430242e": { + "_id": "bf153f37-83dd-4f39-aa0c-74135430242e", + "_outcomes": [ + { + "displayName": "Email Sent", + "id": "EMAIL_SENT" + }, + { + "displayName": "Email Not Sent", + "id": "EMAIL_NOT_SENT" + } + ], + "_type": { + "_id": "EmailTemplateNode", + "collection": true, + "name": "Email Template Node" + }, + "emailAttribute": "mail", + "emailTemplateName": "welcome", + "identityAttribute": "userName" + }, + "d5cc2d52-6ce4-452d-85ea-3a5b50218b67": { + "_id": "d5cc2d52-6ce4-452d-85ea-3a5b50218b67", + "_outcomes": [ + { + "displayName": "Account exists", + "id": "ACCOUNT_EXISTS" + }, + { + "displayName": "No account exists", + "id": "NO_ACCOUNT" + } + ], + "_type": { + "_id": "SocialProviderHandlerNode", + "collection": true, + "name": "Legacy Social Provider Handler Node" + }, + "clientType": "BROWSER", + "script": "58c824ae-84ed-4724-82cd-db128fc3f6c", + "storeTokens": false, + "usernameAttribute": "userName" + }, + "e2c39477-847a-4df2-9c5d-b449a752638b": { + "_id": "e2c39477-847a-4df2-9c5d-b449a752638b", + "_outcomes": [ + { + "displayName": "known", + "id": "known" + }, + { + "displayName": "unknown", + "id": "unknown" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "known", + "unknown" + ], + "outputs": [ + "*" + ], + "script": "739bdc48-fd24-4c52-b353-88706d75558a" + }, + "fc7e47cd-c679-4211-8e05-a36654f23c67": { + "_id": "fc7e47cd-c679-4211-8e05-a36654f23c67", + "_outcomes": [ + { + "displayName": "True", + "id": "TRUE" + }, + { + "displayName": "False", + "id": "FALSE" + }, + { + "displayName": "Locked", + "id": "LOCKED" + }, + { + "displayName": "Cancelled", + "id": "CANCELLED" + }, + { + "displayName": "Expired", + "id": "EXPIRED" + } + ], + "_type": { + "_id": "IdentityStoreDecisionNode", + "collection": true, + "name": "Identity Store Decision" + }, + "minimumPasswordLength": 8, + "mixedCaseForPasswordChangeMessages": false, + "useUniversalIdForUsername": true + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "FrodoTest", + "description": "Frodo test journey utilizing a variety of nodes and dependencies to test support for complex journeys.", + "enabled": true, + "entryNodeId": "e2c39477-847a-4df2-9c5d-b449a752638b", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "278bf084-9eea-46fe-8ce9-2600dde3b046": { + "connections": { + "localAuthentication": "fc7e47cd-c679-4211-8e05-a36654f23c67", + "socialAuthentication": "d5cc2d52-6ce4-452d-85ea-3a5b50218b67" + }, + "displayName": "Login Page", + "nodeType": "PageNode", + "x": 444, + "y": 273.015625 + }, + "64157fca-bd5b-4405-a4c8-64ffd98a5461": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "e301438c-0bd0-429c-ab0c-66126501069a" + }, + "displayName": "SAML2 Authentication", + "nodeType": "product-Saml2Node", + "x": 1196, + "y": 188.015625 + }, + "731c5810-020b-45c8-a7fc-3c21903ae2b3": { + "connections": { + "localAuthentication": "fc7e47cd-c679-4211-8e05-a36654f23c67", + "socialAuthentication": "d5cc2d52-6ce4-452d-85ea-3a5b50218b67" + }, + "displayName": "Login Page", + "nodeType": "PageNode", + "x": 443, + "y": 26.015625 + }, + "bf153f37-83dd-4f39-aa0c-74135430242e": { + "connections": { + "EMAIL_NOT_SENT": "e301438c-0bd0-429c-ab0c-66126501069a", + "EMAIL_SENT": "64157fca-bd5b-4405-a4c8-64ffd98a5461" + }, + "displayName": "Email Template Node", + "nodeType": "EmailTemplateNode", + "x": 967, + "y": 222.015625 + }, + "d5cc2d52-6ce4-452d-85ea-3a5b50218b67": { + "connections": { + "ACCOUNT_EXISTS": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "NO_ACCOUNT": "bf153f37-83dd-4f39-aa0c-74135430242e" + }, + "displayName": "Social Login", + "nodeType": "SocialProviderHandlerNode", + "x": 702, + "y": 116.015625 + }, + "e2c39477-847a-4df2-9c5d-b449a752638b": { + "connections": { + "known": "731c5810-020b-45c8-a7fc-3c21903ae2b3", + "unknown": "278bf084-9eea-46fe-8ce9-2600dde3b046" + }, + "displayName": "Check Username", + "nodeType": "ScriptedDecisionNode", + "x": 200, + "y": 235.015625 + }, + "fc7e47cd-c679-4211-8e05-a36654f23c67": { + "connections": { + "CANCELLED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "EXPIRED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "FALSE": "e301438c-0bd0-429c-ab0c-66126501069a", + "LOCKED": "e301438c-0bd0-429c-ab0c-66126501069a", + "TRUE": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0" + }, + "displayName": "Validate Creds", + "nodeType": "IdentityStoreDecisionNode", + "x": 702, + "y": 292.015625 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1434, + "y": 60 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1433, + "y": 459 + }, + "startNode": { + "x": 63, + "y": 252 + } + }, + "uiConfig": { + "categories": "[\"Frodo\",\"Prototype\"]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/Login.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/Login.journey.json new file mode 100644 index 000000000..a44ae713e --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/Login.journey.json @@ -0,0 +1,270 @@ +{ + "trees": { + "Login": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "0c80c39b-4813-4e67-b4fb-5a0bba85f994": { + "_id": "0c80c39b-4813-4e67-b4fb-5a0bba85f994", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password" + }, + "passwordAttribute": "password", + "validateInput": false + }, + "7354982f-57b6-4b04-9ddc-f1dd1e1e07d0": { + "_id": "7354982f-57b6-4b04-9ddc-f1dd1e1e07d0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username" + }, + "usernameAttribute": "userName", + "validateInput": false + } + }, + "nodes": { + "2119f332-0f69-4088-a7a1-6582bf0f2001": { + "_id": "2119f332-0f69-4088-a7a1-6582bf0f2001", + "_outcomes": [ + { + "displayName": "Retry", + "id": "Retry" + }, + { + "displayName": "Reject", + "id": "Reject" + } + ], + "_type": { + "_id": "RetryLimitDecisionNode", + "collection": true, + "name": "Retry Limit Decision" + }, + "incrementUserAttributeOnFailure": true, + "retryLimit": 5 + }, + "33b24514-3e50-4180-8f08-ab6f4e51b07e": { + "_id": "33b24514-3e50-4180-8f08-ab6f4e51b07e", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator" + }, + "tree": "ProgressiveProfile" + }, + "51e8c4c1-3509-4635-90e6-d2cc31c4a6a5": { + "_id": "51e8c4c1-3509-4635-90e6-d2cc31c4a6a5", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "AccountLockoutNode", + "collection": true, + "name": "Account Lockout" + }, + "lockAction": "LOCK" + }, + "7f0c2aee-8c74-4d02-82a6-9d4ed9d11708": { + "_id": "7f0c2aee-8c74-4d02-82a6-9d4ed9d11708", + "_outcomes": [ + { + "displayName": "True", + "id": "TRUE" + }, + { + "displayName": "False", + "id": "FALSE" + }, + { + "displayName": "Locked", + "id": "LOCKED" + }, + { + "displayName": "Cancelled", + "id": "CANCELLED" + }, + { + "displayName": "Expired", + "id": "EXPIRED" + } + ], + "_type": { + "_id": "IdentityStoreDecisionNode", + "collection": true, + "name": "Identity Store Decision" + }, + "minimumPasswordLength": 8, + "mixedCaseForPasswordChangeMessages": false, + "useUniversalIdForUsername": false + }, + "a12bc72f-ad97-4f1e-a789-a1fa3dd566c8": { + "_id": "a12bc72f-ad97-4f1e-a789-a1fa3dd566c8", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node" + }, + "nodes": [ + { + "_id": "7354982f-57b6-4b04-9ddc-f1dd1e1e07d0", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode" + }, + { + "_id": "0c80c39b-4813-4e67-b4fb-5a0bba85f994", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode" + } + ], + "pageDescription": { + "en": "New here? Create an account
Forgot username? Forgot password?" + }, + "pageHeader": { + "en": "Sign In" + } + }, + "bba3e0d8-8525-4e82-bf48-ac17f7988917": { + "_id": "bba3e0d8-8525-4e82-bf48-ac17f7988917", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count" + }, + "identityAttribute": "userName" + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Login", + "description": "Platform Login Tree", + "enabled": true, + "entryNodeId": "a12bc72f-ad97-4f1e-a789-a1fa3dd566c8", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "2119f332-0f69-4088-a7a1-6582bf0f2001": { + "connections": { + "Reject": "51e8c4c1-3509-4635-90e6-d2cc31c4a6a5", + "Retry": "a12bc72f-ad97-4f1e-a789-a1fa3dd566c8" + }, + "displayName": "Retry Limit Decision", + "nodeType": "RetryLimitDecisionNode", + "x": 612, + "y": 105.015625 + }, + "33b24514-3e50-4180-8f08-ab6f4e51b07e": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0" + }, + "displayName": "Inner Tree Evaluator", + "nodeType": "InnerTreeEvaluatorNode", + "x": 827, + "y": 13 + }, + "51e8c4c1-3509-4635-90e6-d2cc31c4a6a5": { + "connections": { + "outcome": "e301438c-0bd0-429c-ab0c-66126501069a" + }, + "displayName": "Account Lockout", + "nodeType": "AccountLockoutNode", + "x": 836, + "y": 184.015625 + }, + "7f0c2aee-8c74-4d02-82a6-9d4ed9d11708": { + "connections": { + "CANCELLED": "e301438c-0bd0-429c-ab0c-66126501069a", + "EXPIRED": "e301438c-0bd0-429c-ab0c-66126501069a", + "FALSE": "2119f332-0f69-4088-a7a1-6582bf0f2001", + "LOCKED": "e301438c-0bd0-429c-ab0c-66126501069a", + "TRUE": "bba3e0d8-8525-4e82-bf48-ac17f7988917" + }, + "displayName": "Identity Store Decision", + "nodeType": "IdentityStoreDecisionNode", + "x": 352, + "y": 40.015625 + }, + "a12bc72f-ad97-4f1e-a789-a1fa3dd566c8": { + "connections": { + "outcome": "7f0c2aee-8c74-4d02-82a6-9d4ed9d11708" + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 136, + "y": 59 + }, + "bba3e0d8-8525-4e82-bf48-ac17f7988917": { + "connections": { + "outcome": "33b24514-3e50-4180-8f08-ab6f4e51b07e" + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + "x": 579, + "y": 34 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1073, + "y": 30 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 761, + "y": 401 + }, + "startNode": { + "x": 50, + "y": 25 + } + }, + "uiConfig": { + "categories": "[\"Authentication\"]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/OrphanedTest.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/OrphanedTest.journey.json new file mode 100644 index 000000000..de302bcd2 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/OrphanedTest.journey.json @@ -0,0 +1,89 @@ +{ + "trees": { + "OrphanedTest": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "343e745f-923a-43c4-8675-649a490fd0a3": { + "_id": "343e745f-923a-43c4-8675-649a490fd0a3", + "_outcomes": [ + { + "displayName": "True", + "id": "TRUE" + }, + { + "displayName": "False", + "id": "FALSE" + }, + { + "displayName": "Locked", + "id": "LOCKED" + }, + { + "displayName": "Cancelled", + "id": "CANCELLED" + }, + { + "displayName": "Expired", + "id": "EXPIRED" + } + ], + "_type": { + "_id": "IdentityStoreDecisionNode", + "collection": true, + "name": "Identity Store Decision" + }, + "minimumPasswordLength": 8, + "mixedCaseForPasswordChangeMessages": false, + "useUniversalIdForUsername": false + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "OrphanedTest", + "description": "Test orphaned nodes", + "enabled": true, + "entryNodeId": "343e745f-923a-43c4-8675-649a490fd0a3", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "343e745f-923a-43c4-8675-649a490fd0a3": { + "connections": { + "CANCELLED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "EXPIRED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "FALSE": "e301438c-0bd0-429c-ab0c-66126501069a", + "LOCKED": "e301438c-0bd0-429c-ab0c-66126501069a", + "TRUE": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0" + }, + "displayName": "Identity Store Decision", + "nodeType": "IdentityStoreDecisionNode", + "x": 407.046875, + "y": 190.015625 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 704, + "y": 129 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 707, + "y": 381 + }, + "startNode": { + "x": 50, + "y": 250 + } + }, + "uiConfig": { + "categories": "[]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/ProgressiveProfile.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/ProgressiveProfile.journey.json new file mode 100644 index 000000000..aad60b8d7 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/ProgressiveProfile.journey.json @@ -0,0 +1,192 @@ +{ + "trees": { + "ProgressiveProfile": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "0a042e10-b22e-4e02-86c4-65e26e775f7a": { + "_id": "0a042e10-b22e-4e02-86c4-65e26e775f7a", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector" + }, + "attributesToCollect": [ + "preferences/updates", + "preferences/marketing" + ], + "identityAttribute": "userName", + "required": false, + "validateInputs": false + } + }, + "nodes": { + "423a959a-a1b9-498a-b0f7-596b6b6e775a": { + "_id": "423a959a-a1b9-498a-b0f7-596b6b6e775a", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED" + }, + { + "displayName": "Failed", + "id": "FAILURE" + } + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object" + }, + "identityAttribute": "userName", + "identityResource": "managed/alpha_user", + "ignoredFields": [], + "patchAsObject": false + }, + "8afdaec3-275e-4301-bb53-34f03e6a4b29": { + "_id": "8afdaec3-275e-4301-bb53-34f03e6a4b29", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "LoginCountDecisionNode", + "collection": true, + "name": "Login Count Decision" + }, + "amount": 3, + "identityAttribute": "userName", + "interval": "AT" + }, + "a1f45b44-5bf7-4c57-aa3f-75c619c7db8e": { + "_id": "a1f45b44-5bf7-4c57-aa3f-75c619c7db8e", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "QueryFilterDecisionNode", + "collection": true, + "name": "Query Filter Decision" + }, + "identityAttribute": "userName", + "queryFilter": "!(/preferences pr) or /preferences/marketing eq false or /preferences/updates eq false" + }, + "a5aecad8-854a-4ed5-b719-ff6c90e858c0": { + "_id": "a5aecad8-854a-4ed5-b719-ff6c90e858c0", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node" + }, + "nodes": [ + { + "_id": "0a042e10-b22e-4e02-86c4-65e26e775f7a", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode" + } + ], + "pageDescription": {}, + "pageHeader": { + "en": "Please select your preferences" + } + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "ProgressiveProfile", + "description": "Prompt for missing preferences on 3rd login", + "enabled": true, + "entryNodeId": "8afdaec3-275e-4301-bb53-34f03e6a4b29", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "423a959a-a1b9-498a-b0f7-596b6b6e775a": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0" + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 766, + "y": 36 + }, + "8afdaec3-275e-4301-bb53-34f03e6a4b29": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "a1f45b44-5bf7-4c57-aa3f-75c619c7db8e" + }, + "displayName": "Login Count Decision", + "nodeType": "LoginCountDecisionNode", + "x": 152, + "y": 36 + }, + "a1f45b44-5bf7-4c57-aa3f-75c619c7db8e": { + "connections": { + "false": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0", + "true": "a5aecad8-854a-4ed5-b719-ff6c90e858c0" + }, + "displayName": "Query Filter Decision", + "nodeType": "QueryFilterDecisionNode", + "x": 357, + "y": 36 + }, + "a5aecad8-854a-4ed5-b719-ff6c90e858c0": { + "connections": { + "outcome": "423a959a-a1b9-498a-b0f7-596b6b6e775a" + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 555, + "y": 20 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 802, + "y": 312 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 919, + "y": 171 + }, + "startNode": { + "x": 50, + "y": 58.5 + } + }, + "uiConfig": { + "categories": "[\"Progressive Profile\"]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/RadioChoice.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/RadioChoice.journey.json new file mode 100644 index 000000000..6f9b80767 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/RadioChoice.journey.json @@ -0,0 +1,115 @@ +{ + "trees": { + "RadioChoice": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "a566e474-99f3-46e4-9e70-682402bfaa84": { + "_id": "a566e474-99f3-46e4-9e70-682402bfaa84", + "_outcomes": [ + { + "displayName": "one", + "id": "one" + }, + { + "displayName": "two", + "id": "two" + }, + { + "displayName": "three", + "id": "three" + } + ], + "_type": { + "_id": "ChoiceCollectorNode", + "collection": true, + "name": "Choice Collector" + }, + "choices": [ + "one", + "two", + "three" + ], + "defaultChoice": "one", + "prompt": "Choice?" + } + }, + "nodes": { + "5d6cd20e-5074-43de-8832-fddd95fb078e": { + "_id": "5d6cd20e-5074-43de-8832-fddd95fb078e", + "_outcomes": [ + { + "displayName": "one", + "id": "one" + }, + { + "displayName": "two", + "id": "two" + }, + { + "displayName": "three", + "id": "three" + } + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node" + }, + "nodes": [ + { + "_id": "a566e474-99f3-46e4-9e70-682402bfaa84", + "displayName": "Choice Collector", + "nodeType": "ChoiceCollectorNode" + } + ], + "pageDescription": {}, + "pageHeader": {}, + "stage": "{\"ChoiceCallback\":[{\"id\":\"a566e474-99f3-46e4-9e70-682402bfaa84\",\"displayType\":\"radio\"}]}" + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "RadioChoice", + "enabled": true, + "entryNodeId": "5d6cd20e-5074-43de-8832-fddd95fb078e", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "5d6cd20e-5074-43de-8832-fddd95fb078e": { + "connections": { + "one": "e301438c-0bd0-429c-ab0c-66126501069a", + "three": "e301438c-0bd0-429c-ab0c-66126501069a", + "two": "e301438c-0bd0-429c-ab0c-66126501069a" + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 260, + "y": 409.015625 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 500, + "y": 50 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 744, + "y": 327 + }, + "startNode": { + "x": 50, + "y": 250 + } + }, + "uiConfig": { + "categories": "[]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/Registration.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/Registration.journey.json new file mode 100644 index 000000000..c8eb21fc9 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/Registration.journey.json @@ -0,0 +1,272 @@ +{ + "trees": { + "Registration": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "120c69d3-90b4-4ad4-b7af-380e8b119340": { + "_id": "120c69d3-90b4-4ad4-b7af-380e8b119340", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "KbaCreateNode", + "collection": true, + "name": "KBA Definition" + }, + "allowUserDefinedQuestions": true, + "message": { + "en": "Select a security question" + } + }, + "3d8709a1-f09f-4d1f-8094-2850e472c1db": { + "_id": "3d8709a1-f09f-4d1f-8094-2850e472c1db", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password" + }, + "passwordAttribute": "password", + "validateInput": true + }, + "7fcaf48e-a754-4959-858b-05b2933b825f": { + "_id": "7fcaf48e-a754-4959-858b-05b2933b825f", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "ValidatedUsernameNode", + "collection": true, + "name": "Platform Username" + }, + "usernameAttribute": "userName", + "validateInput": true + }, + "b4a0e915-c15d-4b83-9c9d-18347d645976": { + "_id": "b4a0e915-c15d-4b83-9c9d-18347d645976", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "AcceptTermsAndConditionsNode", + "collection": true, + "name": "Accept Terms and Conditions" + } + }, + "d3ce2036-1523-4ce8-b1a2-895a2a036667": { + "_id": "d3ce2036-1523-4ce8-b1a2-895a2a036667", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector" + }, + "attributesToCollect": [ + "givenName", + "sn", + "mail", + "preferences/marketing", + "preferences/updates" + ], + "identityAttribute": "userName", + "required": true, + "validateInputs": true + } + }, + "nodes": { + "0c091c49-f3af-48fb-ac6f-07fba0499dd6": { + "_id": "0c091c49-f3af-48fb-ac6f-07fba0499dd6", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node" + }, + "nodes": [ + { + "_id": "7fcaf48e-a754-4959-858b-05b2933b825f", + "displayName": "Platform Username", + "nodeType": "ValidatedUsernameNode" + }, + { + "_id": "d3ce2036-1523-4ce8-b1a2-895a2a036667", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode" + }, + { + "_id": "3d8709a1-f09f-4d1f-8094-2850e472c1db", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode" + }, + { + "_id": "120c69d3-90b4-4ad4-b7af-380e8b119340", + "displayName": "KBA Definition", + "nodeType": "KbaCreateNode" + }, + { + "_id": "b4a0e915-c15d-4b83-9c9d-18347d645976", + "displayName": "Accept Terms and Conditions", + "nodeType": "AcceptTermsAndConditionsNode" + } + ], + "pageDescription": { + "en": "Signing up is fast and easy.
Already have an account? Sign In" + }, + "pageHeader": { + "en": "Sign Up" + }, + "stage": "{\"ValidatedCreatePasswordCallback\":[{\"id\":\"3d8709a1-f09f-4d1f-8094-2850e472c1db\",\"confirmPassword\":true,\"policyDisplayCheckmark\":true}]}" + }, + "466f8b54-07fb-4e31-a11d-a6842618cc37": { + "_id": "466f8b54-07fb-4e31-a11d-a6842618cc37", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node" + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed." + }, + "emailTemplateName": "registration", + "identityAttribute": "userName", + "objectLookup": false + }, + "97a15eb2-a015-4b6d-81a0-be78c3aa1a3b": { + "_id": "97a15eb2-a015-4b6d-81a0-be78c3aa1a3b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "IncrementLoginCountNode", + "collection": true, + "name": "Increment Login Count" + }, + "identityAttribute": "userName" + }, + "ad5dcbb3-7335-49b7-b3e7-7d850bb88237": { + "_id": "ad5dcbb3-7335-49b7-b3e7-7d850bb88237", + "_outcomes": [ + { + "displayName": "Created", + "id": "CREATED" + }, + { + "displayName": "Failed", + "id": "FAILURE" + } + ], + "_type": { + "_id": "CreateObjectNode", + "collection": true, + "name": "Create Object" + }, + "identityResource": "managed/alpha_user" + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "Registration", + "description": "Platform Registration Tree", + "enabled": true, + "entryNodeId": "0c091c49-f3af-48fb-ac6f-07fba0499dd6", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "0c091c49-f3af-48fb-ac6f-07fba0499dd6": { + "connections": { + "outcome": "466f8b54-07fb-4e31-a11d-a6842618cc37" + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 261, + "y": 168 + }, + "466f8b54-07fb-4e31-a11d-a6842618cc37": { + "connections": { + "outcome": "ad5dcbb3-7335-49b7-b3e7-7d850bb88237" + }, + "displayName": "Email Suspend Node", + "nodeType": "EmailSuspendNode", + "x": 484, + "y": 267.015625 + }, + "97a15eb2-a015-4b6d-81a0-be78c3aa1a3b": { + "connections": { + "outcome": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0" + }, + "displayName": "Increment Login Count", + "nodeType": "IncrementLoginCountNode", + "x": 861, + "y": 221 + }, + "ad5dcbb3-7335-49b7-b3e7-7d850bb88237": { + "connections": { + "CREATED": "97a15eb2-a015-4b6d-81a0-be78c3aa1a3b", + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a" + }, + "displayName": "Create Object", + "nodeType": "CreateObjectNode", + "x": 717, + "y": 283 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1085, + "y": 248 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 921, + "y": 370 + }, + "startNode": { + "x": 50, + "y": 25 + } + }, + "uiConfig": { + "categories": "[\"Registration\"]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/ResetPassword.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/ResetPassword.journey.json new file mode 100644 index 000000000..cc0dec272 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/ResetPassword.journey.json @@ -0,0 +1,244 @@ +{ + "trees": { + "ResetPassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "009c19c8-9572-47bb-adb2-1f092c559a43": { + "_id": "009c19c8-9572-47bb-adb2-1f092c559a43", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password" + }, + "passwordAttribute": "password", + "validateInput": true + }, + "276afa7c-a680-4cf4-a5f6-d6c78191f5c9": { + "_id": "276afa7c-a680-4cf4-a5f6-d6c78191f5c9", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "AttributeCollectorNode", + "collection": true, + "name": "Attribute Collector" + }, + "attributesToCollect": [ + "mail" + ], + "identityAttribute": "mail", + "required": true, + "validateInputs": false + } + }, + "nodes": { + "06c97be5-7fdd-4739-aea1-ecc7fe082865": { + "_id": "06c97be5-7fdd-4739-aea1-ecc7fe082865", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node" + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to the address you entered. Click the link in that email to proceed." + }, + "emailTemplateName": "resetPassword", + "identityAttribute": "mail", + "objectLookup": true + }, + "21b8ddf3-0203-4ae1-ab05-51cf3a3a707a": { + "_id": "21b8ddf3-0203-4ae1-ab05-51cf3a3a707a", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "IdentifyExistingUserNode", + "collection": true, + "name": "Identify Existing User" + }, + "identifier": "userName", + "identityAttribute": "mail" + }, + "989f0bf8-a328-4217-b82b-5275d79ca8bd": { + "_id": "989f0bf8-a328-4217-b82b-5275d79ca8bd", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED" + }, + { + "displayName": "Failed", + "id": "FAILURE" + } + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object" + }, + "identityAttribute": "mail", + "identityResource": "managed/alpha_user", + "ignoredFields": [], + "patchAsObject": false + }, + "cc3e1ed2-25f1-47bf-83c6-17084f8b2b2b": { + "_id": "cc3e1ed2-25f1-47bf-83c6-17084f8b2b2b", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node" + }, + "nodes": [ + { + "_id": "276afa7c-a680-4cf4-a5f6-d6c78191f5c9", + "displayName": "Attribute Collector", + "nodeType": "AttributeCollectorNode" + } + ], + "pageDescription": { + "en": "Enter your email address or Sign in" + }, + "pageHeader": { + "en": "Reset Password" + } + }, + "e4c752f9-c625-48c9-9644-a58802fa9e9c": { + "_id": "e4c752f9-c625-48c9-9644-a58802fa9e9c", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node" + }, + "nodes": [ + { + "_id": "009c19c8-9572-47bb-adb2-1f092c559a43", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode" + } + ], + "pageDescription": { + "en": "Change password" + }, + "pageHeader": { + "en": "Reset Password" + } + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "ResetPassword", + "description": "Reset Password Tree", + "enabled": true, + "entryNodeId": "cc3e1ed2-25f1-47bf-83c6-17084f8b2b2b", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "06c97be5-7fdd-4739-aea1-ecc7fe082865": { + "connections": { + "outcome": "e4c752f9-c625-48c9-9644-a58802fa9e9c" + }, + "displayName": "Email Suspend Node", + "nodeType": "EmailSuspendNode", + "x": 453, + "y": 66 + }, + "21b8ddf3-0203-4ae1-ab05-51cf3a3a707a": { + "connections": { + "false": "06c97be5-7fdd-4739-aea1-ecc7fe082865", + "true": "06c97be5-7fdd-4739-aea1-ecc7fe082865" + }, + "displayName": "Identify Existing User", + "nodeType": "IdentifyExistingUserNode", + "x": 271, + "y": 21 + }, + "989f0bf8-a328-4217-b82b-5275d79ca8bd": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0" + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 819, + "y": 61 + }, + "cc3e1ed2-25f1-47bf-83c6-17084f8b2b2b": { + "connections": { + "outcome": "21b8ddf3-0203-4ae1-ab05-51cf3a3a707a" + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 103, + "y": 50 + }, + "e4c752f9-c625-48c9-9644-a58802fa9e9c": { + "connections": { + "outcome": "989f0bf8-a328-4217-b82b-5275d79ca8bd" + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 643, + "y": 50 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 970, + "y": 79 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 981, + "y": 147 + }, + "startNode": { + "x": 25, + "y": 25 + } + }, + "uiConfig": { + "categories": "[\"Password Reset\"]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/UpdatePassword.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/UpdatePassword.journey.json new file mode 100644 index 000000000..157f93c67 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/UpdatePassword.journey.json @@ -0,0 +1,295 @@ +{ + "trees": { + "UpdatePassword": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": { + "21a99653-a7a7-47ee-b650-f493a84bba09": { + "_id": "21a99653-a7a7-47ee-b650-f493a84bba09", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password" + }, + "passwordAttribute": "password", + "validateInput": true + }, + "fe2962fc-4db3-4066-8624-553649afc438": { + "_id": "fe2962fc-4db3-4066-8624-553649afc438", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "ValidatedPasswordNode", + "collection": true, + "name": "Platform Password" + }, + "passwordAttribute": "password", + "validateInput": false + } + }, + "nodes": { + "0f0904e6-1da3-4cdb-9abf-0d2545016fab": { + "_id": "0f0904e6-1da3-4cdb-9abf-0d2545016fab", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "AttributePresentDecisionNode", + "collection": true, + "name": "Attribute Present Decision" + }, + "identityAttribute": "userName", + "presentAttribute": "password" + }, + "20237b34-26cb-4a0b-958f-abb422290d42": { + "_id": "20237b34-26cb-4a0b-958f-abb422290d42", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node" + }, + "nodes": [ + { + "_id": "fe2962fc-4db3-4066-8624-553649afc438", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode" + } + ], + "pageDescription": { + "en": "Enter current password" + }, + "pageHeader": { + "en": "Verify Existing Password" + } + }, + "3990ce1f-cce6-435b-ae1c-f138e89411c1": { + "_id": "3990ce1f-cce6-435b-ae1c-f138e89411c1", + "_outcomes": [ + { + "displayName": "Patched", + "id": "PATCHED" + }, + { + "displayName": "Failed", + "id": "FAILURE" + } + ], + "_type": { + "_id": "PatchObjectNode", + "collection": true, + "name": "Patch Object" + }, + "identityAttribute": "userName", + "identityResource": "managed/alpha_user", + "ignoredFields": [ + "userName" + ], + "patchAsObject": false + }, + "7d1deabe-cd98-49c8-943f-ca12305775f3": { + "_id": "7d1deabe-cd98-49c8-943f-ca12305775f3", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "DataStoreDecisionNode", + "collection": true, + "name": "Data Store Decision" + } + }, + "a3d97b53-e38a-4b24-aed0-a021050eb744": { + "_id": "a3d97b53-e38a-4b24-aed0-a021050eb744", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "EmailSuspendNode", + "collection": true, + "name": "Email Suspend Node" + }, + "emailAttribute": "mail", + "emailSuspendMessage": { + "en": "An email has been sent to your address, please verify your email address to update your password. Click the link in that email to proceed." + }, + "emailTemplateName": "updatePassword", + "identityAttribute": "userName", + "objectLookup": true + }, + "d018fcd1-4e22-4160-8c41-63bee51c9cb3": { + "_id": "d018fcd1-4e22-4160-8c41-63bee51c9cb3", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "PageNode", + "collection": true, + "name": "Page Node" + }, + "nodes": [ + { + "_id": "21a99653-a7a7-47ee-b650-f493a84bba09", + "displayName": "Platform Password", + "nodeType": "ValidatedPasswordNode" + } + ], + "pageDescription": { + "en": "Enter new password" + }, + "pageHeader": { + "en": "Update Password" + } + }, + "d1b79744-493a-44fe-bc26-7d324a8caa4e": { + "_id": "d1b79744-493a-44fe-bc26-7d324a8caa4e", + "_outcomes": [ + { + "displayName": "Outcome", + "id": "outcome" + } + ], + "_type": { + "_id": "SessionDataNode", + "collection": true, + "name": "Get Session Data" + }, + "sessionDataKey": "UserToken", + "sharedStateKey": "userName" + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "UpdatePassword", + "description": "Update password using active session", + "enabled": true, + "entryNodeId": "d1b79744-493a-44fe-bc26-7d324a8caa4e", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "0f0904e6-1da3-4cdb-9abf-0d2545016fab": { + "connections": { + "false": "a3d97b53-e38a-4b24-aed0-a021050eb744", + "true": "20237b34-26cb-4a0b-958f-abb422290d42" + }, + "displayName": "Attribute Present Decision", + "nodeType": "AttributePresentDecisionNode", + "x": 288, + "y": 133 + }, + "20237b34-26cb-4a0b-958f-abb422290d42": { + "connections": { + "outcome": "7d1deabe-cd98-49c8-943f-ca12305775f3" + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 526, + "y": 46 + }, + "3990ce1f-cce6-435b-ae1c-f138e89411c1": { + "connections": { + "FAILURE": "e301438c-0bd0-429c-ab0c-66126501069a", + "PATCHED": "70e691a5-1e33-4ac3-a356-e7b6d60d92e0" + }, + "displayName": "Patch Object", + "nodeType": "PatchObjectNode", + "x": 1062, + "y": 189 + }, + "7d1deabe-cd98-49c8-943f-ca12305775f3": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "d018fcd1-4e22-4160-8c41-63bee51c9cb3" + }, + "displayName": "Data Store Decision", + "nodeType": "DataStoreDecisionNode", + "x": 722, + "y": 45 + }, + "a3d97b53-e38a-4b24-aed0-a021050eb744": { + "connections": { + "outcome": "d018fcd1-4e22-4160-8c41-63bee51c9cb3" + }, + "displayName": "Email Suspend Node", + "nodeType": "EmailSuspendNode", + "x": 659, + "y": 223 + }, + "d018fcd1-4e22-4160-8c41-63bee51c9cb3": { + "connections": { + "outcome": "3990ce1f-cce6-435b-ae1c-f138e89411c1" + }, + "displayName": "Page Node", + "nodeType": "PageNode", + "x": 943, + "y": 30 + }, + "d1b79744-493a-44fe-bc26-7d324a8caa4e": { + "connections": { + "outcome": "0f0904e6-1da3-4cdb-9abf-0d2545016fab" + }, + "displayName": "Get Session Data", + "nodeType": "SessionDataNode", + "x": 122, + "y": 129 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1212, + "y": 128 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 939, + "y": 290 + }, + "startNode": { + "x": 50, + "y": 25 + } + }, + "uiConfig": { + "categories": "[\"Password Reset\"]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j00.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j00.journey.json new file mode 100644 index 000000000..b791eca16 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j00.journey.json @@ -0,0 +1,262 @@ +{ + "trees": { + "j00": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "01d3785f-7fb4-44a7-9458-72c380a9818f": { + "_id": "01d3785f-7fb4-44a7-9458-72c380a9818f", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "39b48197-f4be-42b9-800a-866587b4b9b5": { + "_id": "39b48197-f4be-42b9-800a-866587b4b9b5", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "3c1e8d61-0c48-44ba-86dc-52e9555b6aeb": { + "_id": "3c1e8d61-0c48-44ba-86dc-52e9555b6aeb", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "513a2ab4-f0b8-4f94-b840-6fe14796cc84": { + "_id": "513a2ab4-f0b8-4f94-b840-6fe14796cc84", + "_outcomes": [ + { + "displayName": "shared and level", + "id": "shared and level" + }, + { + "displayName": "shared only", + "id": "shared only" + }, + { + "displayName": "level only", + "id": "level only" + }, + { + "displayName": "none", + "id": "none" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*", + "mode", + "level" + ], + "outcomes": [ + "shared and level", + "shared only", + "level only", + "none" + ], + "outputs": [ + "*", + "mode", + "level" + ], + "script": "5bbdaeff-ddee-44b9-b608-8d413d7d65a6" + }, + "ba503a1e-633e-4d0d-ba18-c9a9b1105b5b": { + "_id": "ba503a1e-633e-4d0d-ba18-c9a9b1105b5b", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "3cb43516-ae69-433a-8787-501d45db14e9" + }, + "d17ffaa1-2c61-4abd-9bb1-2559160d0a5c": { + "_id": "d17ffaa1-2c61-4abd-9bb1-2559160d0a5c", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "j00", + "enabled": true, + "entryNodeId": "513a2ab4-f0b8-4f94-b840-6fe14796cc84", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "01d3785f-7fb4-44a7-9458-72c380a9818f": { + "connections": { + "true": "3c1e8d61-0c48-44ba-86dc-52e9555b6aeb" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 348, + "y": 61 + }, + "39b48197-f4be-42b9-800a-866587b4b9b5": { + "connections": { + "true": "ba503a1e-633e-4d0d-ba18-c9a9b1105b5b" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 365, + "y": 252 + }, + "3c1e8d61-0c48-44ba-86dc-52e9555b6aeb": { + "connections": { + "true": "ba503a1e-633e-4d0d-ba18-c9a9b1105b5b" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 567, + "y": 64 + }, + "513a2ab4-f0b8-4f94-b840-6fe14796cc84": { + "connections": { + "level only": "39b48197-f4be-42b9-800a-866587b4b9b5", + "none": "ba503a1e-633e-4d0d-ba18-c9a9b1105b5b", + "shared and level": "01d3785f-7fb4-44a7-9458-72c380a9818f", + "shared only": "d17ffaa1-2c61-4abd-9bb1-2559160d0a5c" + }, + "displayName": "mode", + "nodeType": "ScriptedDecisionNode", + "x": 117, + "y": 117 + }, + "ba503a1e-633e-4d0d-ba18-c9a9b1105b5b": { + "connections": { + "true": "e301438c-0bd0-429c-ab0c-66126501069a" + }, + "displayName": "debug", + "nodeType": "ScriptedDecisionNode", + "x": 760, + "y": 137 + }, + "d17ffaa1-2c61-4abd-9bb1-2559160d0a5c": { + "connections": { + "true": "ba503a1e-633e-4d0d-ba18-c9a9b1105b5b" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 338, + "y": 156 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 132, + "y": 364 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1000, + "y": 137 + }, + "startNode": { + "x": 0, + "y": 0 + } + }, + "uiConfig": { + "categories": "[]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j01.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j01.journey.json new file mode 100644 index 000000000..16d427bb9 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j01.journey.json @@ -0,0 +1,258 @@ +{ + "trees": { + "j01": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "6674b4ac-dd89-4e13-9440-6f81194e3a22": { + "_id": "6674b4ac-dd89-4e13-9440-6f81194e3a22", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "89ce5d57-82fa-4d58-8d15-0329f7dbd7e7": { + "_id": "89ce5d57-82fa-4d58-8d15-0329f7dbd7e7", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "bb1e96af-f316-4eb0-b1c6-36b3f1af9e35": { + "_id": "bb1e96af-f316-4eb0-b1c6-36b3f1af9e35", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator" + }, + "tree": "j00" + }, + "bdfbe97c-1ff4-4162-85bc-47f6f14b2c66": { + "_id": "bdfbe97c-1ff4-4162-85bc-47f6f14b2c66", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "e92d5139-b8a6-43dc-9b13-95ba1d0dc53c": { + "_id": "e92d5139-b8a6-43dc-9b13-95ba1d0dc53c", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "f129f0df-b49e-453b-97fb-db508e3893ce": { + "_id": "f129f0df-b49e-453b-97fb-db508e3893ce", + "_outcomes": [ + { + "displayName": "shared and level", + "id": "shared and level" + }, + { + "displayName": "shared only", + "id": "shared only" + }, + { + "displayName": "level only", + "id": "level only" + }, + { + "displayName": "none", + "id": "none" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*", + "mode", + "level" + ], + "outcomes": [ + "shared and level", + "shared only", + "level only", + "none" + ], + "outputs": [ + "*", + "mode", + "level" + ], + "script": "5bbdaeff-ddee-44b9-b608-8d413d7d65a6" + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "j01", + "enabled": true, + "entryNodeId": "f129f0df-b49e-453b-97fb-db508e3893ce", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "6674b4ac-dd89-4e13-9440-6f81194e3a22": { + "connections": { + "true": "bb1e96af-f316-4eb0-b1c6-36b3f1af9e35" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 0, + "y": 0 + }, + "89ce5d57-82fa-4d58-8d15-0329f7dbd7e7": { + "connections": { + "true": "bdfbe97c-1ff4-4162-85bc-47f6f14b2c66" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 0, + "y": 0 + }, + "bb1e96af-f316-4eb0-b1c6-36b3f1af9e35": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e301438c-0bd0-429c-ab0c-66126501069a" + }, + "displayName": "nest", + "nodeType": "InnerTreeEvaluatorNode", + "x": 0, + "y": 0 + }, + "bdfbe97c-1ff4-4162-85bc-47f6f14b2c66": { + "connections": { + "true": "bb1e96af-f316-4eb0-b1c6-36b3f1af9e35" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 0, + "y": 0 + }, + "e92d5139-b8a6-43dc-9b13-95ba1d0dc53c": { + "connections": { + "true": "bb1e96af-f316-4eb0-b1c6-36b3f1af9e35" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 0, + "y": 0 + }, + "f129f0df-b49e-453b-97fb-db508e3893ce": { + "connections": { + "level only": "e92d5139-b8a6-43dc-9b13-95ba1d0dc53c", + "none": "bb1e96af-f316-4eb0-b1c6-36b3f1af9e35", + "shared and level": "89ce5d57-82fa-4d58-8d15-0329f7dbd7e7", + "shared only": "6674b4ac-dd89-4e13-9440-6f81194e3a22" + }, + "displayName": "mode", + "nodeType": "ScriptedDecisionNode", + "x": 0, + "y": 0 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1236, + "y": 145 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1236, + "y": 253 + }, + "startNode": { + "x": 50, + "y": 250 + } + }, + "uiConfig": { + "categories": "[]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j02.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j02.journey.json new file mode 100644 index 000000000..8030f9163 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j02.journey.json @@ -0,0 +1,258 @@ +{ + "trees": { + "j02": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "2dbd2d37-c659-48cf-8357-c9fc1166e3a7": { + "_id": "2dbd2d37-c659-48cf-8357-c9fc1166e3a7", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "4416aff7-3ebd-47e6-9831-c2f6bbe3ae24": { + "_id": "4416aff7-3ebd-47e6-9831-c2f6bbe3ae24", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "56899fef-92a1-4f2a-ade3-973c81eb3af1": { + "_id": "56899fef-92a1-4f2a-ade3-973c81eb3af1", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator" + }, + "tree": "j01" + }, + "59b06306-a886-443d-92df-7a27a60c394e": { + "_id": "59b06306-a886-443d-92df-7a27a60c394e", + "_outcomes": [ + { + "displayName": "shared and level", + "id": "shared and level" + }, + { + "displayName": "shared only", + "id": "shared only" + }, + { + "displayName": "level only", + "id": "level only" + }, + { + "displayName": "none", + "id": "none" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*", + "mode", + "level" + ], + "outcomes": [ + "shared and level", + "shared only", + "level only", + "none" + ], + "outputs": [ + "*", + "mode", + "level" + ], + "script": "5bbdaeff-ddee-44b9-b608-8d413d7d65a6" + }, + "cbb3d506-b267-4b99-9edd-363e90aac997": { + "_id": "cbb3d506-b267-4b99-9edd-363e90aac997", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "e0983ead-4918-48f6-858d-9aff0f03759c": { + "_id": "e0983ead-4918-48f6-858d-9aff0f03759c", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "j02", + "enabled": true, + "entryNodeId": "59b06306-a886-443d-92df-7a27a60c394e", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "2dbd2d37-c659-48cf-8357-c9fc1166e3a7": { + "connections": { + "true": "56899fef-92a1-4f2a-ade3-973c81eb3af1" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 598, + "y": 173.015625 + }, + "4416aff7-3ebd-47e6-9831-c2f6bbe3ae24": { + "connections": { + "true": "56899fef-92a1-4f2a-ade3-973c81eb3af1" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 395, + "y": 345.015625 + }, + "56899fef-92a1-4f2a-ade3-973c81eb3af1": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e301438c-0bd0-429c-ab0c-66126501069a" + }, + "displayName": "nest", + "nodeType": "InnerTreeEvaluatorNode", + "x": 816, + "y": 233.015625 + }, + "59b06306-a886-443d-92df-7a27a60c394e": { + "connections": { + "level only": "4416aff7-3ebd-47e6-9831-c2f6bbe3ae24", + "none": "56899fef-92a1-4f2a-ade3-973c81eb3af1", + "shared and level": "e0983ead-4918-48f6-858d-9aff0f03759c", + "shared only": "cbb3d506-b267-4b99-9edd-363e90aac997" + }, + "displayName": "mode", + "nodeType": "ScriptedDecisionNode", + "x": 167, + "y": 210.015625 + }, + "cbb3d506-b267-4b99-9edd-363e90aac997": { + "connections": { + "true": "56899fef-92a1-4f2a-ade3-973c81eb3af1" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 393, + "y": 259.015625 + }, + "e0983ead-4918-48f6-858d-9aff0f03759c": { + "connections": { + "true": "2dbd2d37-c659-48cf-8357-c9fc1166e3a7" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 392, + "y": 173.015625 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1236, + "y": 145 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1236, + "y": 253 + }, + "startNode": { + "x": 50, + "y": 250 + } + }, + "uiConfig": { + "categories": "[]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j03.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j03.journey.json new file mode 100644 index 000000000..153934ea0 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j03.journey.json @@ -0,0 +1,258 @@ +{ + "trees": { + "j03": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "35a4f94b-c895-46b9-bc0a-93cf59233759": { + "_id": "35a4f94b-c895-46b9-bc0a-93cf59233759", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "3a92300d-6d64-451d-8156-30cb51781026": { + "_id": "3a92300d-6d64-451d-8156-30cb51781026", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "6f9de973-9ed4-41f5-b43d-4036041e2b96": { + "_id": "6f9de973-9ed4-41f5-b43d-4036041e2b96", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "bcb8c535-5ecd-4d3d-b970-26816de96bf2": { + "_id": "bcb8c535-5ecd-4d3d-b970-26816de96bf2", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator" + }, + "tree": "j02" + }, + "e0cfbd13-6f1e-4924-9d2d-0f7c23507172": { + "_id": "e0cfbd13-6f1e-4924-9d2d-0f7c23507172", + "_outcomes": [ + { + "displayName": "shared and level", + "id": "shared and level" + }, + { + "displayName": "shared only", + "id": "shared only" + }, + { + "displayName": "level only", + "id": "level only" + }, + { + "displayName": "none", + "id": "none" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*", + "mode", + "level" + ], + "outcomes": [ + "shared and level", + "shared only", + "level only", + "none" + ], + "outputs": [ + "*", + "mode", + "level" + ], + "script": "5bbdaeff-ddee-44b9-b608-8d413d7d65a6" + }, + "fae7424e-13c9-45bd-b3a2-045773671a3f": { + "_id": "fae7424e-13c9-45bd-b3a2-045773671a3f", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "j03", + "enabled": true, + "entryNodeId": "e0cfbd13-6f1e-4924-9d2d-0f7c23507172", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "35a4f94b-c895-46b9-bc0a-93cf59233759": { + "connections": { + "true": "bcb8c535-5ecd-4d3d-b970-26816de96bf2" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 395, + "y": 345.015625 + }, + "3a92300d-6d64-451d-8156-30cb51781026": { + "connections": { + "true": "bcb8c535-5ecd-4d3d-b970-26816de96bf2" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 598, + "y": 173.015625 + }, + "6f9de973-9ed4-41f5-b43d-4036041e2b96": { + "connections": { + "true": "3a92300d-6d64-451d-8156-30cb51781026" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 392, + "y": 173.015625 + }, + "bcb8c535-5ecd-4d3d-b970-26816de96bf2": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e301438c-0bd0-429c-ab0c-66126501069a" + }, + "displayName": "nest", + "nodeType": "InnerTreeEvaluatorNode", + "x": 816, + "y": 233.015625 + }, + "e0cfbd13-6f1e-4924-9d2d-0f7c23507172": { + "connections": { + "level only": "35a4f94b-c895-46b9-bc0a-93cf59233759", + "none": "bcb8c535-5ecd-4d3d-b970-26816de96bf2", + "shared and level": "6f9de973-9ed4-41f5-b43d-4036041e2b96", + "shared only": "fae7424e-13c9-45bd-b3a2-045773671a3f" + }, + "displayName": "mode", + "nodeType": "ScriptedDecisionNode", + "x": 167, + "y": 210.015625 + }, + "fae7424e-13c9-45bd-b3a2-045773671a3f": { + "connections": { + "true": "bcb8c535-5ecd-4d3d-b970-26816de96bf2" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 393, + "y": 259.015625 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1236, + "y": 145 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1236, + "y": 253 + }, + "startNode": { + "x": 50, + "y": 250 + } + }, + "uiConfig": { + "categories": "[]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j04.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j04.journey.json new file mode 100644 index 000000000..b3c4cd5e0 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j04.journey.json @@ -0,0 +1,258 @@ +{ + "trees": { + "j04": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "00e75aa0-2f9b-4895-9257-d515286fd64b": { + "_id": "00e75aa0-2f9b-4895-9257-d515286fd64b", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator" + }, + "tree": "j03" + }, + "040b6c89-313b-4664-92e0-6732017384b8": { + "_id": "040b6c89-313b-4664-92e0-6732017384b8", + "_outcomes": [ + { + "displayName": "shared and level", + "id": "shared and level" + }, + { + "displayName": "shared only", + "id": "shared only" + }, + { + "displayName": "level only", + "id": "level only" + }, + { + "displayName": "none", + "id": "none" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*", + "mode", + "level" + ], + "outcomes": [ + "shared and level", + "shared only", + "level only", + "none" + ], + "outputs": [ + "*", + "mode", + "level" + ], + "script": "5bbdaeff-ddee-44b9-b608-8d413d7d65a6" + }, + "69ae8ec1-de43-44ac-98e5-733db80ac176": { + "_id": "69ae8ec1-de43-44ac-98e5-733db80ac176", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "9603ef52-30f0-4ddc-b3c0-28dac83c7bdb": { + "_id": "9603ef52-30f0-4ddc-b3c0-28dac83c7bdb", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "d10104e9-1f8d-4da6-a110-28d879d13959": { + "_id": "d10104e9-1f8d-4da6-a110-28d879d13959", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "f5c317ce-fabd-4a10-9907-c71cea037844": { + "_id": "f5c317ce-fabd-4a10-9907-c71cea037844", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "j04", + "enabled": true, + "entryNodeId": "040b6c89-313b-4664-92e0-6732017384b8", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "00e75aa0-2f9b-4895-9257-d515286fd64b": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e301438c-0bd0-429c-ab0c-66126501069a" + }, + "displayName": "nest", + "nodeType": "InnerTreeEvaluatorNode", + "x": 816, + "y": 233.015625 + }, + "040b6c89-313b-4664-92e0-6732017384b8": { + "connections": { + "level only": "d10104e9-1f8d-4da6-a110-28d879d13959", + "none": "00e75aa0-2f9b-4895-9257-d515286fd64b", + "shared and level": "f5c317ce-fabd-4a10-9907-c71cea037844", + "shared only": "9603ef52-30f0-4ddc-b3c0-28dac83c7bdb" + }, + "displayName": "mode", + "nodeType": "ScriptedDecisionNode", + "x": 167, + "y": 210.015625 + }, + "69ae8ec1-de43-44ac-98e5-733db80ac176": { + "connections": { + "true": "00e75aa0-2f9b-4895-9257-d515286fd64b" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 598, + "y": 173.015625 + }, + "9603ef52-30f0-4ddc-b3c0-28dac83c7bdb": { + "connections": { + "true": "00e75aa0-2f9b-4895-9257-d515286fd64b" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 393, + "y": 259.015625 + }, + "d10104e9-1f8d-4da6-a110-28d879d13959": { + "connections": { + "true": "00e75aa0-2f9b-4895-9257-d515286fd64b" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 395, + "y": 345.015625 + }, + "f5c317ce-fabd-4a10-9907-c71cea037844": { + "connections": { + "true": "69ae8ec1-de43-44ac-98e5-733db80ac176" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 392, + "y": 173.015625 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1236, + "y": 145 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1236, + "y": 253 + }, + "startNode": { + "x": 50, + "y": 250 + } + }, + "uiConfig": { + "categories": "[]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j05.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j05.journey.json new file mode 100644 index 000000000..e2e3d227c --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j05.journey.json @@ -0,0 +1,258 @@ +{ + "trees": { + "j05": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "11f1c31c-50a9-4717-8213-420f6932481f": { + "_id": "11f1c31c-50a9-4717-8213-420f6932481f", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "3c106772-ace7-4808-8f3a-9840de8f67f0": { + "_id": "3c106772-ace7-4808-8f3a-9840de8f67f0", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "622179cb-98f1-484a-820d-9a0df6e45e95": { + "_id": "622179cb-98f1-484a-820d-9a0df6e45e95", + "_outcomes": [ + { + "displayName": "shared and level", + "id": "shared and level" + }, + { + "displayName": "shared only", + "id": "shared only" + }, + { + "displayName": "level only", + "id": "level only" + }, + { + "displayName": "none", + "id": "none" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*", + "mode", + "level" + ], + "outcomes": [ + "shared and level", + "shared only", + "level only", + "none" + ], + "outputs": [ + "*", + "mode", + "level" + ], + "script": "5bbdaeff-ddee-44b9-b608-8d413d7d65a6" + }, + "a0782616-84b7-4bf5-87ed-a01fb3018563": { + "_id": "a0782616-84b7-4bf5-87ed-a01fb3018563", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "e90ae257-c279-46e0-9b43-5ecd89784d77": { + "_id": "e90ae257-c279-46e0-9b43-5ecd89784d77", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "f17ecb7c-abc3-4523-9943-4cbdd90305cb": { + "_id": "f17ecb7c-abc3-4523-9943-4cbdd90305cb", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator" + }, + "tree": "j04" + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "j05", + "enabled": true, + "entryNodeId": "622179cb-98f1-484a-820d-9a0df6e45e95", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "11f1c31c-50a9-4717-8213-420f6932481f": { + "connections": { + "true": "e90ae257-c279-46e0-9b43-5ecd89784d77" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 392, + "y": 173.015625 + }, + "3c106772-ace7-4808-8f3a-9840de8f67f0": { + "connections": { + "true": "f17ecb7c-abc3-4523-9943-4cbdd90305cb" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 395, + "y": 345.015625 + }, + "622179cb-98f1-484a-820d-9a0df6e45e95": { + "connections": { + "level only": "3c106772-ace7-4808-8f3a-9840de8f67f0", + "none": "f17ecb7c-abc3-4523-9943-4cbdd90305cb", + "shared and level": "11f1c31c-50a9-4717-8213-420f6932481f", + "shared only": "a0782616-84b7-4bf5-87ed-a01fb3018563" + }, + "displayName": "mode", + "nodeType": "ScriptedDecisionNode", + "x": 167, + "y": 210.015625 + }, + "a0782616-84b7-4bf5-87ed-a01fb3018563": { + "connections": { + "true": "f17ecb7c-abc3-4523-9943-4cbdd90305cb" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 393, + "y": 259.015625 + }, + "e90ae257-c279-46e0-9b43-5ecd89784d77": { + "connections": { + "true": "f17ecb7c-abc3-4523-9943-4cbdd90305cb" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 598, + "y": 173.015625 + }, + "f17ecb7c-abc3-4523-9943-4cbdd90305cb": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e301438c-0bd0-429c-ab0c-66126501069a" + }, + "displayName": "nest", + "nodeType": "InnerTreeEvaluatorNode", + "x": 816, + "y": 232.015625 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1236, + "y": 145 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1236, + "y": 253 + }, + "startNode": { + "x": 50, + "y": 250 + } + }, + "uiConfig": { + "categories": "[]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j06.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j06.journey.json new file mode 100644 index 000000000..0fdc6d261 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j06.journey.json @@ -0,0 +1,258 @@ +{ + "trees": { + "j06": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "1d59caff-243c-45bd-b7d0-6dcc563989c5": { + "_id": "1d59caff-243c-45bd-b7d0-6dcc563989c5", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "2de08e9e-bf7b-4fa1-8265-59a8e4a3f7c3": { + "_id": "2de08e9e-bf7b-4fa1-8265-59a8e4a3f7c3", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "409c251f-c23b-411d-9009-d3b3d26d1b90": { + "_id": "409c251f-c23b-411d-9009-d3b3d26d1b90", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator" + }, + "tree": "j05" + }, + "44b8651c-7c1e-41f1-b9a6-2e441b0ce05a": { + "_id": "44b8651c-7c1e-41f1-b9a6-2e441b0ce05a", + "_outcomes": [ + { + "displayName": "shared and level", + "id": "shared and level" + }, + { + "displayName": "shared only", + "id": "shared only" + }, + { + "displayName": "level only", + "id": "level only" + }, + { + "displayName": "none", + "id": "none" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*", + "mode", + "level" + ], + "outcomes": [ + "shared and level", + "shared only", + "level only", + "none" + ], + "outputs": [ + "*", + "mode", + "level" + ], + "script": "5bbdaeff-ddee-44b9-b608-8d413d7d65a6" + }, + "da878771-421c-463f-aad7-4d5f2ad5e59a": { + "_id": "da878771-421c-463f-aad7-4d5f2ad5e59a", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "fe8f27df-8a27-4d88-9196-834ce398b2b7": { + "_id": "fe8f27df-8a27-4d88-9196-834ce398b2b7", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "j06", + "enabled": true, + "entryNodeId": "44b8651c-7c1e-41f1-b9a6-2e441b0ce05a", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "1d59caff-243c-45bd-b7d0-6dcc563989c5": { + "connections": { + "true": "2de08e9e-bf7b-4fa1-8265-59a8e4a3f7c3" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 392, + "y": 173.015625 + }, + "2de08e9e-bf7b-4fa1-8265-59a8e4a3f7c3": { + "connections": { + "true": "409c251f-c23b-411d-9009-d3b3d26d1b90" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 598, + "y": 173.015625 + }, + "409c251f-c23b-411d-9009-d3b3d26d1b90": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e301438c-0bd0-429c-ab0c-66126501069a" + }, + "displayName": "nest", + "nodeType": "InnerTreeEvaluatorNode", + "x": 816, + "y": 232.015625 + }, + "44b8651c-7c1e-41f1-b9a6-2e441b0ce05a": { + "connections": { + "level only": "fe8f27df-8a27-4d88-9196-834ce398b2b7", + "none": "409c251f-c23b-411d-9009-d3b3d26d1b90", + "shared and level": "1d59caff-243c-45bd-b7d0-6dcc563989c5", + "shared only": "da878771-421c-463f-aad7-4d5f2ad5e59a" + }, + "displayName": "mode", + "nodeType": "ScriptedDecisionNode", + "x": 167, + "y": 210.015625 + }, + "da878771-421c-463f-aad7-4d5f2ad5e59a": { + "connections": { + "true": "409c251f-c23b-411d-9009-d3b3d26d1b90" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 393, + "y": 259.015625 + }, + "fe8f27df-8a27-4d88-9196-834ce398b2b7": { + "connections": { + "true": "409c251f-c23b-411d-9009-d3b3d26d1b90" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 395, + "y": 345.015625 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1236, + "y": 145 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1236, + "y": 253 + }, + "startNode": { + "x": 50, + "y": 250 + } + }, + "uiConfig": { + "categories": "[]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j07.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j07.journey.json new file mode 100644 index 000000000..b07aab0c6 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j07.journey.json @@ -0,0 +1,258 @@ +{ + "trees": { + "j07": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "13b12fe6-cf53-46a4-a83d-0a3c1fda814f": { + "_id": "13b12fe6-cf53-46a4-a83d-0a3c1fda814f", + "_outcomes": [ + { + "displayName": "shared and level", + "id": "shared and level" + }, + { + "displayName": "shared only", + "id": "shared only" + }, + { + "displayName": "level only", + "id": "level only" + }, + { + "displayName": "none", + "id": "none" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*", + "mode", + "level" + ], + "outcomes": [ + "shared and level", + "shared only", + "level only", + "none" + ], + "outputs": [ + "*", + "mode", + "level" + ], + "script": "5bbdaeff-ddee-44b9-b608-8d413d7d65a6" + }, + "ac6ee166-73c0-4f73-b8db-4fe8ff6a25c0": { + "_id": "ac6ee166-73c0-4f73-b8db-4fe8ff6a25c0", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "d90dd9f8-8b12-4e90-abaf-228ecc0174a7": { + "_id": "d90dd9f8-8b12-4e90-abaf-228ecc0174a7", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "d9a06d3a-7e3f-4244-9a32-63ffa0d26e00": { + "_id": "d9a06d3a-7e3f-4244-9a32-63ffa0d26e00", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "e62d7a4d-2012-4a2a-a6ef-d6a0e0d552d9": { + "_id": "e62d7a4d-2012-4a2a-a6ef-d6a0e0d552d9", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator" + }, + "tree": "j06" + }, + "f2fe740c-cd75-460a-8baa-fe4b52ecc947": { + "_id": "f2fe740c-cd75-460a-8baa-fe4b52ecc947", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "j07", + "enabled": true, + "entryNodeId": "13b12fe6-cf53-46a4-a83d-0a3c1fda814f", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "13b12fe6-cf53-46a4-a83d-0a3c1fda814f": { + "connections": { + "level only": "d90dd9f8-8b12-4e90-abaf-228ecc0174a7", + "none": "e62d7a4d-2012-4a2a-a6ef-d6a0e0d552d9", + "shared and level": "d9a06d3a-7e3f-4244-9a32-63ffa0d26e00", + "shared only": "ac6ee166-73c0-4f73-b8db-4fe8ff6a25c0" + }, + "displayName": "mode", + "nodeType": "ScriptedDecisionNode", + "x": 167, + "y": 210.015625 + }, + "ac6ee166-73c0-4f73-b8db-4fe8ff6a25c0": { + "connections": { + "true": "e62d7a4d-2012-4a2a-a6ef-d6a0e0d552d9" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 393, + "y": 259.015625 + }, + "d90dd9f8-8b12-4e90-abaf-228ecc0174a7": { + "connections": { + "true": "e62d7a4d-2012-4a2a-a6ef-d6a0e0d552d9" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 395, + "y": 345.015625 + }, + "d9a06d3a-7e3f-4244-9a32-63ffa0d26e00": { + "connections": { + "true": "f2fe740c-cd75-460a-8baa-fe4b52ecc947" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 392, + "y": 173.015625 + }, + "e62d7a4d-2012-4a2a-a6ef-d6a0e0d552d9": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e301438c-0bd0-429c-ab0c-66126501069a" + }, + "displayName": "nest", + "nodeType": "InnerTreeEvaluatorNode", + "x": 816, + "y": 232.015625 + }, + "f2fe740c-cd75-460a-8baa-fe4b52ecc947": { + "connections": { + "true": "e62d7a4d-2012-4a2a-a6ef-d6a0e0d552d9" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 598, + "y": 173.015625 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1236, + "y": 145 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1236, + "y": 253 + }, + "startNode": { + "x": 50, + "y": 250 + } + }, + "uiConfig": { + "categories": "[]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j08.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j08.journey.json new file mode 100644 index 000000000..3fc412341 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j08.journey.json @@ -0,0 +1,258 @@ +{ + "trees": { + "j08": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "042b600b-71cb-45a8-93ae-a6f57b16a6e5": { + "_id": "042b600b-71cb-45a8-93ae-a6f57b16a6e5", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "66026170-5088-4fcd-a6c8-ed89d7a5c79d": { + "_id": "66026170-5088-4fcd-a6c8-ed89d7a5c79d", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator" + }, + "tree": "j07" + }, + "8096649e-973e-4209-88ce-e1d87ae2bb96": { + "_id": "8096649e-973e-4209-88ce-e1d87ae2bb96", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "87ced99b-bfa5-40d4-ba07-c8fc31f6cc6d": { + "_id": "87ced99b-bfa5-40d4-ba07-c8fc31f6cc6d", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "948e21f4-c512-450a-9d42-e0d629217834": { + "_id": "948e21f4-c512-450a-9d42-e0d629217834", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "d429b2b5-b215-46a5-b239-4994df65cb8b": { + "_id": "d429b2b5-b215-46a5-b239-4994df65cb8b", + "_outcomes": [ + { + "displayName": "shared and level", + "id": "shared and level" + }, + { + "displayName": "shared only", + "id": "shared only" + }, + { + "displayName": "level only", + "id": "level only" + }, + { + "displayName": "none", + "id": "none" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*", + "mode", + "level" + ], + "outcomes": [ + "shared and level", + "shared only", + "level only", + "none" + ], + "outputs": [ + "*", + "mode", + "level" + ], + "script": "5bbdaeff-ddee-44b9-b608-8d413d7d65a6" + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "j08", + "enabled": true, + "entryNodeId": "d429b2b5-b215-46a5-b239-4994df65cb8b", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "042b600b-71cb-45a8-93ae-a6f57b16a6e5": { + "connections": { + "true": "87ced99b-bfa5-40d4-ba07-c8fc31f6cc6d" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 392, + "y": 173.015625 + }, + "66026170-5088-4fcd-a6c8-ed89d7a5c79d": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e301438c-0bd0-429c-ab0c-66126501069a" + }, + "displayName": "nest", + "nodeType": "InnerTreeEvaluatorNode", + "x": 816, + "y": 232.015625 + }, + "8096649e-973e-4209-88ce-e1d87ae2bb96": { + "connections": { + "true": "66026170-5088-4fcd-a6c8-ed89d7a5c79d" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 395, + "y": 345.015625 + }, + "87ced99b-bfa5-40d4-ba07-c8fc31f6cc6d": { + "connections": { + "true": "66026170-5088-4fcd-a6c8-ed89d7a5c79d" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 598, + "y": 173.015625 + }, + "948e21f4-c512-450a-9d42-e0d629217834": { + "connections": { + "true": "66026170-5088-4fcd-a6c8-ed89d7a5c79d" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 393, + "y": 259.015625 + }, + "d429b2b5-b215-46a5-b239-4994df65cb8b": { + "connections": { + "level only": "8096649e-973e-4209-88ce-e1d87ae2bb96", + "none": "66026170-5088-4fcd-a6c8-ed89d7a5c79d", + "shared and level": "042b600b-71cb-45a8-93ae-a6f57b16a6e5", + "shared only": "948e21f4-c512-450a-9d42-e0d629217834" + }, + "displayName": "mode", + "nodeType": "ScriptedDecisionNode", + "x": 167, + "y": 210.015625 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1236, + "y": 145 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1236, + "y": 253 + }, + "startNode": { + "x": 50, + "y": 250 + } + }, + "uiConfig": { + "categories": "[]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j09.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j09.journey.json new file mode 100644 index 000000000..982c702eb --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j09.journey.json @@ -0,0 +1,258 @@ +{ + "trees": { + "j09": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "251f35c3-1a32-4520-be10-1f4af9600935": { + "_id": "251f35c3-1a32-4520-be10-1f4af9600935", + "_outcomes": [ + { + "displayName": "shared and level", + "id": "shared and level" + }, + { + "displayName": "shared only", + "id": "shared only" + }, + { + "displayName": "level only", + "id": "level only" + }, + { + "displayName": "none", + "id": "none" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*", + "mode", + "level" + ], + "outcomes": [ + "shared and level", + "shared only", + "level only", + "none" + ], + "outputs": [ + "*", + "mode", + "level" + ], + "script": "5bbdaeff-ddee-44b9-b608-8d413d7d65a6" + }, + "56b82371-0c61-4dc3-8d06-c1158415b8f9": { + "_id": "56b82371-0c61-4dc3-8d06-c1158415b8f9", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "6df24fdd-0b6c-4def-bf42-77af998f28b8": { + "_id": "6df24fdd-0b6c-4def-bf42-77af998f28b8", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator" + }, + "tree": "j08" + }, + "8c5e9cb5-471b-4dd6-b150-ecaaeda98195": { + "_id": "8c5e9cb5-471b-4dd6-b150-ecaaeda98195", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "bb294e05-6b6b-4478-b46f-b8d9e7711c66": { + "_id": "bb294e05-6b6b-4478-b46f-b8d9e7711c66", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "f57cf53c-b4c6-48f7-84e8-91f535a2e8f8": { + "_id": "f57cf53c-b4c6-48f7-84e8-91f535a2e8f8", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "j09", + "enabled": true, + "entryNodeId": "251f35c3-1a32-4520-be10-1f4af9600935", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "251f35c3-1a32-4520-be10-1f4af9600935": { + "connections": { + "level only": "56b82371-0c61-4dc3-8d06-c1158415b8f9", + "none": "6df24fdd-0b6c-4def-bf42-77af998f28b8", + "shared and level": "8c5e9cb5-471b-4dd6-b150-ecaaeda98195", + "shared only": "f57cf53c-b4c6-48f7-84e8-91f535a2e8f8" + }, + "displayName": "mode", + "nodeType": "ScriptedDecisionNode", + "x": 167, + "y": 210.015625 + }, + "56b82371-0c61-4dc3-8d06-c1158415b8f9": { + "connections": { + "true": "6df24fdd-0b6c-4def-bf42-77af998f28b8" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 395, + "y": 345.015625 + }, + "6df24fdd-0b6c-4def-bf42-77af998f28b8": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e301438c-0bd0-429c-ab0c-66126501069a" + }, + "displayName": "nest", + "nodeType": "InnerTreeEvaluatorNode", + "x": 816, + "y": 233.015625 + }, + "8c5e9cb5-471b-4dd6-b150-ecaaeda98195": { + "connections": { + "true": "bb294e05-6b6b-4478-b46f-b8d9e7711c66" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 392, + "y": 173.015625 + }, + "bb294e05-6b6b-4478-b46f-b8d9e7711c66": { + "connections": { + "true": "6df24fdd-0b6c-4def-bf42-77af998f28b8" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 598, + "y": 173.015625 + }, + "f57cf53c-b4c6-48f7-84e8-91f535a2e8f8": { + "connections": { + "true": "6df24fdd-0b6c-4def-bf42-77af998f28b8" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 393, + "y": 259.015625 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1236, + "y": 145 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1236, + "y": 253 + }, + "startNode": { + "x": 50, + "y": 250 + } + }, + "uiConfig": { + "categories": "[]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j10.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j10.journey.json new file mode 100644 index 000000000..8447b15bd --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/j10.journey.json @@ -0,0 +1,258 @@ +{ + "trees": { + "j10": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": { + "300feda0-3248-49a9-b60f-01df802b2229": { + "_id": "300feda0-3248-49a9-b60f-01df802b2229", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "40afb384-e9b6-4dcb-acde-04de109474c8": { + "_id": "40afb384-e9b6-4dcb-acde-04de109474c8", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "8d7d64ee-da20-461f-a2ca-206b7479dd67": { + "_id": "8d7d64ee-da20-461f-a2ca-206b7479dd67", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "41c24257-d7fc-4654-8b46-c2666dc5b56d" + }, + "97ef9d96-99e7-4d2d-b6c6-4177b5397ead": { + "_id": "97ef9d96-99e7-4d2d-b6c6-4177b5397ead", + "_outcomes": [ + { + "displayName": "true", + "id": "true" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*" + ], + "outcomes": [ + "true" + ], + "outputs": [ + "*" + ], + "script": "1b52a7e0-4019-40fa-958a-15a49870e901" + }, + "c7fcf7ae-1ab5-474b-b5b0-272e10468fbd": { + "_id": "c7fcf7ae-1ab5-474b-b5b0-272e10468fbd", + "_outcomes": [ + { + "displayName": "True", + "id": "true" + }, + { + "displayName": "False", + "id": "false" + } + ], + "_type": { + "_id": "InnerTreeEvaluatorNode", + "collection": true, + "name": "Inner Tree Evaluator" + }, + "tree": "j09" + }, + "c91d626e-1156-41bd-b1fb-d292f640fba6": { + "_id": "c91d626e-1156-41bd-b1fb-d292f640fba6", + "_outcomes": [ + { + "displayName": "shared and level", + "id": "shared and level" + }, + { + "displayName": "shared only", + "id": "shared only" + }, + { + "displayName": "level only", + "id": "level only" + }, + { + "displayName": "none", + "id": "none" + } + ], + "_type": { + "_id": "ScriptedDecisionNode", + "collection": true, + "name": "Scripted Decision" + }, + "inputs": [ + "*", + "mode", + "level" + ], + "outcomes": [ + "shared and level", + "shared only", + "level only", + "none" + ], + "outputs": [ + "*", + "mode", + "level" + ], + "script": "5bbdaeff-ddee-44b9-b608-8d413d7d65a6" + } + }, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "j10", + "enabled": true, + "entryNodeId": "c91d626e-1156-41bd-b1fb-d292f640fba6", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": { + "300feda0-3248-49a9-b60f-01df802b2229": { + "connections": { + "true": "c7fcf7ae-1ab5-474b-b5b0-272e10468fbd" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 395, + "y": 345.015625 + }, + "40afb384-e9b6-4dcb-acde-04de109474c8": { + "connections": { + "true": "c7fcf7ae-1ab5-474b-b5b0-272e10468fbd" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 393, + "y": 259.015625 + }, + "8d7d64ee-da20-461f-a2ca-206b7479dd67": { + "connections": { + "true": "c7fcf7ae-1ab5-474b-b5b0-272e10468fbd" + }, + "displayName": "level", + "nodeType": "ScriptedDecisionNode", + "x": 598, + "y": 173.015625 + }, + "97ef9d96-99e7-4d2d-b6c6-4177b5397ead": { + "connections": { + "true": "8d7d64ee-da20-461f-a2ca-206b7479dd67" + }, + "displayName": "shared", + "nodeType": "ScriptedDecisionNode", + "x": 392, + "y": 173.015625 + }, + "c7fcf7ae-1ab5-474b-b5b0-272e10468fbd": { + "connections": { + "false": "e301438c-0bd0-429c-ab0c-66126501069a", + "true": "e301438c-0bd0-429c-ab0c-66126501069a" + }, + "displayName": "nest", + "nodeType": "InnerTreeEvaluatorNode", + "x": 816, + "y": 233.015625 + }, + "c91d626e-1156-41bd-b1fb-d292f640fba6": { + "connections": { + "level only": "300feda0-3248-49a9-b60f-01df802b2229", + "none": "c7fcf7ae-1ab5-474b-b5b0-272e10468fbd", + "shared and level": "97ef9d96-99e7-4d2d-b6c6-4177b5397ead", + "shared only": "40afb384-e9b6-4dcb-acde-04de109474c8" + }, + "displayName": "mode", + "nodeType": "ScriptedDecisionNode", + "x": 167, + "y": 210.015625 + } + }, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 1236, + "y": 145 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 1236, + "y": 253 + }, + "startNode": { + "x": 50, + "y": 250 + } + }, + "uiConfig": { + "categories": "[]" + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/journey/test.journey.json b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/test.journey.json new file mode 100644 index 000000000..0ed5692bc --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/journey/test.journey.json @@ -0,0 +1,38 @@ +{ + "trees": { + "test": { + "circlesOfTrust": {}, + "emailTemplates": {}, + "innerNodes": {}, + "nodes": {}, + "saml2Entities": {}, + "scripts": {}, + "socialIdentityProviders": {}, + "themes": [], + "tree": { + "_id": "test", + "enabled": true, + "entryNodeId": "d26176be-ea6f-4f2a-81cd-3d41dd6cee4d", + "identityResource": "managed/alpha_user", + "innerTreeOnly": false, + "mustRun": false, + "nodes": {}, + "staticNodes": { + "70e691a5-1e33-4ac3-a356-e7b6d60d92e0": { + "x": 50, + "y": 117 + }, + "e301438c-0bd0-429c-ab0c-66126501069a": { + "x": 152, + "y": 25 + }, + "startNode": { + "x": 50, + "y": 25 + } + }, + "uiConfig": {} + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/0b48992b-a2dd-4ed5-8b07-1fc5d7306da8.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/0b48992b-a2dd-4ed5-8b07-1fc5d7306da8.oauth2.app.json new file mode 100644 index 000000000..6c67c15e4 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/0b48992b-a2dd-4ed5-8b07-1fc5d7306da8.oauth2.app.json @@ -0,0 +1,552 @@ +{ + "application": { + "0b48992b-a2dd-4ed5-8b07-1fc5d7306da8": { + "_id": "0b48992b-a2dd-4ed5-8b07-1fc5d7306da8", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [ + "Created by Frodo on 3/20/2024, 9:30:37 AM" + ], + "grantTypes": [ + "client_credentials" + ], + "isConsentImplied": true, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "Public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 315360000, + "authorizationCodeLifetime": 120, + "clientName": [ + "0b48992b-a2dd-4ed5-8b07-1fc5d7306da8" + ], + "clientType": "Confidential", + "defaultScopes": [ + "fr:idm:*" + ], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 604800, + "scopes": [ + "fr:idm:*", + "fr:idc:esv:*", + "dynamic_client_registration" + ], + "status": "Active", + "userpassword": null + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 3600, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]" + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/49a2981c-e192-4739-a0e6-c7582168bdf5.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/49a2981c-e192-4739-a0e6-c7582168bdf5.oauth2.app.json new file mode 100644 index 000000000..57ae91167 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/49a2981c-e192-4739-a0e6-c7582168bdf5.oauth2.app.json @@ -0,0 +1,555 @@ +{ + "application": { + "49a2981c-e192-4739-a0e6-c7582168bdf5": { + "_id": "49a2981c-e192-4739-a0e6-c7582168bdf5", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [ + "Created by Frodo on 5/13/2023, 8:07:37 PM" + ], + "grantTypes": [ + "client_credentials" + ], + "isConsentImplied": true, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "Public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 3600, + "agentgroup": null, + "authorizationCodeLifetime": 120, + "clientName": [ + "49a2981c-e192-4739-a0e6-c7582168bdf5" + ], + "clientType": "Confidential", + "defaultScopes": [ + "fr:idm:*" + ], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 604800, + "scopes": [ + "fr:idm:*", + "fr:idc:esv:*", + "dynamic_client_registration" + ], + "status": "Active" + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 3600, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "accessTokenModifierClass": null, + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "customLoginUrlTemplate": null, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]" + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/60b7b032-68fc-45ed-98ca-262c1985fb7e.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/60b7b032-68fc-45ed-98ca-262c1985fb7e.oauth2.app.json new file mode 100644 index 000000000..c63fb6db8 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/60b7b032-68fc-45ed-98ca-262c1985fb7e.oauth2.app.json @@ -0,0 +1,552 @@ +{ + "application": { + "60b7b032-68fc-45ed-98ca-262c1985fb7e": { + "_id": "60b7b032-68fc-45ed-98ca-262c1985fb7e", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [ + "Created by Frodo on 3/20/2024, 8:09:47 AM" + ], + "grantTypes": [ + "client_credentials" + ], + "isConsentImplied": true, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "Public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 315360000, + "authorizationCodeLifetime": 120, + "clientName": [ + "60b7b032-68fc-45ed-98ca-262c1985fb7e" + ], + "clientType": "Confidential", + "defaultScopes": [ + "fr:idm:*" + ], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 604800, + "scopes": [ + "fr:idm:*", + "fr:idc:esv:*", + "dynamic_client_registration" + ], + "status": "Active", + "userpassword": null + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 3600, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]" + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/EncoreRCSClient.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/EncoreRCSClient.oauth2.app.json new file mode 100644 index 000000000..ca5ffdd11 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/EncoreRCSClient.oauth2.app.json @@ -0,0 +1,551 @@ +{ + "application": { + "EncoreRCSClient": { + "_id": "EncoreRCSClient", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "client_credentials" + ], + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "pairwise", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [ + "fr:idm:*" + ], + "status": "Active" + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]" + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/EncoreWindowsRCSClient.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/EncoreWindowsRCSClient.oauth2.app.json new file mode 100644 index 000000000..dea388796 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/EncoreWindowsRCSClient.oauth2.app.json @@ -0,0 +1,551 @@ +{ + "application": { + "EncoreWindowsRCSClient": { + "_id": "EncoreWindowsRCSClient", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "client_credentials" + ], + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "pairwise", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [ + "fr:idm:*" + ], + "status": "Active" + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]" + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/RCSClient.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/RCSClient.oauth2.app.json new file mode 100644 index 000000000..fb20c5c43 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/RCSClient.oauth2.app.json @@ -0,0 +1,555 @@ +{ + "application": { + "RCSClient": { + "_id": "RCSClient", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "client_credentials" + ], + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "Public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "agentgroup": null, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [ + "fr:idm:*" + ], + "status": "Active" + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "c234ba0b-58a1-4cfd-9567-09edde980745", + "accessTokenModifierClass": null, + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": true, + "customLoginUrlTemplate": null, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "1f389a3d-21cf-417c-a6d3-42ea620071f0", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": true, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]" + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": "http://am.fr-platform:80/am/oauth2/connect/jwk_uri", + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/baseline-ciba.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/baseline-ciba.oauth2.app.json new file mode 100644 index 000000000..d710c7691 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/baseline-ciba.oauth2.app.json @@ -0,0 +1,550 @@ +{ + "application": { + "baseline-ciba": { + "_id": "baseline-ciba", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "urn:openid:params:grant-type:ciba", + "authorization_code" + ], + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "token", + "id_token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "agentgroup": null, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [ + "openid", + "profile" + ], + "status": "Active" + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "accessTokenModifierClass": null, + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "customLoginUrlTemplate": null, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]" + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": "{\"keys\" :[{ \"kty\": \"EC\", \"d\": \"bXhBnmXPav9lgPPs6zavwlqbSmaMpdyeh564d0uNI8k\", \"use\": \"sig\", \"crv\": \"P-256\", \"kid\": \"mykey\", \"x\": \"E8IyIrUIBdMVAFhRIcNtDVUI8OTDDSs-LRziuBthM4s\", \"y\": \"1jH5o5B5hBeqARhYTMPl5l8CVNOFIVrvYd_TiFH6FkQ\" }]}", + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/baseline-device.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/baseline-device.oauth2.app.json new file mode 100644 index 000000000..0b1fb5877 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/baseline-device.oauth2.app.json @@ -0,0 +1,558 @@ +{ + "application": { + "baseline-device": { + "_id": "baseline-device", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "urn:ietf:params:oauth:grant-type:device_code" + ], + "isConsentImplied": true, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "none", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "agentgroup": null, + "authorizationCodeLifetime": 0, + "clientName": [ + "Streaming Services" + ], + "clientType": "Public", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [ + "openid", + "profile" + ], + "status": "Active" + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "accessTokenModifierClass": null, + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "customLoginUrlTemplate": null, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]" + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/baseline-ios-sdk.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/baseline-ios-sdk.oauth2.app.json new file mode 100644 index 000000000..8788e2d5a --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/baseline-ios-sdk.oauth2.app.json @@ -0,0 +1,559 @@ +{ + "application": { + "baseline-ios-sdk": { + "_id": "baseline-ios-sdk", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "authorization_code", + "refresh_token" + ], + "isConsentImplied": true, + "javascriptOrigins": [ + "forgerock://oidc_callback" + ], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "none", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "agentgroup": null, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Public", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [ + "forgerock://oidc_callback" + ], + "refreshTokenLifetime": 0, + "scopes": [ + "openid", + "profile", + "address", + "phone", + "email", + "fr:idm:*" + ], + "status": "Active" + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "accessTokenModifierClass": null, + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "customLoginUrlTemplate": null, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]" + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/baseline-web.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/baseline-web.oauth2.app.json new file mode 100644 index 000000000..0ad0d76a3 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/baseline-web.oauth2.app.json @@ -0,0 +1,565 @@ +{ + "application": { + "baseline-web": { + "_id": "baseline-web", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "authorization_code", + "refresh_token" + ], + "isConsentImplied": true, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "none", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "agentgroup": null, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Public", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [ + "https://sdkapp.example.com:8443", + "https://volker-demo.encore.forgerock.com/demo/webapp/en/home", + "https://volker-demo.encore.forgerock.com/demo/sdks", + "forgerock://oidc_callback" + ], + "refreshTokenLifetime": 0, + "scopes": [ + "openid", + "profile", + "address", + "phone", + "email", + "fr:idm:*" + ], + "status": "Active" + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [ + "https://sdkapp.example.com:8443", + "https://volker-demo.encore.forgerock.com/demo/webapp/en/home", + "https://volker-demo.encore.forgerock.com/demo/sdks", + "forgerock://oidc_callback" + ] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "accessTokenModifierClass": null, + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "customLoginUrlTemplate": null, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]" + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/da190d6b-0fcc-42aa-b890-0cef7486e6d4.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/da190d6b-0fcc-42aa-b890-0cef7486e6d4.oauth2.app.json new file mode 100644 index 000000000..881898b74 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/da190d6b-0fcc-42aa-b890-0cef7486e6d4.oauth2.app.json @@ -0,0 +1,552 @@ +{ + "application": { + "da190d6b-0fcc-42aa-b890-0cef7486e6d4": { + "_id": "da190d6b-0fcc-42aa-b890-0cef7486e6d4", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [ + "Created by Frodo on 3/20/2024, 9:46:11 AM" + ], + "grantTypes": [ + "client_credentials" + ], + "isConsentImplied": true, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "Public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 3600, + "authorizationCodeLifetime": 120, + "clientName": [ + "da190d6b-0fcc-42aa-b890-0cef7486e6d4" + ], + "clientType": "Confidential", + "defaultScopes": [ + "fr:idm:*" + ], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 604800, + "scopes": [ + "fr:idm:*", + "fr:idc:esv:*", + "dynamic_client_registration" + ], + "status": "Active", + "userpassword": null + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 3600, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]" + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/frodo-idm-access.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/frodo-idm-access.oauth2.app.json new file mode 100644 index 000000000..bbb0a8fb9 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/frodo-idm-access.oauth2.app.json @@ -0,0 +1,564 @@ +{ + "application": { + "frodo-idm-access": { + "_id": "frodo-idm-access", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [ + "Frodo IDM Access" + ], + "grantTypes": [ + "authorization_code" + ], + "isConsentImplied": true, + "javascriptOrigins": [ + "http://localhost:8712", + "https://openam-frodo-dev.forgeblocks.com", + "https://openam-frodo-dev.forgeblocks.com:443" + ], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "client_secret_post", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 3600, + "authorizationCodeLifetime": 120, + "clientName": [ + "frodo-idm-access" + ], + "clientType": "Public", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [ + "http://localhost:8712/frodo", + "https://openam-frodo-dev.forgeblocks.com/platform/appAuthHelperRedirect.html" + ], + "refreshTokenLifetime": 604800, + "scopes": [ + "openid", + "fr:idm:*" + ], + "secretLabelIdentifier": null, + "status": "Active" + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 3600, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]" + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/hrlite-client.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/hrlite-client.oauth2.app.json new file mode 100644 index 000000000..99b688511 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/hrlite-client.oauth2.app.json @@ -0,0 +1,566 @@ +{ + "application": { + "hrlite-client": { + "_id": "hrlite-client", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [ + "hrlite/id_token/callback" + ], + "grantTypes": [ + "authorization_code", + "client_credentials", + "refresh_token" + ], + "isConsentImplied": true, + "javascriptOrigins": [ + "https://volker-demo.encore.forgerock.com", + "https://volker-demo.encore.forgerock.com:443", + "https://volker-demo.encore.forgerock.com", + "https://volker-demo.encore.forgerock.com:443" + ], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "Public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 3600, + "agentgroup": null, + "authorizationCodeLifetime": 120, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [ + "https://volker-demo.encore.forgerock.com/apps/hrlite/id_token/callback", + "https://volker-demo.encore.forgerock.com:443/apps/hrlite/id_token/callback", + "https://volker-demo.encore.forgerock.com/apps/hrlite/id_token/callback", + "https://volker-demo.encore.forgerock.com:443/apps/hrlite/id_token/callback", + "https://volker-demo.encore.forgerock.com/apps/contractor/id_token/callback", + "https://volker-demo.encore.forgerock.com:443/apps/contractor/id_token/callback" + ], + "refreshTokenLifetime": 604800, + "scopes": [ + "openid", + "fr:idm:*" + ], + "status": "Active" + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 3600, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "accessTokenModifierClass": null, + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "customLoginUrlTemplate": null, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]" + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/rfc7523-client1.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/rfc7523-client1.oauth2.app.json new file mode 100644 index 000000000..c30c6acdc --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/rfc7523-client1.oauth2.app.json @@ -0,0 +1,513 @@ +{ + "application": { + "rfc7523-client1": { + "_id": "rfc7523-client1", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "isConsentImplied": true, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "requestUris": [], + "responseTypes": [ + "token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "Public", + "tokenEndpointAuthMethod": "none", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 3600, + "authorizationCodeLifetime": 120, + "clientName": [ + "rfc7523-client1" + ], + "clientType": "Public", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 604800, + "scopes": [ + "openid", + "fr:am:*", + "fr:idm:*" + ], + "status": "Active" + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 3600, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "signEncOAuth2ClientConfig": { + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": "{\"keys\":[{\"kty\":\"RSA\",\"kid\":\"5rpTrxBPGieY8tVMmxMq_m3ZBbrATN0SlikhoM13VJM\",\"alg\":\"RS256\",\"e\":\"AQAB\",\"n\":\"3oLso7E5tS9FL0ui5KaQe2qEsozeZAwqCHqzEP7KzgMAAvPCQHPZ8etsC9xeYxAyjPnfQc-EXMRqCHqlyxeyR912gBKYVZ6VB9h1zWKCIiUQHpY_nz6bDAt1EisRiH_jqENDOJ0m5ELVLPZoXcsEQ9e_yg352YToGvS560YCBi6xYj4JX5SGs0Rah-SmhpsOZNr46XHolGYivLaRNLJRQc2YV2NArMfb5JcDQ9aSv3EyIXOim7MRFh8uORCiyNpF_y3jOjC17rdJ_0IPnYvPl1-Krq283RzzhIDe2s2CoKAK50XEM8J5FT9298xd7ku1_nyCcNsltGPLj3a7p9OYzofaC8FIfBXX_T4MoNfJ0edNp3FWGin_C_l1z4JnKdSyyBMr4-mB0mIx3td2qK8StFj2hfXZXxtG4cJ0vnP4Qizse-BlqG0Wkmbjijun9cfPiL5AFv-W5OcfQ5R8HqU5JHkQGkWXopZpZtGbqCS7LbDyNBZJNa_qacAIZ98C4sbbRwZgv824hxJlVGu0uxyIqwNHyNnPkZ8zhJ9OCp2l4y8KC3aALyVlBzmi55xh4J8J1cgFXX2v_ilPqUYN9uwQAR4mJ6_tHEPzX7BPxFl1BubNyK5S1ZZevtbUUE8oV9an2fP51H64oYy_1ni6badcu0TOPr2ISGuwFvQxtllHRcE\"}]}", + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/test2.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/test2.oauth2.app.json new file mode 100644 index 000000000..8eebab4b4 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/test2.oauth2.app.json @@ -0,0 +1,536 @@ +{ + "application": { + "test2": { + "_id": "test2", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [ + "Modified by Frodo on 4/16/2022, 8:41:59 PM" + ], + "grantTypes": [ + "authorization_code", + "refresh_token", + "client_credentials" + ], + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "requestUris": [], + "responseTypes": [ + "code", + "token", + "id_token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "authorizationCodeLifetime": 0, + "clientName": [ + "test2" + ], + "clientType": "Confidential", + "defaultScopes": [ + "openid" + ], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [ + "openid", + "fr:idm:*" + ], + "status": "Active" + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationScript": "d22f9a0c-426a-4466-b95e-d0f125b0d5fa", + "clientsCanSkipConsent": false, + "enableRemoteConsent": false, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsScript": "36863ffb-40ec-48b9-94b1-9a99f71cc3b5", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "usePolicyEngineForScope": false + }, + "signEncOAuth2ClientConfig": { + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/testapp.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/testapp.oauth2.app.json new file mode 100644 index 000000000..237abbd1e --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/testapp.oauth2.app.json @@ -0,0 +1,558 @@ +{ + "application": { + "testapp": { + "_id": "testapp", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [ + "Test Application" + ], + "grantTypes": [ + "authorization_code" + ], + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "agentgroup": null, + "authorizationCodeLifetime": 0, + "clientName": [ + "testapp" + ], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [], + "secretLabelIdentifier": null, + "status": "Active" + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "accessTokenModifierClass": null, + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "customLoginUrlTemplate": null, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]" + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/testclient.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/testclient.oauth2.app.json new file mode 100644 index 000000000..92f03b316 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/testclient.oauth2.app.json @@ -0,0 +1,519 @@ +{ + "application": { + "testclient": { + "_id": "testclient", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "authorization_code" + ], + "isConsentImplied": false, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "requestUris": [], + "responseTypes": [ + "code", + "token", + "id_token", + "code token", + "token id_token", + "code id_token", + "code token id_token", + "device_code", + "device_code id_token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 0, + "authorizationCodeLifetime": 0, + "clientName": [], + "clientType": "Confidential", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 0, + "scopes": [ + "email", + "openid", + "profile" + ], + "status": "Active" + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 0, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "signEncOAuth2ClientConfig": { + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/testmeout.oauth2.app.json b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/testmeout.oauth2.app.json new file mode 100644 index 000000000..d792b17b7 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/oauth2.app/testmeout.oauth2.app.json @@ -0,0 +1,553 @@ +{ + "application": { + "testmeout": { + "_id": "testmeout", + "_provider": { + "_id": "", + "_type": { + "_id": "oauth-oidc", + "collection": false, + "name": "OAuth2 Provider" + }, + "advancedOAuth2Config": { + "allowClientCredentialsInTokenRequestQueryParameters": true, + "allowedAudienceValues": [], + "authenticationAttributes": [ + "uid" + ], + "codeVerifierEnforced": "false", + "defaultScopes": [ + "address", + "phone", + "openid", + "profile", + "email" + ], + "displayNameAttribute": "cn", + "expClaimRequiredInRequestObject": false, + "grantTypes": [ + "implicit", + "urn:ietf:params:oauth:grant-type:saml2-bearer", + "refresh_token", + "password", + "client_credentials", + "urn:ietf:params:oauth:grant-type:device_code", + "authorization_code", + "urn:openid:params:grant-type:ciba", + "urn:ietf:params:oauth:grant-type:uma-ticket", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "hashSalt": "&{am.oidc.client.subject.identifier.hash.salt}", + "includeClientIdClaimInStatelessTokens": true, + "includeSubnameInTokenClaims": true, + "macaroonTokenFormat": "V2", + "maxAgeOfRequestObjectNbfClaim": 0, + "maxDifferenceBetweenRequestObjectNbfAndExp": 0, + "moduleMessageEnabledInPasswordGrant": false, + "nbfClaimRequiredInRequestObject": false, + "parRequestUriLifetime": 90, + "passwordGrantAuthService": "Login", + "persistentClaims": [], + "refreshTokenGracePeriod": 0, + "requestObjectProcessing": "OIDC", + "requirePushedAuthorizationRequests": false, + "responseTypeClasses": [ + "code|org.forgerock.oauth2.core.AuthorizationCodeResponseTypeHandler", + "device_code|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "token|org.forgerock.oauth2.core.TokenResponseTypeHandler", + "id_token|org.forgerock.openidconnect.IdTokenResponseTypeHandler" + ], + "supportedScopes": [ + "email|Your email address", + "openid|", + "address|Your postal address", + "phone|Your telephone number(s)", + "profile|Your personal information", + "fr:idm:*", + "am-introspect-all-tokens" + ], + "supportedSubjectTypes": [ + "public", + "pairwise" + ], + "tlsCertificateBoundAccessTokensEnabled": true, + "tlsCertificateRevocationCheckingEnabled": false, + "tlsClientCertificateHeaderFormat": "URLENCODED_PEM", + "tokenCompressionEnabled": false, + "tokenEncryptionEnabled": false, + "tokenExchangeClasses": [ + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToAccessTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:access_token=>urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.AccessTokenToIdTokenExchanger", + "urn:ietf:params:oauth:token-type:id_token=>urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.idtoken.IdTokenToAccessTokenExchanger" + ], + "tokenSigningAlgorithm": "HS256", + "tokenValidatorClasses": [ + "urn:ietf:params:oauth:token-type:id_token|org.forgerock.oauth2.core.tokenexchange.idtoken.OidcIdTokenValidator", + "urn:ietf:params:oauth:token-type:access_token|org.forgerock.oauth2.core.tokenexchange.accesstoken.OAuth2AccessTokenValidator" + ] + }, + "advancedOIDCConfig": { + "alwaysAddClaimsToToken": true, + "amrMappings": {}, + "authorisedIdmDelegationClients": [], + "authorisedOpenIdConnectSSOClients": [], + "claimsParameterSupported": false, + "defaultACR": [], + "idTokenInfoClientAuthenticationEnabled": true, + "includeAllKtyAlgCombinationsInJwksUri": false, + "loaMapping": {}, + "storeOpsTokens": true, + "supportedAuthorizationResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedAuthorizationResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedAuthorizationResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRequestParameterEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRequestParameterEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRequestParameterSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenEndpointAuthenticationSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedTokenIntrospectionResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedTokenIntrospectionResponseEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedTokenIntrospectionResponseSigningAlgorithms": [ + "PS384", + "RS384", + "EdDSA", + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedUserInfoEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedUserInfoEncryptionEnc": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedUserInfoSigningAlgorithms": [ + "ES384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512" + ], + "useForceAuthnForMaxAge": false, + "useForceAuthnForPromptLogin": false + }, + "cibaConfig": { + "cibaAuthReqIdLifetime": 600, + "cibaMinimumPollingInterval": 2, + "supportedCibaSigningAlgorithms": [ + "ES256", + "PS256" + ] + }, + "clientDynamicRegistrationConfig": { + "allowDynamicRegistration": false, + "dynamicClientRegistrationScope": "dynamic_client_registration", + "dynamicClientRegistrationSoftwareStatementRequired": false, + "generateRegistrationAccessTokens": true, + "requiredSoftwareStatementAttestedAttributes": [ + "redirect_uris" + ] + }, + "consent": { + "clientsCanSkipConsent": true, + "enableRemoteConsent": false, + "supportedRcsRequestEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsRequestEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsRequestSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ], + "supportedRcsResponseEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "ECDH-ES+A128KW", + "RSA-OAEP", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedRcsResponseEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedRcsResponseSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "coreOAuth2Config": { + "accessTokenLifetime": 3600, + "accessTokenMayActScript": "[Empty]", + "codeLifetime": 120, + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "macaroonTokensEnabled": false, + "oidcMayActScript": "[Empty]", + "refreshTokenLifetime": 604800, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": true, + "usePolicyEngineForScope": false + }, + "coreOIDCConfig": { + "jwtTokenLifetime": 3600, + "oidcDiscoveryEndpointEnabled": true, + "overrideableOIDCClaims": [], + "supportedClaims": [], + "supportedIDTokenEncryptionAlgorithms": [ + "ECDH-ES+A256KW", + "ECDH-ES+A192KW", + "RSA-OAEP", + "ECDH-ES+A128KW", + "RSA-OAEP-256", + "A128KW", + "A256KW", + "ECDH-ES", + "dir", + "A192KW" + ], + "supportedIDTokenEncryptionMethods": [ + "A256GCM", + "A192GCM", + "A128GCM", + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512" + ], + "supportedIDTokenSigningAlgorithms": [ + "PS384", + "ES384", + "RS384", + "HS256", + "HS512", + "ES256", + "RS256", + "HS384", + "ES512", + "PS256", + "PS512", + "RS512" + ] + }, + "deviceCodeConfig": { + "deviceCodeLifetime": 300, + "devicePollInterval": 5, + "deviceUserCodeCharacterSet": "234567ACDEFGHJKLMNPQRSTWXYZabcdefhijkmnopqrstwxyz", + "deviceUserCodeLength": 8 + }, + "pluginsConfig": { + "accessTokenEnricherClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "accessTokenModificationPluginType": "SCRIPTED", + "accessTokenModificationScript": "39c08084-1238-43e8-857f-2e11005eac49", + "accessTokenModifierClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "authorizeEndpointDataProviderPluginType": "JAVA", + "authorizeEndpointDataProviderScript": "[Empty]", + "evaluateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "evaluateScopePluginType": "JAVA", + "evaluateScopeScript": "[Empty]", + "oidcClaimsClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "oidcClaimsPluginType": "SCRIPTED", + "oidcClaimsScript": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "userCodeGeneratorClass": "org.forgerock.oauth2.core.plugins.registry.DefaultUserCodeGenerator", + "validateScopeClass": "org.forgerock.openam.oauth2.OpenAMScopeValidator", + "validateScopePluginType": "JAVA", + "validateScopeScript": "[Empty]" + } + }, + "_type": { + "_id": "OAuth2Client", + "collection": true, + "name": "OAuth2 Clients" + }, + "advancedOAuth2ClientConfig": { + "clientUri": [], + "contacts": [], + "customProperties": [], + "descriptions": [], + "grantTypes": [ + "authorization_code", + "refresh_token" + ], + "isConsentImplied": true, + "javascriptOrigins": [], + "logoUri": [], + "mixUpMitigation": false, + "name": [], + "policyUri": [], + "refreshTokenGracePeriod": 0, + "requestUris": [], + "require_pushed_authorization_requests": false, + "responseTypes": [ + "code", + "token", + "id_token" + ], + "sectorIdentifierUri": null, + "softwareIdentity": null, + "softwareVersion": null, + "subjectType": "public", + "tokenEndpointAuthMethod": "client_secret_basic", + "tokenExchangeAuthLevel": 0, + "tosURI": [], + "updateAccessToken": null + }, + "coreOAuth2ClientConfig": { + "accessTokenLifetime": 3600, + "agentgroup": null, + "authorizationCodeLifetime": 120, + "clientName": [ + "testmeout" + ], + "clientType": "Public", + "defaultScopes": [], + "loopbackInterfaceRedirection": false, + "redirectionUris": [], + "refreshTokenLifetime": 604800, + "scopes": [ + "openid" + ], + "secretLabelIdentifier": null, + "status": "Active" + }, + "coreOpenIDClientConfig": { + "backchannel_logout_session_required": false, + "backchannel_logout_uri": null, + "claims": [], + "clientSessionUri": null, + "defaultAcrValues": [], + "defaultMaxAge": 600, + "defaultMaxAgeEnabled": false, + "jwtTokenLifetime": 3600, + "postLogoutRedirectUri": [] + }, + "coreUmaClientConfig": { + "claimsRedirectionUris": [] + }, + "overrideOAuth2ClientConfig": { + "accessTokenMayActScript": "[Empty]", + "accessTokenModificationPluginType": "PROVIDER", + "accessTokenModificationScript": "[Empty]", + "accessTokenModifierClass": null, + "authorizeEndpointDataProviderClass": "org.forgerock.oauth2.core.plugins.registry.DefaultEndpointDataProvider", + "authorizeEndpointDataProviderPluginType": "PROVIDER", + "authorizeEndpointDataProviderScript": "[Empty]", + "clientsCanSkipConsent": false, + "customLoginUrlTemplate": null, + "enableRemoteConsent": false, + "evaluateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeEvaluator", + "evaluateScopePluginType": "PROVIDER", + "evaluateScopeScript": "[Empty]", + "issueRefreshToken": true, + "issueRefreshTokenOnRefreshedToken": true, + "oidcClaimsClass": null, + "oidcClaimsPluginType": "PROVIDER", + "oidcClaimsScript": "[Empty]", + "oidcMayActScript": "[Empty]", + "overrideableOIDCClaims": [], + "providerOverridesEnabled": false, + "remoteConsentServiceId": null, + "scopesPolicySet": "oauth2Scopes", + "statelessTokensEnabled": false, + "tokenEncryptionEnabled": false, + "useForceAuthnForMaxAge": false, + "usePolicyEngineForScope": false, + "validateScopeClass": "org.forgerock.oauth2.core.plugins.registry.DefaultScopeValidator", + "validateScopePluginType": "PROVIDER", + "validateScopeScript": "[Empty]" + }, + "signEncOAuth2ClientConfig": { + "authorizationResponseEncryptionAlgorithm": null, + "authorizationResponseEncryptionMethod": null, + "authorizationResponseSigningAlgorithm": "RS256", + "clientJwtPublicKey": null, + "idTokenEncryptionAlgorithm": "RSA-OAEP-256", + "idTokenEncryptionEnabled": false, + "idTokenEncryptionMethod": "A128CBC-HS256", + "idTokenPublicEncryptionKey": null, + "idTokenSignedResponseAlg": "RS256", + "jwkSet": null, + "jwkStoreCacheMissCacheTime": 60000, + "jwksCacheTimeout": 3600000, + "jwksUri": null, + "mTLSCertificateBoundAccessTokens": false, + "mTLSSubjectDN": null, + "mTLSTrustedCert": null, + "publicKeyLocation": "jwks_uri", + "requestParameterEncryptedAlg": null, + "requestParameterEncryptedEncryptionAlgorithm": "A128CBC-HS256", + "requestParameterSignedAlg": null, + "tokenEndpointAuthSigningAlgorithm": "RS256", + "tokenIntrospectionEncryptedResponseAlg": "RSA-OAEP-256", + "tokenIntrospectionEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "tokenIntrospectionResponseFormat": "JSON", + "tokenIntrospectionSignedResponseAlg": "RS256", + "userinfoEncryptedResponseAlg": null, + "userinfoEncryptedResponseEncryptionAlgorithm": "A128CBC-HS256", + "userinfoResponseFormat": "JSON", + "userinfoSignedResponseAlg": null + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/policy/FeatureStorePolicy.policy.json b/test/e2e/exports/full-export-separate/realm/root-alpha/policy/FeatureStorePolicy.policy.json new file mode 100644 index 000000000..f01849ad1 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/policy/FeatureStorePolicy.policy.json @@ -0,0 +1,23 @@ +{ + "policy": { + "FeatureStorePolicy": { + "_id": "FeatureStorePolicy", + "actionValues": {}, + "active": true, + "applicationName": "test-policy-set", + "createdBy": "id=76618ff6-e851-433e-9704-9d2852a17b7a,ou=user,ou=am-config", + "creationDate": "2024-07-12T15:25:19.248Z", + "description": "FeatureStorePolicy", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": "2024-11-07T23:26:37.984Z", + "name": "FeatureStorePolicy", + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "https://www.example.com:443/*" + ], + "subject": { + "type": "NONE" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/policy/HR-webapp.policy.json b/test/e2e/exports/full-export-separate/realm/root-alpha/policy/HR-webapp.policy.json new file mode 100644 index 000000000..ba8d421da --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/policy/HR-webapp.policy.json @@ -0,0 +1,34 @@ +{ + "policy": { + "HR-webapp": { + "_id": "HR-webapp", + "actionValues": { + "GET": true, + "POST": true + }, + "active": true, + "applicationName": "EdgePolicySet", + "createdBy": "id=bc01b841-b6ec-4691-b9d6-561b306e12db,ou=user,ou=am-config", + "creationDate": "2024-10-31T16:26:42.822Z", + "description": "", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": "2024-11-07T23:26:38.76Z", + "name": "HR-webapp", + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "*://*:*/apps/hrlite/*", + "*://*:*/apps/hrlite?*", + "*://*:*/apps/contractor", + "*://*:*/apps/contractor/*", + "*://*:*/apps/contractor?*", + "*://*:*/apps/hrlite" + ], + "subject": { + "subjectValues": [ + "id=hradmins,ou=group,o=alpha,ou=services,ou=am-config" + ], + "type": "Identity" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/policy/New-Test-Policy.policy.json b/test/e2e/exports/full-export-separate/realm/root-alpha/policy/New-Test-Policy.policy.json new file mode 100644 index 000000000..3807c3ee7 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/policy/New-Test-Policy.policy.json @@ -0,0 +1,23 @@ +{ + "policy": { + "New Test Policy": { + "_id": "New Test Policy", + "actionValues": {}, + "active": true, + "applicationName": "test-policy-set", + "createdBy": "id=1e9280f6-eab6-467e-889c-83d147c8b936,ou=user,ou=am-config", + "creationDate": "2024-11-21T04:01:27.705Z", + "description": "", + "lastModifiedBy": "id=1e9280f6-eab6-467e-889c-83d147c8b936,ou=user,ou=am-config", + "lastModifiedDate": "2024-11-21T04:01:27.705Z", + "name": "New Test Policy", + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "*://*:*/*?*" + ], + "subject": { + "type": "NONE" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/policy/Test-Policy.policy.json b/test/e2e/exports/full-export-separate/realm/root-alpha/policy/Test-Policy.policy.json new file mode 100644 index 000000000..5de65b5d5 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/policy/Test-Policy.policy.json @@ -0,0 +1,54 @@ +{ + "policy": { + "Test Policy": { + "_id": "Test Policy", + "actionValues": { + "GET": true, + "POST": false + }, + "active": false, + "applicationName": "test-policy-set", + "condition": { + "conditions": [ + { + "endDate": "2023:08:02", + "endDay": "fri", + "endTime": "11:59", + "enforcementTimeZone": "GMT", + "startDate": "2023:08:01", + "startDay": "mon", + "startTime": "12:00", + "type": "SimpleTime" + }, + { + "scriptId": "59f84396-71e4-4c1d-a6ae-c4fc624d9752", + "type": "Script" + } + ], + "type": "AND" + }, + "createdBy": "id=76618ff6-e851-433e-9704-9d2852a17b7a,ou=user,ou=am-config", + "creationDate": "2024-07-12T15:25:19.356Z", + "description": "Test Policy Description", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": "2024-11-07T23:26:38.152Z", + "name": "Test Policy", + "resourceAttributes": [ + { + "propertyName": "Test_Name", + "propertyValues": [ + "Test_Value" + ], + "type": "Static" + } + ], + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "lorem://ipsum:dolor/sit" + ], + "subject": { + "type": "NONE" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/policy/actions.policy.json b/test/e2e/exports/full-export-separate/realm/root-alpha/policy/actions.policy.json new file mode 100644 index 000000000..fe88cfba1 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/policy/actions.policy.json @@ -0,0 +1,25 @@ +{ + "policy": { + "actions": { + "_id": "actions", + "actionValues": { + "GET": true + }, + "active": true, + "applicationName": "data", + "createdBy": "id=76618ff6-e851-433e-9704-9d2852a17b7a,ou=user,ou=am-config", + "creationDate": "2024-07-12T15:25:50.202Z", + "description": "", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": "2024-11-07T23:26:38.255Z", + "name": "actions", + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "*://*:*/demo/api/action/actions" + ], + "subject": { + "type": "AuthenticatedUsers" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/policy/activity.policy.json b/test/e2e/exports/full-export-separate/realm/root-alpha/policy/activity.policy.json new file mode 100644 index 000000000..6cfc1ea27 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/policy/activity.policy.json @@ -0,0 +1,26 @@ +{ + "policy": { + "activity": { + "_id": "activity", + "actionValues": { + "GET": true, + "POST": true + }, + "active": true, + "applicationName": "data", + "createdBy": "id=76618ff6-e851-433e-9704-9d2852a17b7a,ou=user,ou=am-config", + "creationDate": "2024-07-12T15:25:50.288Z", + "description": "", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": "2024-11-07T23:26:38.356Z", + "name": "activity", + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "*://*:*/demo/api/action/activity" + ], + "subject": { + "type": "AuthenticatedUsers" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/policy/apply.policy.json b/test/e2e/exports/full-export-separate/realm/root-alpha/policy/apply.policy.json new file mode 100644 index 000000000..3338e7f88 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/policy/apply.policy.json @@ -0,0 +1,30 @@ +{ + "policy": { + "apply": { + "_id": "apply", + "actionValues": { + "POST": true + }, + "active": true, + "applicationName": "data", + "condition": { + "authenticationStrategy": "AuthenticateToTreeConditionAdvice", + "strategySpecifier": "Baseline-Transaction", + "type": "Transaction" + }, + "createdBy": "id=76618ff6-e851-433e-9704-9d2852a17b7a,ou=user,ou=am-config", + "creationDate": "2024-07-12T15:25:50.368Z", + "description": "", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": "2024-11-07T23:26:38.451Z", + "name": "apply", + "resourceTypeUuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2", + "resources": [ + "*://*:*/demo/api/action/apply" + ], + "subject": { + "type": "AuthenticatedUsers" + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/policyset/EdgePolicySet.policyset.json b/test/e2e/exports/full-export-separate/realm/root-alpha/policyset/EdgePolicySet.policyset.json new file mode 100644 index 000000000..4514bf003 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/policyset/EdgePolicySet.policyset.json @@ -0,0 +1,58 @@ +{ + "policyset": { + "EdgePolicySet": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "Script", + "ClientId", + "AMIdentityMembership", + "IPv6", + "SimpleTime", + "IPv4", + "LEAuthLevel", + "LDAPFilter", + "AuthScheme", + "Session", + "AND", + "Expiration", + "AuthenticateToRealm", + "ResourceEnvIP", + "Policy", + "SessionProperty", + "OAuth2Scope", + "OR", + "Transaction", + "NOT", + "AuthLevel", + "AuthenticateToService" + ], + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1669672555404, + "description": "Policy Set EdgePolicySet", + "displayName": null, + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021997369, + "name": "EdgePolicySet", + "resourceComparator": null, + "resourceTypeUuids": [ + "76656a38-5f8e-401b-83aa-4ccb74ce88d2" + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AuthenticatedUsers", + "NOT", + "Identity", + "Uma", + "OR", + "AND", + "NONE", + "Policy", + "JwtClaim" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/policyset/FeatureStorePolicySet.policyset.json b/test/e2e/exports/full-export-separate/realm/root-alpha/policyset/FeatureStorePolicySet.policyset.json new file mode 100644 index 000000000..f19f877c2 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/policyset/FeatureStorePolicySet.policyset.json @@ -0,0 +1,55 @@ +{ + "policyset": { + "FeatureStorePolicySet": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "AMIdentityMembership", + "AND", + "AuthLevel", + "AuthScheme", + "AuthenticateToRealm", + "AuthenticateToService", + "IPv4", + "IPv6", + "LDAPFilter", + "LEAuthLevel", + "NOT", + "OAuth2Scope", + "OR", + "Policy", + "ResourceEnvIP", + "Script", + "Session", + "SessionProperty", + "SimpleTime", + "Transaction" + ], + "createdBy": "id=8efaa5b6-8c98-4489-9b21-ee41f5589ab7,ou=user,ou=am-config", + "creationDate": 1695912757709, + "description": null, + "displayName": "FeatureStorePolicySet", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021997495, + "name": "FeatureStorePolicySet", + "resourceComparator": null, + "resourceTypeUuids": [ + "76656a38-5f8e-401b-83aa-4ccb74ce88d2" + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AND", + "AuthenticatedUsers", + "Identity", + "JwtClaim", + "NONE", + "NOT", + "OR", + "Policy" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/policyset/data.policyset.json b/test/e2e/exports/full-export-separate/realm/root-alpha/policyset/data.policyset.json new file mode 100644 index 000000000..267712086 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/policyset/data.policyset.json @@ -0,0 +1,55 @@ +{ + "policyset": { + "data": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "Script", + "AMIdentityMembership", + "IPv6", + "IPv4", + "SimpleTime", + "LEAuthLevel", + "LDAPFilter", + "AuthScheme", + "Session", + "AND", + "AuthenticateToRealm", + "ResourceEnvIP", + "Policy", + "OAuth2Scope", + "SessionProperty", + "OR", + "Transaction", + "NOT", + "AuthLevel", + "AuthenticateToService" + ], + "createdBy": "id=df492700-ba67-4345-83a9-58305850596c,ou=user,ou=am-config", + "creationDate": 1610648242757, + "description": null, + "displayName": "Baseline Demo", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021997611, + "name": "data", + "resourceComparator": null, + "resourceTypeUuids": [ + "76656a38-5f8e-401b-83aa-4ccb74ce88d2" + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AuthenticatedUsers", + "NOT", + "Identity", + "OR", + "AND", + "NONE", + "Policy", + "JwtClaim" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/policyset/oauth2Scopes.policyset.json b/test/e2e/exports/full-export-separate/realm/root-alpha/policyset/oauth2Scopes.policyset.json new file mode 100644 index 000000000..db22cbd7f --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/policyset/oauth2Scopes.policyset.json @@ -0,0 +1,53 @@ +{ + "policyset": { + "oauth2Scopes": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "Script", + "AMIdentityMembership", + "IPv6", + "SimpleTime", + "IPv4", + "LEAuthLevel", + "LDAPFilter", + "AuthScheme", + "Session", + "AND", + "AuthenticateToRealm", + "ResourceEnvIP", + "SessionProperty", + "OAuth2Scope", + "OR", + "Transaction", + "NOT", + "AuthLevel", + "AuthenticateToService" + ], + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1578580064992, + "description": "The built-in Application used by the OAuth2 scope authorization process.", + "displayName": "Default OAuth2 Scopes Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021997756, + "name": "oauth2Scopes", + "resourceComparator": null, + "resourceTypeUuids": [ + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b" + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AuthenticatedUsers", + "NOT", + "Identity", + "OR", + "AND", + "NONE", + "JwtClaim" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/policyset/test-policy-set.policyset.json b/test/e2e/exports/full-export-separate/realm/root-alpha/policyset/test-policy-set.policyset.json new file mode 100644 index 000000000..a5fdbe588 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/policyset/test-policy-set.policyset.json @@ -0,0 +1,55 @@ +{ + "policyset": { + "test-policy-set": { + "applicationType": "iPlanetAMWebAgentService", + "attributeNames": [], + "conditions": [ + "AMIdentityMembership", + "AND", + "AuthLevel", + "AuthScheme", + "AuthenticateToRealm", + "AuthenticateToService", + "IPv4", + "IPv6", + "LDAPFilter", + "LEAuthLevel", + "NOT", + "OAuth2Scope", + "OR", + "Policy", + "ResourceEnvIP", + "Script", + "Session", + "SessionProperty", + "SimpleTime", + "Transaction" + ], + "createdBy": "id=fbdeb2a9-beb6-4a14-ae66-e35f16ce421d,ou=user,ou=am-config", + "creationDate": 1693494279401, + "description": "Test Policy Set Description", + "displayName": "Test Policy Set", + "editable": true, + "entitlementCombiner": "DenyOverride", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021997903, + "name": "test-policy-set", + "resourceComparator": null, + "resourceTypeUuids": [ + "76656a38-5f8e-401b-83aa-4ccb74ce88d2" + ], + "saveIndex": null, + "searchIndex": null, + "subjects": [ + "AND", + "AuthenticatedUsers", + "Identity", + "JwtClaim", + "NONE", + "NOT", + "OR", + "Policy" + ] + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/FrodoTestResourceType11.resourcetype.json b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/FrodoTestResourceType11.resourcetype.json new file mode 100644 index 000000000..fe8846b80 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/FrodoTestResourceType11.resourcetype.json @@ -0,0 +1,21 @@ +{ + "resourcetype": { + "993eba78-1c3f-4f27-b205-b4b29418f831": { + "actions": { + "action1": true, + "action2": true + }, + "createdBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "creationDate": 1725916400290, + "description": "Frodo Test Resource Type Eleven", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021992540, + "name": "FrodoTestResourceType11", + "patterns": [ + "pattern2://*:*/*?*", + "pattern1://*:*/*" + ], + "uuid": "993eba78-1c3f-4f27-b205-b4b29418f831" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/FrodoTestResourceType12.resourcetype.json b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/FrodoTestResourceType12.resourcetype.json new file mode 100644 index 000000000..687ab6acb --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/FrodoTestResourceType12.resourcetype.json @@ -0,0 +1,21 @@ +{ + "resourcetype": { + "3fc799d7-b73f-49e0-a70b-e37990e54e56": { + "actions": { + "action1": true, + "action2": true + }, + "createdBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "creationDate": 1725916400511, + "description": "Frodo Test Resource Type Twelve", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021992677, + "name": "FrodoTestResourceType12", + "patterns": [ + "pattern2://*:*/*?*", + "pattern1://*:*/*" + ], + "uuid": "3fc799d7-b73f-49e0-a70b-e37990e54e56" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/FrodoTestResourceType13.resourcetype.json b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/FrodoTestResourceType13.resourcetype.json new file mode 100644 index 000000000..1d17522f7 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/FrodoTestResourceType13.resourcetype.json @@ -0,0 +1,21 @@ +{ + "resourcetype": { + "0aa5ed25-0c62-4ff5-9a42-3bda8c5cbb76": { + "actions": { + "action1": true, + "action2": true + }, + "createdBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "creationDate": 1725916400601, + "description": "Frodo Test Resource Type Thirteen", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021992824, + "name": "FrodoTestResourceType13", + "patterns": [ + "pattern2://*:*/*?*", + "pattern1://*:*/*" + ], + "uuid": "0aa5ed25-0c62-4ff5-9a42-3bda8c5cbb76" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/FrodoTestResourceType14.resourcetype.json b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/FrodoTestResourceType14.resourcetype.json new file mode 100644 index 000000000..230bead1c --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/FrodoTestResourceType14.resourcetype.json @@ -0,0 +1,21 @@ +{ + "resourcetype": { + "119b291c-40b3-4b1e-8d84-c2a561a2cb1f": { + "actions": { + "action1": true, + "action2": true + }, + "createdBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "creationDate": 1725916400702, + "description": "Frodo Test Resource Type Fourteen", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021992965, + "name": "FrodoTestResourceType14", + "patterns": [ + "pattern2://*:*/*?*", + "pattern1://*:*/*" + ], + "uuid": "119b291c-40b3-4b1e-8d84-c2a561a2cb1f" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/FrodoTestResourceType15.resourcetype.json b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/FrodoTestResourceType15.resourcetype.json new file mode 100644 index 000000000..5b4f17f27 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/FrodoTestResourceType15.resourcetype.json @@ -0,0 +1,21 @@ +{ + "resourcetype": { + "3c5f13af-ca17-403e-b47d-d15263cce954": { + "actions": { + "action1": true, + "action2": true + }, + "createdBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "creationDate": 1725916400790, + "description": "Frodo Test Resource Type Fifteen", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021993114, + "name": "FrodoTestResourceType15", + "patterns": [ + "pattern2://*:*/*?*", + "pattern1://*:*/*" + ], + "uuid": "3c5f13af-ca17-403e-b47d-d15263cce954" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/OAuth2-Scope.resourcetype.json b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/OAuth2-Scope.resourcetype.json new file mode 100644 index 000000000..ff4e1a12c --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/OAuth2-Scope.resourcetype.json @@ -0,0 +1,21 @@ +{ + "resourcetype": { + "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b": { + "actions": { + "GRANT": true + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030586, + "description": "The built-in OAuth2 Scope Resource Type for OAuth2policy-provided scope.", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021993250, + "name": "OAuth2 Scope", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*", + "*" + ], + "uuid": "d60b7a71-1dc6-44a5-8e48-e4b9d92dee8b" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/URL.resourcetype.json b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/URL.resourcetype.json new file mode 100644 index 000000000..24bfa4cdc --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/URL.resourcetype.json @@ -0,0 +1,26 @@ +{ + "resourcetype": { + "76656a38-5f8e-401b-83aa-4ccb74ce88d2": { + "actions": { + "DELETE": true, + "GET": true, + "HEAD": true, + "OPTIONS": true, + "PATCH": true, + "POST": true, + "PUT": true + }, + "createdBy": "id=dsameuser,ou=user,ou=am-config", + "creationDate": 1595479030487, + "description": "The built-in URL Resource Type available to OpenAMPolicies.", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021993385, + "name": "URL", + "patterns": [ + "*://*:*/*", + "*://*:*/*?*" + ], + "uuid": "76656a38-5f8e-401b-83aa-4ccb74ce88d2" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/test_resource.resourcetype.json b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/test_resource.resourcetype.json new file mode 100644 index 000000000..076001b99 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/resourcetype/test_resource.resourcetype.json @@ -0,0 +1,20 @@ +{ + "resourcetype": { + "1f445c60-0828-41ac-9a4e-a16c026e9536": { + "actions": { + "allow": true + }, + "createdBy": "id=bc01b841-b6ec-4691-b9d6-561b306e12db,ou=user,ou=am-config", + "creationDate": 1730325157570, + "description": "", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021993526, + "name": "test_resource", + "patterns": [ + "type1/node1", + "type2/node2" + ], + "uuid": "1f445c60-0828-41ac-9a4e-a16c026e9536" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/saml/iSPAzure.saml.json b/test/e2e/exports/full-export-separate/realm/root-alpha/saml/iSPAzure.saml.json new file mode 100644 index 000000000..b550f8322 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/saml/iSPAzure.saml.json @@ -0,0 +1,234 @@ +{ + "saml": { + "cot": {}, + "hosted": { + "aVNQQXp1cmU": { + "_id": "aVNQQXp1cmU", + "entityId": "iSPAzure", + "serviceProvider": { + "advanced": { + "ecpConfiguration": { + "ecpRequestIdpListFinderImpl": "com.sun.identity.saml2.plugins.ECPIDPFinder" + }, + "idpProxy": {}, + "relayStateUrlList": {}, + "saeConfiguration": { + "spUrl": "https://idc.scheuber.io/am/spsaehandler/metaAlias/alpha/iSPAzure" + } + }, + "assertionContent": { + "assertionTimeSkew": 300, + "authenticationContext": { + "authContextItems": [ + { + "contextReference": "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", + "defaultItem": true, + "level": 0 + } + ], + "authenticationComparisonType": "Exact", + "authenticationContextMapper": "com.sun.identity.saml2.plugins.DefaultSPAuthnContextMapper", + "includeRequestedAuthenticationContext": true + }, + "basicAuthentication": {}, + "clientAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName" + ] + }, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": {}, + "secretIdAndAlgorithms": {} + } + }, + "assertionProcessing": { + "accountMapping": { + "spAccountMapper": "com.sun.identity.saml2.plugins.DefaultSPAccountMapper", + "useNameIDAsSPUserID": true + }, + "adapter": {}, + "attributeMapper": { + "attributeMap": [ + { + "key": "http://schemas.microsoft.com/identity/claims/displayname", + "value": "cn" + }, + { + "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", + "value": "givenName" + }, + { + "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname", + "value": "sn" + }, + { + "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", + "value": "mail" + }, + { + "key": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name", + "value": "uid" + } + ], + "attributeMapper": "com.sun.identity.saml2.plugins.DefaultSPAttributeMapper" + }, + "autoFederation": { + "autoFedEnabled": false + }, + "responseArtifactMessageEncoding": { + "encoding": "URI" + }, + "url": {} + }, + "services": { + "metaAlias": "/alpha/iSPAzure", + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact", + "index": 0, + "isDefault": true, + "location": "https://idc.scheuber.io/am/AuthConsumer/metaAlias/alpha/iSPAzure" + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 1, + "isDefault": false, + "location": "https://idc.scheuber.io/am/AuthConsumer/metaAlias/alpha/iSPAzure" + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS", + "index": 2, + "isDefault": false, + "location": "https://idc.scheuber.io/am/Consumer/ECP/metaAlias/alpha/iSPAzure" + } + ], + "nameIdService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "https://idc.scheuber.io/am/SPMniRedirect/metaAlias/alpha/iSPAzure", + "responseLocation": "https://idc.scheuber.io/am/SPMniRedirect/metaAlias/alpha/iSPAzure" + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://idc.scheuber.io/am/SPMniPOST/metaAlias/alpha/iSPAzure", + "responseLocation": "https://idc.scheuber.io/am/SPMniPOST/metaAlias/alpha/iSPAzure" + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://idc.scheuber.io/am/SPMniSoap/metaAlias/alpha/iSPAzure", + "responseLocation": "https://idc.scheuber.io/am/SPMniSoap/metaAlias/alpha/iSPAzure" + } + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect", + "location": "https://idc.scheuber.io/am/SPSloRedirect/metaAlias/alpha/iSPAzure", + "responseLocation": "https://idc.scheuber.io/am/SPSloRedirect/metaAlias/alpha/iSPAzure" + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://idc.scheuber.io/am/SPSloPOST/metaAlias/alpha/iSPAzure", + "responseLocation": "https://idc.scheuber.io/am/SPSloPOST/metaAlias/alpha/iSPAzure" + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:SOAP", + "location": "https://idc.scheuber.io/am/SPSloSoap/metaAlias/alpha/iSPAzure" + } + ] + } + } + } + } + }, + "metadata": { + "aVNQQXp1cmU": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + "MIIDYzCCAkugAwIBAgIIZKO699rkpmYwDQYJKoZIhvcNAQELBQAwYDELMAkGA1UEBhMCVUsxEDAO", + "BgNVBAgTB0JyaXN0b2wxEDAOBgNVBAcTB0JyaXN0b2wxEjAQBgNVBAoTCUZvcmdlUm9jazEZMBcG", + "A1UEAxMQcnNhand0c2lnbmluZ2tleTAeFw0yMzEyMDEwMDI2NThaFw0zMzExMjgwMDI2NThaMGAx", + "CzAJBgNVBAYTAlVLMRAwDgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQK", + "EwlGb3JnZVJvY2sxGTAXBgNVBAMTEHJzYWp3dHNpZ25pbmdrZXkwggEiMA0GCSqGSIb3DQEBAQUA", + "A4IBDwAwggEKAoIBAQC32R6yZEUoqnrQLnw3sKCYy5bxo3TdKdew7AvuxCYwVB3c2khauBqDD99Z", + "+Dl3Q31vQ3vJ8ZVuXQauHowWT+C6aK/tEhGSeRWPdHzexWW/5OBXHtRJf99HdakUt8HToRquCoyL", + "d+KrAvg2Cq/f4vb0dIJ3RDQ7BOgmpJ4Ym6Z5B3jAiRSWEP2ZW+RExpyTq8uIPjQGoYbqQSXC/td5", + "27rAw0Pvlo3YTKrJNVWV+hgIUUPwfuF0ijunPTkseFW6ZH0VWnFswPIvzF5Y6iAjcaFj9aQDyejV", + "AEWT8mpsPtetbPFWPfZlg4KVbx8tL/u7E27FfWRJr0yRPsXGHvZrUU5lAgMBAAGjITAfMB0GA1Ud", + "DgQWBBTY0biEminc++0WTPVXy7CqC+fdQDANBgkqhkiG9w0BAQsFAAOCAQEAG0cE49mQ46hmezGB", + "2E24x+7Czwy9LQXB8vn9xyJEcVCudZ7aZzq3Y5NLjuP8y6rbhnd2v1pTpZHhEP4bfGUBnq2dacqY", + "LVlQTmEit0p4NNHGNFKQi+96P07bftnVBIf0yN32KPka7nuRsmQNj9PvpnqVMU8Fqhyb26PKQJXA", + "MVRC4ZYJZMbX/1gQ1YOCATwcHryZkoOFUOeJya9Ard4xmlyi6gX+D51x3zuQjiIql5Qe/MDOvN6v", + "OdLzwiUdh6qt0NvUee+Fxq1R6afHgz+0M2CY74ZzcRYKHrVvySHFLBpfFJVTv6/KWK2Wsr/20FYt", + "gKHO7RETEtknWIqelZ2uQg==", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIDSzCCAjOgAwIBAgIIGacRljg0x5UwDQYJKoZIhvcNAQELBQAwVDELMAkGA1UEBhMCVUsxEDAO", + "BgNVBAgTB0JyaXN0b2wxEDAOBgNVBAcTB0JyaXN0b2wxEjAQBgNVBAoTCUZvcmdlUm9jazENMAsG", + "A1UEAxMEdGVzdDAeFw0yMzEyMDEwMDI3MDBaFw0zMzExMjgwMDI3MDBaMFQxCzAJBgNVBAYTAlVL", + "MRAwDgYDVQQIEwdCcmlzdG9sMRAwDgYDVQQHEwdCcmlzdG9sMRIwEAYDVQQKEwlGb3JnZVJvY2sx", + "DTALBgNVBAMTBHRlc3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3tiqY0i+wRCQk", + "CPTsBvJOjoG5T9X3hKxhYwVSPMZ9MAjP95FOqNXzx+pG9gudjH3deAcqXWCzI8NkAHeG0RVASL1i", + "Va47wsXn3zzydQFC19C1kOdyLOS69TJp329CkvLF0s14HHvzgMzlWd3tZ9MNbXmSNt8Nn1j+huvv", + "Ef82c+R3SRZgaOVfTXFTTI7/ITRdybt6khE3nPEO1ad5SfqW0BZuhhh8PNxXMd8LFSjmyY07ThVR", + "SapJWOx4O/gMbSDumhNzwhB4TD3OFWSRHQ5oX4eO6QzU3pGKz+sLSam6EwyjYboEBlSyFY1Tyld0", + "CIi0NMOM/0cSsPqxUbwqo3DrAgMBAAGjITAfMB0GA1UdDgQWBBRjGMVgIxS05j+MceyZoMllwO9P", + "jzANBgkqhkiG9w0BAQsFAAOCAQEAVFikGxSq+8dpg/QEEo0Q1k5tVNbK46cp6jao2nM8nAiXQrho", + "PEei/H9qo7peubMTLKtkcSMtLII/f71AuuztdurlQLJxxii1qn+1vJSNo2QXLGPS6vgdPXDkoyFf", + "TiSbfTejYrJAdodf7xXuA3A2hs0T32NIuOuo1DLIPKpRAIxk+0GrEMlEy62ZWUKjx8vuigDRnFqc", + "Ov4G6GYydrTz9pv9UBTRUl4mnz3sGyspaKg3Ows4GbBGHgwGo87KzcSnwH91Jz7IalGBglL0+pYX", + "fKi+4s5iLtznKxYoDI3+ZnriQ0VZP/r/sm+U9jRZ0ntw0HtAaZRHKQcMOOQ7XiVFcQ==", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " 128", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName", + " urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos", + " urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName", + " ", + " ", + " ", + " ", + "", + "", + "" + ] + }, + "remote": {} + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/saml/urnfederationMicrosoftOnline.saml.json b/test/e2e/exports/full-export-separate/realm/root-alpha/saml/urnfederationMicrosoftOnline.saml.json new file mode 100644 index 000000000..093da13ae --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/saml/urnfederationMicrosoftOnline.saml.json @@ -0,0 +1,491 @@ +{ + "saml": { + "cot": {}, + "hosted": {}, + "metadata": { + "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l": [ + "", + "", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIC/TCCAeWgAwIBAgIQbgDHfi3t1JNGVqwD5/7lmjANBgkqhkiG9w0BAQsFADApMScwJQYDVQQD", + "Ex5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwHhcNMjAxMjIxMDAwMDAwWhcNMjUxMjIx", + "MDAwMDAwWjApMScwJQYDVQQDEx5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwggEiMA0G", + "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDFT0/0/2qQurnYa0LbJHF9YYozhEH6r9mCxVDBYbew", + "SG4tGgrWpsewQ/96pcczGMQctMvU+h2eX38Hx/f9JAIDbuRQzQlsPhQS7DDZ6WlTXU+t8d/g2C7f", + "pSoLs4KVdJih4xyjLUWj+BK/ijsRjBt4Riw9VbJH/DdWKyoSMbECEiE+s1RtLP/eYoMmNfxyQGqW", + "irCNqVNBTlqzYQp4dgF0foYy4ktoxwmQOVoTcIMFYp1I4pFPI7CxuMLkfK0X7aTbM7YGphvMfJxJ", + "kjrQdyI7G5d1t4DNi3zkEbBT7FGAr6qPt3Kn9ralpqJKHdpEBA9N0vNwQo5XTYIhUbPQ16IRAgMB", + "AAGjITAfMB0GA1UdDgQWBBRs7tPmfkksSr67KtElHjYZbeaCTjANBgkqhkiG9w0BAQsFAAOCAQEA", + "JqwMZSjQJ36x+1sty6EeLKQLQewQwPaEC47Zut+8bXed6Q8jMZ0bfa/MM7XquEcabaMZLQuKLft4", + "4YXwXXQOfQrI2qjQr3eToJFlDT9hR0rfp9wQqttDxd6Aa6RWwDTgo5oKUQCTKLHhEy8uWzScK0eG", + "t2d7TWTaDXjRSwNq6tM7fRhZs07tKBV3xfi9EQy/mlavAMFRBVm86NSo7AsOG1IOMq03U3ooCWAX", + "h9PdvvHNfHhH19futAnC/HeOjwRF1Qc527aBMphYFQLdiThfmfmiE/AhQqCwZ2oE7uCJhBtR+Kb1", + "ZGhjI35pHfsSqGiFa7Kr+5ave822PDcke89Mvg==", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIC/TCCAeWgAwIBAgIQN/GPegnT8blP2EcSdMMbBzANBgkqhkiG9w0BAQsFADApMScwJQYDVQQD", + "Ex5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwHhcNMjEwMjE4MDAwMDAwWhcNMjYwMjE4", + "MDAwMDAwWjApMScwJQYDVQQDEx5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwggEiMA0G", + "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXdLGU2Ll5RPdDUnKQ+f/HS5qiTay2cCh9U2AS6oDM", + "6SOxVhYGtoeJ1VPebcLnpgLfhPxzrwWoVzXSEF+VRQbnYID2Jb4khjgyEeoThk3VqrThwhahpSbB", + "g2vo06vIOp1TS2R1BiwHKTLoB1i1IJnaIFSC3BN6pY4flXWyLQt/5ABXElv2XZLqXM9Eefj6Ji40", + "nLIsiW4dWw3BDa/ywWW0MsiW5ojGq4vovcAgENe/4NUbju70gHP/WS5D9bW5p+OIQi7/unrlWe/h", + "3A6jtBbbRlXYXlN+Z22uTTyyCD/W8zeXaACLvHagwEMrQePDXBZqc/iX2kI+ooZr1sC/H39RAgMB", + "AAGjITAfMB0GA1UdDgQWBBSrX2dm3LwT9jb/p+bAAdYQpE+/NjANBgkqhkiG9w0BAQsFAAOCAQEA", + "eqJfYHnsA9qhGttXFfFpPW4DQLh5w6JCce7vGvWINr5fr1DnQdcOr+wwjQ/tqbckAL2v6z1AqjhS", + "78kbfegnAQDwioJZ1olYYvLOxKoa6HF+b1/p0Mlub8Zukk2n1b2lKPBBOibOasSY7gQDwlIZi7tl", + "9nMTxUfdYK+E5Axv7DVnmUCwcnnpV5/1SFdNyW2kWO4C68rrjMOvECfwrKkbfVJM8f9krEUBuoBF", + "8dTDv7D2ZM4Q2buC70NbfaNWUX0yFvKI0IuTqk8RBfGTRQ4fZAbhMPaykEpBu6dNjTi5YOa0lNqF", + "GS7Ax7leCh5x9lV8elcLkXs8ySo8AOQJk0hgIw==", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + " ", + "MIIC/TCCAeWgAwIBAgIQN/GPegnT8blP2EcSdMMbBzANBgkqhkiG9w0BAQsFADApMScwJQYDVQQD", + "Ex5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwHhcNMjEwMjE4MDAwMDAwWhcNMjYwMjE4", + "MDAwMDAwWjApMScwJQYDVQQDEx5MaXZlIElEIFNUUyBTaWduaW5nIFB1YmxpYyBLZXkwggEiMA0G", + "CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDXdLGU2Ll5RPdDUnKQ+f/HS5qiTay2cCh9U2AS6oDM", + "6SOxVhYGtoeJ1VPebcLnpgLfhPxzrwWoVzXSEF+VRQbnYID2Jb4khjgyEeoThk3VqrThwhahpSbB", + "g2vo06vIOp1TS2R1BiwHKTLoB1i1IJnaIFSC3BN6pY4flXWyLQt/5ABXElv2XZLqXM9Eefj6Ji40", + "nLIsiW4dWw3BDa/ywWW0MsiW5ojGq4vovcAgENe/4NUbju70gHP/WS5D9bW5p+OIQi7/unrlWe/h", + "3A6jtBbbRlXYXlN+Z22uTTyyCD/W8zeXaACLvHagwEMrQePDXBZqc/iX2kI+ooZr1sC/H39RAgMB", + "AAGjITAfMB0GA1UdDgQWBBSrX2dm3LwT9jb/p+bAAdYQpE+/NjANBgkqhkiG9w0BAQsFAAOCAQEA", + "eqJfYHnsA9qhGttXFfFpPW4DQLh5w6JCce7vGvWINr5fr1DnQdcOr+wwjQ/tqbckAL2v6z1AqjhS", + "78kbfegnAQDwioJZ1olYYvLOxKoa6HF+b1/p0Mlub8Zukk2n1b2lKPBBOibOasSY7gQDwlIZi7tl", + "9nMTxUfdYK+E5Axv7DVnmUCwcnnpV5/1SFdNyW2kWO4C68rrjMOvECfwrKkbfVJM8f9krEUBuoBF", + "8dTDv7D2ZM4Q2buC70NbfaNWUX0yFvKI0IuTqk8RBfGTRQ4fZAbhMPaykEpBu6dNjTi5YOa0lNqF", + "GS7Ax7leCh5x9lV8elcLkXs8ySo8AOQJk0hgIw==", + " ", + " ", + " ", + " ", + " ", + " urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + " urn:mace:shibboleth:1.0:nameIdentifier", + " urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + " urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + " urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + " ", + " ", + " ", + " ", + "", + "", + "" + ] + }, + "remote": { + "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l": { + "_id": "dXJuOmZlZGVyYXRpb246TWljcm9zb2Z0T25saW5l", + "entityId": "urn:federation:MicrosoftOnline", + "serviceProvider": { + "advanced": { + "idpProxy": {}, + "saeConfiguration": {}, + "treeConfiguration": {} + }, + "assertionContent": { + "basicAuthentication": {}, + "nameIdFormat": { + "nameIdFormatList": [ + "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", + "urn:mace:shibboleth:1.0:nameIdentifier", + "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", + "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", + "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" + ] + }, + "secrets": {}, + "signingAndEncryption": { + "encryption": {}, + "requestResponseSigning": { + "assertion": true + }, + "secretIdAndAlgorithms": {} + } + }, + "assertionProcessing": { + "accountMapper": {}, + "attributeMapper": { + "attributeMap": [ + { + "binary": false, + "localAttribute": "mail", + "samlAttribute": "IDPEmail" + }, + { + "binary": false, + "localAttribute": "UOPClassID", + "samlAttribute": "UOPClassID" + } + ] + }, + "responseArtifactMessageEncoding": { + "encoding": "URI" + } + }, + "services": { + "serviceAttributes": { + "assertionConsumerService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "index": 0, + "isDefault": true, + "location": "https://login.microsoftonline.com/login.srf" + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign", + "index": 1, + "isDefault": false, + "location": "https://login.microsoftonline.com/login.srf" + }, + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:PAOS", + "index": 2, + "isDefault": false, + "location": "https://login.microsoftonline.com/login.srf" + } + ], + "singleLogoutService": [ + { + "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", + "location": "https://login.microsoftonline.com/login.srf" + } + ] + } + } + } + } + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/ADFS-Profile-Normalization-(JS).script.js b/test/e2e/exports/full-export-separate/realm/root-alpha/script/ADFS-Profile-Normalization-(JS).script.js new file mode 100644 index 000000000..ecd54c55d --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/ADFS-Profile-Normalization-(JS).script.js @@ -0,0 +1,89 @@ +/* + * Copyright 2022 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This script returns the social identity profile information for the authenticating user + * in a standard form expected by the Social Provider Handler Node. + * + * Defined variables: + * rawProfile - The social identity provider profile information for the authenticating user. + * JsonValue (1). + * logger - The debug logger instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. + * realm - String (primitive). + * The name of the realm the user is authenticating to. + * requestHeaders - TreeMap (2). + * The object that provides methods for accessing headers in the login request: + * https://backstage.forgerock.com/docs/am/7/authentication-guide/scripting-api-node.html#scripting-api-node-requestHeaders. + * requestParameters - TreeMap (2). + * The object that contains the authentication request parameters. + * selectedIdp - String (primitive). + * The social identity provider name. For example: google. + * sharedState - LinkedHashMap (3). + * The object that holds the state of the authentication tree and allows data exchange between the stateless nodes: + * https://backstage.forgerock.com/docs/am/7/auth-nodes/core-action.html#accessing-tree-state. + * transientState - LinkedHashMap (3). + * The object for storing sensitive information that must not leave the server unencrypted, + * and that may not need to persist between authentication requests during the authentication session: + * https://backstage.forgerock.com/docs/am/7/auth-nodes/core-action.html#accessing-tree-state. + * + * Return - a JsonValue (1). + * The result of the last statement in the script is returned to the server. + * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function) + * is the last (and only) statement in this script, and its return value will become the script result. + * Do not use "return variable" statement outside of a function definition. + * + * This script's last statement should result in a JsonValue (1) with the following keys: + * { + * {"displayName": "corresponding-social-identity-provider-value"}, + * {"email": "corresponding-social-identity-provider-value"}, + * {"familyName": "corresponding-social-identity-provider-value"}, + * {"givenName": "corresponding-social-identity-provider-value"}, + * {"id": "corresponding-social-identity-provider-value"}, + * {"locale": "corresponding-social-identity-provider-value"}, + * {"photoUrl": "corresponding-social-identity-provider-value"}, + * {"username": "corresponding-social-identity-provider-value"} + * } + * + * The consumer of this data defines which keys are required and which are optional. + * For example, the script associated with the Social Provider Handler Node and, + * ultimately, the managed object created/updated with this data + * will expect certain keys to be populated. + * In some common default configurations, the following keys are required to be not empty: + * username, givenName, familyName, email. + * + * From RFC4517: A value of the Directory String syntax is a string of one or more + * arbitrary characters from the Universal Character Set (UCS). + * A zero-length character string is not permitted. + * + * (1) JsonValue - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/json/JsonValue.html. + * (2) TreeMap - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/TreeMap.html. + * (3) LinkedHashMap - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html. + */ + +(function () { + var frJava = JavaImporter( + org.forgerock.json.JsonValue + ); + + var normalizedProfileData = frJava.JsonValue.json(frJava.JsonValue.object()); + + //logger.message('Seguin rawProfile: '+rawProfile); + + normalizedProfileData.put('id', rawProfile.get('sub').asString()); + normalizedProfileData.put('displayName', rawProfile.get('givenName').asString() + ' ' + rawProfile.get('sn').asString()); + normalizedProfileData.put('email', rawProfile.get('mail').asString()); + normalizedProfileData.put('givenName', rawProfile.get('givenName').asString()); + normalizedProfileData.put('familyName', rawProfile.get('sn').asString()); + normalizedProfileData.put('username', rawProfile.get('upn').asString()); + normalizedProfileData.put('roles', rawProfile.get('roles').asString()); + + //logger.message('Seguin normalizedProfileData: '+normalizedProfileData); + + return normalizedProfileData; +}()); diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/ADFS-Profile-Normalization-(JS).script.json b/test/e2e/exports/full-export-separate/realm/root-alpha/script/ADFS-Profile-Normalization-(JS).script.json new file mode 100644 index 000000000..16febf0ee --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/ADFS-Profile-Normalization-(JS).script.json @@ -0,0 +1,18 @@ +{ + "script": { + "dbe0bf9a-72aa-49d5-8483-9db147985a47": { + "_id": "dbe0bf9a-72aa-49d5-8483-9db147985a47", + "context": "SOCIAL_IDP_PROFILE_TRANSFORMATION", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Normalizes raw profile data from ADFS", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021989201, + "name": "ADFS Profile Normalization (JS)", + "script": "file://ADFS-Profile-Normalization-(JS).script.js" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-OAuth2-Access-Token-Modification-Script.script.js b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-OAuth2-Access-Token-Modification-Script.script.js new file mode 100644 index 000000000..5ee8ce973 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-OAuth2-Access-Token-Modification-Script.script.js @@ -0,0 +1,135 @@ +/* + * Copyright 2019-2021 ForgeRock AS. All Rights Reserved. + * + * Use of this code requires a commercial software license with ForgeRock AS + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This script lets you modify information associated with an OAuth2 access token + * with methods provided by the AccessToken (1) interface. + * The changes made to OAuth2 access tokens will directly impact the size of the CTS tokens, + * and, similarly, the size of the JWTs if client-based OAuth2 tokens are utilized. + * When adding/updating fields make sure that the token size remains within client/user-agent limits. + * + * Defined variables: + * accessToken - AccessToken (1). + * The access token to be updated. + * Mutable object, all changes to the access token will be reflected. + * scopes - Set (6). + * Always present, the requested scopes. + * requestProperties - Unmodifiable Map (5). + * Always present, contains a map of request properties: + * requestUri - The request URI. + * realm - The realm that the request relates to. + * requestParams - A map of the request params and/or posted data. + * Each value is a list of one or more properties. + * Please note that these should be handled in accordance with OWASP best practices: + * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection. + * clientProperties - Unmodifiable Map (5). + * Present if the client specified in the request was identified, contains a map of client properties: + * clientId - The client's URI for the request locale. + * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client. + * allowedResponseTypes - List of the allowed response types for the client. + * allowedScopes - List of the allowed scopes for the client. + * customProperties - A map of the custom properties of the client. + * Lists or maps will be included as sub-maps; for example: + * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1. + * To add custom properties to a client, update the Custom Properties field + * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced. + * identity - AMIdentity (3). + * Always present, the identity of the resource owner. + * session - SSOToken (4). + * Present if the request contains the session cookie, the user's session object. + * scriptName - String (primitive). + * Always present, the display name of the script. + * logger - Always present, the "OAuth2Provider" debug logger instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. + * Corresponding log files will be prefixed with: scripts.OAUTH2_ACCESS_TOKEN_MODIFICATION. + * httpClient - HTTP Client (8). + * Always present, the HTTP Client instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client. + * + * Return - no value is expected, changes shall be made to the accessToken parameter directly. + * + * Class reference: + * (1) AccessToken - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/AccessToken.html. + * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html. + * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. + * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html, + * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html. + * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html. + * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. + */ + +/* EXAMPLE +(function () { + var frJava = JavaImporter( + org.forgerock.http.protocol.Request, + org.forgerock.http.protocol.Response + ); + + // Always includes this field in the token. + accessToken.setField('key1', 'value1'); + + // Receives and adds to the access token additional values by performing a REST call to an external service. + // WARNING: Below, you will find a reference to a third-party site, which is provided only as an example. + var uri = 'https://jsonplaceholder.typicode.com/posts'; + + try { + var request = new frJava.Request(); + + // You can chain methods that return the request object. + request.setUri(uri) + .setMethod('POST') + .setEntity(JSON.stringify({ + updatedFields: { + key2: 'value2', + key3: 'value3' + } + })); + + // You can call a method when chaining is not possible. + request.getHeaders().add('Content-Type', 'application/json; charset=UTF-8'); + + // Sends the request and receives the response. + var response = httpClient.send(request).getOrThrow(); + + // Checks if the response status is as expected. + if (response.getStatus() === org.forgerock.http.protocol.Status.CREATED) { + var result = JSON.parse(response.getEntity().getString()); + + // Set multiple token fields at once. + accessToken.setFields(result.updatedFields); + } else { + logger.error('Unable to obtain access token modifications. Status: ' + response.getStatus() + '. Content: ' + response.getEntity().getString()); + } + } catch (e) { + logger.error('The request processing was interrupted. ' + e); + + // The access token request fails with the HTTP 500 error in this case. + throw ('Unable to obtain response from: ' + uri); + } + + // Adds new fields containing identity attribute values to the access token. + accessToken.setField('mail', identity.getAttribute('mail')); + accessToken.setField('phone', identity.getAttribute('telephoneNumber').toArray()[0]); + + // Adds new fields containing the session property values. + // NOTE: session may not be available for non-interactive authorization grants. + if (session) { + try { + accessToken.setField('ipAddress', session.getProperty('Host')); + } catch (e) { + logger.error('Unable to retrieve session property value. ' + e); + } + } + + // Removes a native field from the token entry, that was set by AM. + // WARNING: removing native fields from the token may result in loss of functionality. + // accessToken.removeTokenName() + + // No return value is expected. Let it be undefined. +}()); +*/ diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-OAuth2-Access-Token-Modification-Script.script.json b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-OAuth2-Access-Token-Modification-Script.script.json new file mode 100644 index 000000000..51d97c908 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-OAuth2-Access-Token-Modification-Script.script.json @@ -0,0 +1,18 @@ +{ + "script": { + "39c08084-1238-43e8-857f-2e11005eac49": { + "_id": "39c08084-1238-43e8-857f-2e11005eac49", + "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Default alpha realm script for OAuth2 Access Token Modification", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021989276, + "name": "Alpha OAuth2 Access Token Modification Script", + "script": "file://Alpha-OAuth2-Access-Token-Modification-Script.script.js" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-OIDC-Claims-Script.script.js b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-OIDC-Claims-Script.script.js new file mode 100644 index 000000000..31974b23d --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-OIDC-Claims-Script.script.js @@ -0,0 +1,620 @@ +/* + * Copyright 2014-2021 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint. + * The claim values are computed for: + * the claims derived from the requested scopes, + * the claims provided by the authorization server, + * and the claims requested by the client via the claims parameter. + * + * In the CONFIGURATION AND CUSTOMIZATION section, you can + * define the scope-to-claims mapping, and + * assign to each claim a resolver function that will compute the claim value. + * + * Defined variables (class references are provided below): + * scopes - Set (6). + * Always present, the requested scopes. + * claims - Map (5). + * Always present, default server provided claims. + * claimObjects - List (7, 2). + * Always present, the default server provided claims. + * requestedClaims - Map> (5). + * Always present, not empty if the request contains the claims parameter and the server has enabled + * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty; + * requested claims with no requested values will have a key but no value in the map. A key with + * a single value in its Set (6) indicates that this is the only value that should be returned. + * requestedTypedClaims - List (7, 2). + * Always present, the requested claims. + * Requested claims with no requested values will have a claim with no values. + * A claim with a single value indicates this is the only value that should be returned. + * claimsLocales - List (7). + * The values from the 'claims_locales' parameter. + * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details. + * requestProperties - Unmodifiable Map (5). + * Always present, contains a map of request properties: + * requestUri - The request URI. + * realm - The realm that the request relates to. + * requestParams - A map of the request params and/or posted data. + * Each value is a list of one or more properties. + * Please note that these should be handled in accordance with OWASP best practices: + * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection. + * clientProperties - Unmodifiable Map (5). + * Present if the client specified in the request was identified, contains a map of client properties: + * clientId - The client's URI for the request locale. + * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client. + * allowedResponseTypes - List of the allowed response types for the client. + * allowedScopes - List of the allowed scopes for the client. + * customProperties - A map of the custom properties of the client. + * Lists or maps will be included as sub-maps; for example: + * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1. + * To add custom properties to a client, update the Custom Properties field + * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced. + * identity - AMIdentity (3). + * Always present, the identity of the resource owner. + * session - SSOToken (4). + * Present if the request contains the session cookie, the user's session object. + * scriptName - String (primitive). + * Always present, the display name of the script. + * logger - Always present, the "OAuth2Provider" debug logger instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. + * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS. + * httpClient - HTTP Client (8). + * Always present, the HTTP Client instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client. + * In order to use the client, you may need to add + * org.forgerock.http.Client, + * org.forgerock.http.protocol.*, + * and org.forgerock.util.promise.PromiseImpl + * to the allowed Java classes in the scripting engine configuration, as described in: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html + * + * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object. + * The result of the last statement in the script is returned to the server. + * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function) + * is the last (and only) statement in this script, and its return value will become the script result. + * Do not use "return variable" statement outside of a function definition. + * See RESULTS section for additional details. + * + * Class reference: + * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html. + * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html). + * An instance of org.forgerock.openidconnect.Claim has methods to access + * the claim name, requested values, locale, and whether the claim is essential. + * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html. + * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. + * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html, + * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html. + * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html. + * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html. + * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. +*/ + +(function () { + // SETUP + + /** + * Claim processing utilities. + * An object that contains reusable functions for processing claims. + * @see CLAIM PROCESSING UTILITIES section for details. + */ + var utils = getUtils(); + + // CONFIGURATION AND CUSTOMIZATION + + /** + * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims. + * + * Call this configuration method, and pass in as the first argument + * an object that maps a scope value to an array of claim names + * to specify which claims need to be processed and returned for the requested scopes. + * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} + * for the scope values that could be used to request claims as defined in the OIDC specification. + * + * Below, find a default configuration that is expected to work in the current environment. + * + * CUSTOMIZATION + * You can choose the claim names returned for a scope. + */ + utils.setScopeClaimsMap({ + profile: [ + 'name', + 'family_name', + 'given_name', + 'zoneinfo', + 'locale' + ], + email: ['email'], + address: ['address'], + phone: ['phone_number'] + }); + + /** + * In this script, each claim + * derived from the requested scopes, + * provided by the authorization server, and + * requested by the client via the claims parameter + * will be processed by a function associated with the claim name. + * + * Call this configuration method, and pass in as the first argument + * an object that maps a claim name to a resolver function, + * which will be automatically executed for each claim processed by the script. + * + * The claim resolver function will receive the requested claim information + * in an instance of org.forgerock.openidconnect.Claim as the first argument. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} + * for details on the Claim class. + * + * If the claim resolver function returns a value, + * other than undefined or null, + * the claim will be included in the script's results. + * + * The Claim instance provides methods to check + * what the name of the claim is, + * which values the claim request contains, + * whether the claim is essential, and + * which locale the claim is associated with. + * The resolver function can consider this information when computing and returning the claim value. + * + * Below, find a default configuration that is expected to work in the current environment. + * A reusable function, utils.getUserProfileClaimResolver(String attribute-name), + * is called to return a claim resolver function based on a user profile attribute. + * @see CLAIM RESOLVERS section for the implementation details and examples. + * For the address claim, an example of a claim resolver that uses another claim resolver is provided. + * + * CUSTOMIZATION + * You can reuse the predefined utils methods with your custom arguments. + * You can also specify a custom resolver function for a claim name, + * that will compute and return the claim value—as shown in the commented out example below. + */ + utils.setClaimResolvers({ + /* + // An example of a simple claim resolver function that is defined for a claim + // directly in the configuration object: + custom-claim-name: function (requestedClaim) { + // In this case, initially, the claim value comes straight from a user profile attribute value: + var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0] + + // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value. + // You can use: + // requestedClaim.getName() + // requestedClaim.getValues() + // requestedClaim.getLocale() + // requestedClaim.isEssential() + + return claimValue + }, + */ + /** + * The use of utils.getUserProfileClaimResolver shows how + * an argument passed to a function that returns a claim resolver + * becomes available to the resolver function (via its lexical context). + */ + name: utils.getUserProfileClaimResolver('cn'), + family_name: utils.getUserProfileClaimResolver('sn'), + given_name: utils.getUserProfileClaimResolver('givenname'), + zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'), + locale: utils.getUserProfileClaimResolver('preferredlocale'), + email: utils.getUserProfileClaimResolver('mail'), + address: utils.getAddressClaimResolver( + /** + * The passed in user profile claim resolver function + * can be used by the address claim resolver function + * to obtain the claim value to be formatted as per the OIDC specification: + * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim. + */ + utils.getUserProfileClaimResolver('postaladdress') + ), + phone_number: utils.getUserProfileClaimResolver('telephonenumber') + }); + + // CLAIM PROCESSING UTILITIES + + /** + * @returns {object} An object that contains reusable claim processing utilities. + * @see PUBLIC METHODS section and the return statement for the list of exported functions. + */ + function getUtils () { + // IMPORT JAVA + + /** + * Provides Java scripting functionality. + * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}. + */ + var frJava = JavaImporter( + org.forgerock.oauth2.core.exceptions.InvalidRequestException, + org.forgerock.oauth2.core.UserInfoClaims, + org.forgerock.openidconnect.Claim, + + java.util.LinkedHashMap, + java.util.ArrayList + ); + + // SET UP CONFIGURATION + + /** + * Placeholder for a configuration option that contains + * an object that maps the supported scope values (scopes) + * and the corresponding claim names for each scope value. + */ + var scopeClaimsMap; + + /** + * Placeholder for a configuration option that contains + * an object that maps the supported claim names + * and the resolver functions returning the claim value. + */ + var claimResolvers; + + /** + * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names, + * and assigns it to a (private) variable that serves as a configuration option. + * @param {object} params - An object that maps each supported scope value to an array of claim names, + * in order to specify which claims need to be processed for the requested scopes. + * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details. + * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested. + * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested. + * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested. + * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested. + * @returns {undefined} + */ + function setScopeClaimsMap(params) { + scopeClaimsMap = params; + } + + /** + * A (public) method that accepts an object that maps the supported claim names + * and the resolver functions returning the claim value, + * and assigns it to a (private) variable that serves as a configuration option. + * @param {object} params - An object that maps + * each supported claim name to a function that computes and returns the claim value. + */ + function setClaimResolvers(params) { + claimResolvers = params; + } + + // CLAIM RESOLVERS + + /** + * Claim resolvers are functions that return a claim value. + * @param {*} + * @returns {*} + */ + + /** + * Defines a claim resolver based on a user profile attribute. + * @param {string} attributeName - Name of the user profile attribute. + * @returns {function} A function that will determine the claim value + * based on the user profile attribute and the (requested) claim properties. + */ + function getUserProfileClaimResolver (attributeName) { + /** + * Resolves a claim with a user profile attribute value. + * Returns undefined if the identity attribute is not populated, + * OR if the claim has requested values that do not contain the identity attribute value. + * ATTENTION: the aforementioned comparison is case-sensitive. + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {string|HashSet|undefined} + */ + function resolveClaim(claim) { + var userProfileValue; + + if (identity) { + userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName)); + + if (userProfileValue && !userProfileValue.isEmpty()) { + if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) { + return userProfileValue; + } + } + } + } + + return resolveClaim; + } + + /** + * Returns an address claim resolver based on a claim value obtained with another claim resolver. + * @param {function} resolveClaim - A function that returns a claim value. + * @returns {function} A function that will accept a claim as an argument, + * run the claim resolver function for the claim and obtain the claim value, + * and apply additional formatting to the value before returning it. + */ + function getAddressClaimResolver (resolveClaim) { + /** + * Creates an address claim object from a value returned by a claim resolver, + * and returns the address claim object as the claim value. + * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}. + * The claim value is obtained with a claim resolving function available from the closure. + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value. + */ + function resolveAddressClaim(claim) { + var claimValue = resolveClaim(claim); + var addressObject; + + if (isClaimValueValid(claimValue)) { + addressObject = new frJava.LinkedHashMap(); + + addressObject.put('formatted', claimValue); + + return addressObject; + } + } + + return resolveAddressClaim; + } + + /** + * Returns an essential claim resolver based on a claim value obtained with another claim resolver. + * @param {function} resolveClaim - A function that returns a claim value. + * @returns {function} A function that will accept a claim as an argument, + * run the claim resolver function for the claim and obtain the claim value, + * and apply additional logic for essential claims. + */ + function getEssentialClaimResolver (resolveClaim) { + /** + * Returns a claim value or throws an error. + * The claim value is obtained with a claim resolving function available from the closure. + * Throws an exception if the claim is essential and no value is returned for the claim. + * + * Use of this resolver is optional. + * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating: + * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present, + * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary, + * unless otherwise specified in the description of the specific claim." + * + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {*} + * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} + */ + function resolveEssentialClaim(claim) { + var claimValue = resolveClaim(claim); + + if (claim.isEssential() && !isClaimValueValid(claimValue)) { + throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName()); + } + + return claimValue; + } + + return resolveEssentialClaim; + } + + /** + * Provides default resolution for a claim. + * Use it if a claim-specific resolver is not defined in the configuration. + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {*} A single value associated with this claim. + */ + function resolveAnyClaim (claim) { + if (claim.getValues().size() === 1) { + return claim.getValues().toArray()[0]; + } + } + + // UTILITIES + + /** + * Returns claim value from a set. + * If the set contains a single value, returns the value. + * If the set contains multiple values, returns the set. + * Otherwise, returns undefined. + * + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @param {java.util.HashSet} set The set—for example, a user profile attribute value. + * @returns {string|java.util.HashSet|undefined} + */ + function getClaimValueFromSet (claim, set) { + if (set && set.size()) { + if (set.size() === 1) { + return set.toArray()[0]; + } else { + return set; + } + } else if (logger.warningEnabled()) { + logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName()); + } + } + + function isClaimValueValid (claimValue) { + if (typeof claimValue === 'undefined' || claimValue === null) { + return false; + } + + return true; + } + + // CLAIM PROCESSING + + /** + * Constructs and returns an object populated with the computed claim values + * and the requested scopes mapped to the claim names. + * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. + * @see RESULTS section for the use of this function. + */ + function getUserInfoClaims () { + return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes()); + } + + /** + * Creates a map of (requested) claim names populated with the computed claim values. + * @returns {java.util.LinkedHashMap} + * A map of the requested claim names and the corresponding claim values. + */ + function getComputedClaims () { + /** + * Creates a complete list of claim objects from: + * the claims derived from the scopes, + * the claims provided by the authorization server, + * and the claims requested by the client. + * @returns {java.util.ArrayList} + * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. + */ + function getClaims() { + /** + * Returns a list of claim objects for the requested scopes. + * Uses the scopeClaimsMap configuration option to derive the claim names; + * no other properties of a claim derived from a scope are populated. + * @returns {java.util.ArrayList} + * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. + */ + function convertScopeToClaims() { + var claims = new frJava.ArrayList(); + + scopes.toArray().forEach(function (scope) { + if (String(scope) !== 'openid' && scopeClaimsMap[scope]) { + scopeClaimsMap[scope].forEach(function (claimName) { + claims.add(new frJava.Claim(claimName)); + }); + } + }); + + return claims; + } + + var claims = new frJava.ArrayList(); + + claims.addAll(convertScopeToClaims()); + claims.addAll(claimObjects); + claims.addAll(requestedTypedClaims); + + return claims; + } + + /** + * Computes and returns a claim value. + * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object. + * @see claimResolvers + * If no resolver function is found, uses the default claim resolver function. + * + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {*} Claim value. + * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} + * Rethrows this exception if a claim resolver throws it. + * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver + * if you want to terminate the claim processing. + */ + function computeClaim(claim) { + var resolveClaim; + var message; + + try { + resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim; + + return resolveClaim(claim); + } catch (e) { + message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e; + + if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) { + throw e; + } + + if (logger.warningEnabled()) { + logger.warning(message); + } + } + } + + var computedClaims = new frJava.LinkedHashMap(); + + getClaims().toArray().forEach(function (claim) { + var claimValue = computeClaim(claim); + + if (isClaimValueValid(claimValue)) { + computedClaims.put(claim.getName(), claimValue); + } else { + /** + * If a claim has been processed, but appears in the list again, + * and its value cannot be computed under the new conditions, + * the claim is removed from the final result. + * + * For example, a claim could be mapped to a scope and found in the user profile, + * but also requested by the client with required values that don't match the computed one. + * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}. + * for the relevant OIDC specification details. + */ + computedClaims.remove(claim.getName()); + } + }); + + return computedClaims; + } + + /** + * Creates a map of requested scopes and the corresponding claim names. + * @returns {java.util.LinkedHashMap} + */ + function getCompositeScopes () { + var compositeScopes = new frJava.LinkedHashMap(); + + scopes.toArray().forEach(function (scope) { + var scopeClaims = new frJava.ArrayList(); + + if (scopeClaimsMap[scope]) { + scopeClaimsMap[scope].forEach(function (claimName) { + scopeClaims.add(claimName); + }); + } + + if (scopeClaims.size()) { + compositeScopes.put(scope, scopeClaims); + } + }); + + return compositeScopes; + } + + // PUBLIC METHODS + + return { + setScopeClaimsMap: setScopeClaimsMap, + setClaimResolvers: setClaimResolvers, + getUserProfileClaimResolver: getUserProfileClaimResolver, + getAddressClaimResolver: getAddressClaimResolver, + getEssentialClaimResolver: getEssentialClaimResolver, + getUserInfoClaims: getUserInfoClaims + }; + } + + // RESULTS + + /** + * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class + * populated with the computed claim values and + * the requested scopes mapped to the claim names. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. + * + * Assigning it to a variable gives you an opportunity + * to log the content of the returned value during development. + */ + var userInfoClaims = utils.getUserInfoClaims(); + + /* + logger.error(scriptName + ' results:') + logger.error('Values: ' + userInfoClaims.getValues()) + logger.error('Scopes: ' + userInfoClaims.getCompositeScopes()) + */ + + return userInfoClaims; +}()); diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-OIDC-Claims-Script.script.json b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-OIDC-Claims-Script.script.json new file mode 100644 index 000000000..af8abfc95 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-OIDC-Claims-Script.script.json @@ -0,0 +1,18 @@ +{ + "script": { + "cf3515f0-8278-4ee3-a530-1bad7424c416": { + "_id": "cf3515f0-8278-4ee3-a530-1bad7424c416", + "context": "OIDC_CLAIMS", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Default alpha realm script for OIDC claims", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021989350, + "name": "Alpha OIDC Claims Script", + "script": "file://Alpha-OIDC-Claims-Script.script.js" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-endUserUIClient-OAuth2-Access-Token-Modification-Script.script.js b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-endUserUIClient-OAuth2-Access-Token-Modification-Script.script.js new file mode 100644 index 000000000..8848fbbc9 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-endUserUIClient-OAuth2-Access-Token-Modification-Script.script.js @@ -0,0 +1,12 @@ +(function () { + if (scopes.contains('fr:autoaccess:*') || scopes.contains('fr:iga:*') || scopes.contains('fr:idc:analytics:*')) { + var fr = JavaImporter( + com.sun.identity.idm.IdType + ); + var groups = []; + identity.getMemberships(fr.IdType.GROUP).toArray().forEach(function (group) { + groups.push(group.getAttribute('cn').toArray()[0]); + }); + accessToken.setField('groups', groups); + } +}()); diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-endUserUIClient-OAuth2-Access-Token-Modification-Script.script.json b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-endUserUIClient-OAuth2-Access-Token-Modification-Script.script.json new file mode 100644 index 000000000..b8d05b5a1 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-endUserUIClient-OAuth2-Access-Token-Modification-Script.script.json @@ -0,0 +1,18 @@ +{ + "script": { + "e232cff3-2460-47cd-80b2-36c86c0d0f06": { + "_id": "e232cff3-2460-47cd-80b2-36c86c0d0f06", + "context": "OAUTH2_ACCESS_TOKEN_MODIFICATION", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Used by endUserUIClient", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021989441, + "name": "Alpha endUserUIClient OAuth2 Access Token Modification Script", + "script": "file://Alpha-endUserUIClient-OAuth2-Access-Token-Modification-Script.script.js" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-endUserUIClient-OIDC-Claims-Script.script.js b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-endUserUIClient-OIDC-Claims-Script.script.js new file mode 100644 index 000000000..31974b23d --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-endUserUIClient-OIDC-Claims-Script.script.js @@ -0,0 +1,620 @@ +/* + * Copyright 2014-2021 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * This script computes claim values returned in ID tokens and/or at the UserInfo Endpoint. + * The claim values are computed for: + * the claims derived from the requested scopes, + * the claims provided by the authorization server, + * and the claims requested by the client via the claims parameter. + * + * In the CONFIGURATION AND CUSTOMIZATION section, you can + * define the scope-to-claims mapping, and + * assign to each claim a resolver function that will compute the claim value. + * + * Defined variables (class references are provided below): + * scopes - Set (6). + * Always present, the requested scopes. + * claims - Map (5). + * Always present, default server provided claims. + * claimObjects - List (7, 2). + * Always present, the default server provided claims. + * requestedClaims - Map> (5). + * Always present, not empty if the request contains the claims parameter and the server has enabled + * claims_parameter_supported. A map of the requested claims to possible values, otherwise empty; + * requested claims with no requested values will have a key but no value in the map. A key with + * a single value in its Set (6) indicates that this is the only value that should be returned. + * requestedTypedClaims - List (7, 2). + * Always present, the requested claims. + * Requested claims with no requested values will have a claim with no values. + * A claim with a single value indicates this is the only value that should be returned. + * claimsLocales - List (7). + * The values from the 'claims_locales' parameter. + * See https://openid.net/specs/openid-connect-core-1_0.html#ClaimsLanguagesAndScripts for the OIDC specification details. + * requestProperties - Unmodifiable Map (5). + * Always present, contains a map of request properties: + * requestUri - The request URI. + * realm - The realm that the request relates to. + * requestParams - A map of the request params and/or posted data. + * Each value is a list of one or more properties. + * Please note that these should be handled in accordance with OWASP best practices: + * https://owasp.org/www-community/vulnerabilities/Unsafe_use_of_Reflection. + * clientProperties - Unmodifiable Map (5). + * Present if the client specified in the request was identified, contains a map of client properties: + * clientId - The client's URI for the request locale. + * allowedGrantTypes - List of the allowed grant types (org.forgerock.oauth2.core.GrantType) for the client. + * allowedResponseTypes - List of the allowed response types for the client. + * allowedScopes - List of the allowed scopes for the client. + * customProperties - A map of the custom properties of the client. + * Lists or maps will be included as sub-maps; for example: + * customMap[Key1]=Value1 will be returned as customMap -> Key1 -> Value1. + * To add custom properties to a client, update the Custom Properties field + * in AM Console > Realm Name > Applications > OAuth 2.0 > Clients > Client ID > Advanced. + * identity - AMIdentity (3). + * Always present, the identity of the resource owner. + * session - SSOToken (4). + * Present if the request contains the session cookie, the user's session object. + * scriptName - String (primitive). + * Always present, the display name of the script. + * logger - Always present, the "OAuth2Provider" debug logger instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. + * Corresponding files will be prefixed with: scripts.OIDC_CLAIMS. + * httpClient - HTTP Client (8). + * Always present, the HTTP Client instance: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-http-client.html#scripting-api-global-http-client. + * In order to use the client, you may need to add + * org.forgerock.http.Client, + * org.forgerock.http.protocol.*, + * and org.forgerock.util.promise.PromiseImpl + * to the allowed Java classes in the scripting engine configuration, as described in: + * https://backstage.forgerock.com/docs/am/7/scripting-guide/script-engine-security.html + * + * Return - a new UserInfoClaims(Map values, Map> compositeScopes) (1) object. + * The result of the last statement in the script is returned to the server. + * Currently, the Immediately Invoked Function Expression (also known as Self-Executing Anonymous Function) + * is the last (and only) statement in this script, and its return value will become the script result. + * Do not use "return variable" statement outside of a function definition. + * See RESULTS section for additional details. + * + * Class reference: + * (1) UserInfoClaims - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html. + * (2) Claim - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html). + * An instance of org.forgerock.openidconnect.Claim has methods to access + * the claim name, requested values, locale, and whether the claim is essential. + * (3) AMIdentity - https://backstage.forgerock.com/docs/am/7/apidocs/com/sun/identity/idm/AMIdentity.html. + * (4) SSOToken - https://backstage.forgerock.com/docs/am/7/apidocs/com/iplanet/sso/SSOToken.html. + * (5) Map - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashMap.html, + * or https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/LinkedHashMap.html. + * (6) Set - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/HashSet.html. + * (7) List - https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/util/ArrayList.html. + * (8) Client - https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/http/Client.html. +*/ + +(function () { + // SETUP + + /** + * Claim processing utilities. + * An object that contains reusable functions for processing claims. + * @see CLAIM PROCESSING UTILITIES section for details. + */ + var utils = getUtils(); + + // CONFIGURATION AND CUSTOMIZATION + + /** + * OAuth 2.0 scope values (scopes) can be used by the Client to request OIDC claims. + * + * Call this configuration method, and pass in as the first argument + * an object that maps a scope value to an array of claim names + * to specify which claims need to be processed and returned for the requested scopes. + * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} + * for the scope values that could be used to request claims as defined in the OIDC specification. + * + * Below, find a default configuration that is expected to work in the current environment. + * + * CUSTOMIZATION + * You can choose the claim names returned for a scope. + */ + utils.setScopeClaimsMap({ + profile: [ + 'name', + 'family_name', + 'given_name', + 'zoneinfo', + 'locale' + ], + email: ['email'], + address: ['address'], + phone: ['phone_number'] + }); + + /** + * In this script, each claim + * derived from the requested scopes, + * provided by the authorization server, and + * requested by the client via the claims parameter + * will be processed by a function associated with the claim name. + * + * Call this configuration method, and pass in as the first argument + * an object that maps a claim name to a resolver function, + * which will be automatically executed for each claim processed by the script. + * + * The claim resolver function will receive the requested claim information + * in an instance of org.forgerock.openidconnect.Claim as the first argument. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} + * for details on the Claim class. + * + * If the claim resolver function returns a value, + * other than undefined or null, + * the claim will be included in the script's results. + * + * The Claim instance provides methods to check + * what the name of the claim is, + * which values the claim request contains, + * whether the claim is essential, and + * which locale the claim is associated with. + * The resolver function can consider this information when computing and returning the claim value. + * + * Below, find a default configuration that is expected to work in the current environment. + * A reusable function, utils.getUserProfileClaimResolver(String attribute-name), + * is called to return a claim resolver function based on a user profile attribute. + * @see CLAIM RESOLVERS section for the implementation details and examples. + * For the address claim, an example of a claim resolver that uses another claim resolver is provided. + * + * CUSTOMIZATION + * You can reuse the predefined utils methods with your custom arguments. + * You can also specify a custom resolver function for a claim name, + * that will compute and return the claim value—as shown in the commented out example below. + */ + utils.setClaimResolvers({ + /* + // An example of a simple claim resolver function that is defined for a claim + // directly in the configuration object: + custom-claim-name: function (requestedClaim) { + // In this case, initially, the claim value comes straight from a user profile attribute value: + var claimValue = identity.getAttribute('custom-attribute-name').toArray()[0] + + // Optionally, provide additional logic for processing (filtering, formatting, etc.) the claim value. + // You can use: + // requestedClaim.getName() + // requestedClaim.getValues() + // requestedClaim.getLocale() + // requestedClaim.isEssential() + + return claimValue + }, + */ + /** + * The use of utils.getUserProfileClaimResolver shows how + * an argument passed to a function that returns a claim resolver + * becomes available to the resolver function (via its lexical context). + */ + name: utils.getUserProfileClaimResolver('cn'), + family_name: utils.getUserProfileClaimResolver('sn'), + given_name: utils.getUserProfileClaimResolver('givenname'), + zoneinfo: utils.getUserProfileClaimResolver('preferredtimezone'), + locale: utils.getUserProfileClaimResolver('preferredlocale'), + email: utils.getUserProfileClaimResolver('mail'), + address: utils.getAddressClaimResolver( + /** + * The passed in user profile claim resolver function + * can be used by the address claim resolver function + * to obtain the claim value to be formatted as per the OIDC specification: + * @see https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim. + */ + utils.getUserProfileClaimResolver('postaladdress') + ), + phone_number: utils.getUserProfileClaimResolver('telephonenumber') + }); + + // CLAIM PROCESSING UTILITIES + + /** + * @returns {object} An object that contains reusable claim processing utilities. + * @see PUBLIC METHODS section and the return statement for the list of exported functions. + */ + function getUtils () { + // IMPORT JAVA + + /** + * Provides Java scripting functionality. + * @see {@link https://developer.mozilla.org/en-US/docs/Mozilla/Projects/Rhino/Scripting_Java#javaimporter_constructor}. + */ + var frJava = JavaImporter( + org.forgerock.oauth2.core.exceptions.InvalidRequestException, + org.forgerock.oauth2.core.UserInfoClaims, + org.forgerock.openidconnect.Claim, + + java.util.LinkedHashMap, + java.util.ArrayList + ); + + // SET UP CONFIGURATION + + /** + * Placeholder for a configuration option that contains + * an object that maps the supported scope values (scopes) + * and the corresponding claim names for each scope value. + */ + var scopeClaimsMap; + + /** + * Placeholder for a configuration option that contains + * an object that maps the supported claim names + * and the resolver functions returning the claim value. + */ + var claimResolvers; + + /** + * A (public) method that accepts an object that maps the supported scopes and the corresponding claim names, + * and assigns it to a (private) variable that serves as a configuration option. + * @param {object} params - An object that maps each supported scope value to an array of claim names, + * in order to specify which claims need to be processed for the requested scopes. + * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims} for details. + * @param {string[]} [params.profile] - An array of claim names to be returned if the profile scope is requested. + * @param {string[]} [params.email] - An array of claim names to be returned if the email scope is requested. + * @param {string[]} [params.address] - An array of claim names to be returned if the address scope is requested. + * @param {string[]} [params.phone] - An array of claim names to be returned if the phone scope is requested. + * @returns {undefined} + */ + function setScopeClaimsMap(params) { + scopeClaimsMap = params; + } + + /** + * A (public) method that accepts an object that maps the supported claim names + * and the resolver functions returning the claim value, + * and assigns it to a (private) variable that serves as a configuration option. + * @param {object} params - An object that maps + * each supported claim name to a function that computes and returns the claim value. + */ + function setClaimResolvers(params) { + claimResolvers = params; + } + + // CLAIM RESOLVERS + + /** + * Claim resolvers are functions that return a claim value. + * @param {*} + * @returns {*} + */ + + /** + * Defines a claim resolver based on a user profile attribute. + * @param {string} attributeName - Name of the user profile attribute. + * @returns {function} A function that will determine the claim value + * based on the user profile attribute and the (requested) claim properties. + */ + function getUserProfileClaimResolver (attributeName) { + /** + * Resolves a claim with a user profile attribute value. + * Returns undefined if the identity attribute is not populated, + * OR if the claim has requested values that do not contain the identity attribute value. + * ATTENTION: the aforementioned comparison is case-sensitive. + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {string|HashSet|undefined} + */ + function resolveClaim(claim) { + var userProfileValue; + + if (identity) { + userProfileValue = getClaimValueFromSet(claim, identity.getAttribute(attributeName)); + + if (userProfileValue && !userProfileValue.isEmpty()) { + if (!claim.getValues() || claim.getValues().isEmpty() || claim.getValues().contains(userProfileValue)) { + return userProfileValue; + } + } + } + } + + return resolveClaim; + } + + /** + * Returns an address claim resolver based on a claim value obtained with another claim resolver. + * @param {function} resolveClaim - A function that returns a claim value. + * @returns {function} A function that will accept a claim as an argument, + * run the claim resolver function for the claim and obtain the claim value, + * and apply additional formatting to the value before returning it. + */ + function getAddressClaimResolver (resolveClaim) { + /** + * Creates an address claim object from a value returned by a claim resolver, + * and returns the address claim object as the claim value. + * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim}. + * The claim value is obtained with a claim resolving function available from the closure. + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {java.util.LinkedHashMap|undefined} The address claim object created from a claim value. + */ + function resolveAddressClaim(claim) { + var claimValue = resolveClaim(claim); + var addressObject; + + if (isClaimValueValid(claimValue)) { + addressObject = new frJava.LinkedHashMap(); + + addressObject.put('formatted', claimValue); + + return addressObject; + } + } + + return resolveAddressClaim; + } + + /** + * Returns an essential claim resolver based on a claim value obtained with another claim resolver. + * @param {function} resolveClaim - A function that returns a claim value. + * @returns {function} A function that will accept a claim as an argument, + * run the claim resolver function for the claim and obtain the claim value, + * and apply additional logic for essential claims. + */ + function getEssentialClaimResolver (resolveClaim) { + /** + * Returns a claim value or throws an error. + * The claim value is obtained with a claim resolving function available from the closure. + * Throws an exception if the claim is essential and no value is returned for the claim. + * + * Use of this resolver is optional. + * @see {@link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests} stating: + * "Note that even if the Claims are not available because the End-User did not authorize their release or they are not present, + * the Authorization Server MUST NOT generate an error when Claims are not returned, whether they are Essential or Voluntary, + * unless otherwise specified in the description of the specific claim." + * + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {*} + * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} + */ + function resolveEssentialClaim(claim) { + var claimValue = resolveClaim(claim); + + if (claim.isEssential() && !isClaimValueValid(claimValue)) { + throw new frJava.InvalidRequestException('Could not provide value for essential claim: ' + claim.getName()); + } + + return claimValue; + } + + return resolveEssentialClaim; + } + + /** + * Provides default resolution for a claim. + * Use it if a claim-specific resolver is not defined in the configuration. + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {*} A single value associated with this claim. + */ + function resolveAnyClaim (claim) { + if (claim.getValues().size() === 1) { + return claim.getValues().toArray()[0]; + } + } + + // UTILITIES + + /** + * Returns claim value from a set. + * If the set contains a single value, returns the value. + * If the set contains multiple values, returns the set. + * Otherwise, returns undefined. + * + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @param {java.util.HashSet} set The set—for example, a user profile attribute value. + * @returns {string|java.util.HashSet|undefined} + */ + function getClaimValueFromSet (claim, set) { + if (set && set.size()) { + if (set.size() === 1) { + return set.toArray()[0]; + } else { + return set; + } + } else if (logger.warningEnabled()) { + logger.warning('OIDC Claims script. Got an empty set for claim: ' + claim.getName()); + } + } + + function isClaimValueValid (claimValue) { + if (typeof claimValue === 'undefined' || claimValue === null) { + return false; + } + + return true; + } + + // CLAIM PROCESSING + + /** + * Constructs and returns an object populated with the computed claim values + * and the requested scopes mapped to the claim names. + * @returns {org.forgerock.oauth2.core.UserInfoClaims} The object to be returned to the authorization server. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. + * @see RESULTS section for the use of this function. + */ + function getUserInfoClaims () { + return new frJava.UserInfoClaims(getComputedClaims(), getCompositeScopes()); + } + + /** + * Creates a map of (requested) claim names populated with the computed claim values. + * @returns {java.util.LinkedHashMap} + * A map of the requested claim names and the corresponding claim values. + */ + function getComputedClaims () { + /** + * Creates a complete list of claim objects from: + * the claims derived from the scopes, + * the claims provided by the authorization server, + * and the claims requested by the client. + * @returns {java.util.ArrayList} + * Returns a complete list of org.forgerock.openidconnect.Claim objects available to the script. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. + */ + function getClaims() { + /** + * Returns a list of claim objects for the requested scopes. + * Uses the scopeClaimsMap configuration option to derive the claim names; + * no other properties of a claim derived from a scope are populated. + * @returns {java.util.ArrayList} + * A list of org.forgerock.openidconnect.Claim objects derived from the requested scopes. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for the claim object details. + */ + function convertScopeToClaims() { + var claims = new frJava.ArrayList(); + + scopes.toArray().forEach(function (scope) { + if (String(scope) !== 'openid' && scopeClaimsMap[scope]) { + scopeClaimsMap[scope].forEach(function (claimName) { + claims.add(new frJava.Claim(claimName)); + }); + } + }); + + return claims; + } + + var claims = new frJava.ArrayList(); + + claims.addAll(convertScopeToClaims()); + claims.addAll(claimObjects); + claims.addAll(requestedTypedClaims); + + return claims; + } + + /** + * Computes and returns a claim value. + * To obtain the claim value, uses the resolver function specified for the claim in the claimResolvers configuration object. + * @see claimResolvers + * If no resolver function is found, uses the default claim resolver function. + * + * @param {org.forgerock.openidconnect.Claim} claim + * An object that provides methods to obtain information/requirements associated with a claim. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/openidconnect/Claim.html} for details. + * @returns {*} Claim value. + * @throws {org.forgerock.oauth2.core.exceptions.InvalidRequestException} + * Rethrows this exception if a claim resolver throws it. + * You can throw org.forgerock.oauth2.core.exceptions.InvalidRequestException from your custom claim resolver + * if you want to terminate the claim processing. + */ + function computeClaim(claim) { + var resolveClaim; + var message; + + try { + resolveClaim = claimResolvers[claim.getName()] || resolveAnyClaim; + + return resolveClaim(claim); + } catch (e) { + message = 'OIDC Claims script exception. Unable to resolve OIDC Claim. ' + e; + + if (String(e).indexOf('org.forgerock.oauth2.core.exceptions.InvalidRequestException') !== -1) { + throw e; + } + + if (logger.warningEnabled()) { + logger.warning(message); + } + } + } + + var computedClaims = new frJava.LinkedHashMap(); + + getClaims().toArray().forEach(function (claim) { + var claimValue = computeClaim(claim); + + if (isClaimValueValid(claimValue)) { + computedClaims.put(claim.getName(), claimValue); + } else { + /** + * If a claim has been processed, but appears in the list again, + * and its value cannot be computed under the new conditions, + * the claim is removed from the final result. + * + * For example, a claim could be mapped to a scope and found in the user profile, + * but also requested by the client with required values that don't match the computed one. + * @see {link https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests}. + * for the relevant OIDC specification details. + */ + computedClaims.remove(claim.getName()); + } + }); + + return computedClaims; + } + + /** + * Creates a map of requested scopes and the corresponding claim names. + * @returns {java.util.LinkedHashMap} + */ + function getCompositeScopes () { + var compositeScopes = new frJava.LinkedHashMap(); + + scopes.toArray().forEach(function (scope) { + var scopeClaims = new frJava.ArrayList(); + + if (scopeClaimsMap[scope]) { + scopeClaimsMap[scope].forEach(function (claimName) { + scopeClaims.add(claimName); + }); + } + + if (scopeClaims.size()) { + compositeScopes.put(scope, scopeClaims); + } + }); + + return compositeScopes; + } + + // PUBLIC METHODS + + return { + setScopeClaimsMap: setScopeClaimsMap, + setClaimResolvers: setClaimResolvers, + getUserProfileClaimResolver: getUserProfileClaimResolver, + getAddressClaimResolver: getAddressClaimResolver, + getEssentialClaimResolver: getEssentialClaimResolver, + getUserInfoClaims: getUserInfoClaims + }; + } + + // RESULTS + + /** + * This script returns an instance of the org.forgerock.oauth2.core.UserInfoClaims class + * populated with the computed claim values and + * the requested scopes mapped to the claim names. + * @see {@link https://backstage.forgerock.com/docs/am/7/apidocs/org/forgerock/oauth2/core/UserInfoClaims.html}. + * + * Assigning it to a variable gives you an opportunity + * to log the content of the returned value during development. + */ + var userInfoClaims = utils.getUserInfoClaims(); + + /* + logger.error(scriptName + ' results:') + logger.error('Values: ' + userInfoClaims.getValues()) + logger.error('Scopes: ' + userInfoClaims.getCompositeScopes()) + */ + + return userInfoClaims; +}()); diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-endUserUIClient-OIDC-Claims-Script.script.json b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-endUserUIClient-OIDC-Claims-Script.script.json new file mode 100644 index 000000000..719b52b8f --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Alpha-endUserUIClient-OIDC-Claims-Script.script.json @@ -0,0 +1,18 @@ +{ + "script": { + "e1db8a0a-0329-4962-a5bf-ecffaca376ae": { + "_id": "e1db8a0a-0329-4962-a5bf-ecffaca376ae", + "context": "OIDC_CLAIMS", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Used by endUserUIClient", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021989515, + "name": "Alpha endUserUIClient OIDC Claims Script", + "script": "file://Alpha-endUserUIClient-OIDC-Claims-Script.script.js" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/Check-Username.script.js b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Check-Username.script.js new file mode 100644 index 000000000..bff9e70fb --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Check-Username.script.js @@ -0,0 +1,21 @@ +/* Check Username + * + * Author: volker.scheuber@forgerock.com + * + * Check if username has already been collected. + * Return "known" if yes, "unknown" otherwise. + * + * This script does not need to be parametrized. It will work properly as is. + * + * The Scripted Decision Node needs the following outcomes defined: + * - known + * - unknown + */ +(function () { + if (null != sharedState.get("username")) { + outcome = "known"; + } + else { + outcome = "unknown"; + } +}()); diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/Check-Username.script.json b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Check-Username.script.json new file mode 100644 index 000000000..1aa6f8fc9 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Check-Username.script.json @@ -0,0 +1,18 @@ +{ + "script": { + "739bdc48-fd24-4c52-b353-88706d75558a": { + "_id": "739bdc48-fd24-4c52-b353-88706d75558a", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Check if username has already been collected.", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021989596, + "name": "Check Username", + "script": "file://Check-Username.script.js" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/Custom-Device-Match-Script.script.js b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Custom-Device-Match-Script.script.js new file mode 100644 index 000000000..95d971f27 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Custom-Device-Match-Script.script.js @@ -0,0 +1,5 @@ +/* + * Custom Device Match Script + */ + +outcome = "true"; diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/Custom-Device-Match-Script.script.json b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Custom-Device-Match-Script.script.json new file mode 100644 index 000000000..b7ac9eb28 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Custom-Device-Match-Script.script.json @@ -0,0 +1,18 @@ +{ + "script": { + "d58977ed-0542-4147-8197-973ef7300191": { + "_id": "d58977ed-0542-4147-8197-973ef7300191", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Custom Device Match Script", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021989667, + "name": "Custom Device Match Script", + "script": "file://Custom-Device-Match-Script.script.js" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/EmailAsUsername.script.js b/test/e2e/exports/full-export-separate/realm/root-alpha/script/EmailAsUsername.script.js new file mode 100644 index 000000000..a9a5a3473 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/EmailAsUsername.script.js @@ -0,0 +1,16 @@ +objectAttributes = sharedState.get("objectAttributes") +userName = objectAttributes.get("userName") + +if(userName){ + //Form Fill + objectAttributes.put("mail", userName) +} else { + //Social + objectAttributes.put("userName", objectAttributes.get("mail")) +} + + +sharedState.put("objectAttributes", objectAttributes); +//sharedState.put("username", mail) + +outcome = "true"; diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/EmailAsUsername.script.json b/test/e2e/exports/full-export-separate/realm/root-alpha/script/EmailAsUsername.script.json new file mode 100644 index 000000000..c2cc8f966 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/EmailAsUsername.script.json @@ -0,0 +1,18 @@ +{ + "script": { + "e5c302c8-f838-4698-87cc-d7225fc82454": { + "_id": "e5c302c8-f838-4698-87cc-d7225fc82454", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "null", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021989736, + "name": "EmailAsUsername", + "script": "file://EmailAsUsername.script.js" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/Format-Username.script.js b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Format-Username.script.js new file mode 100644 index 000000000..bfc04eb70 --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Format-Username.script.js @@ -0,0 +1,4 @@ +var username = sharedState.get("username"); + +sharedState.put("displayName", username); +outcome = "continue"; diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/Format-Username.script.json b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Format-Username.script.json new file mode 100644 index 000000000..b7c4dcb9c --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/Format-Username.script.json @@ -0,0 +1,18 @@ +{ + "script": { + "223739f3-9c54-43b7-9572-3c5338786145": { + "_id": "223739f3-9c54-43b7-9572-3c5338786145", + "context": "AUTHENTICATION_TREE_DECISION_NODE", + "createdBy": "null", + "creationDate": 0, + "default": false, + "description": "Change this upp buddy", + "evaluatorVersion": "1.0", + "language": "JAVASCRIPT", + "lastModifiedBy": "id=7a031a92-f70d-4b30-9d70-da7cfb1d9c93,ou=user,ou=am-config", + "lastModifiedDate": 1731021989809, + "name": "Format Username", + "script": "file://Format-Username.script.js" + } + } +} diff --git a/test/e2e/exports/full-export-separate/realm/root-alpha/script/FrodoSPAdapter.script.js b/test/e2e/exports/full-export-separate/realm/root-alpha/script/FrodoSPAdapter.script.js new file mode 100644 index 000000000..75221eb8b --- /dev/null +++ b/test/e2e/exports/full-export-separate/realm/root-alpha/script/FrodoSPAdapter.script.js @@ -0,0 +1,227 @@ +/* + * Copyright 2023 ForgeRock AS. All Rights Reserved + * + * Use of this code requires a commercial software license with ForgeRock AS. + * or with one of its affiliates. All use shall be exclusively subject + * to such license between the licensee and ForgeRock AS. + */ + +/* + * The script has these top level functions that could be executed during a SAML2 flow. + * - preSingleSignOnRequest + * - preSingleSignOnProcess + * - postSingleSignOnSuccess + * - postSingleSignOnFailure + * - postNewNameIDSuccess + * - postTerminateNameIDSuccess + * - preSingleLogoutProcess + * - postSingleLogoutSuccess + * + * Please see the JavaDoc for the interface for more information about these methods. + * https://backstage.forgerock.com/docs/am/7.3/_attachments/apidocs/org/forgerock/openam/saml2/plugins/SPAdapter.html + * Note that the initialize method is not supported in the scripts. + * + * Defined variables. Check the documentation on the respective functions for the variables available to it. + * + * hostedEntityId - String + * Entity ID for the hosted IDP + * realm - String + * Realm of the hosted IDP + * idpEntityId - String + * The entity ID for the Identity Provider for which the sign-on request will be sent. + * request - HttpServletRequest (1) + * Servlet request object + * response - HttpServletResponse (2) + * Servlet response object + * authnRequest - AuthnRequest (3) + * The authentication request sent that is sent from the Service Provider. + * session - SSOToken (4) + * The single sign-on session. The reference type of this is Object and would need to be casted to SSOToken. + * res - Response (5) + * The SSO Response received from the Identity Provider. + * profile - String + * The protocol profile that is used, this will be one of the following values from SAML2Constants (6): + * - SAML2Constants.HTTP_POST + * - SAML2Constants.HTTP_ARTIFACT + * - SAML2Constants.PAOS + * out - PrintWriter (7) + * The PrintWriter that can be used to write to. + * isFederation - boolean + * Set to true if using federation, otherwise false. + * failureCode - int + * An integer holding the failure code when an error has occurred. For potential values see SPAdapter. + * userId - String + * The unique universal ID of the user with whom the new name identifier request was performed. + * idRequest - ManageNameIDRequest (8) + * The new name identifier request, this will be null if the request object is not available + * idResponse - ManageNameIDResponse (9) + * The new name identifier response, this will be null if the response object is not available + * binding - String + * The binding used for the new name identifier request. This will be one of the following values: + * - SAML2Constants.SOAP + * - SAML2Constants.HTTP_REDIRECT + * logoutRequest - LogoutRequest (10) + * The single logout request. + * logoutResponse - LogoutResponse (11) + * The single logout response. + * spAdapterScriptHelper - SpAdapterScriptHelper (12) + * An instance of SpAdapterScriptHelper containing helper methods. See Javadoc for more details. + * logger - Logger instance + * https://backstage.forgerock.com/docs/am/7/scripting-guide/scripting-api-global-logger.html#scripting-api-global-logger. + * Corresponding log files will be prefixed with: scripts.