feat: flex linux setup casa fix

feat: flex linux setup casa fix

Author: moabu

flex-linux-setup/flex_linux_setup/flex_setup.py

@@ -5,28 +5,46 @@
 import zipfile
 import argparse
 import time
+import glob
+import code
+import configparser
+
+from pathlib import Path
+from urllib import request
 from urllib.parse import urljoin
 
-if not os.path.join('/etc/jans/conf/jans.properties'):
-    print("Please install Jans server then execute this script.")
-    sys.exit()
 
-if not os.path.exists('/opt/jans/jetty/jans-config-api/start.ini'):
-    print("Please install Jans Config Api then execute this script.")
-    sys.exit()
+def get_flex_setup_parser():
+    parser = argparse.ArgumentParser(description="This script downloads Gluu Admin UI components and installs")
+    parser.add_argument('--jans-setup-branch', help="Jannsen setup github branch", default='main')
+    parser.add_argument('--flex-branch', help="Jannsen flex setup github branch", default='main')
+    parser.add_argument('--jans-branch', help="Jannsen github branch", default='main')
 
-__STATIC_SETUP_DIR__ = '/opt/jans/jans-setup/'
+    return parser
 
+__STATIC_SETUP_DIR__ = '/opt/jans/jans-setup/'
 
 try:
     import jans_setup
-    sys.path.append(jans_setup.__path__[0])
+    path_ = list(jans_setup.__path__)
+    sys.path.append(path_[0])
 except ModuleNotFoundError:
-    if os.path.exists(__STATIC_SETUP_DIR__):
+    if os.path.exists(os.path.join(__STATIC_SETUP_DIR__, 'setup_app')):
         sys.path.append(__STATIC_SETUP_DIR__)
     else:
-        print("Unable to locate jans-setup, exiting ...")
-        sys.exit()
+        argsp = get_flex_setup_parser().parse_known_args()[0]
+
+        print("Unable to locate jans-setup, installing ...")
+
+        setup_branch = argsp.jans_setup_branch or 'main'
+        install_url = 'https://raw.githubusercontent.com/JanssenProject/jans/{}/jans-linux-setup/jans_setup/install.py'.format(setup_branch)
+        request.urlretrieve(install_url, 'install.py')
+        install_cmd = 'python3 install.py --setup-branch={} --no-setup'.format(setup_branch)
+        if '-yes' in sys.argv:
+            install_cmd += ' -yes'
+        print("Executing", install_cmd)
+        os.system(install_cmd)
+        sys.path.append(__STATIC_SETUP_DIR__)
 
 logs_dir = os.path.join(__STATIC_SETUP_DIR__, 'logs')
 
@@ -43,6 +61,22 @@
 print(paths.LOG_ERROR_FILE)
 print('\033[0m')
 
+
+parser = get_flex_setup_parser()
+from setup_app.utils import arg_parser
+arg_parser.add_to_me(parser)
+installed = False
+
+if not os.path.exists('/etc/jans/conf/jans.properties'):
+    installed = True
+    try:
+        from jans_setup import jans_setup
+    except ImportError:
+        import jans_setup
+    jans_setup.main()
+
+argsp = arg_parser.get_parser()
+
 from setup_app import static
 from setup_app.utils import base
 
@@ -53,41 +87,40 @@
 from setup_app.installers.httpd import HttpdInstaller
 from setup_app.installers.config_api import ConfigApiInstaller
 from setup_app.installers.jetty import JettyInstaller
+from setup_app.installers.jans_auth import JansAuthInstaller
+from setup_app.installers.jans_cli import JansCliInstaller
+
 
 Config.outputFolder = os.path.join(__STATIC_SETUP_DIR__, 'output')
 if not os.path.join(Config.outputFolder):
     os.makedirs(Config.outputFolder)
 
-parser = argparse.ArgumentParser(description="This script downloads Gluu Admin UI components and installs")
-parser.add_argument('--setup-branch', help="Jannsen setup github branch", default='main')
-parser.add_argument('--flex-branch', help="Jannsen flex setup github branch", default='main')
-parser.add_argument('--jans-branch', help="Jannsen github branch", default='main')
-parser.add_argument('-casa-integration', help="Install Casa Integration", action='store_true')
-
-argsp = parser.parse_args()
+if not installed:
 
-# initialize config object
-Config.init(paths.INSTALL_DIR)
-Config.determine_version()
+    # initialize config object
+    Config.init(paths.INSTALL_DIR)
+    Config.determine_version()
 
-collectProperties = CollectProperties()
-collectProperties.collect()
+    collectProperties = CollectProperties()
+    collectProperties.collect()
 
 maven_base_url = 'https://jenkins.jans.io/maven/io/jans/'
 app_versions = {
-  "SETUP_BRANCH": argsp.setup_branch,
+  "SETUP_BRANCH": argsp.jans_setup_branch,
   "FLEX_BRANCH": argsp.flex_branch,
   "JANS_BRANCH": argsp.jans_branch,
   "JANS_APP_VERSION": "1.0.0",
   "JANS_BUILD": "-SNAPSHOT", 
   "NODE_VERSION": "v14.18.2",
   "CASA_VERSION": "5.0.0-SNAPSHOT",
+  "TWILIO_VERSION": "7.17.0",
 }
 
 node_installer = NodeInstaller()
 httpd_installer = HttpdInstaller()
 config_api_installer = ConfigApiInstaller()
-
+jansAuthInstaller = JansAuthInstaller()
+jans_cli_installer = JansCliInstaller()
 
 class flex_installer(JettyInstaller):
 
@@ -97,23 +130,38 @@ def __init__(self):
         self.gluu_admin_ui_source_path = os.path.join(Config.distJansFolder, 'gluu-admin-ui.zip')
         self.log4j2_adminui_path = os.path.join(Config.distJansFolder, 'log4j2-adminui.xml')
         self.log4j2_path = os.path.join(Config.distJansFolder, 'log4j2.xml')
-        self.admin_ui_plugin_source_path = os.path.join(Config.distJansFolder, 'admin-ui-plugin-distribution.jar')
+        self.admin_ui_plugin_source_path = os.path.join(Config.distJansFolder, 'admin-ui-plugin.jar')
         self.flex_path = os.path.join(Config.distJansFolder, 'flex.zip')
         self.source_dir = os.path.join(Config.outputFolder, 'admin-ui')
         self.flex_setup_dir = os.path.join(self.source_dir, 'flex-linux-setup')
         self.templates_dir = os.path.join(self.flex_setup_dir, 'templates')
         self.admin_ui_config_properties_path = os.path.join(self.templates_dir, 'auiConfiguration.properties')
-        self.casa_web_resources_fn = os.path.join(Config.distJansFolder, 'casa_web_resources.xml')
-        self.casa_war_fn = os.path.join(Config.distJansFolder, 'casa.war')
+        self.casa_dist_dir = os.path.join(Config.distJansFolder, 'gluu-casa')
+        self.casa_web_resources_fn = os.path.join(self.casa_dist_dir, 'casa_web_resources.xml')
+        self.casa_war_fn = os.path.join(self.casa_dist_dir, 'casa.war')
+        self.casa_config_fn = os.path.join(self.casa_dist_dir,'casa-config.jar')
+        self.casa_script_fn = os.path.join(self.casa_dist_dir,'Casa.py')
+        self.twillo_fn = os.path.join(self.casa_dist_dir,'twilio.jar')
+        self.py_lib_dir = os.path.join(Config.jansOptPythonFolder, 'libs')
+
+        self.dbUtils.bind(force=True)
 
     def download_files(self):
         print("Downloading components")
-        base.download(urljoin(maven_base_url, 'jans-config-api/plugins/admin-ui-plugin/{0}{1}/admin-ui-plugin-{0}{1}-distribution.jar'.format(app_versions['JANS_APP_VERSION'], app_versions['JANS_BUILD'])), self.admin_ui_plugin_source_path)
-        base.download('https://raw.githubusercontent.com/JanssenProject/jans/{}/jans-config-api/server/src/main/resources/log4j2.xml'.format(app_versions['JANS_BRANCH']), self.log4j2_path)
-        base.download('https://raw.githubusercontent.com/JanssenProject/jans/{}/jans-config-api/plugins/admin-ui-plugin/config/log4j2-adminui.xml'.format(app_versions['JANS_BRANCH']), self.log4j2_adminui_path)
-        base.download('https://github.com/GluuFederation/flex/archive/refs/heads/{}.zip'.format(app_versions['FLEX_BRANCH']), self.flex_path)
-        base.download('https://github.com/GluuFederation/casa/raw/gluu_cloud/extras/casa_web_resources.xml', self.casa_web_resources_fn)
-        base.download('https://maven.gluu.org/maven/org/gluu/casa/{0}/casa-{0}.war'.format(app_versions['CASA_VERSION']), self.casa_war_fn)
+        base.download(urljoin(maven_base_url, 'jans-config-api/plugins/admin-ui-plugin/{0}{1}/admin-ui-plugin-{0}{1}-distribution.jar'.format(app_versions['JANS_APP_VERSION'], app_versions['JANS_BUILD'])), self.admin_ui_plugin_source_path, verbose=True)
+        base.download('https://raw.githubusercontent.com/JanssenProject/jans/{}/jans-config-api/server/src/main/resources/log4j2.xml'.format(app_versions['JANS_BRANCH']), self.log4j2_path, verbose=True)
+        base.download('https://raw.githubusercontent.com/JanssenProject/jans/{}/jans-config-api/plugins/admin-ui-plugin/config/log4j2-adminui.xml'.format(app_versions['JANS_BRANCH']), self.log4j2_adminui_path, verbose=True)
+        base.download('https://github.com/GluuFederation/flex/archive/refs/heads/{}.zip'.format(app_versions['FLEX_BRANCH']), self.flex_path, verbose=True)
+        base.download('https://github.com/GluuFederation/casa/raw/gluu_cloud/extras/casa_web_resources.xml', self.casa_web_resources_fn, verbose=True)
+        base.download('https://maven.gluu.org/maven/org/gluu/casa/{0}/casa-{0}.war'.format(app_versions['CASA_VERSION']), self.casa_war_fn, verbose=True)
+        base.download('https://maven.gluu.org/maven/org/gluu/casa-config/{0}/casa-config-{0}.jar'.format(app_versions['CASA_VERSION']), self.casa_config_fn, verbose=True)
+        base.download('https://repo1.maven.org/maven2/com/twilio/sdk/twilio/{0}/twilio-{0}.jar'.format(app_versions['TWILIO_VERSION']), self.twillo_fn, verbose=True)
+        base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/Casa.py', self.casa_script_fn, verbose=True)
+        base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/casa-external_fido2.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_fido2.py'), verbose=True)
+        base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/casa-external_otp.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_otp.py'), verbose=True)
+        base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/casa-external_super_gluu.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_super_gluu.py'), verbose=True)
+        base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/casa-external_twilio_sms.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_twilio_sms.py'), verbose=True)
+        base.download('https://raw.githubusercontent.com/GluuFederation/flex/main/casa/extras/casa-external_u2f.py', os.path.join(self.casa_dist_dir, 'pylib/casa-external_u2f.py'), verbose=True)
 
 
     def install_gluu_admin_ui(self):
@@ -147,15 +195,65 @@ def install_gluu_admin_ui(self):
         config_api_installer.check_clients([('role_based_client_id', '2000.')])
         config_api_installer.renderTemplateInOut(self.admin_ui_config_properties_path, os.path.join(self.flex_setup_dir, 'templates'), config_api_installer.custom_config_dir)
         admin_ui_plugin_path = os.path.join(config_api_installer.libDir, os.path.basename(self.admin_ui_plugin_source_path))
-        config_api_installer.web_app_xml_fn = os.path.join(config_api_installer.jetty_base, config_api_installer.service_name, 'webapps/jans-config-api.xml')
         config_api_installer.copyFile(self.admin_ui_plugin_source_path, config_api_installer.libDir)
         config_api_installer.add_extra_class(admin_ui_plugin_path)
 
         for logfn in (self.log4j2_adminui_path, self.log4j2_path):
             config_api_installer.copyFile(logfn, config_api_installer.custom_config_dir)
 
+        cli_config = Path(jans_cli_installer.config_ini_fn)
+
+        current_plugins = []
+
+        if cli_config.exists():
+
+            config = configparser.ConfigParser()
+            config.read_file(cli_config.open())
+            current_plugins = config['DEFAULT'].get('jca_plugins', '').split(',')
+
+        plugins = config_api_installer.get_plugins()
+
+        for plugin in plugins:
+            if not plugin in current_plugins:
+                current_plugins.append(plugin)
+
+        config['DEFAULT']['jca_plugins'] = ','.join(current_plugins)
+        config.write(cli_config.open('w'))
+        cli_config.chmod(0o600)
 
     def install_casa(self):
+
+        jans_auth_dir = os.path.join(Config.jetty_base, jansAuthInstaller.service_name)
+        jans_auth_custom_lib_dir = os.path.join(jans_auth_dir, 'custom/libs')
+
+        print("Adding twillo and casa config to jans-auth")
+        self.copyFile(self.casa_config_fn, jans_auth_custom_lib_dir)
+        self.copyFile(self.twillo_fn, jans_auth_custom_lib_dir)
+        class_path = '{},{}'.format(
+            os.path.join(jans_auth_custom_lib_dir, os.path.basename(self.casa_config_fn)),
+            os.path.join(jans_auth_custom_lib_dir, os.path.basename(self.twillo_fn)),
+            )
+        jansAuthInstaller.add_extra_class(class_path)
+
+        simple_auth_scr_inum = 'A51E-76DA'
+        print("Enabling script", simple_auth_scr_inum)
+        self.dbUtils.enable_script(simple_auth_scr_inum)
+
+        # copy casa scripts
+        if not os.path.exists(self.py_lib_dir):
+            os.makedirs(self.py_lib_dir)
+        for fn in glob.glob(os.path.join(self.casa_dist_dir, 'pylib/*.py')):
+            print("Copying", fn, "to", self.py_lib_dir)
+            self.copyFile(fn, self.py_lib_dir)
+
+        self.run([paths.cmd_chown, '-R', '{0}:{0}'.format(Config.jetty_user), self.py_lib_dir])
+
+        # prepare casa scipt ldif
+        casa_auth_script_fn = os.path.join(self.templates_dir, 'casa_person_authentication_script.ldif')
+        base64_script_file = self.generate_base64_file(self.casa_script_fn, 1)
+        Config.templateRenderingDict['casa_person_authentication_script'] = base64_script_file
+        self.renderTemplateInOut(casa_auth_script_fn, self.templates_dir, self.source_dir)
+
         Config.templateRenderingDict['casa_redirect_uri'] = 'https://{}/casa'.format(Config.hostname)
         Config.templateRenderingDict['casa_redirect_logout_uri'] = 'https://{}/casa/bye.zul'.format(Config.hostname)
         Config.templateRenderingDict['casa_frontchannel_logout_uri'] = 'https://{}/casa/autologout'.format(Config.hostname)
@@ -167,15 +265,18 @@ def install_casa(self):
 
         self.check_clients([('casa_client_id', '3000.')])
 
-        print(Config.casa_client_id)
-        print(Config.casa_client_encoded_pw)
-        print(Config.casa_client_pw)
+        print("Casa client id", Config.casa_client_id)
+        print("Casa client password", Config.casa_client_pw)
+        print("Casa client encoded password", Config.casa_client_encoded_pw)
+
+        print("Importing LDIF Files")
 
         self.renderTemplateInOut(self.casa_client_fn, self.templates_dir, self.source_dir)
         self.renderTemplateInOut(self.casa_config_fn, self.templates_dir, self.source_dir)
         self.dbUtils.import_ldif([
                 os.path.join(self.source_dir, os.path.basename(self.casa_client_fn)),
                 os.path.join(self.source_dir, os.path.basename(self.casa_config_fn)),
+                os.path.join(self.source_dir, os.path.basename(casa_auth_script_fn)),
                 ])
 
 
@@ -216,6 +317,7 @@ def install_casa(self):
 
         self.calculate_aplications_memory(Config.application_max_ram, self.jetty_app_configuration, installedComponents)
 
+        print("Deploying casa as Jetty application")
         self.installJettyService(self.jetty_app_configuration[self.service_name], True)
         self.copyFile(os.path.join(self.templates_dir, 'casa.service'), '/etc/systemd/system')
         jetty_service_dir = os.path.join(Config.jetty_base, self.service_name)
@@ -227,10 +329,8 @@ def install_casa(self):
         self.copyFile(self.casa_war_fn, jetty_service_webapps_dir)
         self.copyFile(self.casa_web_resources_fn, jetty_service_webapps_dir)
         self.run([paths.cmd_chown, '-R', '{0}:{0}'.format(Config.jetty_user), jetty_service_dir])
-        gluu_python_dir = '/opt/gluu/python/'
-        self.run([paths.cmd_mkdir, '-p', os.path.join(gluu_python_dir, 'libs')])
-        self.run([paths.cmd_chown, '-R', '{0}:{0}'.format(Config.jetty_user), gluu_python_dir])
 
+        print("Updating apache configuration")
         apache_directive_template_text = self.readFile(os.path.join(self.templates_dir, 'casa_apache_directive'))
 
         apache_directive_text = self.fomatWithDict(apache_directive_template_text, Config.templateRenderingDict)
@@ -248,6 +348,7 @@ def install_casa(self):
 
             https_jans_list.insert(n+1, '\n' + apache_directive_text + '\n')
             self.writeFile(httpd_installer.https_jans_fn, '\n'.join(https_jans_list))
+            print("Restarting Apache")
             httpd_installer.restart()
 
         self.enable()
@@ -259,24 +360,34 @@ def main():
         node_fn = 'node-{0}-linux-x64.tar.xz'.format(app_versions['NODE_VERSION'])
         node_path = os.path.join(Config.distAppFolder, node_fn)
         if not os.path.exists(node_path):
-            print("Downloading", node_fn)
-            base.download('https://nodejs.org/dist/{0}/node-{0}-linux-x64.tar.xz'.format(app_versions['NODE_VERSION']), node_path)
+            base.download('https://nodejs.org/dist/{0}/node-{0}-linux-x64.tar.xz'.format(app_versions['NODE_VERSION']), node_path, verbose=True)
         print("Installing node")
         node_installer.install()
 
     installer_obj = flex_installer()
     installer_obj.download_files()
+
     installer_obj.install_gluu_admin_ui()
 
-    if argsp.casa_integration:
-        installer_obj.install_casa()
+    installer_obj.install_casa()
+
+    print("Starting Casa")
+    config_api_installer.start('casa')
+
+    print("Restarting Jans Auth")
+    config_api_installer.restart('jans-auth')
 
-    sys.exit()
     print("Restarting Janssen Config Api")
     config_api_installer.restart()
 
-    print("Installation was completed. Browse https://{}/admin".format(Config.hostname))
+    print("Installation was completed.")
+    print("Browse https://{}/admin".format(Config.hostname))
+    print("Browse https://{}/casa".format(Config.hostname))
 
 if __name__ == "__main__":
-    main()
+    if argsp.shell:
+        code.interact(local=locals())
+        sys.exit()
+    else:
+        main()
 

flex-linux-setup/flex_linux_setup/templates/casa_client.ldif

@@ -18,7 +18,7 @@ jansInclClaimsInIdTkn: false
 jansLogoutSessRequired: false
 jansPersistClntAuthzs: true
 jansRedirectURI: %(casa_redirect_uri)s
-jansRedirectURI: %(casa_redirect_logout_uri)s
+jansPostLogoutRedirectURI: %(casa_redirect_logout_uri)s
 jansLogoutURI: %(casa_frontchannel_logout_uri)s
 jansRequireAuthTime: false
 jansRespTyp: code
@@ -30,4 +30,5 @@ jansScope: inum=341A,ou=scopes,o=jans
 jansSignedRespAlg: RS256
 jansSubjectTyp: pairwise
 jansTknEndpointAuthMethod: client_secret_basic
-jansTrustedClnt: false
+jansTrustedClnt: true
+

flex-linux-setup/flex_linux_setup/templates/casa_config.ldif

@@ -2,4 +2,4 @@ dn: ou=casa,ou=configuration,o=jans
 objectClass: jansAppConf
 objectClass: top
 ou: casa
-jansConfApp: {"enable_pass_reset": true, "oidc_config": {"authz_redirect_uri": "%(casa_redirect_uri)s", "post_logout_uri": "%(casa_redirect_logout_uri)s", "frontchannel_logout_uri": "%(casa_frontchannel_logout_uri)s", "scopes": ["openid", "profile", "user_name", "clientinfo"], "op_host": "%(hostname)s", "client": {"clientId": "%(casa_client_id)s", "clientSecret": "casa_client_pw", "clientName": "Client for Casa"}}}
+jansConfApp: {"enable_pass_reset": true, "oidc_config": {"authz_redirect_uri": "%(casa_redirect_uri)s", "post_logout_uri": "%(casa_redirect_logout_uri)s", "frontchannel_logout_uri": "%(casa_frontchannel_logout_uri)s", "scopes": ["openid", "profile", "user_name", "clientinfo"], "op_host": "%(hostname)s", "client": {"clientId": "%(casa_client_id)s", "clientSecret": "%(casa_client_pw)s", "clientName": "Client for Casa"}}}

flex-linux-setup/flex_linux_setup/templates/casa_person_authentication_script.ldif

@@ -0,0 +1,15 @@
+dn: inum=3000-F75A,ou=scripts,o=jans
+description: Gluu Casa Person Authentication
+displayName: casa
+inum: 3000-F75A
+jansLevel: 1
+jansModuleProperty: {"value1":"location_type","value2":"ldap","description":""}
+jansRevision: 1
+jansScr::%(casa_person_authentication_script)s
+jansConfProperty: {"value1":"supergluu_app_id","value2":"https://%(hostname)s/casa","description":""}
+jansConfProperty: {"value1":"u2f_app_id","value2":"https://%(hostname)s","description":""}
+jansScrTyp: person_authentication
+objectClass: top
+objectClass: jansCustomScr
+jansEnabled: true
+jansProgLng: python