From 9b4f5cfcd3742e5e7383bcb5b446019b8d35ad61 Mon Sep 17 00:00:00 2001
From: Devrim <devrimyatar@gluu.org>
Date: Thu, 19 Sep 2024 12:54:49 +0300
Subject: [PATCH] feat(jans-linux-setup): turn off update profile on first
 login for the review profile step in the first broker login flow (#9522)

Signed-off-by: Mustafa Baser <mbaser@mail.com>
---
 .../setup_app/installers/jans_saml.py           | 17 ++++++++++++++---
 .../jans.update-authenticator-config.json       |  6 ++++++
 2 files changed, 20 insertions(+), 3 deletions(-)
 create mode 100644 jans-linux-setup/jans_setup/templates/jans-saml/kc_jans_api/jans.update-authenticator-config.json

diff --git a/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py b/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py
index 03f9aa91ed7..345c61ff352 100644
--- a/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py
+++ b/jans-linux-setup/jans_setup/setup_app/installers/jans_saml.py
@@ -198,15 +198,16 @@ def config_api_idp_plugin_config(self):
         jans_execution_config_jans_fn = 'jans.execution-config-jans.json'
         jans_userstorage_provider_component_fn = 'jans.userstorage-provider-component.json'
         jans_disable_verify_profile_fn = 'jans.disable-required-action-verify-profile.json'
+        jans_update_authenticator_config_fn = 'jans.update-authenticator-config.json'
 
-        for tmp_fn in (jans_api_openid_client_fn, jans_api_realm_fn, jans_api_user_fn, jans_browser_auth_flow_fn, jans_disable_verify_profile_fn):
+        for tmp_fn in (jans_api_openid_client_fn, jans_api_realm_fn, jans_api_user_fn, jans_browser_auth_flow_fn, jans_disable_verify_profile_fn, jans_update_authenticator_config_fn):
             self.renderTemplateInOut(os.path.join(jans_api_tmp_dir, tmp_fn), jans_api_tmp_dir, jans_api_output_dir, pystring=True)
 
         self.logIt("Starting KC for config api idp plugin configurations")
         self.start()
         #wait a while for KC to start
         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-        for i in range(24):
+        for i in range(30):
             self.logIt("Wait 5 seconds to KC started")
             time.sleep(5)
             try:
@@ -217,7 +218,7 @@ def config_api_idp_plugin_config(self):
             except Exception:
                 self.logIt("KC not ready")
         else:
-            self.logIt("KC did not start in 120 seconds. Giving up configuration", errorLog=True, fatal=True)
+            self.logIt("KC did not start in 150 seconds. Giving up configuration", errorLog=True, fatal=True)
 
         kcadm_cmd = '/opt/keycloak/bin/kcadm.sh'
         kcm_server_url = f'http://localhost:{Config.idp_config_http_port}/kc'
@@ -276,6 +277,16 @@ def config_api_idp_plugin_config(self):
             self.renderTemplateInOut(os.path.join(jans_api_tmp_dir, jans_userstorage_provider_component_fn), jans_api_tmp_dir, jans_api_output_dir, pystring=True)
             self.run([kcadm_cmd, 'create', 'components', '-r', Config.jans_idp_realm, '-f', os.path.join(jans_api_output_dir, jans_userstorage_provider_component_fn), '--config', kc_tmp_config], env=env)
 
+            # turn off update profile for Review Profile
+            result, _ = self.run([kcadm_cmd, 'get', 'authentication/flows/first%20broker%20login/executions', '-r', 'jans', '--config', kc_tmp_config], env=env, get_stderr=True)
+            data = json.loads(result)
+            for entry in data:
+                if entry['displayName'] == 'Review Profile':
+                    entry_auth_config_s, _ = self.run([kcadm_cmd, 'get', f'authentication/executions/{entry["id"]}', '-r', 'jans', '--config', kc_tmp_config], env=env, get_stderr=True)
+                    entry_auth_config = json.loads(entry_auth_config_s)
+                    self.run([kcadm_cmd, 'update', f'authentication/config/{entry_auth_config["authenticatorConfig"]}', '-f', os.path.join(jans_api_output_dir, jans_update_authenticator_config_fn),  '-r', 'jans', '--config', kc_tmp_config], env=env, get_stderr=True)
+                    break
+
     def install_keycloak_scheduler(self):
 
         scheduler_templates_dir = os.path.join(self.templates_folder, 'kc-scheduler')
diff --git a/jans-linux-setup/jans_setup/templates/jans-saml/kc_jans_api/jans.update-authenticator-config.json b/jans-linux-setup/jans_setup/templates/jans-saml/kc_jans_api/jans.update-authenticator-config.json
new file mode 100644
index 00000000000..9deff4322d4
--- /dev/null
+++ b/jans-linux-setup/jans_setup/templates/jans-saml/kc_jans_api/jans.update-authenticator-config.json
@@ -0,0 +1,6 @@
+{
+   "alias" : "review profile config",
+   "config" : {
+     "update.profile.on.first.login" : "off"
+   }
+}