diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/config.properties b/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/config.properties
index daf01cf1..fb8acda3 100644
--- a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/config.properties
+++ b/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/config.properties
@@ -1,42 +1,28 @@
AdvancedConfiguration=Advanced configuration
-AuthorizationServerUrl=Authorization server url
-AutomaticConfiguration=Automatic configuration
-Basic=Basic
+AllowedTokenExpirationClockSkewSeconds=Token Expiry Expiration Clock Skew
+AllowTokenAccessWithoutOicSession=Allow access using a Jenkins API token without an OIDC Session
ClientId=Client id
ClientSecret=Client secret
ConfigurationMode=Configuration mode
ConfigureEscapeHatch=Configure 'escape hatch' for when the OpenID Provider is unavailable
DisableNonceVerification=Disable Nonce verification
DisableSslVerification=Disable ssl verification
+DisableTokenExpirationCheck=Disable Token Expiration Check
DisableTokenVerification=Disable token verification (JWKS)
EmailFieldName=Email field name
EnablePKCE=Enable Proof Key for Code Exchange (PKCE)
-EndSessionUrl=End session URL for OpenID Provider
FullnameFieldName=Full name field name
Group=Group
GroupsFieldName=Groups field name
-JwksServerUrl=Jwks server url
LogoutFromOpenIDProvider=Logout from OpenID Provider
-ManualConfiguration=Manual configuration
-OverrideScopes=Override scopes
-Post=Post
PostLogoutRedirectUrl=Post logout redirect URL
-Scopes=Scopes
-Scopes=Scopes
Secret=Secret
SecurityConfiguration=Security configuration
SendScopesInTokenRequest=Send scopes in token request
-TokenAuthenticationMethod=Token Authentication Method
TokenFieldKeyToCheck=Token Field Key To Check
TokenFieldValueToCheck=Token Field Value To Check
-TokenServerUrl=Token server url
UseRootUrlFromRequest=Use Root URL from request
UserFields=User fields
-UserInfoServerUrl=UserInfo server url
Username=Username
UsernameFieldName=User name field name
WellknownConfigurationEndpoint=Well-known configuration endpoint
-UseRefreshTokens=Enable Token Refresh using Refresh Tokens
-DisableTokenExpirationCheck=Disable Token Expiration Check
-AllowedTokenExpirationClockSkewSeconds=Token Expiry Expiration Clock Skew
-AllowTokenAccessWithoutOicSession=Allow access using a Jenkins API token without an OIDC Session
\ No newline at end of file
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-jwksServerUrl.html b/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-jwksServerUrl.html
deleted file mode 100644
index 5bced9d5..00000000
--- a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-jwksServerUrl.html
+++ /dev/null
@@ -1,4 +0,0 @@
-
- Recommended. jswon webtoken key signature url of the openid connect provider
-
-
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-overrideScopes.html b/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-overrideScopes.html
deleted file mode 100644
index 3f192571..00000000
--- a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-overrideScopes.html
+++ /dev/null
@@ -1,5 +0,0 @@
-
- If not overriden, all supported scopes of WellKnown configuration will be used.
- When defined, only scopes in the override list will be used (if they are present
- in the supported scopes of the configuration endpoint).
-
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-serverConfiguration.html b/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-serverConfiguration.html
new file mode 100644
index 00000000..1860b60d
--- /dev/null
+++ b/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-serverConfiguration.html
@@ -0,0 +1,3 @@
+
+ How to configure this client
+
\ No newline at end of file
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/config.jelly b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/config.jelly
new file mode 100644
index 00000000..2a9aa9ea
--- /dev/null
+++ b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/config.jelly
@@ -0,0 +1,34 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/config.properties b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/config.properties
new file mode 100644
index 00000000..56bbf500
--- /dev/null
+++ b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/config.properties
@@ -0,0 +1,10 @@
+AuthorizationServerUrl=Authorization server url
+Basic=Basic
+EndSessionUrl=End session URL for OpenID Provider
+JwksServerUrl=Jwks server url
+Post=Post
+Scopes=Scopes
+TokenAuthenticationMethod=Token Authentication Method
+TokenServerUrl=Token server url
+UseRefreshTokens=Enable Token Refresh using Refresh Tokens
+UserInfoServerUrl=UserInfo server url
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-authorizationServerUrl.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-authorizationServerUrl.html
similarity index 100%
rename from src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-authorizationServerUrl.html
rename to src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-authorizationServerUrl.html
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-authorizationServerUrl_fr.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-authorizationServerUrl_fr.html
similarity index 100%
rename from src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-authorizationServerUrl_fr.html
rename to src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-authorizationServerUrl_fr.html
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-endSessionUrl.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-endSessionUrl.html
similarity index 100%
rename from src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-endSessionUrl.html
rename to src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-endSessionUrl.html
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-endSessionUrl_fr.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-endSessionUrl_fr.html
similarity index 100%
rename from src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-endSessionUrl_fr.html
rename to src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-endSessionUrl_fr.html
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-jwksServerUrl.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-jwksServerUrl.html
new file mode 100644
index 00000000..10889b35
--- /dev/null
+++ b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-jwksServerUrl.html
@@ -0,0 +1,4 @@
+
+ Recommended. json webtoken key signature url of the openid connect provider
+
+
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-jwksServerUrl_fr.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-jwksServerUrl_fr.html
similarity index 100%
rename from src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-jwksServerUrl_fr.html
rename to src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-jwksServerUrl_fr.html
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-tokenAuthMethod.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-tokenAuthMethod.html
similarity index 100%
rename from src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-tokenAuthMethod.html
rename to src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-tokenAuthMethod.html
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-tokenAuthMethod_fr.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-tokenAuthMethod_fr.html
similarity index 100%
rename from src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-tokenAuthMethod_fr.html
rename to src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-tokenAuthMethod_fr.html
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-tokenServerUrl.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-tokenServerUrl.html
similarity index 100%
rename from src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-tokenServerUrl.html
rename to src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-tokenServerUrl.html
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-tokenServerUrl_fr.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-tokenServerUrl_fr.html
similarity index 100%
rename from src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-tokenServerUrl_fr.html
rename to src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-tokenServerUrl_fr.html
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-useRefreshTokens.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-useRefreshTokens.html
similarity index 100%
rename from src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-useRefreshTokens.html
rename to src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-useRefreshTokens.html
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-userInfoServerUrl.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-userInfoServerUrl.html
similarity index 100%
rename from src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-userInfoServerUrl.html
rename to src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-userInfoServerUrl.html
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-userInfoServerUrl_fr.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-userInfoServerUrl_fr.html
similarity index 100%
rename from src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-userInfoServerUrl_fr.html
rename to src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-userInfoServerUrl_fr.html
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help.html
new file mode 100644
index 00000000..3f722989
--- /dev/null
+++ b/src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help.html
@@ -0,0 +1,4 @@
+
+ Manual configuration of an OpenID Connect (OIDC) client by specifying the URLs for each endpoint.
+ Manual configuration can be used when Auto Discovery is not available or provides incorrect information.
+
\ No newline at end of file
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/config.jelly b/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/config.jelly
new file mode 100644
index 00000000..a3093090
--- /dev/null
+++ b/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/config.jelly
@@ -0,0 +1,15 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/config.properties b/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/config.properties
new file mode 100644
index 00000000..548acc14
--- /dev/null
+++ b/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/config.properties
@@ -0,0 +1,2 @@
+OverrideScopes=Override scopes
+WellknownConfigurationEndpoint=Well-known configuration endpoint
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/help-scopesOverride.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/help-scopesOverride.html
new file mode 100644
index 00000000..2aa2e3aa
--- /dev/null
+++ b/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/help-scopesOverride.html
@@ -0,0 +1,4 @@
+
+ If not overriden, all supported scopes of WellKnown configuration will be used.
+ When defined, only scopes in the override list will be used.
+
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-overrideScopes_fr.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/help-scopesOverride_fr.html
similarity index 68%
rename from src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-overrideScopes_fr.html
rename to src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/help-scopesOverride_fr.html
index 9b409486..f650f39d 100644
--- a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-overrideScopes_fr.html
+++ b/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/help-scopesOverride_fr.html
@@ -1,4 +1,4 @@
Si la liste de scope n'est pas surchargée, tous les scopes définis dans la configuration WellKnown seront utilisés.
- Une fois définie, seuls les scopes de la liste de surcharge seront utilisées (s'ils sont présents dans les scopes définis dans l'URL de configuration).
+ Une fois définie, seuls les scopes de la liste de surcharge seront utilisées.
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-wellKnownOpenIDConfigurationUrl.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/help-wellKnownOpenIDConfigurationUrl.html
similarity index 52%
rename from src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-wellKnownOpenIDConfigurationUrl.html
rename to src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/help-wellKnownOpenIDConfigurationUrl.html
index c1e170be..4d22581c 100644
--- a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-wellKnownOpenIDConfigurationUrl.html
+++ b/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/help-wellKnownOpenIDConfigurationUrl.html
@@ -1,6 +1,6 @@
- The well-known registry URI that can be used to automatically configure the endpoints. This is often in the form http://example.com/.well-known/openid-configuration
+ The well-known registry URI that can be used to automatically configure the endpoints. This is often in the form https://example.com/.well-known/openid-configuration
-
Note: If the configuration advertises an logout url then the logout from openid provider ('global logout') is enabled automatically. Save and switch to manual
- to override this behavior.
+
Note: If the configuration advertises an logout url then the logout from openid provider ('global logout') is enabled automatically. Switch to manual
+ to override this behavior.
\ No newline at end of file
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-wellKnownOpenIDConfigurationUrl_fr.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/help-wellKnownOpenIDConfigurationUrl_fr.html
similarity index 58%
rename from src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-wellKnownOpenIDConfigurationUrl_fr.html
rename to src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/help-wellKnownOpenIDConfigurationUrl_fr.html
index 69b28121..8104ed15 100644
--- a/src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-wellKnownOpenIDConfigurationUrl_fr.html
+++ b/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/help-wellKnownOpenIDConfigurationUrl_fr.html
@@ -1,5 +1,5 @@
- L'URL de configuration well-known peut être utilisée pour configurer automatiquement les paramètres du serveur. Il est habituellement de la forme http://example.com/.well-known/openid-configuration
+ L'URL de configuration well-known peut être utilisée pour configurer automatiquement les paramètres du serveur. Il est habituellement de la forme https://example.com/.well-known/openid-configuration
-
Note : si la configuration annonce une URL de déconnexion, alors la déconnexion du serveur OpenID ('déconnexion globale') est activée automatiquement. Enregistrez et basculez vers le mode manuel pour changer ce comportement.
+
Note : si la configuration annonce une URL de déconnexion, alors la déconnexion du serveur OpenID ('déconnexion globale') est activée automatiquement. Basculez vers le mode manuel pour changer ce comportement.
\ No newline at end of file
diff --git a/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/help.html b/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/help.html
new file mode 100644
index 00000000..6a93b9ce
--- /dev/null
+++ b/src/main/resources/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration/help.html
@@ -0,0 +1,3 @@
+
+ Automatic configuration of the OpenID Connect (OIDC) client from information in the provider's "Well-Known" configuration endpoint.
+
\ No newline at end of file
diff --git a/src/test/java/org/jenkinsci/plugins/oic/ConfigurationAsCodeTest.java b/src/test/java/org/jenkinsci/plugins/oic/ConfigurationAsCodeTest.java
index 1ee9dc1d..304d9269 100644
--- a/src/test/java/org/jenkinsci/plugins/oic/ConfigurationAsCodeTest.java
+++ b/src/test/java/org/jenkinsci/plugins/oic/ConfigurationAsCodeTest.java
@@ -22,11 +22,12 @@
import static io.jenkins.plugins.casc.misc.Util.getJenkinsRoot;
import static io.jenkins.plugins.casc.misc.Util.toStringFromYamlFile;
import static io.jenkins.plugins.casc.misc.Util.toYamlString;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
public class ConfigurationAsCodeTest {
@@ -42,7 +43,9 @@ public void testConfig() {
assertTrue(realm instanceof OicSecurityRealm);
OicSecurityRealm oicSecurityRealm = (OicSecurityRealm) realm;
- assertEquals("http://localhost/authorize", oicSecurityRealm.getAuthorizationServerUrl());
+ assertEquals(
+ "http://localhost/authorize",
+ oicSecurityRealm.getServerConfiguration().getAuthorizationServerUrl());
assertEquals("clientId", oicSecurityRealm.getClientId());
assertEquals("clientSecret", Secret.toString(oicSecurityRealm.getClientSecret()));
assertTrue(oicSecurityRealm.isDisableSslVerification());
@@ -56,12 +59,18 @@ public void testConfig() {
assertEquals("fullNameFieldName", oicSecurityRealm.getFullNameFieldName());
assertEquals("groupsFieldName", oicSecurityRealm.getGroupsFieldName());
assertTrue(oicSecurityRealm.isLogoutFromOpenidProvider());
- assertEquals("scopes", oicSecurityRealm.getScopes());
- assertEquals("http://localhost/token", oicSecurityRealm.getTokenServerUrl());
- assertEquals(TokenAuthMethod.client_secret_post, oicSecurityRealm.getTokenAuthMethod());
+ assertEquals("scopes", oicSecurityRealm.getServerConfiguration().getScopes());
+ assertEquals(
+ "http://localhost/token",
+ oicSecurityRealm.getServerConfiguration().getTokenServerUrl());
+ assertEquals(
+ TokenAuthMethod.client_secret_post,
+ oicSecurityRealm.getServerConfiguration().getTokenAuthMethod());
assertEquals("userNameField", oicSecurityRealm.getUserNameField());
assertTrue(oicSecurityRealm.isRootURLFromRequest());
- assertEquals("http://localhost/jwks", oicSecurityRealm.getJwksServerUrl());
+ assertEquals(
+ "http://localhost/jwks",
+ oicSecurityRealm.getServerConfiguration().getJwksServerUrl());
assertFalse(oicSecurityRealm.isDisableTokenVerification());
}
@@ -98,7 +107,9 @@ public void testMinimal() throws Exception {
assertTrue(realm instanceof OicSecurityRealm);
OicSecurityRealm oicSecurityRealm = (OicSecurityRealm) realm;
- assertEquals("http://localhost/authorize", oicSecurityRealm.getAuthorizationServerUrl());
+ assertEquals(
+ "http://localhost/authorize",
+ oicSecurityRealm.getServerConfiguration().getAuthorizationServerUrl());
assertEquals("clientId", oicSecurityRealm.getClientId());
assertEquals("clientSecret", Secret.toString(oicSecurityRealm.getClientSecret()));
assertFalse(oicSecurityRealm.isDisableSslVerification());
@@ -106,13 +117,17 @@ public void testMinimal() throws Exception {
assertFalse(oicSecurityRealm.isEscapeHatchEnabled());
assertNull(oicSecurityRealm.getFullNameFieldName());
assertNull(oicSecurityRealm.getGroupsFieldName());
- assertEquals("openid email", oicSecurityRealm.getScopes());
- assertEquals("http://localhost/token", oicSecurityRealm.getTokenServerUrl());
- assertEquals(TokenAuthMethod.client_secret_post, oicSecurityRealm.getTokenAuthMethod());
+ assertEquals("openid email", oicSecurityRealm.getServerConfiguration().getScopes());
+ assertEquals(
+ "http://localhost/token",
+ oicSecurityRealm.getServerConfiguration().getTokenServerUrl());
+ assertEquals(
+ TokenAuthMethod.client_secret_post,
+ oicSecurityRealm.getServerConfiguration().getTokenAuthMethod());
assertEquals("sub", oicSecurityRealm.getUserNameField());
assertTrue(oicSecurityRealm.isLogoutFromOpenidProvider());
assertFalse(oicSecurityRealm.isRootURLFromRequest());
- assertEquals(null, oicSecurityRealm.getJwksServerUrl());
+ assertEquals(null, oicSecurityRealm.getServerConfiguration().getJwksServerUrl());
assertFalse(oicSecurityRealm.isDisableTokenVerification());
}
@@ -130,16 +145,23 @@ public void testMinimal() throws Exception {
@ConfiguredWithCode("ConfigurationAsCodeMinimalWellKnown.yml")
public void testMinimalWellKnown() throws Exception {
SecurityRealm realm = Jenkins.get().getSecurityRealm();
-
- assertTrue(realm instanceof OicSecurityRealm);
+ assertThat(realm, instanceOf(OicSecurityRealm.class));
OicSecurityRealm oicSecurityRealm = (OicSecurityRealm) realm;
String urlBase = String.format("http://localhost:%d", wellKnownMockRule.port());
- assertEquals(urlBase + "/well.known", oicSecurityRealm.getWellKnownOpenIDConfigurationUrl());
- assertEquals(urlBase + "/authorize", oicSecurityRealm.getAuthorizationServerUrl());
- assertEquals(urlBase + "/token", oicSecurityRealm.getTokenServerUrl());
- assertEquals(urlBase + "/jwks", oicSecurityRealm.getJwksServerUrl());
+ assertThat(oicSecurityRealm.getServerConfiguration(), instanceOf(OicServerWellKnownConfiguration.class));
+ assertEquals(
+ urlBase + "/well.known",
+ ((OicServerWellKnownConfiguration) oicSecurityRealm.getServerConfiguration())
+ .getWellKnownOpenIDConfigurationUrl());
+ assertEquals(
+ urlBase + "/authorize",
+ oicSecurityRealm.getServerConfiguration().getAuthorizationServerUrl());
+ assertEquals(
+ urlBase + "/token", oicSecurityRealm.getServerConfiguration().getTokenServerUrl());
+ assertEquals(
+ urlBase + "/jwks", oicSecurityRealm.getServerConfiguration().getJwksServerUrl());
assertEquals("clientId", oicSecurityRealm.getClientId());
assertEquals("clientSecret", Secret.toString(oicSecurityRealm.getClientSecret()));
assertFalse(oicSecurityRealm.isDisableSslVerification());
@@ -147,9 +169,12 @@ public void testMinimalWellKnown() throws Exception {
assertFalse(oicSecurityRealm.isEscapeHatchEnabled());
assertNull(oicSecurityRealm.getFullNameFieldName());
assertNull(oicSecurityRealm.getGroupsFieldName());
- assertEquals("openid email", oicSecurityRealm.getScopes());
- assertEquals(urlBase + "/token", oicSecurityRealm.getTokenServerUrl());
- assertEquals(TokenAuthMethod.client_secret_post, oicSecurityRealm.getTokenAuthMethod());
+ assertEquals("openid email", oicSecurityRealm.getServerConfiguration().getScopes());
+ assertEquals(
+ urlBase + "/token", oicSecurityRealm.getServerConfiguration().getTokenServerUrl());
+ assertEquals(
+ TokenAuthMethod.client_secret_post,
+ oicSecurityRealm.getServerConfiguration().getTokenAuthMethod());
assertEquals("sub", oicSecurityRealm.getUserNameField());
assertTrue(oicSecurityRealm.isLogoutFromOpenidProvider());
assertFalse(oicSecurityRealm.isDisableTokenVerification());
diff --git a/src/test/java/org/jenkinsci/plugins/oic/DescriptorImplTest.java b/src/test/java/org/jenkinsci/plugins/oic/DescriptorImplTest.java
index 25e37a65..f23d6eca 100644
--- a/src/test/java/org/jenkinsci/plugins/oic/DescriptorImplTest.java
+++ b/src/test/java/org/jenkinsci/plugins/oic/DescriptorImplTest.java
@@ -14,10 +14,11 @@
import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
import static com.github.tomakehurst.wiremock.client.WireMock.get;
import static com.github.tomakehurst.wiremock.client.WireMock.urlPathEqualTo;
+import static org.hamcrest.CoreMatchers.instanceOf;
+import static org.hamcrest.MatcherAssert.assertThat;
import static org.jenkinsci.plugins.oic.TestRealm.AUTO_CONFIG_FIELD;
import static org.jenkinsci.plugins.oic.TestRealm.MANUAL_CONFIG_FIELD;
import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
@@ -56,17 +57,14 @@ public void testOicSecurityRealmDescriptorImplManual() throws Exception {
"Client secret is required.", descriptor.doCheckClientSecret("").getMessage());
assertEquals(FormValidation.ok(), descriptor.doCheckClientSecret("password"));
- assertFalse(descriptor.isAuto());
- assertFalse(descriptor.isManual());
-
jenkins.setSecurityRealm(realm);
descriptor = (DescriptorImpl) realm.getDescriptor();
-
assertNotNull(descriptor);
- assertFalse(descriptor.isAuto());
- assertTrue(descriptor.isManual());
+ assertThat(
+ getConfiguredSecuritySecurityRealm().getServerConfiguration(),
+ instanceOf(OicServerManualConfiguration.class));
}
@Test
@@ -95,8 +93,9 @@ public void testOicSecurityRealmDescriptorImplAuto() throws Exception {
assertNotNull(descriptor);
- assertTrue(descriptor.isAuto());
- assertFalse(descriptor.isManual());
+ assertThat(
+ getConfiguredSecuritySecurityRealm().getServerConfiguration(),
+ instanceOf(OicServerWellKnownConfiguration.class));
}
@Test
@@ -286,4 +285,8 @@ private void configureWellKnown() {
+ "\"end_session_endpoint\":\"%s\"}",
authUrl, tokenUrl, userInfoUrl, jwksUrl, endSessionUrl))));
}
+
+ private OicSecurityRealm getConfiguredSecuritySecurityRealm() {
+ return (OicSecurityRealm) jenkins.getSecurityRealm();
+ }
}
diff --git a/src/test/java/org/jenkinsci/plugins/oic/PluginTest.java b/src/test/java/org/jenkinsci/plugins/oic/PluginTest.java
index 244c6526..6e315c3d 100644
--- a/src/test/java/org/jenkinsci/plugins/oic/PluginTest.java
+++ b/src/test/java/org/jenkinsci/plugins/oic/PluginTest.java
@@ -305,17 +305,21 @@ public void testConfigurationWithAutoConfiguration_withScopeOverride() throws Ex
configureWellKnown(null, List.of("openid", "profile", "scope1", "scope2", "scope3"));
TestRealm oicsr = new TestRealm.Builder(wireMockRule)
.WithMinimalDefaults().WithAutomanualconfigure("auto").build();
+ jenkins.setSecurityRealm(oicsr);
assertEquals(
- "All scopes of WellKnown should be used", "openid profile scope1 scope2 scope3", oicsr.getScopes());
+ "All scopes of WellKnown should be used",
+ "openid profile scope1 scope2 scope3",
+ oicsr.getServerConfiguration().getScopes());
+ OicServerWellKnownConfiguration serverConfig = (OicServerWellKnownConfiguration) oicsr.getServerConfiguration();
- oicsr.setOverrideScopes("openid profile scope2 other");
- assertEquals("Predefined scopes of WellKnown should be used", "openid profile scope2", oicsr.getScopes());
+ serverConfig.setScopesOverride("openid profile scope2 other");
+ assertEquals("scopes should be completely overridden", "openid profile scope2 other", serverConfig.getScopes());
- oicsr.setScopes("openid profile other");
- oicsr.setOverrideScopes("");
- oicsr.setWellKnownOpenIDConfigurationUrl(oicsr.getWellKnownOpenIDConfigurationUrl());
+ serverConfig.setScopesOverride("");
assertEquals(
- "All scopes of WellKnown should be used", "openid profile scope1 scope2 scope3", oicsr.getScopes());
+ "All scopes of WellKnown should be used",
+ "openid profile scope1 scope2 scope3",
+ oicsr.getServerConfiguration().getScopes());
}
@Test
@@ -323,7 +327,10 @@ public void testConfigurationWithAutoConfiguration_withRefreshToken() throws Exc
configureWellKnown(null, null, "authorization_code", "refresh_token");
TestRealm oicsr = new TestRealm.Builder(wireMockRule)
.WithMinimalDefaults().WithAutomanualconfigure("auto").build();
- assertTrue("Refresh token should be enabled", oicsr.isUseRefreshTokens());
+ jenkins.setSecurityRealm(oicsr);
+ assertTrue(
+ "Refresh token should be enabled",
+ oicsr.getServerConfiguration().isUseRefreshTokens());
}
@Test
diff --git a/src/test/java/org/jenkinsci/plugins/oic/TestRealm.java b/src/test/java/org/jenkinsci/plugins/oic/TestRealm.java
index 351dd1d7..06c106b0 100644
--- a/src/test/java/org/jenkinsci/plugins/oic/TestRealm.java
+++ b/src/test/java/org/jenkinsci/plugins/oic/TestRealm.java
@@ -5,7 +5,7 @@
import hudson.security.SecurityRealm;
import io.burt.jmespath.Expression;
import java.io.IOException;
-import java.lang.reflect.Field;
+import java.io.ObjectStreamException;
import org.kohsuke.stapler.HttpResponse;
import org.kohsuke.stapler.StaplerRequest;
@@ -209,17 +209,9 @@ public Descriptor getDescriptor() {
@Override
public HttpResponse doFinishLogin(StaplerRequest request) throws IOException {
- try {
- Field stateField = OicSession.class.getDeclaredField("state");
- stateField.setAccessible(true);
- stateField.set(OicSession.getCurrent(), "state");
- if (!isNonceDisabled()) {
- Field nonceField = OicSession.class.getDeclaredField("nonce");
- nonceField.setAccessible(true);
- nonceField.set(OicSession.getCurrent(), "nonce");
- }
- } catch (Exception e) {
- throw new RuntimeException("can't fudge state", e);
+ OicSession.getCurrent().state = "state";
+ if (!isNonceDisabled()) {
+ OicSession.getCurrent().nonce = "nonce";
}
return super.doFinishLogin(request);
}
@@ -233,7 +225,7 @@ public String getStringFieldFromJMESPath(Object object, String jmespathField) {
}
@Override
- public Object readResolve() {
+ public Object readResolve() throws ObjectStreamException {
return super.readResolve();
}
diff --git a/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCode.yml b/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCode.yml
index 66faa45a..c223904a 100644
--- a/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCode.yml
+++ b/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCode.yml
@@ -1,7 +1,13 @@
jenkins:
securityRealm:
oic:
- authorizationServerUrl: http://localhost/authorize
+ serverConfiguration:
+ manual:
+ authorizationServerUrl: http://localhost/authorize
+ jwksServerUrl: http://localhost/jwks
+ tokenAuthMethod: client_secret_post
+ tokenServerUrl: http://localhost/token
+ scopes: scopes
clientId: clientId
clientSecret: clientSecret
disableSslVerification: true
@@ -12,11 +18,7 @@ jenkins:
escapeHatchUsername: escapeHatchUsername
fullNameFieldName: fullNameFieldName
groupsFieldName: groupsFieldName
- jwksServerUrl: http://localhost/jwks
logoutFromOpenidProvider: true
- scopes: scopes
- tokenAuthMethod: client_secret_post
- tokenServerUrl: http://localhost/token
userNameField: userNameField
rootURLFromRequest: true
sendScopesInTokenRequest: true
diff --git a/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeExport.yml b/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeExport.yml
index cc8dbf13..5919a30e 100644
--- a/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeExport.yml
+++ b/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeExport.yml
@@ -1,4 +1,3 @@
-authorizationServerUrl: "http://localhost/authorize"
clientId: "clientId"
disableSslVerification: true
emailFieldName: "emailFieldName"
@@ -7,13 +6,14 @@ escapeHatchGroup: "escapeHatchGroup"
escapeHatchUsername: "escapeHatchUsername"
fullNameFieldName: "fullNameFieldName"
groupsFieldName: "groupsFieldName"
-jwksServerUrl: "http://localhost/jwks"
nonceDisabled: true
pkceEnabled: true
rootURLFromRequest: true
-scopes: "scopes"
sendScopesInTokenRequest: true
-tokenAuthMethod: "client_secret_post"
-tokenServerUrl: "http://localhost/token"
-useRefreshTokens: false
+serverConfiguration:
+ manual:
+ authorizationServerUrl: "http://localhost/authorize"
+ jwksServerUrl: "http://localhost/jwks"
+ scopes: "scopes"
+ tokenServerUrl: "http://localhost/token"
userNameField: "userNameField"
diff --git a/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeMinimal.yml b/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeMinimal.yml
index bd825d0d..dee70839 100644
--- a/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeMinimal.yml
+++ b/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeMinimal.yml
@@ -1,7 +1,9 @@
jenkins:
securityRealm:
oic:
- authorizationServerUrl: http://localhost/authorize
- tokenServerUrl: http://localhost/token
+ serverConfiguration:
+ manual:
+ authorizationServerUrl: http://localhost/authorize
+ tokenServerUrl: http://localhost/token
clientId: clientId
clientSecret: clientSecret
diff --git a/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeMinimalWellKnown.yml b/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeMinimalWellKnown.yml
index f1fa9f67..0213c619 100644
--- a/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeMinimalWellKnown.yml
+++ b/src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeMinimalWellKnown.yml
@@ -1,6 +1,8 @@
jenkins:
securityRealm:
oic:
- wellKnownOpenIDConfigurationUrl: http://localhost:${MOCK_PORT}/well.known
clientId: clientId
clientSecret: clientSecret
+ serverConfiguration:
+ wellKnown:
+ wellKnownOpenIDConfigurationUrl: http://localhost:${MOCK_PORT}/well.known