wso2 · SachiniSiriwardene · Oct 25, 2023 · Oct 25, 2023 · Oct 25, 2023
diff --git a/...wso2/identity/integration/test/oauth2/OAuth2RequestObjectSignatureValidationTestCase.java b/...wso2/identity/integration/test/oauth2/OAuth2RequestObjectSignatureValidationTestCase.java
@@ -148,7 +148,6 @@ public void sendAuthorizationGrantRequestWithPlainJWTRequestObject() throws Exce
             EntityUtils.consume(response.getEntity());
         }
     }
-
     @Test(groups = "wso2.is", description = "Check enabling option to enforce request object signature validation",
             dependsOnMethods = "sendAuthorizationGrantRequestWithPlainJWTRequestObject")
     public void testEnforceRequestObjectSignatureValidation() throws Exception {
@@ -198,6 +197,19 @@ public void sendUnSuccessfulAuthorizationGrantRequestWithSignedRequestObjectWith
             EntityUtils.consume(response.getEntity());
         }
     }
+    @Test(groups = "wso2.is", description = "Check whether request object is signed with registered signing algorithm")
+    public void sendInvalidSigningAlgorithmForRequestObject() throws Exception {
+
+        oidcInboundConfig.getRequestObject().setRequestObjectSigningAlg("PS256");
+        updateApplicationInboundConfig(application.getId(), oidcInboundConfig, OIDC);
+
+        try (CloseableHttpClient client = getRedirectDisabledClient()) {
+            String signedRequestObject = buildSignedJWT(consumerKey, sp1PrivateKey);
+            HttpResponse response = sendGetRequest(client, getAuthzRequestUrl(consumerKey, CALLBACK_URL, signedRequestObject));
+            assertForErrorPage(response);
+            EntityUtils.consume(response.getEntity());
+        }
+    }
 
     private void assertForLoginPage(HttpResponse response) {
 

diff --git a/...ty/integration/test/rest/api/server/application/management/v1/model/ApplicationModel.java b/...ty/integration/test/rest/api/server/application/management/v1/model/ApplicationModel.java
@@ -34,6 +34,7 @@ public class ApplicationModel  {
     private String imageUrl;
     private String loginUrl;
     private Boolean isManagementApp;
+    private Boolean isFapiApplication = false;
     private ClaimConfiguration claimConfiguration;
     private InboundProtocols inboundProtocolConfiguration;
     private AuthenticationSequence authenticationSequence;
@@ -240,6 +241,24 @@ public void setProvisioningConfigurations(ProvisioningConfiguration provisioning
         this.provisioningConfigurations = provisioningConfigurations;
     }
 
+    /**
+     **/
+    public ApplicationModel isFapiApplication(Boolean isFapiApplication) {
+
+        this.isFapiApplication = isFapiApplication;
+        return this;
+    }
+
+    @ApiModelProperty(value = "")
+    @JsonProperty("isFapiApplication")
+    @Valid
+    public Boolean getIsFapiApplication() {
+        return isFapiApplication;
+    }
+    public void setIsFapiApplication(Boolean isFapiApplication) {
+        this.isFapiApplication = isFapiApplication;
+    }
+
 
 
     @Override
@@ -258,6 +277,7 @@ public boolean equals(Object o) {
             Objects.equals(this.imageUrl, applicationModel.imageUrl) &&
             Objects.equals(this.loginUrl, applicationModel.loginUrl) &&
             Objects.equals(this.isManagementApp, applicationModel.isManagementApp) &&
+            Objects.equals(this.isFapiApplication, applicationModel.isFapiApplication) &&
             Objects.equals(this.claimConfiguration, applicationModel.claimConfiguration) &&
             Objects.equals(this.inboundProtocolConfiguration, applicationModel.inboundProtocolConfiguration) &&
             Objects.equals(this.authenticationSequence, applicationModel.authenticationSequence) &&
@@ -267,8 +287,9 @@ public boolean equals(Object o) {
 
     @Override
     public int hashCode() {
-        return Objects.hash(id, name, description, imageUrl, loginUrl, isManagementApp, claimConfiguration,
-                inboundProtocolConfiguration, authenticationSequence, advancedConfigurations, provisioningConfigurations);
+        return Objects.hash(id, name, description, imageUrl, isManagementApp, isFapiApplication, claimConfiguration,
+                inboundProtocolConfiguration, authenticationSequence, advancedConfigurations,
+                provisioningConfigurations);
     }
 
     @Override
@@ -283,6 +304,7 @@ public String toString() {
         sb.append("    imageUrl: ").append(toIndentedString(imageUrl)).append("\n");
         sb.append("    loginUrl: ").append(toIndentedString(loginUrl)).append("\n");
         sb.append("    isManagementApp: ").append(toIndentedString(isManagementApp)).append("\n");
+        sb.append("    isFapiApplication: ").append(toIndentedString(isFapiApplication)).append("\n");
         sb.append("    claimConfiguration: ").append(toIndentedString(claimConfiguration)).append("\n");
         sb.append("    inboundProtocolConfiguration: ").append(toIndentedString(inboundProtocolConfiguration)).append("\n");
         sb.append("    authenticationSequence: ").append(toIndentedString(authenticationSequence)).append("\n");

diff --git a/...tegration/test/rest/api/server/application/management/v1/model/ApplicationPatchModel.java b/...tegration/test/rest/api/server/application/management/v1/model/ApplicationPatchModel.java
@@ -33,6 +33,8 @@ public class ApplicationPatchModel {
     private String imageUrl;
     private String accessUrl;
     private String templateId;
+    private Boolean isFapiApplication;
+
     private ClaimConfiguration claimConfiguration;
     private AuthenticationSequence authenticationSequence;
     private AdvancedApplicationConfiguration advancedConfigurations;
@@ -202,6 +204,24 @@ public void setProvisioningConfigurations(ProvisioningConfiguration provisioning
         this.provisioningConfigurations = provisioningConfigurations;
     }
 
+    /**
+     **/
+    public ApplicationPatchModel isFapiApplication(Boolean isFapiApplication) {
+
+        this.isFapiApplication = isFapiApplication;
+        return this;
+    }
+
+    @ApiModelProperty(value = "")
+    @JsonProperty("isFapiApplication")
+    @Valid
+    public Boolean getIsFapiApplication() {
+        return isFapiApplication;
+    }
+    public void setIsFapiApplication(Boolean isFapiApplication) {
+        this.isFapiApplication = isFapiApplication;
+    }
+
 
 
     @Override
@@ -219,6 +239,7 @@ public boolean equals(Object o) {
                 Objects.equals(this.imageUrl, applicationPatchModel.imageUrl) &&
                 Objects.equals(this.accessUrl, applicationPatchModel.accessUrl) &&
                 Objects.equals(this.templateId, applicationPatchModel.templateId) &&
+                Objects.equals(this.isFapiApplication, applicationPatchModel.isFapiApplication) &&
                 Objects.equals(this.claimConfiguration, applicationPatchModel.claimConfiguration) &&
                 Objects.equals(this.authenticationSequence, applicationPatchModel.authenticationSequence) &&
                 Objects.equals(this.advancedConfigurations, applicationPatchModel.advancedConfigurations) &&
@@ -227,7 +248,7 @@ public boolean equals(Object o) {
 
     @Override
     public int hashCode() {
-        return Objects.hash(name, description, imageUrl, accessUrl, templateId, claimConfiguration, authenticationSequence, advancedConfigurations, provisioningConfigurations);
+        return Objects.hash(name, description, imageUrl, accessUrl, templateId, isFapiApplication, claimConfiguration, authenticationSequence, advancedConfigurations, provisioningConfigurations);
     }
 
     @Override
@@ -241,6 +262,7 @@ public String toString() {
         sb.append("    imageUrl: ").append(toIndentedString(imageUrl)).append("\n");
         sb.append("    accessUrl: ").append(toIndentedString(accessUrl)).append("\n");
         sb.append("    templateId: ").append(toIndentedString(templateId)).append("\n");
+        sb.append("    isFapiApplication: ").append(toIndentedString(isFapiApplication)).append("\n");
         sb.append("    claimConfiguration: ").append(toIndentedString(claimConfiguration)).append("\n");
         sb.append("    authenticationSequence: ").append(toIndentedString(authenticationSequence)).append("\n");
         sb.append("    advancedConfigurations: ").append(toIndentedString(advancedConfigurations)).append("\n");

diff --git a/...st/rest/api/server/application/management/v1/model/ClientAuthenticationConfiguration.java b/...st/rest/api/server/application/management/v1/model/ClientAuthenticationConfiguration.java
@@ -0,0 +1,119 @@
+package org.wso2.identity.integration.test.rest.api.server.application.management.v1.model;
+
+import com.fasterxml.jackson.annotation.JsonProperty;
+import io.swagger.annotations.ApiModelProperty;
+
+import javax.validation.Valid;
+import java.util.Objects;
+
+public class ClientAuthenticationConfiguration {
+
+    private String tokenEndpointAuthMethod;
+    private String tokenEndpointAuthSigningAlg;
+    private String tlsClientAuthSubjectDn;
+
+    /**
+     *
+     **/
+    public ClientAuthenticationConfiguration tokenEndpointAuthMethod(String tokenEndpointAuthMethod) {
+
+        this.tokenEndpointAuthMethod = tokenEndpointAuthMethod;
+        return this;
+    }
+
+    @ApiModelProperty(example = "true", value = "")
+    @JsonProperty("tokenEndpointAuthMethod")
+    @Valid
+    public String getTokenEndpointAuthMethod() {
+        return tokenEndpointAuthMethod;
+    }
+
+    public void setTokenEndpointAuthMethod(String tokenEndpointAuthMethod) {
+        this.tokenEndpointAuthMethod = tokenEndpointAuthMethod;
+    }
+
+    /**
+     *
+     **/
+    public ClientAuthenticationConfiguration tokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) {
+
+        this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg;
+        return this;
+    }
+
+    @ApiModelProperty(example = "PS256", value = "")
+    @JsonProperty("tokenEndpointAuthSigningAlg")
+    @Valid
+    public String getTokenEndpointAuthSigningAlg() {
+        return tokenEndpointAuthSigningAlg;
+    }
+
+    public void setTokenEndpointAuthSigningAlg(String tokenEndpointAuthSigningAlg) {
+        this.tokenEndpointAuthSigningAlg = tokenEndpointAuthSigningAlg;
+    }
+
+    /**
+     *
+     **/
+    public ClientAuthenticationConfiguration tlsClientAuthSubjectDn(String tlsClientAuthSubjectDn) {
+
+        this.tlsClientAuthSubjectDn = tlsClientAuthSubjectDn;
+        return this;
+    }
+
+    @ApiModelProperty(example = "CN=John Doe,OU=OrgUnit,O=Organization,L=Colombo,ST=Western,C=LK", value = "")
+    @JsonProperty("tlsClientAuthSubjectDn")
+    @Valid
+    public String getTlsClientAuthSubjectDn() {
+        return tlsClientAuthSubjectDn;
+    }
+
+    public void setTlsClientAuthSubjectDn(String tlsClientAuthSubjectDn) {
+        this.tlsClientAuthSubjectDn = tlsClientAuthSubjectDn;
+    }
+
+    @Override
+    public boolean equals(java.lang.Object o) {
+
+        if (this == o) {
+            return true;
+        }
+        if (o == null || getClass() != o.getClass()) {
+            return false;
+        }
+        ClientAuthenticationConfiguration clientAuthenticationConfiguration = (ClientAuthenticationConfiguration) o;
+        return Objects.equals(this.tokenEndpointAuthMethod, clientAuthenticationConfiguration.tokenEndpointAuthMethod) &&
+                Objects.equals(this.tokenEndpointAuthSigningAlg, clientAuthenticationConfiguration.tokenEndpointAuthSigningAlg) &&
+                Objects.equals(this.tlsClientAuthSubjectDn, clientAuthenticationConfiguration.tlsClientAuthSubjectDn);
+    }
+
+    @Override
+    public int hashCode() {
+        return Objects.hash(tokenEndpointAuthMethod, tokenEndpointAuthSigningAlg, tlsClientAuthSubjectDn);
+    }
+
+    @Override
+    public String toString() {
+
+        StringBuilder sb = new StringBuilder();
+        sb.append("class ClientAuthenticationConfiguration {\n");
+
+        sb.append("    tokenEndpointAuthMethod: ").append(toIndentedString(tokenEndpointAuthMethod)).append("\n");
+        sb.append("    tokenEndpointAuthSigningAlg: ").append(toIndentedString(tokenEndpointAuthSigningAlg)).append("\n");
+        sb.append("    tlsClientAuthSubjectDn: ").append(toIndentedString(tlsClientAuthSubjectDn)).append("\n");
+        sb.append("}");
+        return sb.toString();
+    }
+
+    /**
+     * Convert the given object to string with each line indented by 4 spaces
+     * (except the first line).
+     */
+    private String toIndentedString(java.lang.Object o) {
+
+        if (o == null) {
+            return "null";
+        }
+        return o.toString().replace("\n", "\n");
+    }
+}
diff --git a/...ntegration/test/rest/api/server/application/management/v1/model/IdTokenConfiguration.java b/...ntegration/test/rest/api/server/application/management/v1/model/IdTokenConfiguration.java
@@ -28,6 +28,8 @@ public class IdTokenConfiguration  {
 
     private Long expiryInSeconds;
     private List<String> audience = null;
+    private String idTokenSignedResponseAlg;
+
 
     private IdTokenEncryptionConfiguration encryption;
 
@@ -75,7 +77,26 @@ public IdTokenConfiguration addAudienceItem(String audienceItem) {
         return this;
     }
 
-        /**
+    /**
+     **/
+    public IdTokenConfiguration idTokenSignedResponseAlg(String idTokenSignedResponseAlg) {
+
+        this.idTokenSignedResponseAlg = idTokenSignedResponseAlg;
+        return this;
+    }
+
+    @ApiModelProperty(example = "PS256", value = "")
+    @JsonProperty("idTokenSignedResponseAlg")
+    @Valid
+    public String getIdTokenSignedResponseAlg() {
+        return idTokenSignedResponseAlg;
+    }
+    public void setIdTokenSignedResponseAlg(String idTokenSignedResponseAlg) {
+        this.idTokenSignedResponseAlg = idTokenSignedResponseAlg;
+    }
+
+
+    /**
     **/
     public IdTokenConfiguration encryption(IdTokenEncryptionConfiguration encryption) {
 
@@ -106,13 +127,14 @@ public boolean equals(Object o) {
         }
         IdTokenConfiguration idTokenConfiguration = (IdTokenConfiguration) o;
         return Objects.equals(this.expiryInSeconds, idTokenConfiguration.expiryInSeconds) &&
-            Objects.equals(this.audience, idTokenConfiguration.audience) &&
-            Objects.equals(this.encryption, idTokenConfiguration.encryption);
+                Objects.equals(this.audience, idTokenConfiguration.audience) &&
+                Objects.equals(this.idTokenSignedResponseAlg, idTokenConfiguration.idTokenSignedResponseAlg) &&
+                Objects.equals(this.encryption, idTokenConfiguration.encryption);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(expiryInSeconds, audience, encryption);
+        return Objects.hash(expiryInSeconds, audience,idTokenSignedResponseAlg, encryption);
     }
 
     @Override
@@ -124,6 +146,7 @@ public String toString() {
         sb.append("    expiryInSeconds: ").append(toIndentedString(expiryInSeconds)).append("\n");
         sb.append("    audience: ").append(toIndentedString(audience)).append("\n");
         sb.append("    encryption: ").append(toIndentedString(encryption)).append("\n");
+        sb.append("    idTokenSignedResponseAlg: ").append(toIndentedString(idTokenSignedResponseAlg)).append("\n");
         sb.append("}");
         return sb.toString();
     }