feat: client certificate authentication casa plugin by jgomer2001 · Pull Request #12927 · JanssenProject/jans (original) (raw)
📝 Walkthrough
Walkthrough
Adds a new cert-authn plugin (Java services, models, viewmodels, ZUL UIs, Agama flow, Maven modules, Apache snippets), updates root POM to include modules, removes three SuperGluu enrollment API endpoints and a definition, and adds a session-config with COOKIE tracking-mode in web.xml.
Changes
| Cohort / File(s) | Summary |
|---|---|
| Root & module POMsjans-casa/pom.xml, jans-casa/plugins/cert-authn/pom.xml, jans-casa/plugins/cert-authn/agama/pom.xml, jans-casa/plugins/cert-authn/agama/project/pom.xml, jans-casa/plugins/samples/sample-cred/pom.xml | Added cert-authn modules to root POM; new plugin and agama POMs (assembly config, distribution repos); bumped assembly/spotbugs versions in sample-cred; minor newline fixes. |
| Agama flow & project config.../io.jans.casa.authn.cert.flow, jans-casa/plugins/cert-authn/agama/project/project.json | New Agama flow io.jans.casa.authn.cert using CertAuthnHelper; project.json with certPickupUrl, certChainPEM and noDirectLaunch. |
| Plugin entry & extension.../CertAuthnPlugin.java, .../extension/CertAuthnMethod.java | New Pf4J plugin class and AuthnMethod implementation exposing UI keys, ACR, credential listing and reload behavior. |
| Core services & helpers.../service/CertService.java, .../service/PathCertificateVerifier.java, .../service/UserCertificateMatch.java, .../CertAuthnHelper.java | New CertService singleton (validation, enrollment, SCIM helpers), PKIX path verifier using BouncyCastle, helper for cache-based redirect/outcome, and enum for match outcomes. |
| ViewModels & UI assets.../vm/CertAuthnVM.java, .../vm/CertAuthenticationSummaryVM.java, .../assets/index.zul, .../assets/cert-detail.zul, .../assets/cbasic.zul | New view-models and ZUL pages for authentication, enrollment redirect, certificate management, and UI skeleton. |
| Models & data classes.../model/Certificate.java, .../model/CertPerson.java, .../model/Reference.java, .../model/Minion.java | New POJOs and LDAP-mapped CertPerson, Reference payload, Minion attribute holder, and Certificate metadata class. |
| Resources & labels.../resources/labels/zk-label.properties, .../project/web/labels.txt | New localization strings and selector label for cert-authn UI and help text. |
| Apache configuration snippets.../apache/certauthn_vhost_tls1.3.conf, .../apache/locationmatch_tls1.2.conf | New virtualhost and LocationMatch snippets to enable/require client certificate handling and proxy to cert-authn endpoints. |
| Web/API changesjans-casa/app/src/main/webapp/WEB-INF/web.xml, jans-casa/app/src/main/webapp/enrollment-api.yaml | Added with tracking-mode COOKIE in web.xml; removed three SuperGluu enrollment endpoints and SuperGluuDevice definition; updated SecondFactorCode enum. |
| Minor formattingjans-casa/plugins/acct-linking/agama/pom.xml | Trailing newline/formatting only. |
Estimated code review effort
🎯 4 (Complex) | ⏱️ ~60 minutes
Possibly related PRs
- docs: add Casa cert authn plugin documentation #12925 — Documentation for the Certificate authentication Casa plugin that corresponds to the new cert-authn plugin and files introduced here.
Suggested reviewers
- manojs1978
- moabu
- yurem
Pre-merge checks and finishing touches
❌ Failed checks (2 warnings)
| Check name | Status | Explanation | Resolution |
|---|---|---|---|
| Out of Scope Changes check | ⚠️ Warning | The PR includes out-of-scope dependency version updates: maven-assembly-plugin and spotbugs-maven-plugin bumps in sample-cred/pom.xml unrelated to certificate authentication implementation. | Move the sample-cred/pom.xml plugin version updates (maven-assembly-plugin 3.1.0→3.8.0, spotbugs 4.2.0→4.9.8.2) to a separate maintenance PR or remove them from this feature PR. |
| Docstring Coverage | ⚠️ Warning | Docstring coverage is 1.39% which is insufficient. The required threshold is 80.00%. | You can run @coderabbitai generate docstrings to improve docstring coverage. |
✅ Passed checks (3 passed)
| Check name | Status | Explanation |
|---|---|---|
| Title check | ✅ Passed | The title clearly and concisely describes the main change: implementing a client certificate authentication Casa plugin, which aligns with the PR objectives. |
| Description check | ✅ Passed | The PR description includes the required target issue (#12838), confirms compliance with guidelines and license, and addresses documentation status. However, the Implementation Details section is empty without technical analysis or approach explanation. |
| Linked Issues check | ✅ Passed | The PR successfully implements the client certificate authentication plugin migration from Gluu4 into Jans Casa, including service logic, UI components, configuration, and supporting infrastructure across multiple files and modules. |
✨ Finishing touches
- 📝 Generate docstrings
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.
❤️ Share
Comment @coderabbitai help to get the list of available commands and usage tips.