From 85a820cdcab00b55cd8dae11f09039b323795242 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 12:30:46 -0700 Subject: [PATCH 01/30] Add PF resource exports for pingfederate_keypairs_ssl_server_settings and pingfederate_keypairs_signing_key_rotation_settings --- .../pingfederate/pingfederate_connector.go | 2 + .../pingfederate_connector_test.go | 12 +++ ..._keypairs_signing_key_rotation_settings.go | 95 +++++++++++++++++++ ...airs_signing_key_rotation_settings_test.go | 26 +++++ ...ngfederate_keypairs_ssl_server_settings.go | 53 +++++++++++ ...erate_keypairs_ssl_server_settings_test.go | 26 +++++ 6 files changed, 214 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings_test.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_keypairs_ssl_server_settings.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_keypairs_ssl_server_settings_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index 8ff48ede..af7c4c52 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -68,6 +68,8 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.KerberosRealmSettings(&c.clientInfo), resources.KeypairsOauthOpenidConnect(&c.clientInfo), resources.KeypairsOauthOpenidConnectAdditionalKeySet(&c.clientInfo), + resources.KeypairsSigningKeyRotationSettings(&c.clientInfo), + resources.KeypairsSslServerSettings(&c.clientInfo), resources.LocalIdentityProfile(&c.clientInfo), resources.NotificationPublisherSettings(&c.clientInfo), resources.OAuthAccessTokenManager(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 6a0590be..02c57951 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -165,6 +165,18 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.KeypairsOauthOpenidConnectAdditionalKeySet(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateKeypairsSigningKeyRotationSettings", + resource: resources.KeypairsSigningKeyRotationSettings(PingFederateClientInfo), + ignoredErrors: []string{ + "Error: Cannot import non-existent remote object", + }, + }, + { + name: "PingFederateKeypairsSslServerSettings", + resource: resources.KeypairsSslServerSettings(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateLocalIdentityProfile", resource: resources.LocalIdentityProfile(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings.go b/internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings.go new file mode 100644 index 00000000..9575aff5 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings.go @@ -0,0 +1,95 @@ +package resources + +import ( + "fmt" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateKeypairsSigningKeyRotationSettingsResource{} +) + +type PingFederateKeypairsSigningKeyRotationSettingsResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateKeypairsSigningKeyRotationSettingsResource +func KeypairsSigningKeyRotationSettings(clientInfo *connector.PingFederateClientInfo) *PingFederateKeypairsSigningKeyRotationSettingsResource { + return &PingFederateKeypairsSigningKeyRotationSettingsResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateKeypairsSigningKeyRotationSettingsResource) ResourceType() string { + return "pingfederate_keypairs_signing_key_rotation_settings" +} + +func (r *PingFederateKeypairsSigningKeyRotationSettingsResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + signingKeyPairData, err := r.getSigningKeyPairData() + if err != nil { + return nil, err + } + + for signingKeyPairId, signingKeyPairInfo := range *signingKeyPairData { + signingKeyPairIssuerDN := signingKeyPairInfo[0] + signingKeyPairSerialNumber := signingKeyPairInfo[1] + + commentData := map[string]string{ + "Signing Keypair ID": signingKeyPairId, + "Signing Keypair Issuer DN": signingKeyPairIssuerDN, + "Signing Keypair Serial Number": signingKeyPairSerialNumber, + "Resource Type": r.ResourceType(), + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: fmt.Sprintf("%s_%s_rotation_settings", signingKeyPairIssuerDN, signingKeyPairSerialNumber), + ResourceID: signingKeyPairId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + } + + return &importBlocks, nil +} + +func (r *PingFederateKeypairsSigningKeyRotationSettingsResource) getSigningKeyPairData() (*map[string][]string, error) { + signingKeyPairData := make(map[string][]string) + + signingKeyPairs, response, err := r.clientInfo.ApiClient.KeyPairsSigningAPI.GetSigningKeyPairs(r.clientInfo.Context).Execute() + err = common.HandleClientResponse(response, err, "GetSigningKeyPairs", r.ResourceType()) + if err != nil { + return nil, err + } + + if signingKeyPairs == nil { + return nil, common.DataNilError(r.ResourceType(), response) + } + + signingKeyPairsItems, signingKeyPairsItemsOk := signingKeyPairs.GetItemsOk() + if !signingKeyPairsItemsOk { + return nil, common.DataNilError(r.ResourceType(), response) + } + + for _, signingKeyPair := range signingKeyPairsItems { + signingKeyPairId, signingKeyPairIdOk := signingKeyPair.GetIdOk() + signingKeyPairIssuerDN, signingKeyPairIssuerDNOk := signingKeyPair.GetIssuerDNOk() + signingKeyPairSerialNumber, signingKeyPairSerialNumberOk := signingKeyPair.GetSerialNumberOk() + + if signingKeyPairIdOk && signingKeyPairIssuerDNOk && signingKeyPairSerialNumberOk { + signingKeyPairData[*signingKeyPairId] = []string{*signingKeyPairIssuerDN, *signingKeyPairSerialNumber} + } + } + + return &signingKeyPairData, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings_test.go b/internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings_test.go new file mode 100644 index 00000000..62972e16 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateKeypairsSigningKeyRotationSettingsExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.KeypairsSigningKeyRotationSettings(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_keypairs_signing_key_rotation_settings", + ResourceName: "CN=common, O=org, C=US_1696532438981_rotation_settings", + ResourceID: "419x9yg43rlawqwq9v6az997k", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} diff --git a/internal/connector/pingfederate/resources/pingfederate_keypairs_ssl_server_settings.go b/internal/connector/pingfederate/resources/pingfederate_keypairs_ssl_server_settings.go new file mode 100644 index 00000000..cf7e35af --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_keypairs_ssl_server_settings.go @@ -0,0 +1,53 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateKeypairsSslServerSettingsResource{} +) + +type PingFederateKeypairsSslServerSettingsResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateKeypairsSslServerSettingsResource +func KeypairsSslServerSettings(clientInfo *connector.PingFederateClientInfo) *PingFederateKeypairsSslServerSettingsResource { + return &PingFederateKeypairsSslServerSettingsResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateKeypairsSslServerSettingsResource) ResourceType() string { + return "pingfederate_keypairs_ssl_server_settings" +} + +func (r *PingFederateKeypairsSslServerSettingsResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + keypairsSslServerSettingsId := "keypairs_ssl_server_settings_singleton_id" + keypairsSslServerSettingsName := "Keypairs SSL Server Settings" + + commentData := map[string]string{ + "Resource Type": r.ResourceType(), + "Singleton ID": common.SINGLETON_ID_COMMENT_DATA, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: keypairsSslServerSettingsName, + ResourceID: keypairsSslServerSettingsId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + + return &importBlocks, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_keypairs_ssl_server_settings_test.go b/internal/connector/pingfederate/resources/pingfederate_keypairs_ssl_server_settings_test.go new file mode 100644 index 00000000..36014527 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_keypairs_ssl_server_settings_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateKeypairsSslServerSettingsExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.KeypairsSslServerSettings(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_keypairs_ssl_server_settings", + ResourceName: "Keypairs SSL Server Settings", + ResourceID: "keypairs_ssl_server_settings_singleton_id", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} From 3e998e40635b551bde6029cbb3acb6e45628c2e6 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 12:56:02 -0700 Subject: [PATCH 02/30] Update dependencies --- go.mod | 46 ++++++++++++++-------------- go.sum | 94 ++++++++++++++++++++++++++++------------------------------ 2 files changed, 69 insertions(+), 71 deletions(-) diff --git a/go.mod b/go.mod index 0a1264db..c54dcb0c 100644 --- a/go.mod +++ b/go.mod @@ -7,9 +7,9 @@ require ( github.com/golangci/golangci-lint v1.62.2 github.com/hashicorp/go-uuid v1.0.3 github.com/manifoldco/promptui v0.9.0 - github.com/patrickcping/pingone-go-sdk-v2 v0.12.4 - github.com/patrickcping/pingone-go-sdk-v2/management v0.44.0 - github.com/patrickcping/pingone-go-sdk-v2/risk v0.17.0 + github.com/patrickcping/pingone-go-sdk-v2 v0.12.5 + github.com/patrickcping/pingone-go-sdk-v2/management v0.45.0 + github.com/patrickcping/pingone-go-sdk-v2/risk v0.18.0 github.com/pavius/impi v0.0.3 github.com/pingidentity/pingfederate-go-client/v1210 v1210.0.5 github.com/rs/zerolog v1.33.0 @@ -22,10 +22,10 @@ require ( require ( 4d63.com/gocheckcompilerdirectives v1.2.1 // indirect 4d63.com/gochecknoglobals v0.2.1 // indirect - github.com/4meepo/tagalign v1.3.4 // indirect + github.com/4meepo/tagalign v1.4.1 // indirect github.com/Abirdcfly/dupword v0.1.3 // indirect github.com/Antonboom/errname v1.0.0 // indirect - github.com/Antonboom/nilnil v1.0.0 // indirect + github.com/Antonboom/nilnil v1.0.1 // indirect github.com/Antonboom/testifylint v1.5.2 // indirect github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c // indirect github.com/Crocmagnon/fatcontext v0.5.3 // indirect @@ -33,7 +33,7 @@ require ( github.com/GaijinEntertainment/go-exhaustruct/v3 v3.3.0 // indirect github.com/Masterminds/semver/v3 v3.3.1 // indirect github.com/OpenPeeDeeP/depguard/v2 v2.2.0 // indirect - github.com/alecthomas/go-check-sumtype v0.3.0 // indirect + github.com/alecthomas/go-check-sumtype v0.3.1 // indirect github.com/alexkohler/nakedret/v2 v2.0.5 // indirect github.com/alexkohler/prealloc v1.0.0 // indirect github.com/alingse/asasalint v0.0.11 // indirect @@ -42,7 +42,7 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/bkielbasa/cyclop v1.2.3 // indirect github.com/blizzy78/varnamelen v0.8.0 // indirect - github.com/bombsimon/wsl/v4 v4.4.1 // indirect + github.com/bombsimon/wsl/v4 v4.5.0 // indirect github.com/breml/bidichk v0.3.2 // indirect github.com/breml/errchkjson v0.4.0 // indirect github.com/butuzov/ireturn v0.3.1 // indirect @@ -78,7 +78,7 @@ require ( github.com/gofrs/flock v0.12.1 // indirect github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a // indirect github.com/golangci/go-printf-func-name v0.1.0 // indirect - github.com/golangci/gofmt v0.0.0-20240816233607-d8596aa466a9 // indirect + github.com/golangci/gofmt v0.0.0-20241223200906-057b0627d9b9 // indirect github.com/golangci/misspell v0.6.0 // indirect github.com/golangci/modinfo v0.3.4 // indirect github.com/golangci/plugin-module-register v0.1.1 // indirect @@ -99,7 +99,7 @@ require ( github.com/jgautheron/goconst v1.7.1 // indirect github.com/jingyugao/rowserrcheck v1.1.1 // indirect github.com/jjti/go-spancheck v0.6.4 // indirect - github.com/julz/importas v0.1.0 // indirect + github.com/julz/importas v0.2.0 // indirect github.com/karamaru-alpha/copyloopvar v1.1.0 // indirect github.com/kisielk/errcheck v1.8.0 // indirect github.com/kisielk/gotool v1.0.0 // indirect @@ -109,14 +109,14 @@ require ( github.com/kyoh86/exportloopref v0.1.11 // indirect github.com/lasiar/canonicalheader v1.1.2 // indirect github.com/ldez/gomoddirectives v0.6.0 // indirect - github.com/ldez/grignotin v0.6.0 // indirect + github.com/ldez/grignotin v0.7.0 // indirect github.com/ldez/tagliatelle v0.7.1 // indirect github.com/leonklingele/grouper v1.1.2 // indirect github.com/macabu/inamedparam v0.1.3 // indirect github.com/magiconair/properties v1.8.9 // indirect github.com/maratori/testableexamples v1.0.0 // indirect github.com/maratori/testpackage v1.1.1 // indirect - github.com/matoous/godox v0.0.0-20241202171805-94d1edd68ebb // indirect + github.com/matoous/godox v0.0.0-20241227120647-72181c086b34 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect @@ -146,9 +146,9 @@ require ( github.com/quasilyte/gogrep v0.5.0 // indirect github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 // indirect github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 // indirect - github.com/raeperd/recvcheck v0.1.2 // indirect + github.com/raeperd/recvcheck v0.2.0 // indirect github.com/rivo/uniseg v0.4.7 // indirect - github.com/rogpeppe/go-internal v1.13.1 // indirect + github.com/rogpeppe/go-internal v1.13.2-0.20241226121412-a5dc8ff20d0a // indirect github.com/ryancurrah/gomodguard v1.3.5 // indirect github.com/ryanrolds/sqlclosecheck v0.5.1 // indirect github.com/sagikazarmark/locafero v0.6.0 // indirect @@ -156,7 +156,7 @@ require ( github.com/sanposhiho/wastedassign/v2 v2.1.0 // indirect github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect github.com/sashamelentyev/interfacebloat v1.1.0 // indirect - github.com/sashamelentyev/usestdlibvars v1.27.0 // indirect + github.com/sashamelentyev/usestdlibvars v1.28.0 // indirect github.com/securego/gosec/v2 v2.21.4 // indirect github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c // indirect github.com/sirupsen/logrus v1.9.3 // indirect @@ -166,20 +166,20 @@ require ( github.com/sourcegraph/conc v0.3.0 // indirect github.com/sourcegraph/go-diff v0.7.0 // indirect github.com/spf13/afero v1.11.0 // indirect - github.com/spf13/cast v1.7.0 // indirect + github.com/spf13/cast v1.7.1 // indirect github.com/ssgreg/nlreturn/v2 v2.2.1 // indirect github.com/stbenjam/no-sprintf-host-port v0.2.0 // indirect github.com/stretchr/objx v0.5.2 // indirect github.com/stretchr/testify v1.10.0 // indirect github.com/subosito/gotenv v1.6.0 // indirect github.com/tdakkota/asciicheck v0.3.0 // indirect - github.com/tetafro/godot v1.4.18 // indirect - github.com/timakin/bodyclose v0.0.0-20241017074824-adbc21e6bf36 // indirect + github.com/tetafro/godot v1.4.20 // indirect + github.com/timakin/bodyclose v0.0.0-20241222091800-1db5c5ca4d67 // indirect github.com/timonwong/loggercheck v0.10.1 // indirect github.com/tomarrell/wrapcheck/v2 v2.10.0 // indirect github.com/tommy-muehle/go-mnd/v2 v2.5.1 // indirect - github.com/ultraware/funlen v0.1.0 // indirect - github.com/ultraware/whitespace v0.1.1 // indirect + github.com/ultraware/funlen v0.2.0 // indirect + github.com/ultraware/whitespace v0.2.0 // indirect github.com/uudashr/gocognit v1.2.0 // indirect github.com/uudashr/iface v1.3.0 // indirect github.com/xen0n/gosmopolitan v1.2.2 // indirect @@ -192,18 +192,18 @@ require ( go.uber.org/automaxprocs v1.6.0 // indirect go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.27.0 // indirect - golang.org/x/exp v0.0.0-20241210194714-1829a127f884 // indirect - golang.org/x/exp/typeparams v0.0.0-20241210194714-1829a127f884 // indirect + golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect + golang.org/x/exp/typeparams v0.0.0-20241217172543-b2144cdd0a67 // indirect golang.org/x/mod v0.22.0 // indirect golang.org/x/oauth2 v0.24.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect golang.org/x/tools v0.28.0 // indirect - google.golang.org/protobuf v1.35.2 // indirect + google.golang.org/protobuf v1.36.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect honnef.co/go/tools v0.5.1 // indirect mvdan.cc/gofumpt v0.7.0 // indirect - mvdan.cc/unparam v0.0.0-20240917084806-57a3b4290ba3 // indirect + mvdan.cc/unparam v0.0.0-20241226123437-447d509598f3 // indirect ) diff --git a/go.sum b/go.sum index 2be5e676..0f104088 100644 --- a/go.sum +++ b/go.sum @@ -2,14 +2,14 @@ 4d63.com/gocheckcompilerdirectives v1.2.1/go.mod h1:yjDJSxmDTtIHHCqX0ufRYZDL6vQtMG7tJdKVeWwsqvs= 4d63.com/gochecknoglobals v0.2.1 h1:1eiorGsgHOFOuoOiJDy2psSrQbRdIHrlge0IJIkUgDc= 4d63.com/gochecknoglobals v0.2.1/go.mod h1:KRE8wtJB3CXCsb1xy421JfTHIIbmT3U5ruxw2Qu8fSU= -github.com/4meepo/tagalign v1.3.4 h1:P51VcvBnf04YkHzjfclN6BbsopfJR5rxs1n+5zHt+w8= -github.com/4meepo/tagalign v1.3.4/go.mod h1:M+pnkHH2vG8+qhE5bVc/zeP7HS/j910Fwa9TUSyZVI0= +github.com/4meepo/tagalign v1.4.1 h1:GYTu2FaPGOGb/xJalcqHeD4il5BiCywyEYZOA55P6J4= +github.com/4meepo/tagalign v1.4.1/go.mod h1:2H9Yu6sZ67hmuraFgfZkNcg5Py9Ch/Om9l2K/2W1qS4= github.com/Abirdcfly/dupword v0.1.3 h1:9Pa1NuAsZvpFPi9Pqkd93I7LIYRURj+A//dFd5tgBeE= github.com/Abirdcfly/dupword v0.1.3/go.mod h1:8VbB2t7e10KRNdwTVoxdBaxla6avbhGzb8sCTygUMhw= github.com/Antonboom/errname v1.0.0 h1:oJOOWR07vS1kRusl6YRSlat7HFnb3mSfMl6sDMRoTBA= github.com/Antonboom/errname v1.0.0/go.mod h1:gMOBFzK/vrTiXN9Oh+HFs+e6Ndl0eTFbtsRTSRdXyGI= -github.com/Antonboom/nilnil v1.0.0 h1:n+v+B12dsE5tbAqRODXmEKfZv9j2KcTBrp+LkoM4HZk= -github.com/Antonboom/nilnil v1.0.0/go.mod h1:fDJ1FSFoLN6yoG65ANb1WihItf6qt9PJVTn/s2IrcII= +github.com/Antonboom/nilnil v1.0.1 h1:C3Tkm0KUxgfO4Duk3PM+ztPncTFlOf0b2qadmS0s4xs= +github.com/Antonboom/nilnil v1.0.1/go.mod h1:CH7pW2JsRNFgEh8B2UaPZTEPhCMuFowP/e8Udp9Nnb0= github.com/Antonboom/testifylint v1.5.2 h1:4s3Xhuv5AvdIgbd8wOOEeo0uZG7PbDKQyKY5lGoQazk= github.com/Antonboom/testifylint v1.5.2/go.mod h1:vxy8VJ0bc6NavlYqjZfmp6EfqXMtBgQ4+mhCojwC1P8= github.com/BurntSushi/toml v1.4.1-0.20240526193622-a339e1f7089c h1:pxW6RcqyfI9/kWtOwnv/G+AzdKuy2ZrqINhenH4HyNs= @@ -26,8 +26,8 @@ github.com/OpenPeeDeeP/depguard/v2 v2.2.0 h1:vDfG60vDtIuf0MEOhmLlLLSzqaRM8EMcgJP github.com/OpenPeeDeeP/depguard/v2 v2.2.0/go.mod h1:CIzddKRvLBC4Au5aYP/i3nyaWQ+ClszLIuVocRiCYFQ= github.com/alecthomas/assert/v2 v2.11.0 h1:2Q9r3ki8+JYXvGsDyBXwH3LcJ+WK5D0gc5E8vS6K3D0= github.com/alecthomas/assert/v2 v2.11.0/go.mod h1:Bze95FyfUr7x34QZrjL+XP+0qgp/zg8yS+TtBj1WA3k= -github.com/alecthomas/go-check-sumtype v0.3.0 h1:yOw5oYjpa5eyKNztSfUr2xk2nvUrx7cUjFMbm6puybc= -github.com/alecthomas/go-check-sumtype v0.3.0/go.mod h1:I5AdgQAzhonsD7Bu2UYq8cjS8pzVML1gb3q8mcg/rpQ= +github.com/alecthomas/go-check-sumtype v0.3.1 h1:u9aUvbGINJxLVXiFvHUlPEaD7VDULsrxJb4Aq31NLkU= +github.com/alecthomas/go-check-sumtype v0.3.1/go.mod h1:A8TSiN3UPRw3laIgWEUOHHLPa6/r9MtoigdlP5h3K/E= github.com/alecthomas/repr v0.4.0 h1:GhI2A8MACjfegCPVq9f1FLvIBS+DrQ2KQBFZP1iFzXc= github.com/alecthomas/repr v0.4.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4= github.com/alexkohler/nakedret/v2 v2.0.5 h1:fP5qLgtwbx9EJE8dGEERT02YwS8En4r9nnZ71RK+EVU= @@ -46,8 +46,8 @@ github.com/bkielbasa/cyclop v1.2.3 h1:faIVMIGDIANuGPWH031CZJTi2ymOQBULs9H21HSMa5 github.com/bkielbasa/cyclop v1.2.3/go.mod h1:kHTwA9Q0uZqOADdupvcFJQtp/ksSnytRMe8ztxG8Fuo= github.com/blizzy78/varnamelen v0.8.0 h1:oqSblyuQvFsW1hbBHh1zfwrKe3kcSj0rnXkKzsQ089M= github.com/blizzy78/varnamelen v0.8.0/go.mod h1:V9TzQZ4fLJ1DSrjVDfl89H7aMnTvKkApdHeyESmyR7k= -github.com/bombsimon/wsl/v4 v4.4.1 h1:jfUaCkN+aUpobrMO24zwyAMwMAV5eSziCkOKEauOLdw= -github.com/bombsimon/wsl/v4 v4.4.1/go.mod h1:Xu/kDxGZTofQcDGCtQe9KCzhHphIe0fDuyWTxER9Feo= +github.com/bombsimon/wsl/v4 v4.5.0 h1:iZRsEvDdyhd2La0FVi5k6tYehpOR/R7qIUjmKk7N74A= +github.com/bombsimon/wsl/v4 v4.5.0/go.mod h1:NOQ3aLF4nD7N5YPXMruR6ZXDOAqLoM0GEpLwTdvmOSc= github.com/breml/bidichk v0.3.2 h1:xV4flJ9V5xWTqxL+/PMFF6dtJPvZLPsyixAoPe8BGJs= github.com/breml/bidichk v0.3.2/go.mod h1:VzFLBxuYtT23z5+iVkamXO386OB+/sVwZOpIj6zXGos= github.com/breml/errchkjson v0.4.0 h1:gftf6uWZMtIa/Is3XJgibewBm2ksAQSY/kABDNFTAdk= @@ -145,8 +145,8 @@ github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a h1:w8hkcTqaFpzKqonE9 github.com/golangci/dupl v0.0.0-20180902072040-3e9179ac440a/go.mod h1:ryS0uhF+x9jgbj/N71xsEqODy9BN81/GonCZiOzirOk= github.com/golangci/go-printf-func-name v0.1.0 h1:dVokQP+NMTO7jwO4bwsRwLWeudOVUPPyAKJuzv8pEJU= github.com/golangci/go-printf-func-name v0.1.0/go.mod h1:wqhWFH5mUdJQhweRnldEywnR5021wTdZSNgwYceV14s= -github.com/golangci/gofmt v0.0.0-20240816233607-d8596aa466a9 h1:/1322Qns6BtQxUZDTAT4SdcoxknUki7IAoK4SAXr8ME= -github.com/golangci/gofmt v0.0.0-20240816233607-d8596aa466a9/go.mod h1:Oesb/0uFAyWoaw1U1qS5zyjCg5NP9C9iwjnI4tIsXEE= +github.com/golangci/gofmt v0.0.0-20241223200906-057b0627d9b9 h1:t5wybL6RtO83VwoMOb7U/Peqe3gGKQlPIC66wXmnkvM= +github.com/golangci/gofmt v0.0.0-20241223200906-057b0627d9b9/go.mod h1:Ag3L7sh7E28qAp/5xnpMMTuGYqxLZoSaEHZDkZB1RgU= github.com/golangci/golangci-lint v1.62.2 h1:b8K5K9PN+rZN1+mKLtsZHz2XXS9aYKzQ9i25x3Qnxxw= github.com/golangci/golangci-lint v1.62.2/go.mod h1:ILWWyeFUrctpHVGMa1dg2xZPKoMUTc5OIMgW7HZr34g= github.com/golangci/misspell v0.6.0 h1:JCle2HUTNWirNlDIAUO44hUsKhOFqGPoC4LZxlaSXDs= @@ -204,8 +204,8 @@ github.com/jingyugao/rowserrcheck v1.1.1 h1:zibz55j/MJtLsjP1OF4bSdgXxwL1b+Vn7Tjz github.com/jingyugao/rowserrcheck v1.1.1/go.mod h1:4yvlZSDb3IyDTUZJUmpZfm2Hwok+Dtp+nu2qOq+er9c= github.com/jjti/go-spancheck v0.6.4 h1:Tl7gQpYf4/TMU7AT84MN83/6PutY21Nb9fuQjFTpRRc= github.com/jjti/go-spancheck v0.6.4/go.mod h1:yAEYdKJ2lRkDA8g7X+oKUHXOWVAXSBJRv04OhF+QUjk= -github.com/julz/importas v0.1.0 h1:F78HnrsjY3cR7j0etXy5+TU1Zuy7Xt08X/1aJnH5xXY= -github.com/julz/importas v0.1.0/go.mod h1:oSFU2R4XK/P7kNBrnL/FEQlDGN1/6WoxXEjSSXO0DV0= +github.com/julz/importas v0.2.0 h1:y+MJN/UdL63QbFJHws9BVC5RpA2iq0kpjrFajTGivjQ= +github.com/julz/importas v0.2.0/go.mod h1:pThlt589EnCYtMnmhmRYY/qn9lCf/frPOK+WMx3xiJY= github.com/karamaru-alpha/copyloopvar v1.1.0 h1:x7gNyKcC2vRBO1H2Mks5u1VxQtYvFiym7fCjIP8RPos= github.com/karamaru-alpha/copyloopvar v1.1.0/go.mod h1:u7CIfztblY0jZLOQZgH3oYsJzpC2A7S6u/lfgSXHy0k= github.com/kisielk/errcheck v1.8.0 h1:ZX/URYa7ilESY19ik/vBmCn6zdGQLxACwjAcWbHlYlg= @@ -230,8 +230,8 @@ github.com/lasiar/canonicalheader v1.1.2 h1:vZ5uqwvDbyJCnMhmFYimgMZnJMjwljN5VGY0 github.com/lasiar/canonicalheader v1.1.2/go.mod h1:qJCeLFS0G/QlLQ506T+Fk/fWMa2VmBUiEI2cuMK4djI= github.com/ldez/gomoddirectives v0.6.0 h1:Jyf1ZdTeiIB4dd+2n4qw+g4aI9IJ6JyfOZ8BityWvnA= github.com/ldez/gomoddirectives v0.6.0/go.mod h1:TuwOGYoPAoENDWQpe8DMqEm5nIfjrxZXmxX/CExWyZ4= -github.com/ldez/grignotin v0.6.0 h1:i++3002hxD5TpVto0iLjLrfz1V+yEJ+BBk4glb3aqC8= -github.com/ldez/grignotin v0.6.0/go.mod h1:uaVTr0SoZ1KBii33c47O1M8Jp3OP3YDwhZCmzT9GHEk= +github.com/ldez/grignotin v0.7.0 h1:vh0dI32WhHaq6LLPZ38g7WxXuZ1+RzyrJ7iPG9JMa8c= +github.com/ldez/grignotin v0.7.0/go.mod h1:uaVTr0SoZ1KBii33c47O1M8Jp3OP3YDwhZCmzT9GHEk= github.com/ldez/tagliatelle v0.7.1 h1:bTgKjjc2sQcsgPiT902+aadvMjCeMHrY7ly2XKFORIk= github.com/ldez/tagliatelle v0.7.1/go.mod h1:3zjxUpsNB2aEZScWiZTHrAXOl1x25t3cRmzfK1mlo2I= github.com/leonklingele/grouper v1.1.2 h1:o1ARBDLOmmasUaNDesWqWCIFH3u7hoFlM84YrjT3mIY= @@ -246,8 +246,8 @@ github.com/maratori/testableexamples v1.0.0 h1:dU5alXRrD8WKSjOUnmJZuzdxWOEQ57+7s github.com/maratori/testableexamples v1.0.0/go.mod h1:4rhjL1n20TUTT4vdh3RDqSizKLyXp7K2u6HgraZCGzE= github.com/maratori/testpackage v1.1.1 h1:S58XVV5AD7HADMmD0fNnziNHqKvSdDuEKdPD1rNTU04= github.com/maratori/testpackage v1.1.1/go.mod h1:s4gRK/ym6AMrqpOa/kEbQTV4Q4jb7WeLZzVhVVVOQMc= -github.com/matoous/godox v0.0.0-20241202171805-94d1edd68ebb h1:16vJua1jlCfNLTCcMREK9/rX6SYkD22pD2UnUBTi0jU= -github.com/matoous/godox v0.0.0-20241202171805-94d1edd68ebb/go.mod h1:jgE/3fUXiTurkdHOLT5WEkThTSuE7yxHv5iWPa80afs= +github.com/matoous/godox v0.0.0-20241227120647-72181c086b34 h1:EJiRbP3iVnGbBj9EnP+jOQqx/PI65WVByQRyk37fy4s= +github.com/matoous/godox v0.0.0-20241227120647-72181c086b34/go.mod h1:jgE/3fUXiTurkdHOLT5WEkThTSuE7yxHv5iWPa80afs= github.com/matryer/is v1.4.0 h1:sosSmIWwkYITGrxZ25ULNDeKiMNzFSr4V/eqBQP0PeE= github.com/matryer/is v1.4.0/go.mod h1:8I/i5uYgLzgsgEloJE1U6xx5HkBQpAZvepWuujKwMRU= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= @@ -290,18 +290,18 @@ github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJ github.com/otiai10/curr v1.0.0/go.mod h1:LskTG5wDwr8Rs+nNQ+1LlxRjAtTZZjtJW4rMXl6j4vs= github.com/otiai10/mint v1.3.0/go.mod h1:F5AjcsTsWUqX+Na9fpHb52P8pcRX2CI6A3ctIT91xUo= github.com/otiai10/mint v1.3.1/go.mod h1:/yxELlJQ0ufhjUwhshSj+wFjZ78CnZ48/1wtmBH1OTc= -github.com/patrickcping/pingone-go-sdk-v2 v0.12.4 h1:geen+q6junlsLmTG30KC7zdnTCQ11BzKu7GGc22Tj5U= -github.com/patrickcping/pingone-go-sdk-v2 v0.12.4/go.mod h1:I1WQE3pSKTrwOzlUuNSN1Tmm5FFIUJwepnDoILpestw= +github.com/patrickcping/pingone-go-sdk-v2 v0.12.5 h1:8z5qI7/Mvj7nxOuR7yPcTOKqUK3X+1nwg9DFfSlvCm4= +github.com/patrickcping/pingone-go-sdk-v2 v0.12.5/go.mod h1:4Qwo23Xz1+TYFl7gVqNDXwiLaszz6BdwAH4Wsy2T7yA= github.com/patrickcping/pingone-go-sdk-v2/authorize v0.7.0 h1:e36HmxvHy3zmt9oKHlTTgImSt1Q71RT05i6Kp4EwxWU= github.com/patrickcping/pingone-go-sdk-v2/authorize v0.7.0/go.mod h1:2PDrgC1ufXk2IDIk4JQHx6r34r2xpkbnzKIpXFv8gYs= github.com/patrickcping/pingone-go-sdk-v2/credentials v0.10.0 h1:NziAU4J3b18hw/4L+4TpCOBS+kd9srQR2R3xP0aEbNw= github.com/patrickcping/pingone-go-sdk-v2/credentials v0.10.0/go.mod h1:yRGf7+tsB3/AQYsNjIIs4ScJhR885mvDYMgwHiQeMl0= -github.com/patrickcping/pingone-go-sdk-v2/management v0.44.0 h1:NjEaHbefO6YrvxsRWoNGSpEsQN0WFV/LJHO+rQilNzk= -github.com/patrickcping/pingone-go-sdk-v2/management v0.44.0/go.mod h1:oLB/jjAkn4oEA60nC5/0KAobvcNJbflOWnVaS6lKxv8= +github.com/patrickcping/pingone-go-sdk-v2/management v0.45.0 h1:mGC9J52bR1+4plCWjfdWq6l6BdlUlemHWv0arzSyvsM= +github.com/patrickcping/pingone-go-sdk-v2/management v0.45.0/go.mod h1:oLB/jjAkn4oEA60nC5/0KAobvcNJbflOWnVaS6lKxv8= github.com/patrickcping/pingone-go-sdk-v2/mfa v0.21.0 h1:/cfl+PcocLDj2m4ZgE653m3UDdIk7VEB7iVwCQ1YSH4= github.com/patrickcping/pingone-go-sdk-v2/mfa v0.21.0/go.mod h1:Q+Ym6kktv5Y6VnVhDt//lWoOhmIKfyjo6ejRx5mLttY= -github.com/patrickcping/pingone-go-sdk-v2/risk v0.17.0 h1:sEJSGAFXhTB/Uy/ulxafLUnRqOE4W3PQoaaGMA1YaS4= -github.com/patrickcping/pingone-go-sdk-v2/risk v0.17.0/go.mod h1:ppwkDT/w2/2y2aFH+hFQgziLMsWvz2MEZvwYexREqRk= +github.com/patrickcping/pingone-go-sdk-v2/risk v0.18.0 h1:+Ogq2g0s0i+SU/NoJg9+pL5+3iPyK9tFUWrDC3scHR8= +github.com/patrickcping/pingone-go-sdk-v2/risk v0.18.0/go.mod h1:ppwkDT/w2/2y2aFH+hFQgziLMsWvz2MEZvwYexREqRk= github.com/patrickcping/pingone-go-sdk-v2/verify v0.8.0 h1:FsssxnJ/VSIxXtdvZlDn555nY+Yn1ndsg9IITyXYBbM= github.com/patrickcping/pingone-go-sdk-v2/verify v0.8.0/go.mod h1:bCq5fHv9mSdNsm/XiT5jb3YgYnQb8F824EYfq9eAJl4= github.com/pavius/impi v0.0.3 h1:DND6MzU+BLABhOZXbELR3FU8b+zDgcq4dOCNLhiTYuI= @@ -336,13 +336,13 @@ github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727 h1:TCg2WBOl github.com/quasilyte/regex/syntax v0.0.0-20210819130434-b3f0c404a727/go.mod h1:rlzQ04UMyJXu/aOvhd8qT+hvDrFpiwqp8MRXDY9szc0= github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567 h1:M8mH9eK4OUR4lu7Gd+PU1fV2/qnDNfzT635KRSObncs= github.com/quasilyte/stdinfo v0.0.0-20220114132959-f7386bf02567/go.mod h1:DWNGW8A4Y+GyBgPuaQJuWiy0XYftx4Xm/y5Jqk9I6VQ= -github.com/raeperd/recvcheck v0.1.2 h1:SjdquRsRXJc26eSonWIo8b7IMtKD3OAT2Lb5G3ZX1+4= -github.com/raeperd/recvcheck v0.1.2/go.mod h1:n04eYkwIR0JbgD73wT8wL4JjPC3wm0nFtzBnWNocnYU= +github.com/raeperd/recvcheck v0.2.0 h1:GnU+NsbiCqdC2XX5+vMZzP+jAJC5fht7rcVTAhX74UI= +github.com/raeperd/recvcheck v0.2.0/go.mod h1:n04eYkwIR0JbgD73wT8wL4JjPC3wm0nFtzBnWNocnYU= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= -github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= -github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/rogpeppe/go-internal v1.13.2-0.20241226121412-a5dc8ff20d0a h1:w3tdWGKbLGBPtR/8/oO74W6hmz0qE5q0z9aqSAewaaM= +github.com/rogpeppe/go-internal v1.13.2-0.20241226121412-a5dc8ff20d0a/go.mod h1:S8kfXMp+yh77OxPD4fdM6YUknrZpQxLhvxzS4gDHENY= github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8= github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss= @@ -361,8 +361,8 @@ github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6Ng github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= github.com/sashamelentyev/interfacebloat v1.1.0 h1:xdRdJp0irL086OyW1H/RTZTr1h/tMEOsumirXcOJqAw= github.com/sashamelentyev/interfacebloat v1.1.0/go.mod h1:+Y9yU5YdTkrNvoX0xHc84dxiN1iBi9+G8zZIhPVoNjQ= -github.com/sashamelentyev/usestdlibvars v1.27.0 h1:t/3jZpSXtRPRf2xr0m63i32ZrusyurIGT9E5wAvXQnI= -github.com/sashamelentyev/usestdlibvars v1.27.0/go.mod h1:9nl0jgOfHKWNFS43Ojw0i7aRoS4j6EBye3YBhmAIRF8= +github.com/sashamelentyev/usestdlibvars v1.28.0 h1:jZnudE2zKCtYlGzLVreNp5pmCdOxXUzwsMDBkR21cyQ= +github.com/sashamelentyev/usestdlibvars v1.28.0/go.mod h1:9nl0jgOfHKWNFS43Ojw0i7aRoS4j6EBye3YBhmAIRF8= github.com/securego/gosec/v2 v2.21.4 h1:Le8MSj0PDmOnHJgUATjD96PaXRvCpKC+DGJvwyy0Mlk= github.com/securego/gosec/v2 v2.21.4/go.mod h1:Jtb/MwRQfRxCXyCm1rfM1BEiiiTfUOdyzzAhlr6lUTA= github.com/shazow/go-diff v0.0.0-20160112020656-b6b7b6733b8c h1:W65qqJCIOVP4jpqPQ0YvHYKwcMEMVWIzWC5iNQQfBTU= @@ -383,8 +383,8 @@ github.com/sourcegraph/go-diff v0.7.0 h1:9uLlrd5T46OXs5qpp8L/MTltk0zikUGi0sNNyCp github.com/sourcegraph/go-diff v0.7.0/go.mod h1:iBszgVvyxdc8SFZ7gm69go2KDdt3ag071iBaWPF6cjs= github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8= github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY= -github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= -github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= +github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -417,20 +417,20 @@ github.com/tenntenn/modver v1.0.1 h1:2klLppGhDgzJrScMpkj9Ujy3rXPUspSjAcev9tSEBgA github.com/tenntenn/modver v1.0.1/go.mod h1:bePIyQPb7UeioSRkw3Q0XeMhYZSMx9B8ePqg6SAMGH0= github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3 h1:f+jULpRQGxTSkNYKJ51yaw6ChIqO+Je8UqsTKN/cDag= github.com/tenntenn/text/transform v0.0.0-20200319021203-7eef512accb3/go.mod h1:ON8b8w4BN/kE1EOhwT0o+d62W65a6aPw1nouo9LMgyY= -github.com/tetafro/godot v1.4.18 h1:ouX3XGiziKDypbpXqShBfnNLTSjR8r3/HVzrtJ+bHlI= -github.com/tetafro/godot v1.4.18/go.mod h1:2oVxTBSftRTh4+MVfUaUXR6bn2GDXCaMcOG4Dk3rfio= -github.com/timakin/bodyclose v0.0.0-20241017074824-adbc21e6bf36 h1:BLrrwIAzisfgAzwJXJmDV13xxgP8S0ITQtc8vVFPRXY= -github.com/timakin/bodyclose v0.0.0-20241017074824-adbc21e6bf36/go.mod h1:mkjARE7Yr8qU23YcGMSALbIxTQ9r9QBVahQOBRfU460= +github.com/tetafro/godot v1.4.20 h1:z/p8Ek55UdNvzt4TFn2zx2KscpW4rWqcnUrdmvWJj7E= +github.com/tetafro/godot v1.4.20/go.mod h1:2oVxTBSftRTh4+MVfUaUXR6bn2GDXCaMcOG4Dk3rfio= +github.com/timakin/bodyclose v0.0.0-20241222091800-1db5c5ca4d67 h1:9LPGD+jzxMlnk5r6+hJnar67cgpDIz/iyD+rfl5r2Vk= +github.com/timakin/bodyclose v0.0.0-20241222091800-1db5c5ca4d67/go.mod h1:mkjARE7Yr8qU23YcGMSALbIxTQ9r9QBVahQOBRfU460= github.com/timonwong/loggercheck v0.10.1 h1:uVZYClxQFpw55eh+PIoqM7uAOHMrhVcDoWDery9R8Lg= github.com/timonwong/loggercheck v0.10.1/go.mod h1:HEAWU8djynujaAVX7QI65Myb8qgfcZ1uKbdpg3ZzKl8= github.com/tomarrell/wrapcheck/v2 v2.10.0 h1:SzRCryzy4IrAH7bVGG4cK40tNUhmVmMDuJujy4XwYDg= github.com/tomarrell/wrapcheck/v2 v2.10.0/go.mod h1:g9vNIyhb5/9TQgumxQyOEqDHsmGYcGsVMOx/xGkqdMo= github.com/tommy-muehle/go-mnd/v2 v2.5.1 h1:NowYhSdyE/1zwK9QCLeRb6USWdoif80Ie+v+yU8u1Zw= github.com/tommy-muehle/go-mnd/v2 v2.5.1/go.mod h1:WsUAkMJMYww6l/ufffCD3m+P7LEvr8TnZn9lwVDlgzw= -github.com/ultraware/funlen v0.1.0 h1:BuqclbkY6pO+cvxoq7OsktIXZpgBSkYTQtmwhAK81vI= -github.com/ultraware/funlen v0.1.0/go.mod h1:XJqmOQja6DpxarLj6Jj1U7JuoS8PvL4nEqDaQhy22p4= -github.com/ultraware/whitespace v0.1.1 h1:bTPOGejYFulW3PkcrqkeQwOd6NKOOXvmGD9bo/Gk8VQ= -github.com/ultraware/whitespace v0.1.1/go.mod h1:XcP1RLD81eV4BW8UhQlpaR+SDc2givTvyI8a586WjW8= +github.com/ultraware/funlen v0.2.0 h1:gCHmCn+d2/1SemTdYMiKLAHFYxTYz7z9VIDRaTGyLkI= +github.com/ultraware/funlen v0.2.0/go.mod h1:ZE0q4TsJ8T1SQcjmkhN/w+MceuatI6pBFSxxyteHIJA= +github.com/ultraware/whitespace v0.2.0 h1:TYowo2m9Nfj1baEQBjuHzvMRbp19i+RCcRYrSWoFa+g= +github.com/ultraware/whitespace v0.2.0/go.mod h1:XcP1RLD81eV4BW8UhQlpaR+SDc2givTvyI8a586WjW8= github.com/uudashr/gocognit v1.2.0 h1:3BU9aMr1xbhPlvJLSydKwdLN3tEUUrzPSSM8S4hDYRA= github.com/uudashr/gocognit v1.2.0/go.mod h1:k/DdKPI6XBZO1q7HgoV2juESI2/Ofj9AcHPZhBBdrTU= github.com/uudashr/iface v1.3.0 h1:zwPch0fs9tdh9BmL5kcgSpvnObV+yHjO4JjVBl8IA10= @@ -471,12 +471,12 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/exp v0.0.0-20241210194714-1829a127f884 h1:Y/Mj/94zIQQGHVSv1tTtQBDaQaJe62U9bkDZKKyhPCU= -golang.org/x/exp v0.0.0-20241210194714-1829a127f884/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= +golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 h1:1UoZQm6f0P/ZO0w1Ri+f+ifG/gXhegadRdwBIXEFWDo= +golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= golang.org/x/exp/typeparams v0.0.0-20220428152302-39d4317da171/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/exp/typeparams v0.0.0-20230203172020-98cc5a0785f9/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= -golang.org/x/exp/typeparams v0.0.0-20241210194714-1829a127f884 h1:1xaZTydL5Gsg78QharTwKfA9FY9CZ1VQj6D/AZEvHR0= -golang.org/x/exp/typeparams v0.0.0-20241210194714-1829a127f884/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= +golang.org/x/exp/typeparams v0.0.0-20241217172543-b2144cdd0a67 h1:aOkGQa5iWYZjkoBaUQ8KyQfznXDSSumUfxSlEWSnmIM= +golang.org/x/exp/typeparams v0.0.0-20241217172543-b2144cdd0a67/go.mod h1:AbB0pIl9nAr9wVwH+Z2ZpaocVmF5I4GyWCDIsVjR0bk= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= @@ -528,7 +528,6 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -580,7 +579,6 @@ golang.org/x/tools v0.0.0-20200329025819-fd4102a86c65/go.mod h1:Sl4aGygMT6LrqrWc golang.org/x/tools v0.0.0-20200724022722-7017fd6b1305/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20200820010801-b793a1359eac/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA= golang.org/x/tools v0.0.0-20201023174141-c8cfbd0f21e6/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.1-0.20210205202024-ef80cdb6ec6d/go.mod h1:9bzcO0MWcOuT0tm1iBGzDVPshzfwoVvREIui8C+MHqU= golang.org/x/tools v0.1.1-0.20210302220138-2ac05c832e1a/go.mod h1:9bzcO0MWcOuT0tm1iBGzDVPshzfwoVvREIui8C+MHqU= golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= @@ -599,8 +597,8 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= -google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= @@ -616,5 +614,5 @@ honnef.co/go/tools v0.5.1 h1:4bH5o3b5ZULQ4UrBmP+63W9r7qIkqJClEA9ko5YKx+I= honnef.co/go/tools v0.5.1/go.mod h1:e9irvo83WDG9/irijV44wr3tbhcFeRnfpVlRqVwpzMs= mvdan.cc/gofumpt v0.7.0 h1:bg91ttqXmi9y2xawvkuMXyvAA/1ZGJqYAEGjXuP0JXU= mvdan.cc/gofumpt v0.7.0/go.mod h1:txVFJy/Sc/mvaycET54pV8SW8gWxTlUuGHVEcncmNUo= -mvdan.cc/unparam v0.0.0-20240917084806-57a3b4290ba3 h1:YkmTN1n5U60NM02j7TCSWRlW3fqNiuXe/eVXf0dLFN8= -mvdan.cc/unparam v0.0.0-20240917084806-57a3b4290ba3/go.mod h1:z5yboO1sP1Q9pcfvS597TpfbNXQjphDlkCJHzt13ybc= +mvdan.cc/unparam v0.0.0-20241226123437-447d509598f3 h1:OPdLMIX29kquQXSiXmnwzHP1bc+JlH0S2l8SfVK9yWE= +mvdan.cc/unparam v0.0.0-20241226123437-447d509598f3/go.mod h1:VQc4l9ccF55E7EwPxcGqwierxEf0KG8MRR8hJ9tpngw= From cc0e1fd583d8b6f0aa42c2b64d1bb67c69439891 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 13:17:53 -0700 Subject: [PATCH 03/30] Add PF resource export for pingfederate_metadata_url --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 ++ .../resources/pingfederate_metadata_url.go | 88 +++++++++++++++++++ .../pingfederate_metadata_url_test.go | 26 ++++++ server-profiles/12.1/data.json.subst | 12 +++ 5 files changed, 132 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_metadata_url.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_metadata_url_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index af7c4c52..ac326f7e 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -71,6 +71,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.KeypairsSigningKeyRotationSettings(&c.clientInfo), resources.KeypairsSslServerSettings(&c.clientInfo), resources.LocalIdentityProfile(&c.clientInfo), + resources.MetadataUrl(&c.clientInfo), resources.NotificationPublisherSettings(&c.clientInfo), resources.OAuthAccessTokenManager(&c.clientInfo), resources.OAuthAccessTokenMapping(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 02c57951..013c7443 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -182,6 +182,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.LocalIdentityProfile(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateMetadataUrl", + resource: resources.MetadataUrl(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateNotificationPublishersSettings", resource: resources.NotificationPublisherSettings(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_metadata_url.go b/internal/connector/pingfederate/resources/pingfederate_metadata_url.go new file mode 100644 index 00000000..e60b343f --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_metadata_url.go @@ -0,0 +1,88 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateMetadataUrlResource{} +) + +type PingFederateMetadataUrlResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateMetadataUrlResource +func MetadataUrl(clientInfo *connector.PingFederateClientInfo) *PingFederateMetadataUrlResource { + return &PingFederateMetadataUrlResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateMetadataUrlResource) ResourceType() string { + return "pingfederate_metadata_url" +} + +func (r *PingFederateMetadataUrlResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + metadataUrlData, err := r.getMetadataUrlData() + if err != nil { + return nil, err + } + + for metadataUrlId, metadataUrlName := range *metadataUrlData { + commentData := map[string]string{ + "Metadata URL ID": metadataUrlId, + "Metadata URL Name": metadataUrlName, + "Resource Type": r.ResourceType(), + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: metadataUrlName, + ResourceID: metadataUrlId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + } + + return &importBlocks, nil +} + +func (r *PingFederateMetadataUrlResource) getMetadataUrlData() (*map[string]string, error) { + metadataUrlData := make(map[string]string) + + metadataUrls, response, err := r.clientInfo.ApiClient.MetadataUrlsAPI.GetMetadataUrls(r.clientInfo.Context).Execute() + err = common.HandleClientResponse(response, err, "GetMetadataUrls", r.ResourceType()) + if err != nil { + return nil, err + } + + if metadataUrls == nil { + return nil, common.DataNilError(r.ResourceType(), response) + } + + metadataUrlsItems, metadataUrlsItemsOk := metadataUrls.GetItemsOk() + if !metadataUrlsItemsOk { + return nil, common.DataNilError(r.ResourceType(), response) + } + + for _, metadataUrl := range metadataUrlsItems { + metadataUrlId, metadataUrlIdOk := metadataUrl.GetIdOk() + metadataUrlName, metadataUrlNameOk := metadataUrl.GetNameOk() + + if metadataUrlIdOk && metadataUrlNameOk { + metadataUrlData[*metadataUrlId] = *metadataUrlName + } + } + + return &metadataUrlData, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_metadata_url_test.go b/internal/connector/pingfederate/resources/pingfederate_metadata_url_test.go new file mode 100644 index 00000000..0d8cc3bd --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_metadata_url_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateMetadataUrlExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.MetadataUrl(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_metadata_url", + ResourceName: "Test Metadata URL", + ResourceID: "i8uUHFDebYX7Z7gSfyhZ9yKUA", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} diff --git a/server-profiles/12.1/data.json.subst b/server-profiles/12.1/data.json.subst index ed39ef82..86e5bd69 100644 --- a/server-profiles/12.1/data.json.subst +++ b/server-profiles/12.1/data.json.subst @@ -4017,6 +4017,18 @@ ] } ] + }, + { + "resourceType": "/metadataUrls", + "operationType": "SAVE", + "items": [ + { + "id": "i8uUHFDebYX7Z7gSfyhZ9yKUA", + "name": "Test Metadata URL", + "url": "https://www.example.com", + "validateSignature": false + } + ] } ] } From be0629cfb8e5c4801eb52697bc0873f9c03ecf8b Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 13:24:54 -0700 Subject: [PATCH 04/30] Add PF resource export for pingfederate_notification_publisher --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 ++ .../pingfederate_notification_publisher.go | 88 +++++++++++++++++++ ...ingfederate_notification_publisher_test.go | 31 +++++++ 4 files changed, 125 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_notification_publisher.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_notification_publisher_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index ac326f7e..c45a15a9 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -72,6 +72,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.KeypairsSslServerSettings(&c.clientInfo), resources.LocalIdentityProfile(&c.clientInfo), resources.MetadataUrl(&c.clientInfo), + resources.NotificationPublisher(&c.clientInfo), resources.NotificationPublisherSettings(&c.clientInfo), resources.OAuthAccessTokenManager(&c.clientInfo), resources.OAuthAccessTokenMapping(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 013c7443..2b85f231 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -187,6 +187,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.MetadataUrl(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateNotificationPublisher", + resource: resources.NotificationPublisher(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateNotificationPublishersSettings", resource: resources.NotificationPublisherSettings(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_notification_publisher.go b/internal/connector/pingfederate/resources/pingfederate_notification_publisher.go new file mode 100644 index 00000000..3167ab09 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_notification_publisher.go @@ -0,0 +1,88 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateNotificationPublisherResource{} +) + +type PingFederateNotificationPublisherResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateNotificationPublisherResource +func NotificationPublisher(clientInfo *connector.PingFederateClientInfo) *PingFederateNotificationPublisherResource { + return &PingFederateNotificationPublisherResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateNotificationPublisherResource) ResourceType() string { + return "pingfederate_notification_publisher" +} + +func (r *PingFederateNotificationPublisherResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + notificationPublisherData, err := r.getNotificationPublisherData() + if err != nil { + return nil, err + } + + for notificationPublisherId, notificationPublisherName := range *notificationPublisherData { + commentData := map[string]string{ + "Notification Publisher ID": notificationPublisherId, + "Notification Publisher Name": notificationPublisherName, + "Resource Type": r.ResourceType(), + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: notificationPublisherName, + ResourceID: notificationPublisherId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + } + + return &importBlocks, nil +} + +func (r *PingFederateNotificationPublisherResource) getNotificationPublisherData() (*map[string]string, error) { + notificationPublisherData := make(map[string]string) + + notificationPublishers, response, err := r.clientInfo.ApiClient.NotificationPublishersAPI.GetNotificationPublishers(r.clientInfo.Context).Execute() + err = common.HandleClientResponse(response, err, "GetNotificationPublishers", r.ResourceType()) + if err != nil { + return nil, err + } + + if notificationPublishers == nil { + return nil, common.DataNilError(r.ResourceType(), response) + } + + notificationPublishersItems, notificationPublishersItemsOk := notificationPublishers.GetItemsOk() + if !notificationPublishersItemsOk { + return nil, common.DataNilError(r.ResourceType(), response) + } + + for _, notificationPublisher := range notificationPublishersItems { + notificationPublisherId, notificationPublisherIdOk := notificationPublisher.GetIdOk() + notificationPublisherName, notificationPublisherNameOk := notificationPublisher.GetNameOk() + + if notificationPublisherIdOk && notificationPublisherNameOk { + notificationPublisherData[*notificationPublisherId] = *notificationPublisherName + } + } + + return ¬ificationPublisherData, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_notification_publisher_test.go b/internal/connector/pingfederate/resources/pingfederate_notification_publisher_test.go new file mode 100644 index 00000000..4b7328c4 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_notification_publisher_test.go @@ -0,0 +1,31 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateNotificationPublisherExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.NotificationPublisher(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_notification_publisher", + ResourceName: "exampleSmtpPublisher", + ResourceID: "exampleSmtpPublisher", + }, + { + ResourceType: "pingfederate_notification_publisher", + ResourceName: "exampleSmtpPublisher2", + ResourceID: "exampleSmtpPublisher2", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} From a00623009bb2cea328c3b2993e6c2f3f41fa7e9d Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 13:31:03 -0700 Subject: [PATCH 05/30] Add PF resource export for pingfederate_oauth_access_token_manager_settings --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 ++ ...ate_oauth_access_token_manager_settings.go | 53 +++++++++++++++++++ ...auth_access_token_manager_settings_test.go | 26 +++++++++ 4 files changed, 85 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index c45a15a9..7c8ec4fd 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -75,6 +75,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.NotificationPublisher(&c.clientInfo), resources.NotificationPublisherSettings(&c.clientInfo), resources.OAuthAccessTokenManager(&c.clientInfo), + resources.OAuthAccessTokenManagerSettings(&c.clientInfo), resources.OAuthAccessTokenMapping(&c.clientInfo), resources.OAuthCIBAServerPolicySettings(&c.clientInfo), resources.OAuthClient(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 2b85f231..3f958862 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -202,6 +202,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.OAuthAccessTokenManager(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateOAuthAccessTokenManagerSettings", + resource: resources.OAuthAccessTokenManagerSettings(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateOAuthAccessTokenMapping", resource: resources.OAuthAccessTokenMapping(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings.go b/internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings.go new file mode 100644 index 00000000..886f3033 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings.go @@ -0,0 +1,53 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateOAuthAccessTokenManagerSettingsResource{} +) + +type PingFederateOAuthAccessTokenManagerSettingsResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateOAuthAccessTokenManagerSettingsResource +func OAuthAccessTokenManagerSettings(clientInfo *connector.PingFederateClientInfo) *PingFederateOAuthAccessTokenManagerSettingsResource { + return &PingFederateOAuthAccessTokenManagerSettingsResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateOAuthAccessTokenManagerSettingsResource) ResourceType() string { + return "pingfederate_oauth_access_token_manager_settings" +} + +func (r *PingFederateOAuthAccessTokenManagerSettingsResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + oauthAccessTokenManagerSettingsId := "oauth_access_token_manager_settings_singleton_id" + oauthAccessTokenManagerSettingsName := "OAuth Access Token Manager Settings" + + commentData := map[string]string{ + "Resource Type": r.ResourceType(), + "Singleton ID": common.SINGLETON_ID_COMMENT_DATA, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: oauthAccessTokenManagerSettingsName, + ResourceID: oauthAccessTokenManagerSettingsId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + + return &importBlocks, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings_test.go b/internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings_test.go new file mode 100644 index 00000000..68650de0 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateOAuthAccessTokenManagerSettingsExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.OAuthAccessTokenManagerSettings(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_oauth_access_token_manager_settings", + ResourceName: "OAuth Access Token Manager Settings", + ResourceID: "oauth_access_token_manager_settings_singleton_id", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} From 4da15d1cd4ba15aa24b278bfcb48ae74dd82807f Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 13:57:11 -0700 Subject: [PATCH 06/30] Add PF resource export for pingfederate_oauth_authentication_policy_contract_mapping --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 + ..._authentication_policy_contract_mapping.go | 94 +++++++++++++++++++ ...entication_policy_contract_mapping_test.go | 26 +++++ server-profiles/12.1/data.json.subst | 31 ++++++ 5 files changed, 157 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index 7c8ec4fd..8e3a9c57 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -77,6 +77,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.OAuthAccessTokenManager(&c.clientInfo), resources.OAuthAccessTokenManagerSettings(&c.clientInfo), resources.OAuthAccessTokenMapping(&c.clientInfo), + resources.OAuthAuthenticationPolicyContractMapping(&c.clientInfo), resources.OAuthCIBAServerPolicySettings(&c.clientInfo), resources.OAuthClient(&c.clientInfo), resources.OAuthIssuer(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 3f958862..c9764c83 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -212,6 +212,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.OAuthAccessTokenMapping(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateOAuthAuthenticationPolicyContractMapping", + resource: resources.OAuthAuthenticationPolicyContractMapping(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateOAuthCIBAServerPolicySettings", resource: resources.OAuthCIBAServerPolicySettings(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping.go b/internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping.go new file mode 100644 index 00000000..f55b3c04 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping.go @@ -0,0 +1,94 @@ +package resources + +import ( + "fmt" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateOAuthAuthenticationPolicyContractMappingResource{} +) + +type PingFederateOAuthAuthenticationPolicyContractMappingResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateOAuthAuthenticationPolicyContractMappingResource +func OAuthAuthenticationPolicyContractMapping(clientInfo *connector.PingFederateClientInfo) *PingFederateOAuthAuthenticationPolicyContractMappingResource { + return &PingFederateOAuthAuthenticationPolicyContractMappingResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateOAuthAuthenticationPolicyContractMappingResource) ResourceType() string { + return "pingfederate_oauth_authentication_policy_contract_mapping" +} + +func (r *PingFederateOAuthAuthenticationPolicyContractMappingResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + apcToPersistentGrantMappingData, err := r.getApcToPersistentGrantMappingData() + if err != nil { + return nil, err + } + + for mappingId, mappingApcRefId := range *apcToPersistentGrantMappingData { + commentData := map[string]string{ + "Authentication Policy Contract ID": mappingApcRefId, + "Authentication Policy Contract Mapping ID": mappingId, + "Resource Type": r.ResourceType(), + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: fmt.Sprintf("%s_from_%s", mappingId, mappingApcRefId), + ResourceID: mappingId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + } + + return &importBlocks, nil +} + +func (r *PingFederateOAuthAuthenticationPolicyContractMappingResource) getApcToPersistentGrantMappingData() (*map[string]string, error) { + apcToPersistentGrantMappingData := make(map[string]string) + + apcToPersistentGrantMappings, response, err := r.clientInfo.ApiClient.OauthAuthenticationPolicyContractMappingsAPI.GetApcMappings(r.clientInfo.Context).Execute() + err = common.HandleClientResponse(response, err, "GetApcMappings", r.ResourceType()) + if err != nil { + return nil, err + } + + if apcToPersistentGrantMappings == nil { + return nil, common.DataNilError(r.ResourceType(), response) + } + + apcToPersistentGrantMappingsItems, apcToPersistentGrantMappingsItemsOk := apcToPersistentGrantMappings.GetItemsOk() + if !apcToPersistentGrantMappingsItemsOk { + return nil, common.DataNilError(r.ResourceType(), response) + } + + for _, apcToPersistentGrantMapping := range apcToPersistentGrantMappingsItems { + apcToPersistentGrantMappingId, apcToPersistentGrantMappingIdOk := apcToPersistentGrantMapping.GetIdOk() + apcToPersistentGrantMappingApcRef, apcToPersistentGrantMappingApcRefOk := apcToPersistentGrantMapping.GetAuthenticationPolicyContractRefOk() + + if apcToPersistentGrantMappingIdOk && apcToPersistentGrantMappingApcRefOk { + apcToPersistentGrantMappingApcRefId, apcToPersistentGrantMappingApcRefIdOk := apcToPersistentGrantMappingApcRef.GetIdOk() + + if apcToPersistentGrantMappingApcRefIdOk { + apcToPersistentGrantMappingData[*apcToPersistentGrantMappingId] = *apcToPersistentGrantMappingApcRefId + } + } + } + + return &apcToPersistentGrantMappingData, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping_test.go b/internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping_test.go new file mode 100644 index 00000000..db1c7912 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateOAuthAuthenticationPolicyContractMappingExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.OAuthAuthenticationPolicyContractMapping(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_oauth_authentication_policy_contract_mapping", + ResourceName: "QGxlec5CX693lBQL_from_QGxlec5CX693lBQL", + ResourceID: "QGxlec5CX693lBQL", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} diff --git a/server-profiles/12.1/data.json.subst b/server-profiles/12.1/data.json.subst index 86e5bd69..88b31bc8 100644 --- a/server-profiles/12.1/data.json.subst +++ b/server-profiles/12.1/data.json.subst @@ -4029,6 +4029,37 @@ "validateSignature": false } ] + }, + { + "resourceType": "/oauth/authenticationPolicyContractMappings", + "operationType": "SAVE", + "items": [ + { + "attributeSources": [], + "attributeContractFulfillment": { + "USER_NAME": { + "source": { + "type": "CONTEXT" + }, + "value": "OAuthScopes" + }, + "USER_KEY": { + "source": { + "type": "AUTHENTICATION_POLICY_CONTRACT" + }, + "value": "subject" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + }, + "id": "QGxlec5CX693lBQL", + "authenticationPolicyContractRef": { + "id": "QGxlec5CX693lBQL", + "location": "https://localhost:9999/pf-admin-api/v1/authenticationPolicyContracts/QGxlec5CX693lBQL" + } + } + ] } ] } From a936d4d1fd1e816f794d0f64a80f0a899bd38347 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 14:04:41 -0700 Subject: [PATCH 07/30] Add PF resource export for pingfederate_oauth_ciba_server_policy_request_policy --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 ++ ...oauth_ciba_server_policy_request_policy.go | 88 +++++++++++++++++++ ..._ciba_server_policy_request_policy_test.go | 26 ++++++ 4 files changed, 120 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_ciba_server_policy_request_policy.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_ciba_server_policy_request_policy_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index 8e3a9c57..d523c714 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -78,6 +78,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.OAuthAccessTokenManagerSettings(&c.clientInfo), resources.OAuthAccessTokenMapping(&c.clientInfo), resources.OAuthAuthenticationPolicyContractMapping(&c.clientInfo), + resources.OAuthCibaServerPolicyRequestPolicy(&c.clientInfo), resources.OAuthCIBAServerPolicySettings(&c.clientInfo), resources.OAuthClient(&c.clientInfo), resources.OAuthIssuer(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index c9764c83..ec0473d5 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -217,6 +217,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.OAuthAuthenticationPolicyContractMapping(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateOAuthCibaServerPolicyRequestPolicy", + resource: resources.OAuthCibaServerPolicyRequestPolicy(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateOAuthCIBAServerPolicySettings", resource: resources.OAuthCIBAServerPolicySettings(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_ciba_server_policy_request_policy.go b/internal/connector/pingfederate/resources/pingfederate_oauth_ciba_server_policy_request_policy.go new file mode 100644 index 00000000..dbde5ba9 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_ciba_server_policy_request_policy.go @@ -0,0 +1,88 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateOAuthClientResource{} +) + +type PingFederateOAuthCibaServerPolicyRequestPolicyResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateOAuthCibaServerPolicyRequestPolicyResource +func OAuthCibaServerPolicyRequestPolicy(clientInfo *connector.PingFederateClientInfo) *PingFederateOAuthCibaServerPolicyRequestPolicyResource { + return &PingFederateOAuthCibaServerPolicyRequestPolicyResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateOAuthCibaServerPolicyRequestPolicyResource) ResourceType() string { + return "pingfederate_oauth_ciba_server_policy_request_policy" +} + +func (r *PingFederateOAuthCibaServerPolicyRequestPolicyResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + oauthClientData, err := r.getRequestPolicyData() + if err != nil { + return nil, err + } + + for requestPolicyId, requestPolicyName := range *oauthClientData { + commentData := map[string]string{ + "OAuth CIBA Server Policy Request Policy ID": requestPolicyId, + "OAuth CIBA Server Policy Request Policy Name": requestPolicyName, + "Resource Type": r.ResourceType(), + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: requestPolicyName, + ResourceID: requestPolicyId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + } + + return &importBlocks, nil +} + +func (r *PingFederateOAuthCibaServerPolicyRequestPolicyResource) getRequestPolicyData() (*map[string]string, error) { + requestPolicyData := make(map[string]string) + + requestPolicies, response, err := r.clientInfo.ApiClient.OauthCibaServerPolicyAPI.GetCibaServerPolicies(r.clientInfo.Context).Execute() + err = common.HandleClientResponse(response, err, "GetCibaServerPolicies", r.ResourceType()) + if err != nil { + return nil, err + } + + if requestPolicies == nil { + return nil, common.DataNilError(r.ResourceType(), response) + } + + requestPoliciesItems, requestPoliciesItemsOk := requestPolicies.GetItemsOk() + if !requestPoliciesItemsOk { + return nil, common.DataNilError(r.ResourceType(), response) + } + + for _, requestPolicy := range requestPoliciesItems { + requestPolicyId, requestPolicyIdOk := requestPolicy.GetIdOk() + requestPolicyName, requestPolicyNameOk := requestPolicy.GetNameOk() + + if requestPolicyIdOk && requestPolicyNameOk { + requestPolicyData[*requestPolicyId] = *requestPolicyName + } + } + + return &requestPolicyData, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_ciba_server_policy_request_policy_test.go b/internal/connector/pingfederate/resources/pingfederate_oauth_ciba_server_policy_request_policy_test.go new file mode 100644 index 00000000..a85dd202 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_ciba_server_policy_request_policy_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateOAuthCibaServerPolicyRequestPolicyExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.OAuthCibaServerPolicyRequestPolicy(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_oauth_ciba_server_policy_request_policy", + ResourceName: "exampleCibaReqPolicy", + ResourceID: "exampleCibaReqPolicy", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} From 61db79796155856bfbd9dd2b5242fe2a3d1d44cc Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 14:14:42 -0700 Subject: [PATCH 08/30] Add PF resource export for pingfederate_oauth_client_registration_policy --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 ++ ...derate_oauth_client_registration_policy.go | 88 +++++++++++++++++++ ...e_oauth_client_registration_policy_test.go | 26 ++++++ server-profiles/12.1/data.json.subst | 48 ++++++++++ 5 files changed, 168 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_client_registration_policy.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_client_registration_policy_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index d523c714..8b86c45e 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -81,6 +81,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.OAuthCibaServerPolicyRequestPolicy(&c.clientInfo), resources.OAuthCIBAServerPolicySettings(&c.clientInfo), resources.OAuthClient(&c.clientInfo), + resources.OAuthClientRegistrationPolicy(&c.clientInfo), resources.OAuthIssuer(&c.clientInfo), resources.OAuthServerSettings(&c.clientInfo), resources.OpenIDConnectPolicy(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index ec0473d5..d4913a12 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -232,6 +232,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.OAuthClient(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateOAuthClientRegistrationPolicy", + resource: resources.OAuthClientRegistrationPolicy(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateOAuthIssuer", resource: resources.OAuthIssuer(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_client_registration_policy.go b/internal/connector/pingfederate/resources/pingfederate_oauth_client_registration_policy.go new file mode 100644 index 00000000..1fa09d58 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_client_registration_policy.go @@ -0,0 +1,88 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateOAuthClientRegistrationPolicyResource{} +) + +type PingFederateOAuthClientRegistrationPolicyResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateOAuthClientRegistrationPolicyResource +func OAuthClientRegistrationPolicy(clientInfo *connector.PingFederateClientInfo) *PingFederateOAuthClientRegistrationPolicyResource { + return &PingFederateOAuthClientRegistrationPolicyResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateOAuthClientRegistrationPolicyResource) ResourceType() string { + return "pingfederate_oauth_client_registration_policy" +} + +func (r *PingFederateOAuthClientRegistrationPolicyResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + clientRegistrationPolicyData, err := r.getClientRegistrationPolicyData() + if err != nil { + return nil, err + } + + for clientRegistrationPolicyId, clientRegistrationPolicyName := range *clientRegistrationPolicyData { + commentData := map[string]string{ + "OAuth Client Registration Policy ID": clientRegistrationPolicyId, + "OAuth Client Registration Policy Name": clientRegistrationPolicyName, + "Resource Type": r.ResourceType(), + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: clientRegistrationPolicyName, + ResourceID: clientRegistrationPolicyId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + } + + return &importBlocks, nil +} + +func (r *PingFederateOAuthClientRegistrationPolicyResource) getClientRegistrationPolicyData() (*map[string]string, error) { + clientRegistrationPolicyData := make(map[string]string) + + clientRegistrationPolicies, response, err := r.clientInfo.ApiClient.OauthClientRegistrationPoliciesAPI.GetDynamicClientRegistrationPolicies(r.clientInfo.Context).Execute() + err = common.HandleClientResponse(response, err, "GetDynamicClientRegistrationPolicies", r.ResourceType()) + if err != nil { + return nil, err + } + + if clientRegistrationPolicies == nil { + return nil, common.DataNilError(r.ResourceType(), response) + } + + clientRegistrationPoliciesItems, clientRegistrationPoliciesItemsOk := clientRegistrationPolicies.GetItemsOk() + if !clientRegistrationPoliciesItemsOk { + return nil, common.DataNilError(r.ResourceType(), response) + } + + for _, clientRegistrationPolicy := range clientRegistrationPoliciesItems { + clientRegistrationPolicyId, clientRegistrationPolicyIdOk := clientRegistrationPolicy.GetIdOk() + clientRegistrationPolicyName, clientRegistrationPolicyNameOk := clientRegistrationPolicy.GetNameOk() + + if clientRegistrationPolicyIdOk && clientRegistrationPolicyNameOk { + clientRegistrationPolicyData[*clientRegistrationPolicyId] = *clientRegistrationPolicyName + } + } + + return &clientRegistrationPolicyData, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_client_registration_policy_test.go b/internal/connector/pingfederate/resources/pingfederate_oauth_client_registration_policy_test.go new file mode 100644 index 00000000..585ad8b3 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_client_registration_policy_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateOAuthClientRegistrationPolicyExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.OAuthClientRegistrationPolicy(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_oauth_client_registration_policy", + ResourceName: "Test Registration Policy", + ResourceID: "testRegistrationPolicy", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} diff --git a/server-profiles/12.1/data.json.subst b/server-profiles/12.1/data.json.subst index 88b31bc8..1738459b 100644 --- a/server-profiles/12.1/data.json.subst +++ b/server-profiles/12.1/data.json.subst @@ -4060,6 +4060,54 @@ } } ] + }, + { + "resourceType": "/oauth/clientRegistrationPolicies", + "operationType": "SAVE", + "items": [ + { + "id": "testRegistrationPolicy", + "name": "Test Registration Policy", + "pluginDescriptorRef": { + "id": "com.pingidentity.pf.client.registration.ResponseTypesConstraintsPlugin", + "location": "https://localhost:9999/pf-admin-api/v1/oauth/clientRegistrationPolicies/descriptors/com.pingidentity.pf.client.registration.ResponseTypesConstraintsPlugin" + }, + "configuration": { + "tables": [], + "fields": [ + { + "name": "code", + "value": "true" + }, + { + "name": "code id_token", + "value": "true" + }, + { + "name": "code id_token token", + "value": "true" + }, + { + "name": "code token", + "value": "true" + }, + { + "name": "id_token", + "value": "true" + }, + { + "name": "id_token token", + "value": "true" + }, + { + "name": "token", + "value": "true" + } + ] + }, + "lastModified": "2024-12-30T21:10:11.943Z" + } + ] } ] } From a4a4ceacf5e831e092fdce88508a18596e2ab208 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 14:19:51 -0700 Subject: [PATCH 09/30] Add PF resource export for pingfederate_oauth_client_settings --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 ++ .../pingfederate_oauth_client_settings.go | 53 +++++++++++++++++++ ...pingfederate_oauth_client_settings_test.go | 26 +++++++++ 4 files changed, 85 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_client_settings.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_client_settings_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index 8b86c45e..831615ea 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -82,6 +82,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.OAuthCIBAServerPolicySettings(&c.clientInfo), resources.OAuthClient(&c.clientInfo), resources.OAuthClientRegistrationPolicy(&c.clientInfo), + resources.OAuthClientSettings(&c.clientInfo), resources.OAuthIssuer(&c.clientInfo), resources.OAuthServerSettings(&c.clientInfo), resources.OpenIDConnectPolicy(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index d4913a12..9d391a3d 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -237,6 +237,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.OAuthClientRegistrationPolicy(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateOAuthClientSettings", + resource: resources.OAuthClientSettings(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateOAuthIssuer", resource: resources.OAuthIssuer(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_client_settings.go b/internal/connector/pingfederate/resources/pingfederate_oauth_client_settings.go new file mode 100644 index 00000000..e39a53b2 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_client_settings.go @@ -0,0 +1,53 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateOAuthClientSettingsResource{} +) + +type PingFederateOAuthClientSettingsResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateOAuthClientSettingsResource +func OAuthClientSettings(clientInfo *connector.PingFederateClientInfo) *PingFederateOAuthClientSettingsResource { + return &PingFederateOAuthClientSettingsResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateOAuthClientSettingsResource) ResourceType() string { + return "pingfederate_oauth_client_settings" +} + +func (r *PingFederateOAuthClientSettingsResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + oAuthClientSettingsId := "oauth_client_settings_singleton_id" + oAuthClientSettingsName := "OAuth Client Settings" + + commentData := map[string]string{ + "Resource Type": r.ResourceType(), + "Singleton ID": common.SINGLETON_ID_COMMENT_DATA, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: oAuthClientSettingsName, + ResourceID: oAuthClientSettingsId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + + return &importBlocks, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_client_settings_test.go b/internal/connector/pingfederate/resources/pingfederate_oauth_client_settings_test.go new file mode 100644 index 00000000..7f805f98 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_client_settings_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateOAuthClientSettingsExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.OAuthClientSettings(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_oauth_client_settings", + ResourceName: "OAuth Client Settings", + ResourceID: "oauth_client_settings_singleton_id", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} From d9f532c60e348fc56019900f776c88b0691d5ae9 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 14:33:42 -0700 Subject: [PATCH 10/30] Add PF resource export for pingfederate_oauth_idp_adapter_mapping --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 ++ .../pingfederate_oauth_idp_adapter_mapping.go | 88 +++++++++++++++++++ ...federate_oauth_idp_adapter_mapping_test.go | 26 ++++++ server-profiles/12.1/data.json.subst | 31 +++++++ 5 files changed, 151 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_idp_adapter_mapping.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_idp_adapter_mapping_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index 831615ea..e1abd7c9 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -83,6 +83,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.OAuthClient(&c.clientInfo), resources.OAuthClientRegistrationPolicy(&c.clientInfo), resources.OAuthClientSettings(&c.clientInfo), + resources.OAuthIdpAdapterMapping(&c.clientInfo), resources.OAuthIssuer(&c.clientInfo), resources.OAuthServerSettings(&c.clientInfo), resources.OpenIDConnectPolicy(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 9d391a3d..fb1a9bac 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -242,6 +242,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.OAuthClientSettings(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateOAuthIdpAdapterMapping", + resource: resources.OAuthIdpAdapterMapping(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateOAuthIssuer", resource: resources.OAuthIssuer(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_idp_adapter_mapping.go b/internal/connector/pingfederate/resources/pingfederate_oauth_idp_adapter_mapping.go new file mode 100644 index 00000000..5b0bf769 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_idp_adapter_mapping.go @@ -0,0 +1,88 @@ +package resources + +import ( + "fmt" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateOAuthIdpAdapterMappingResource{} +) + +type PingFederateOAuthIdpAdapterMappingResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateOAuthIdpAdapterMappingResource +func OAuthIdpAdapterMapping(clientInfo *connector.PingFederateClientInfo) *PingFederateOAuthIdpAdapterMappingResource { + return &PingFederateOAuthIdpAdapterMappingResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateOAuthIdpAdapterMappingResource) ResourceType() string { + return "pingfederate_oauth_idp_adapter_mapping" +} + +func (r *PingFederateOAuthIdpAdapterMappingResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + idpAdapterMappingData, err := r.getIdpAdapterMappingData() + if err != nil { + return nil, err + } + + for _, idpAdapterMappingId := range *idpAdapterMappingData { + commentData := map[string]string{ + "OAuth IDP Adapter Mapping ID": idpAdapterMappingId, + "Resource Type": r.ResourceType(), + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: fmt.Sprintf("%s_mapping", idpAdapterMappingId), + ResourceID: idpAdapterMappingId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + } + + return &importBlocks, nil +} + +func (r *PingFederateOAuthIdpAdapterMappingResource) getIdpAdapterMappingData() (*[]string, error) { + idpAdapterMappingData := []string{} + + idpAdapterMappings, response, err := r.clientInfo.ApiClient.OauthIdpAdapterMappingsAPI.GetIdpAdapterMappings(r.clientInfo.Context).Execute() + err = common.HandleClientResponse(response, err, "GetIdpAdapterMappings", r.ResourceType()) + if err != nil { + return nil, err + } + + if idpAdapterMappings == nil { + return nil, common.DataNilError(r.ResourceType(), response) + } + + idpAdapterMappingsItems, idpAdapterMappingsItemsOk := idpAdapterMappings.GetItemsOk() + if !idpAdapterMappingsItemsOk { + return nil, common.DataNilError(r.ResourceType(), response) + } + + for _, idpAdapterMapping := range idpAdapterMappingsItems { + idpAdapterMappingId, idpAdapterMappingIdOk := idpAdapterMapping.GetIdOk() + + if idpAdapterMappingIdOk { + idpAdapterMappingData = append(idpAdapterMappingData, *idpAdapterMappingId) + } + } + + return &idpAdapterMappingData, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_idp_adapter_mapping_test.go b/internal/connector/pingfederate/resources/pingfederate_oauth_idp_adapter_mapping_test.go new file mode 100644 index 00000000..360307af --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_idp_adapter_mapping_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateOAuthIdpAdapterMappingExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.OAuthIdpAdapterMapping(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_oauth_idp_adapter_mapping", + ResourceName: "OTIdPJava_mapping", + ResourceID: "OTIdPJava", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} diff --git a/server-profiles/12.1/data.json.subst b/server-profiles/12.1/data.json.subst index 1738459b..87d2c779 100644 --- a/server-profiles/12.1/data.json.subst +++ b/server-profiles/12.1/data.json.subst @@ -4108,6 +4108,37 @@ "lastModified": "2024-12-30T21:10:11.943Z" } ] + }, + { + "resourceType": "/oauth/idpAdapterMappings", + "operationType": "SAVE", + "items": [ + { + "attributeSources": [], + "attributeContractFulfillment": { + "USER_NAME": { + "source": { + "type": "CONTEXT" + }, + "value": "OAuthScopes" + }, + "USER_KEY": { + "source": { + "type": "ADAPTER" + }, + "value": "subject" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + }, + "id": "OTIdPJava", + "idpAdapterRef": { + "id": "OTIdPJava", + "location": "https://localhost:9999/pf-admin-api/v1/idp/adapters/OTIdPJava" + } + } + ] } ] } From 446a718d0e8b40c795a83c53da1cbf635cc38b45 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 14:41:27 -0700 Subject: [PATCH 11/30] Add PF resource export for pingfederate_oauth_authentication_policy_contract_mapping --- ...rate_oauth_access_token_manager_settings.go | 4 ++-- ...h_authentication_policy_contract_mapping.go | 18 ++++++------------ ...hentication_policy_contract_mapping_test.go | 2 +- 3 files changed, 9 insertions(+), 15 deletions(-) diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings.go b/internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings.go index 886f3033..0c586783 100644 --- a/internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings.go +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings.go @@ -32,8 +32,8 @@ func (r *PingFederateOAuthAccessTokenManagerSettingsResource) ExportAll() (*[]co importBlocks := []connector.ImportBlock{} - oauthAccessTokenManagerSettingsId := "oauth_access_token_manager_settings_singleton_id" - oauthAccessTokenManagerSettingsName := "OAuth Access Token Manager Settings" + oauthAccessTokenManagerSettingsId := "oauth_access_token_manager_settings_singleton_id" // #nosec G101 + oauthAccessTokenManagerSettingsName := "OAuth Access Token Manager Settings" // #nosec G101 commentData := map[string]string{ "Resource Type": r.ResourceType(), diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping.go b/internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping.go index f55b3c04..d51f20c4 100644 --- a/internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping.go +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping.go @@ -39,16 +39,15 @@ func (r *PingFederateOAuthAuthenticationPolicyContractMappingResource) ExportAll return nil, err } - for mappingId, mappingApcRefId := range *apcToPersistentGrantMappingData { + for _, mappingId := range *apcToPersistentGrantMappingData { commentData := map[string]string{ - "Authentication Policy Contract ID": mappingApcRefId, "Authentication Policy Contract Mapping ID": mappingId, "Resource Type": r.ResourceType(), } importBlock := connector.ImportBlock{ ResourceType: r.ResourceType(), - ResourceName: fmt.Sprintf("%s_from_%s", mappingId, mappingApcRefId), + ResourceName: fmt.Sprintf("%s_mapping", mappingId), ResourceID: mappingId, CommentInformation: common.GenerateCommentInformation(commentData), } @@ -59,8 +58,8 @@ func (r *PingFederateOAuthAuthenticationPolicyContractMappingResource) ExportAll return &importBlocks, nil } -func (r *PingFederateOAuthAuthenticationPolicyContractMappingResource) getApcToPersistentGrantMappingData() (*map[string]string, error) { - apcToPersistentGrantMappingData := make(map[string]string) +func (r *PingFederateOAuthAuthenticationPolicyContractMappingResource) getApcToPersistentGrantMappingData() (*[]string, error) { + apcToPersistentGrantMappingData := []string{} apcToPersistentGrantMappings, response, err := r.clientInfo.ApiClient.OauthAuthenticationPolicyContractMappingsAPI.GetApcMappings(r.clientInfo.Context).Execute() err = common.HandleClientResponse(response, err, "GetApcMappings", r.ResourceType()) @@ -79,14 +78,9 @@ func (r *PingFederateOAuthAuthenticationPolicyContractMappingResource) getApcToP for _, apcToPersistentGrantMapping := range apcToPersistentGrantMappingsItems { apcToPersistentGrantMappingId, apcToPersistentGrantMappingIdOk := apcToPersistentGrantMapping.GetIdOk() - apcToPersistentGrantMappingApcRef, apcToPersistentGrantMappingApcRefOk := apcToPersistentGrantMapping.GetAuthenticationPolicyContractRefOk() - if apcToPersistentGrantMappingIdOk && apcToPersistentGrantMappingApcRefOk { - apcToPersistentGrantMappingApcRefId, apcToPersistentGrantMappingApcRefIdOk := apcToPersistentGrantMappingApcRef.GetIdOk() - - if apcToPersistentGrantMappingApcRefIdOk { - apcToPersistentGrantMappingData[*apcToPersistentGrantMappingId] = *apcToPersistentGrantMappingApcRefId - } + if apcToPersistentGrantMappingIdOk { + apcToPersistentGrantMappingData = append(apcToPersistentGrantMappingData, *apcToPersistentGrantMappingId) } } diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping_test.go b/internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping_test.go index db1c7912..109658c9 100644 --- a/internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping_test.go +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_authentication_policy_contract_mapping_test.go @@ -17,7 +17,7 @@ func TestPingFederateOAuthAuthenticationPolicyContractMappingExport(t *testing.T expectedImportBlocks := []connector.ImportBlock{ { ResourceType: "pingfederate_oauth_authentication_policy_contract_mapping", - ResourceName: "QGxlec5CX693lBQL_from_QGxlec5CX693lBQL", + ResourceName: "QGxlec5CX693lBQL_mapping", ResourceID: "QGxlec5CX693lBQL", }, } From 20efb2b139da4bc8d2d6d2a7da03d9bedc9faab8 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 14:47:08 -0700 Subject: [PATCH 12/30] Add PF resource export for pingfederate_oauth_token_exchange_generator_settings --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 ++ ...oauth_token_exchange_generator_settings.go | 53 +++++++++++++++++++ ..._token_exchange_generator_settings_test.go | 26 +++++++++ 4 files changed, 85 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index e1abd7c9..8fc78a01 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -86,6 +86,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.OAuthIdpAdapterMapping(&c.clientInfo), resources.OAuthIssuer(&c.clientInfo), resources.OAuthServerSettings(&c.clientInfo), + resources.OAuthTokenExchangeGeneratorSettings(&c.clientInfo), resources.OpenIDConnectPolicy(&c.clientInfo), resources.OpenIDConnectSettings(&c.clientInfo), resources.PasswordCredentialValidator(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index fb1a9bac..8ae13bc3 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -257,6 +257,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.OAuthServerSettings(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateOAuthTokenExchangeGeneratorSettings", + resource: resources.OAuthTokenExchangeGeneratorSettings(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateOpenIDConnectPolicy", resource: resources.OpenIDConnectPolicy(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings.go b/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings.go new file mode 100644 index 00000000..3998364c --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings.go @@ -0,0 +1,53 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateOAuthTokenExchangeGeneratorSettingsResource{} +) + +type PingFederateOAuthTokenExchangeGeneratorSettingsResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateOAuthTokenExchangeGeneratorSettingsResource +func OAuthTokenExchangeGeneratorSettings(clientInfo *connector.PingFederateClientInfo) *PingFederateOAuthTokenExchangeGeneratorSettingsResource { + return &PingFederateOAuthTokenExchangeGeneratorSettingsResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateOAuthTokenExchangeGeneratorSettingsResource) ResourceType() string { + return "pingfederate_oauth_token_exchange_generator_settings" +} + +func (r *PingFederateOAuthTokenExchangeGeneratorSettingsResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + oauthTokenExchangeGeneratorSettingsId := "oauth_token_exchange_generator_settings_singleton_id" + oauthTokenExchangeGeneratorSettingsName := "OAuth Token Exchange Generator Settings" + + commentData := map[string]string{ + "Resource Type": r.ResourceType(), + "Singleton ID": common.SINGLETON_ID_COMMENT_DATA, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: oauthTokenExchangeGeneratorSettingsName, + ResourceID: oauthTokenExchangeGeneratorSettingsId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + + return &importBlocks, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings_test.go b/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings_test.go new file mode 100644 index 00000000..768eec3b --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateOAuthTokenExchangeGeneratorSettingsExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.OAuthTokenExchangeGeneratorSettings(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_oauth_token_exchange_generator_settings", + ResourceName: "OAuth Token Exchange Generator Settings", + ResourceID: "oauth_token_exchange_generator_settings_singleton_id", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} From b4e14146f8a956584b73c3d6dcb08b136eb1beaa Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 14:59:33 -0700 Subject: [PATCH 13/30] Add PF resource export for pingfederate_oauth_token_exchange_token_generator_mapping --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 + ..._token_exchange_token_generator_mapping.go | 95 +++++++++++++++++++ ...n_exchange_token_generator_mapping_test.go | 26 +++++ server-profiles/12.1/data.json.subst | 23 +++++ 5 files changed, 150 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_token_generator_mapping.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_token_generator_mapping_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index 8fc78a01..c9c7b220 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -87,6 +87,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.OAuthIssuer(&c.clientInfo), resources.OAuthServerSettings(&c.clientInfo), resources.OAuthTokenExchangeGeneratorSettings(&c.clientInfo), + resources.OAuthTokenExchangeTokenGeneratorMapping(&c.clientInfo), resources.OpenIDConnectPolicy(&c.clientInfo), resources.OpenIDConnectSettings(&c.clientInfo), resources.PasswordCredentialValidator(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 8ae13bc3..9bb70ef1 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -262,6 +262,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.OAuthTokenExchangeGeneratorSettings(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateOAuthTokenExchangeTokenGeneratorMapping", + resource: resources.OAuthTokenExchangeTokenGeneratorMapping(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateOpenIDConnectPolicy", resource: resources.OpenIDConnectPolicy(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_token_generator_mapping.go b/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_token_generator_mapping.go new file mode 100644 index 00000000..1bcba128 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_token_generator_mapping.go @@ -0,0 +1,95 @@ +package resources + +import ( + "fmt" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateOAuthTokenExchangeTokenGeneratorMappingResource{} +) + +type PingFederateOAuthTokenExchangeTokenGeneratorMappingResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateOAuthTokenExchangeTokenGeneratorMappingResource +func OAuthTokenExchangeTokenGeneratorMapping(clientInfo *connector.PingFederateClientInfo) *PingFederateOAuthTokenExchangeTokenGeneratorMappingResource { + return &PingFederateOAuthTokenExchangeTokenGeneratorMappingResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateOAuthTokenExchangeTokenGeneratorMappingResource) ResourceType() string { + return "pingfederate_oauth_token_exchange_token_generator_mapping" +} + +func (r *PingFederateOAuthTokenExchangeTokenGeneratorMappingResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + processorPolicyToGeneratorMappingData, err := r.getProcessorPolicyToGeneratorMappingData() + if err != nil { + return nil, err + } + + for mappingId, mappingInfo := range *processorPolicyToGeneratorMappingData { + sourceId := mappingInfo[0] + targetId := mappingInfo[1] + + commentData := map[string]string{ + "OAuth Token Exchange Token Generator Mapping ID": mappingId, + "Processor Policy ID": sourceId, + "Resource Type": r.ResourceType(), + "Token Generator ID": targetId, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: fmt.Sprintf("%s_to_%s", sourceId, targetId), + ResourceID: mappingId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + } + + return &importBlocks, nil +} + +func (r *PingFederateOAuthTokenExchangeTokenGeneratorMappingResource) getProcessorPolicyToGeneratorMappingData() (*map[string][]string, error) { + processorPolicyToGeneratorMappingData := make(map[string][]string) + + processorPolicyToGeneratorMappings, response, err := r.clientInfo.ApiClient.OauthTokenExchangeTokenGeneratorMappingsAPI.GetTokenGeneratorMappings(r.clientInfo.Context).Execute() + err = common.HandleClientResponse(response, err, "GetTokenGeneratorMappings", r.ResourceType()) + if err != nil { + return nil, err + } + + if processorPolicyToGeneratorMappings == nil { + return nil, common.DataNilError(r.ResourceType(), response) + } + + processorPolicyToGeneratorMappingsItems, processorPolicyToGeneratorMappingsItemsOk := processorPolicyToGeneratorMappings.GetItemsOk() + if !processorPolicyToGeneratorMappingsItemsOk { + return nil, common.DataNilError(r.ResourceType(), response) + } + + for _, mapping := range processorPolicyToGeneratorMappingsItems { + mappingId, mappingIdOk := mapping.GetIdOk() + mappingSourceId, mappingSourceIdOk := mapping.GetSourceIdOk() + mappingTargetId, mappingTargetIdOk := mapping.GetTargetIdOk() + + if mappingIdOk && mappingSourceIdOk && mappingTargetIdOk { + processorPolicyToGeneratorMappingData[*mappingId] = []string{*mappingSourceId, *mappingTargetId} + } + } + + return &processorPolicyToGeneratorMappingData, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_token_generator_mapping_test.go b/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_token_generator_mapping_test.go new file mode 100644 index 00000000..012b3367 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_token_generator_mapping_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateOAuthTokenExchangeTokenGeneratorMappingExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.OAuthTokenExchangeTokenGeneratorMapping(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_oauth_token_exchange_token_generator_mapping", + ResourceName: "tokenexchangeprocessorpolicy_to_tokengenerator", + ResourceID: "tokenexchangeprocessorpolicy|tokengenerator", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} diff --git a/server-profiles/12.1/data.json.subst b/server-profiles/12.1/data.json.subst index 87d2c779..33032de3 100644 --- a/server-profiles/12.1/data.json.subst +++ b/server-profiles/12.1/data.json.subst @@ -4139,6 +4139,29 @@ } } ] + }, + { + "resourceType": "/oauth/tokenExchange/tokenGeneratorMappings", + "operationType": "SAVE", + "items": [ + { + "attributeSources": [], + "attributeContractFulfillment": { + "SAML_SUBJECT": { + "source": { + "type": "CONTEXT" + }, + "value": "OAuthScopes" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + }, + "id": "tokenexchangeprocessorpolicy|tokengenerator", + "sourceId": "tokenexchangeprocessorpolicy", + "targetId": "tokengenerator" + } + ] } ] } From 7e9480dd2995db80728ecbcffd208b1bac02d676 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 15:05:11 -0700 Subject: [PATCH 14/30] Add PF resource export for pingfederate_protocol_metadata_lifetime_settings --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 ++ ...ate_protocol_metadata_lifetime_settings.go | 53 +++++++++++++++++++ ...rotocol_metadata_lifetime_settings_test.go | 26 +++++++++ 4 files changed, 85 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_protocol_metadata_lifetime_settings.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_protocol_metadata_lifetime_settings_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index c9c7b220..a27f4ead 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -92,6 +92,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.OpenIDConnectSettings(&c.clientInfo), resources.PasswordCredentialValidator(&c.clientInfo), resources.PingOneConnection(&c.clientInfo), + resources.ProtocolMetadataLifetimeSettings(&c.clientInfo), resources.RedirectValidation(&c.clientInfo), resources.ServerSettings(&c.clientInfo), resources.ServerSettingsGeneral(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 9bb70ef1..c21e2475 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -287,6 +287,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.PingOneConnection(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateProtocolMetadataLifetimeSettings", + resource: resources.ProtocolMetadataLifetimeSettings(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateRedirectValidation", resource: resources.RedirectValidation(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_protocol_metadata_lifetime_settings.go b/internal/connector/pingfederate/resources/pingfederate_protocol_metadata_lifetime_settings.go new file mode 100644 index 00000000..b2bf24f4 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_protocol_metadata_lifetime_settings.go @@ -0,0 +1,53 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateProtocolMetadataLifetimeSettingsResource{} +) + +type PingFederateProtocolMetadataLifetimeSettingsResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateProtocolMetadataLifetimeSettingsResource +func ProtocolMetadataLifetimeSettings(clientInfo *connector.PingFederateClientInfo) *PingFederateProtocolMetadataLifetimeSettingsResource { + return &PingFederateProtocolMetadataLifetimeSettingsResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateProtocolMetadataLifetimeSettingsResource) ResourceType() string { + return "pingfederate_protocol_metadata_lifetime_settings" +} + +func (r *PingFederateProtocolMetadataLifetimeSettingsResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + protocolMetadataLifetimeSettingsId := "protocol_metadata_lifetime_settings_singleton_id" + protocolMetadataLifetimeSettingsName := "Protocol Metadata Lifetime Settings" + + commentData := map[string]string{ + "Resource Type": r.ResourceType(), + "Singleton ID": common.SINGLETON_ID_COMMENT_DATA, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: protocolMetadataLifetimeSettingsName, + ResourceID: protocolMetadataLifetimeSettingsId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + + return &importBlocks, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_protocol_metadata_lifetime_settings_test.go b/internal/connector/pingfederate/resources/pingfederate_protocol_metadata_lifetime_settings_test.go new file mode 100644 index 00000000..b00ffcc3 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_protocol_metadata_lifetime_settings_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateProtocolMetadataLifetimeSettingsExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.ProtocolMetadataLifetimeSettings(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_protocol_metadata_lifetime_settings", + ResourceName: "Protocol Metadata Lifetime Settings", + ResourceID: "protocol_metadata_lifetime_settings_singleton_id", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} From 3e0422cd7de03a557bcbd0f86e29b8272841ecde Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 15:08:52 -0700 Subject: [PATCH 15/30] Add PF resource export for pingfederate_protocol_metadata_signing_settings --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 ++ ...rate_protocol_metadata_signing_settings.go | 53 +++++++++++++++++++ ...protocol_metadata_signing_settings_test.go | 26 +++++++++ 4 files changed, 85 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_protocol_metadata_signing_settings.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_protocol_metadata_signing_settings_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index a27f4ead..209bc038 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -93,6 +93,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.PasswordCredentialValidator(&c.clientInfo), resources.PingOneConnection(&c.clientInfo), resources.ProtocolMetadataLifetimeSettings(&c.clientInfo), + resources.ProtocolMetadataSigningSettings(&c.clientInfo), resources.RedirectValidation(&c.clientInfo), resources.ServerSettings(&c.clientInfo), resources.ServerSettingsGeneral(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index c21e2475..841faf3c 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -292,6 +292,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.ProtocolMetadataLifetimeSettings(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateProtocolMetadataSigningSettings", + resource: resources.ProtocolMetadataSigningSettings(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateRedirectValidation", resource: resources.RedirectValidation(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_protocol_metadata_signing_settings.go b/internal/connector/pingfederate/resources/pingfederate_protocol_metadata_signing_settings.go new file mode 100644 index 00000000..995a92ca --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_protocol_metadata_signing_settings.go @@ -0,0 +1,53 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateProtocolMetadataSigningSettingsResource{} +) + +type PingFederateProtocolMetadataSigningSettingsResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateProtocolMetadataSigningSettingsResource +func ProtocolMetadataSigningSettings(clientInfo *connector.PingFederateClientInfo) *PingFederateProtocolMetadataSigningSettingsResource { + return &PingFederateProtocolMetadataSigningSettingsResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateProtocolMetadataSigningSettingsResource) ResourceType() string { + return "pingfederate_protocol_metadata_signing_settings" +} + +func (r *PingFederateProtocolMetadataSigningSettingsResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + protocolMetadataSigningSettingsId := "protocol_metadata_signing_settings_singleton_id" + protocolMetadataSigningSettingsName := "Protocol Metadata Signing Settings" + + commentData := map[string]string{ + "Resource Type": r.ResourceType(), + "Singleton ID": common.SINGLETON_ID_COMMENT_DATA, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: protocolMetadataSigningSettingsName, + ResourceID: protocolMetadataSigningSettingsId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + + return &importBlocks, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_protocol_metadata_signing_settings_test.go b/internal/connector/pingfederate/resources/pingfederate_protocol_metadata_signing_settings_test.go new file mode 100644 index 00000000..b801bb38 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_protocol_metadata_signing_settings_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateProtocolMetadataSigningSettingsExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.ProtocolMetadataSigningSettings(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_protocol_metadata_signing_settings", + ResourceName: "Protocol Metadata Signing Settings", + ResourceID: "protocol_metadata_signing_settings_singleton_id", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} From 3ca840c71d77625789cdf99e6acd12d06a661940 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 15:18:41 -0700 Subject: [PATCH 16/30] Add PF resource export for pingfederate_secret_manager --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 ++ .../resources/pingfederate_secret_manager.go | 88 +++++++++++++++++++ .../pingfederate_secret_manager_test.go | 26 ++++++ server-profiles/12.1/data.json.subst | 36 ++++++++ 5 files changed, 156 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_secret_manager.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_secret_manager_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index 209bc038..188d12fe 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -95,6 +95,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.ProtocolMetadataLifetimeSettings(&c.clientInfo), resources.ProtocolMetadataSigningSettings(&c.clientInfo), resources.RedirectValidation(&c.clientInfo), + resources.SecretManager(&c.clientInfo), resources.ServerSettings(&c.clientInfo), resources.ServerSettingsGeneral(&c.clientInfo), resources.ServerSettingsSystemKeysRotate(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 841faf3c..134c085d 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -302,6 +302,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.RedirectValidation(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateSecretManager", + resource: resources.SecretManager(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateServerSettings", resource: resources.ServerSettings(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_secret_manager.go b/internal/connector/pingfederate/resources/pingfederate_secret_manager.go new file mode 100644 index 00000000..cc3d630b --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_secret_manager.go @@ -0,0 +1,88 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateSecretManagerResource{} +) + +type PingFederateSecretManagerResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateSecretManagerResource +func SecretManager(clientInfo *connector.PingFederateClientInfo) *PingFederateSecretManagerResource { + return &PingFederateSecretManagerResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateSecretManagerResource) ResourceType() string { + return "pingfederate_secret_manager" +} + +func (r *PingFederateSecretManagerResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + secretManagerData, err := r.getSecretManagerData() + if err != nil { + return nil, err + } + + for secretManagerId, secretManagerName := range *secretManagerData { + commentData := map[string]string{ + "Resource Type": r.ResourceType(), + "Secret Manager ID": secretManagerId, + "Secret Manager Name": secretManagerName, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: secretManagerName, + ResourceID: secretManagerId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + } + + return &importBlocks, nil +} + +func (r *PingFederateSecretManagerResource) getSecretManagerData() (*map[string]string, error) { + secretManagerData := make(map[string]string) + + secretManagers, response, err := r.clientInfo.ApiClient.SecretManagersAPI.GetSecretManagers(r.clientInfo.Context).Execute() + err = common.HandleClientResponse(response, err, "GetSecretManagers", r.ResourceType()) + if err != nil { + return nil, err + } + + if secretManagers == nil { + return nil, common.DataNilError(r.ResourceType(), response) + } + + secretManagersItems, secretManagersItemsOk := secretManagers.GetItemsOk() + if !secretManagersItemsOk { + return nil, common.DataNilError(r.ResourceType(), response) + } + + for _, secretManager := range secretManagersItems { + secretManagerId, secretManagerIdOk := secretManager.GetIdOk() + secretManagerName, secretManagerNameOk := secretManager.GetNameOk() + + if secretManagerIdOk && secretManagerNameOk { + secretManagerData[*secretManagerId] = *secretManagerName + } + } + + return &secretManagerData, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_secret_manager_test.go b/internal/connector/pingfederate/resources/pingfederate_secret_manager_test.go new file mode 100644 index 00000000..2922b570 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_secret_manager_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateSecretManagerExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.SecretManager(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_secret_manager", + ResourceName: "Test Secret Manager", + ResourceID: "testSecretManager", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} diff --git a/server-profiles/12.1/data.json.subst b/server-profiles/12.1/data.json.subst index 33032de3..21fed2f3 100644 --- a/server-profiles/12.1/data.json.subst +++ b/server-profiles/12.1/data.json.subst @@ -4162,6 +4162,42 @@ "targetId": "tokengenerator" } ] + }, + { + "resourceType": "/secretManagers", + "operationType": "SAVE", + "items": [ + { + "id": "testSecretManager", + "name": "Test Secret Manager", + "pluginDescriptorRef": { + "id": "com.pingidentity.pf.secretmanagers.cyberark.CyberArkCredentialProvider", + "location": "https://localhost:9999/pf-admin-api/v1/secretManagers/descriptors/com.pingidentity.pf.secretmanagers.cyberark.CyberArkCredentialProvider" + }, + "configuration": { + "tables": [], + "fields": [ + { + "name": "APP ID", + "value": "testAppId" + }, + { + "name": "Connection Port", + "value": "18923" + }, + { + "name": "Connection Timeout (sec)", + "value": "30" + }, + { + "name": "Username Retrieval Property Name", + "value": "username" + } + ] + }, + "lastModified": "2024-12-30T22:15:09.275Z" + } + ] } ] } From c4f81f86ae7889004e2a9fa2c4523e7e8df62f93 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 21:06:41 -0700 Subject: [PATCH 17/30] Add PF resource export for pingfederate_server_settings_logging --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 ++ .../pingfederate_server_settings_logging.go | 53 +++++++++++++++++++ ...ngfederate_server_settings_logging_test.go | 26 +++++++++ 4 files changed, 85 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_server_settings_logging.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_server_settings_logging_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index 188d12fe..269a8f9f 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -98,6 +98,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.SecretManager(&c.clientInfo), resources.ServerSettings(&c.clientInfo), resources.ServerSettingsGeneral(&c.clientInfo), + resources.ServerSettingsLogging(&c.clientInfo), resources.ServerSettingsSystemKeysRotate(&c.clientInfo), resources.SessionApplicationPolicy(&c.clientInfo), resources.SessionAuthenticationPoliciesGlobal(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 134c085d..418d521e 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -319,6 +319,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.ServerSettingsGeneral(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateServerSettingsLogging", + resource: resources.ServerSettingsLogging(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateServerSettingsSystemKeysRotate", resource: resources.ServerSettingsSystemKeysRotate(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_server_settings_logging.go b/internal/connector/pingfederate/resources/pingfederate_server_settings_logging.go new file mode 100644 index 00000000..c8db5bb6 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_server_settings_logging.go @@ -0,0 +1,53 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateServerSettingsSystemKeysRotateResource{} +) + +type PingFederateServerSettingsLoggingResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateServerSettingsLoggingResource +func ServerSettingsLogging(clientInfo *connector.PingFederateClientInfo) *PingFederateServerSettingsLoggingResource { + return &PingFederateServerSettingsLoggingResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateServerSettingsLoggingResource) ResourceType() string { + return "pingfederate_server_settings_logging" +} + +func (r *PingFederateServerSettingsLoggingResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + serverSettingsLoggingId := "server_settings_logging_singleton_id" + serverSettingsLoggingName := "Server Settings Logging" + + commentData := map[string]string{ + "Resource Type": r.ResourceType(), + "Singleton ID": common.SINGLETON_ID_COMMENT_DATA, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: serverSettingsLoggingName, + ResourceID: serverSettingsLoggingId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + + return &importBlocks, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_server_settings_logging_test.go b/internal/connector/pingfederate/resources/pingfederate_server_settings_logging_test.go new file mode 100644 index 00000000..43428c1f --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_server_settings_logging_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateServerSettingsLoggingExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.ServerSettingsLogging(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_server_settings_logging", + ResourceName: "Server Settings Logging", + ResourceID: "server_settings_logging_singleton_id", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} From 71505ad160c3383fbbbb7c4eb2840465fa431f25 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 21:13:50 -0700 Subject: [PATCH 18/30] Add PF resource export for pingfederate_server_settings_ws_trust_sts_settings --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 ++ ...e_server_settings_ws_trust_sts_settings.go | 53 +++++++++++++++++++ ...ver_settings_ws_trust_sts_settings_test.go | 26 +++++++++ 4 files changed, 85 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index 269a8f9f..ff5edf43 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -100,6 +100,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.ServerSettingsGeneral(&c.clientInfo), resources.ServerSettingsLogging(&c.clientInfo), resources.ServerSettingsSystemKeysRotate(&c.clientInfo), + resources.ServerSettingsWsTrustStsSettings(&c.clientInfo), resources.SessionApplicationPolicy(&c.clientInfo), resources.SessionAuthenticationPoliciesGlobal(&c.clientInfo), resources.SessionSettings(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 418d521e..ca22c8d4 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -329,6 +329,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.ServerSettingsSystemKeysRotate(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateServerSettingsWsTrustStsSettings", + resource: resources.ServerSettingsWsTrustStsSettings(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateSessionApplicationPolicy", resource: resources.SessionApplicationPolicy(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings.go b/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings.go new file mode 100644 index 00000000..e88fb73f --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings.go @@ -0,0 +1,53 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateServerSettingsWsTrustStsSettingsResource{} +) + +type PingFederateServerSettingsWsTrustStsSettingsResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateServerSettingsWsTrustStsSettingsResource +func ServerSettingsWsTrustStsSettings(clientInfo *connector.PingFederateClientInfo) *PingFederateServerSettingsWsTrustStsSettingsResource { + return &PingFederateServerSettingsWsTrustStsSettingsResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateServerSettingsWsTrustStsSettingsResource) ResourceType() string { + return "pingfederate_server_settings_ws_trust_sts_settings" +} + +func (r *PingFederateServerSettingsWsTrustStsSettingsResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + serverSettingsWsTrustStsSettingsId := "server_settings_ws_trust_sts_settings_singleton_id" + serverSettingsWsTrustStsSettingsName := "Server Settings WS-Trust STS Settings" + + commentData := map[string]string{ + "Resource Type": r.ResourceType(), + "Singleton ID": common.SINGLETON_ID_COMMENT_DATA, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: serverSettingsWsTrustStsSettingsName, + ResourceID: serverSettingsWsTrustStsSettingsId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + + return &importBlocks, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_test.go b/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_test.go new file mode 100644 index 00000000..5e41baa5 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateServerSettingsWsTrustStsSettingsExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.ServerSettingsWsTrustStsSettings(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_server_settings_ws_trust_sts_settings", + ResourceName: "Server Settings WS-Trust STS Settings", + ResourceID: "server_settings_ws_trust_sts_settings_singleton_id", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} From 6f094bad0fea6cf43081d7ae888b41aaf968d17d Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 21:33:37 -0700 Subject: [PATCH 19/30] Add PF resource export for pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 + ...s_trust_sts_settings_issuer_certificate.go | 99 +++++++++++++++++++ ...st_sts_settings_issuer_certificate_test.go | 26 +++++ server-profiles/12.1/data.json.subst | 10 ++ 5 files changed, 141 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index ff5edf43..317353d2 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -101,6 +101,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.ServerSettingsLogging(&c.clientInfo), resources.ServerSettingsSystemKeysRotate(&c.clientInfo), resources.ServerSettingsWsTrustStsSettings(&c.clientInfo), + resources.ServerSettingsWsTrustStsSettingsIssuerCertificate(&c.clientInfo), resources.SessionApplicationPolicy(&c.clientInfo), resources.SessionAuthenticationPoliciesGlobal(&c.clientInfo), resources.SessionSettings(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index ca22c8d4..0d87eec9 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -334,6 +334,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.ServerSettingsWsTrustStsSettings(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateServerSettingsWsTrustStsSettingsIssuerCertificate", + resource: resources.ServerSettingsWsTrustStsSettingsIssuerCertificate(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateSessionApplicationPolicy", resource: resources.SessionApplicationPolicy(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate.go b/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate.go new file mode 100644 index 00000000..47a3eb2a --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate.go @@ -0,0 +1,99 @@ +package resources + +import ( + "fmt" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateServerSettingsWsTrustStsSettingsIssuerCertificateResource{} +) + +type PingFederateServerSettingsWsTrustStsSettingsIssuerCertificateResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateServerSettingsWsTrustStsSettingsIssuerCertificateResource +func ServerSettingsWsTrustStsSettingsIssuerCertificate(clientInfo *connector.PingFederateClientInfo) *PingFederateServerSettingsWsTrustStsSettingsIssuerCertificateResource { + return &PingFederateServerSettingsWsTrustStsSettingsIssuerCertificateResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateServerSettingsWsTrustStsSettingsIssuerCertificateResource) ResourceType() string { + return "pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate" +} + +func (r *PingFederateServerSettingsWsTrustStsSettingsIssuerCertificateResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + issuerCertsData, err := r.getIssuerCertsData() + if err != nil { + return nil, err + } + + for issuerCertId, issuerCertInfo := range *issuerCertsData { + issuerCertDN := issuerCertInfo[0] + issuerCertSerialNumber := issuerCertInfo[1] + + commentData := map[string]string{ + "Issuer Certificate ID": issuerCertId, + "Issuer Certificate Issuer DN": issuerCertDN, + "Issuer Certificate Serial Number": issuerCertSerialNumber, + "Resource Type": r.ResourceType(), + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: fmt.Sprintf("%s_%s", issuerCertDN, issuerCertSerialNumber), + ResourceID: issuerCertId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + } + + return &importBlocks, nil +} + +func (r *PingFederateServerSettingsWsTrustStsSettingsIssuerCertificateResource) getIssuerCertsData() (*map[string][]string, error) { + issuerCertsData := make(map[string][]string) + + issuerCerts, response, err := r.clientInfo.ApiClient.ServerSettingsAPI.GetCerts(r.clientInfo.Context).Execute() + err = common.HandleClientResponse(response, err, "GetCerts", r.ResourceType()) + if err != nil { + return nil, err + } + + if issuerCerts == nil { + return nil, common.DataNilError(r.ResourceType(), response) + } + + issuerCertsItems, issuerCertsItemsOk := issuerCerts.GetItemsOk() + if !issuerCertsItemsOk { + return nil, common.DataNilError(r.ResourceType(), response) + } + + for _, issuerCert := range issuerCertsItems { + issuerCertView, issuerCertViewOk := issuerCert.GetCertViewOk() + + if issuerCertViewOk { + issuerCertId, issuerCertIdOk := issuerCertView.GetIdOk() + issuerCertDN, issuerCertDNOk := issuerCertView.GetIssuerDNOk() + issuerCertSerialNumber, issuerCertSerialNumberOk := issuerCertView.GetSerialNumberOk() + + if issuerCertIdOk && issuerCertDNOk && issuerCertSerialNumberOk { + issuerCertsData[*issuerCertId] = []string{*issuerCertDN, *issuerCertSerialNumber} + } + } + } + + return &issuerCertsData, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate_test.go b/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate_test.go new file mode 100644 index 00000000..6e3a7482 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateServerSettingsWsTrustStsSettingsIssuerCertificateExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.ServerSettingsWsTrustStsSettingsIssuerCertificate(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate", + ResourceName: "CN=test, O=Ping Identity Corporation, L=Denver, ST=CO, C=US_430421198347763948001683365009287878912609754790", + ResourceID: "test-ws-trust-issuer-certificate", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} diff --git a/server-profiles/12.1/data.json.subst b/server-profiles/12.1/data.json.subst index 21fed2f3..a0d38a67 100644 --- a/server-profiles/12.1/data.json.subst +++ b/server-profiles/12.1/data.json.subst @@ -4198,6 +4198,16 @@ "lastModified": "2024-12-30T22:15:09.275Z" } ] + }, + { + "resourceType": "/serverSettings/wsTrustStsSettings/issuerCertificates", + "operationType": "SAVE", + "items": [ + { + "id": "test-ws-trust-issuer-certificate", + "fileData": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURuVENDQW9XZ0F3SUJBZ0lVUzJUQkNkUnpwSzRaemUrSERLakI5RVFTSHFZd0RRWUpLb1pJaHZjTkFRRUxCUUF3WGpFTE1Ba0cKQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdNQWtOUE1ROHdEUVlEVlFRSERBWkVaVzUyWlhJeElqQWdCZ05WQkFvTUdWQnBibWNnU1dSbApiblJwZEhrZ1EyOXljRzl5WVhScGIyNHhEVEFMQmdOVkJBTU1CSFJsYzNRd0hoY05NalF4TWpFeU1qTXlPREkwV2hjTk1qY3dPVEE0Ck1qTXlPREkwV2pCZU1Rc3dDUVlEVlFRR0V3SlZVekVMTUFrR0ExVUVDQXdDUTA4eER6QU5CZ05WQkFjTUJrUmxiblpsY2pFaU1DQUcKQTFVRUNnd1pVR2x1WnlCSlpHVnVkR2wwZVNCRGIzSndiM0poZEdsdmJqRU5NQXNHQTFVRUF3d0VkR1Z6ZERDQ0FTSXdEUVlKS29aSQpodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUpkb0d1cmdEdlNSQkwyY0llVWFDWTNwbzVZRFpuVjFleXVPUVR4UWM2T1QySlMwCis0MGdKYkptZk5yYmNPU3QrMURieHpQK0l4YmxrY3o1NjlWT0M1bGJST24zOHllYU1VMzJYYy80REdTcDFIQ1kvSmZTeWd6LytxcjgKOFlUcU1hSTIxQWJabkFpWTV4MFJ3NTZJRG1KZ2xYYVhlVmJDVUp5N29QVHlBb1lZVDkzREpEazQxWmU1MVVjVG1Vc1RLTjRLM2d2dgpTYVJ1eXE1K2c2RVhCcTdBa2VPbmJQMGJTSHliTjFLRVY1QlhOTnBnazloMEp3M1BFK3FrbS81bllSenhCZjRSQS9BZ2Z2OWVzRzlOCnozWGdEb3dBR0JteHIrclUvbmE3cHdFRXVkTWg2NjhERURlUlZ3aDFaYXBZcEJ0VmN4TUhtZEpQZ0ZKckJsbzZtTUVDQXdFQUFhTlQKTUZFd0hRWURWUjBPQkJZRUZHSmMzWjBqOWtYUHNUbW1iZ0FzWS9QSzJjdXBNQjhHQTFVZEl3UVlNQmFBRkdKYzNaMGo5a1hQc1RtbQpiZ0FzWS9QSzJjdXBNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSlZCdmNIaGgrMDBnelEwCnBuWkt0Ukp4dkVnK3BHaCtCOUUrNWkyUHNOR3lJQXZBWHc0bWRCY1FaS3hmaVhNMzFaRTJnZTFtUCs0ZGkxMStQS1lOSDJFOTczUEwKSit3R0hlUVoxRVRERzVmbzc5dDBNRzFSekh0R29pclpXN3Y0Qk5VSTZaTTJGakVhQ090WmcxclVoa2RJZnFEeDRDZU5qemIwcmhYSQp6WE5UUzRZNlZseFdBclFud0FncVB0YjVwb0pHM01tLzNmNnVRZy9sMExJS1RZL0dSNnlRc05Da3pUWlFocklwWGo0UnBxblgzUWdECjFJV1RvTW9uN250cDRnQVAvbEFTTTUveG01SnpiNmRtRitob04wNzNnMDJVZVYyVERMemU4MCtLK1hyMUdaZWVVTHVYTnJoT0VYRFIKeXR2dWJlOE9YUFBZNi96Q3BoVmIyMWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + } + ] } ] } From 023c64dd7ae95e900800efe797fa9888498fd5d2 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 21:39:25 -0700 Subject: [PATCH 20/30] Add PF resource export for pingfederate_service_authentication --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 ++ .../pingfederate_service_authentication.go | 53 +++++++++++++++++++ ...ingfederate_service_authentication_test.go | 26 +++++++++ 4 files changed, 85 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_service_authentication.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_service_authentication_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index 317353d2..5d16277b 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -102,6 +102,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.ServerSettingsSystemKeysRotate(&c.clientInfo), resources.ServerSettingsWsTrustStsSettings(&c.clientInfo), resources.ServerSettingsWsTrustStsSettingsIssuerCertificate(&c.clientInfo), + resources.ServiceAuthentication(&c.clientInfo), resources.SessionApplicationPolicy(&c.clientInfo), resources.SessionAuthenticationPoliciesGlobal(&c.clientInfo), resources.SessionSettings(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 0d87eec9..71c36bb7 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -339,6 +339,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.ServerSettingsWsTrustStsSettingsIssuerCertificate(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateServiceAuthentication", + resource: resources.ServiceAuthentication(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateSessionApplicationPolicy", resource: resources.SessionApplicationPolicy(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_service_authentication.go b/internal/connector/pingfederate/resources/pingfederate_service_authentication.go new file mode 100644 index 00000000..73248366 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_service_authentication.go @@ -0,0 +1,53 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateServiceAuthenticationResource{} +) + +type PingFederateServiceAuthenticationResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateServiceAuthenticationResource +func ServiceAuthentication(clientInfo *connector.PingFederateClientInfo) *PingFederateServiceAuthenticationResource { + return &PingFederateServiceAuthenticationResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateServiceAuthenticationResource) ResourceType() string { + return "pingfederate_service_authentication" +} + +func (r *PingFederateServiceAuthenticationResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + serviceAuthenticationId := "service_authentication_singleton_id" + serviceAuthenticationName := "Service Authentication" + + commentData := map[string]string{ + "Resource Type": r.ResourceType(), + "Singleton ID": common.SINGLETON_ID_COMMENT_DATA, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: serviceAuthenticationName, + ResourceID: serviceAuthenticationId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + + return &importBlocks, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_service_authentication_test.go b/internal/connector/pingfederate/resources/pingfederate_service_authentication_test.go new file mode 100644 index 00000000..97a3eb2e --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_service_authentication_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateServiceAuthenticationExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.ServiceAuthentication(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_service_authentication", + ResourceName: "Service Authentication", + ResourceID: "service_authentication_singleton_id", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} From 3e4ced38324a2418907534476328bfbb32dbbaf7 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 21:59:26 -0700 Subject: [PATCH 21/30] Add PF resource export for pingfederate_session_authentication_policy --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 + ...gfederate_session_authentication_policy.go | 103 ++++++++++++++++++ ...rate_session_authentication_policy_test.go | 26 +++++ server-profiles/12.1/data.json.subst | 21 ++++ 5 files changed, 156 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_session_authentication_policy.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_session_authentication_policy_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index 5d16277b..75531b71 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -105,6 +105,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.ServiceAuthentication(&c.clientInfo), resources.SessionApplicationPolicy(&c.clientInfo), resources.SessionAuthenticationPoliciesGlobal(&c.clientInfo), + resources.SessionAuthenticationPolicy(&c.clientInfo), resources.SessionSettings(&c.clientInfo), resources.SPAuthenticationPolicyContractMapping(&c.clientInfo), resources.VirtualHostNames(&c.clientInfo), diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 71c36bb7..6226a8ea 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -354,6 +354,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.SessionAuthenticationPoliciesGlobal(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateSessionAuthenticationPolicy", + resource: resources.SessionAuthenticationPolicy(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateSessionSettings", resource: resources.SessionSettings(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_session_authentication_policy.go b/internal/connector/pingfederate/resources/pingfederate_session_authentication_policy.go new file mode 100644 index 00000000..6203b8e0 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_session_authentication_policy.go @@ -0,0 +1,103 @@ +package resources + +import ( + "fmt" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateSessionAuthenticationPolicyResource{} +) + +type PingFederateSessionAuthenticationPolicyResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateSessionAuthenticationPolicyResource +func SessionAuthenticationPolicy(clientInfo *connector.PingFederateClientInfo) *PingFederateSessionAuthenticationPolicyResource { + return &PingFederateSessionAuthenticationPolicyResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateSessionAuthenticationPolicyResource) ResourceType() string { + return "pingfederate_session_authentication_policy" +} + +func (r *PingFederateSessionAuthenticationPolicyResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + authenticationSessionPolicyData, err := r.getAuthenticationSessionPolicyData() + if err != nil { + return nil, err + } + + for policyId, policyInfo := range *authenticationSessionPolicyData { + authSourceType := policyInfo[0] + authSourceRefId := policyInfo[1] + + commentData := map[string]string{ + "Resource Type": r.ResourceType(), + "Session Authentication Policy ID": policyId, + "Session Authentication Source Type": authSourceType, + "Session Authentication Source ID": authSourceRefId, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: fmt.Sprintf("%s_%s_%s", policyId, authSourceType, authSourceRefId), + ResourceID: policyId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + } + + return &importBlocks, nil +} + +func (r *PingFederateSessionAuthenticationPolicyResource) getAuthenticationSessionPolicyData() (*map[string][]string, error) { + authenticationSessionPolicyData := make(map[string][]string) + + authenticationSessionPolicies, response, err := r.clientInfo.ApiClient.SessionAPI.GetSourcePolicies(r.clientInfo.Context).Execute() + err = common.HandleClientResponse(response, err, "GetSourcePolicies", r.ResourceType()) + if err != nil { + return nil, err + } + + if authenticationSessionPolicies == nil { + return nil, common.DataNilError(r.ResourceType(), response) + } + + authenticationSessionPoliciesItems, authenticationSessionPoliciesItemsOk := authenticationSessionPolicies.GetItemsOk() + if !authenticationSessionPoliciesItemsOk { + return nil, common.DataNilError(r.ResourceType(), response) + } + + for _, authenticationSessionPolicy := range authenticationSessionPoliciesItems { + policyId, policyIdOk := authenticationSessionPolicy.GetIdOk() + authSource, authSourceOk := authenticationSessionPolicy.GetAuthenticationSourceOk() + + if policyIdOk && authSourceOk { + authSourceType, authSourceTypeOk := authSource.GetTypeOk() + authSourceRef, authSourceRefOk := authSource.GetSourceRefOk() + + if authSourceTypeOk && authSourceRefOk { + authSourceRefId, authSourceRefIdOk := authSourceRef.GetIdOk() + + if authSourceRefIdOk { + authenticationSessionPolicyData[*policyId] = []string{*authSourceType, *authSourceRefId} + } + } + } + } + + return &authenticationSessionPolicyData, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_session_authentication_policy_test.go b/internal/connector/pingfederate/resources/pingfederate_session_authentication_policy_test.go new file mode 100644 index 00000000..bf2a56ee --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_session_authentication_policy_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateSessionAuthenticationPolicyExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.SessionAuthenticationPolicy(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_session_authentication_policy", + ResourceName: "UfdnqYjWycSeo2vZZgSYB3gpw_IDP_ADAPTER_OTIdPJava", + ResourceID: "UfdnqYjWycSeo2vZZgSYB3gpw", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} diff --git a/server-profiles/12.1/data.json.subst b/server-profiles/12.1/data.json.subst index a0d38a67..86cdfb56 100644 --- a/server-profiles/12.1/data.json.subst +++ b/server-profiles/12.1/data.json.subst @@ -4208,6 +4208,27 @@ "fileData": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURuVENDQW9XZ0F3SUJBZ0lVUzJUQkNkUnpwSzRaemUrSERLakI5RVFTSHFZd0RRWUpLb1pJaHZjTkFRRUxCUUF3WGpFTE1Ba0cKQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdNQWtOUE1ROHdEUVlEVlFRSERBWkVaVzUyWlhJeElqQWdCZ05WQkFvTUdWQnBibWNnU1dSbApiblJwZEhrZ1EyOXljRzl5WVhScGIyNHhEVEFMQmdOVkJBTU1CSFJsYzNRd0hoY05NalF4TWpFeU1qTXlPREkwV2hjTk1qY3dPVEE0Ck1qTXlPREkwV2pCZU1Rc3dDUVlEVlFRR0V3SlZVekVMTUFrR0ExVUVDQXdDUTA4eER6QU5CZ05WQkFjTUJrUmxiblpsY2pFaU1DQUcKQTFVRUNnd1pVR2x1WnlCSlpHVnVkR2wwZVNCRGIzSndiM0poZEdsdmJqRU5NQXNHQTFVRUF3d0VkR1Z6ZERDQ0FTSXdEUVlKS29aSQpodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUpkb0d1cmdEdlNSQkwyY0llVWFDWTNwbzVZRFpuVjFleXVPUVR4UWM2T1QySlMwCis0MGdKYkptZk5yYmNPU3QrMURieHpQK0l4YmxrY3o1NjlWT0M1bGJST24zOHllYU1VMzJYYy80REdTcDFIQ1kvSmZTeWd6LytxcjgKOFlUcU1hSTIxQWJabkFpWTV4MFJ3NTZJRG1KZ2xYYVhlVmJDVUp5N29QVHlBb1lZVDkzREpEazQxWmU1MVVjVG1Vc1RLTjRLM2d2dgpTYVJ1eXE1K2c2RVhCcTdBa2VPbmJQMGJTSHliTjFLRVY1QlhOTnBnazloMEp3M1BFK3FrbS81bllSenhCZjRSQS9BZ2Z2OWVzRzlOCnozWGdEb3dBR0JteHIrclUvbmE3cHdFRXVkTWg2NjhERURlUlZ3aDFaYXBZcEJ0VmN4TUhtZEpQZ0ZKckJsbzZtTUVDQXdFQUFhTlQKTUZFd0hRWURWUjBPQkJZRUZHSmMzWjBqOWtYUHNUbW1iZ0FzWS9QSzJjdXBNQjhHQTFVZEl3UVlNQmFBRkdKYzNaMGo5a1hQc1RtbQpiZ0FzWS9QSzJjdXBNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSlZCdmNIaGgrMDBnelEwCnBuWkt0Ukp4dkVnK3BHaCtCOUUrNWkyUHNOR3lJQXZBWHc0bWRCY1FaS3hmaVhNMzFaRTJnZTFtUCs0ZGkxMStQS1lOSDJFOTczUEwKSit3R0hlUVoxRVRERzVmbzc5dDBNRzFSekh0R29pclpXN3Y0Qk5VSTZaTTJGakVhQ090WmcxclVoa2RJZnFEeDRDZU5qemIwcmhYSQp6WE5UUzRZNlZseFdBclFud0FncVB0YjVwb0pHM01tLzNmNnVRZy9sMExJS1RZL0dSNnlRc05Da3pUWlFocklwWGo0UnBxblgzUWdECjFJV1RvTW9uN250cDRnQVAvbEFTTTUveG01SnpiNmRtRitob04wNzNnMDJVZVYyVERMemU4MCtLK1hyMUdaZWVVTHVYTnJoT0VYRFIKeXR2dWJlOE9YUFBZNi96Q3BoVmIyMWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" } ] + }, + { + "resourceType": "/session/authenticationSessionPolicies", + "operationType": "SAVE", + "items": [ + { + "id": "UfdnqYjWycSeo2vZZgSYB3gpw", + "authenticationSource": { + "type": "IDP_ADAPTER", + "sourceRef": { + "id": "OTIdPJava", + "location": "https://localhost:9999/pf-admin-api/v1/idp/adapters/OTIdPJava" + } + }, + "enableSessions": false, + "userDeviceType": "PRIVATE", + "persistent": false, + "timeoutDisplayUnit": "MINUTES", + "authnContextSensitive": false + } + ] } ] } From 458aced4efe56c588690b30fd7fa1694f99d9758 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Mon, 30 Dec 2024 22:06:56 -0700 Subject: [PATCH 22/30] Add PF resource export for pingfederate_sp_adapter --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 ++ .../resources/pingfederate_sp_adapter.go | 88 +++++++++++++++++++ .../resources/pingfederate_sp_adapter_test.go | 26 ++++++ 4 files changed, 120 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_sp_adapter.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_sp_adapter_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index 75531b71..9ca59492 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -107,6 +107,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.SessionAuthenticationPoliciesGlobal(&c.clientInfo), resources.SessionAuthenticationPolicy(&c.clientInfo), resources.SessionSettings(&c.clientInfo), + resources.SpAdapter(&c.clientInfo), resources.SPAuthenticationPolicyContractMapping(&c.clientInfo), resources.VirtualHostNames(&c.clientInfo), } diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 6226a8ea..1b4278d0 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -364,6 +364,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.SessionSettings(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateSpAdapter", + resource: resources.SpAdapter(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateSPAuthenticationPolicyContractMapping", resource: resources.SPAuthenticationPolicyContractMapping(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_sp_adapter.go b/internal/connector/pingfederate/resources/pingfederate_sp_adapter.go new file mode 100644 index 00000000..09a21a7e --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_sp_adapter.go @@ -0,0 +1,88 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateSpAdapterResource{} +) + +type PingFederateSpAdapterResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateSpAdapterResource +func SpAdapter(clientInfo *connector.PingFederateClientInfo) *PingFederateSpAdapterResource { + return &PingFederateSpAdapterResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateSpAdapterResource) ResourceType() string { + return "pingfederate_sp_adapter" +} + +func (r *PingFederateSpAdapterResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + spAdaptersData, err := r.getSpAdaptersData() + if err != nil { + return nil, err + } + + for spAdapterId, spAdapterName := range *spAdaptersData { + commentData := map[string]string{ + "Resource Type": r.ResourceType(), + "SP Adapter ID": spAdapterId, + "SP Adapter Name": spAdapterName, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: spAdapterName, + ResourceID: spAdapterId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + } + + return &importBlocks, nil +} + +func (r *PingFederateSpAdapterResource) getSpAdaptersData() (*map[string]string, error) { + spAdaptersData := make(map[string]string) + + spAdapters, response, err := r.clientInfo.ApiClient.SpAdaptersAPI.GetSpAdapters(r.clientInfo.Context).Execute() + err = common.HandleClientResponse(response, err, "GetSpAdapters", r.ResourceType()) + if err != nil { + return nil, err + } + + if spAdapters == nil { + return nil, common.DataNilError(r.ResourceType(), response) + } + + spAdaptersItems, spAdaptersItemsOk := spAdapters.GetItemsOk() + if !spAdaptersItemsOk { + return nil, common.DataNilError(r.ResourceType(), response) + } + + for _, spAdapter := range spAdaptersItems { + spAdapterId, spAdapterIdOk := spAdapter.GetIdOk() + spAdapterName, spAdapterNameOk := spAdapter.GetNameOk() + + if spAdapterIdOk && spAdapterNameOk { + spAdaptersData[*spAdapterId] = *spAdapterName + } + } + + return &spAdaptersData, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_sp_adapter_test.go b/internal/connector/pingfederate/resources/pingfederate_sp_adapter_test.go new file mode 100644 index 00000000..7bd56c7d --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_sp_adapter_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateSpAdapterExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.SpAdapter(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_sp_adapter", + ResourceName: "SpAdapter", + ResourceID: "spadapter", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} From 34895743ca8f659c72a90fa229e2b5440e1ffa25 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Thu, 2 Jan 2025 09:54:22 -0700 Subject: [PATCH 23/30] Add PF resource export for pingfederate_sp_idp_connection --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 7 ++ .../pingfederate_sp_idp_connection.go | 88 +++++++++++++++++++ .../pingfederate_sp_idp_connection_test.go | 26 ++++++ server-profiles/12.1/data.json.subst | 62 +++++++++++++ 5 files changed, 184 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_sp_idp_connection.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_sp_idp_connection_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index 9ca59492..78ee0c15 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -108,6 +108,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.SessionAuthenticationPolicy(&c.clientInfo), resources.SessionSettings(&c.clientInfo), resources.SpAdapter(&c.clientInfo), + resources.SpIdpConnection(&c.clientInfo), resources.SPAuthenticationPolicyContractMapping(&c.clientInfo), resources.VirtualHostNames(&c.clientInfo), } diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 1b4278d0..e70ca104 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -369,6 +369,13 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.SpAdapter(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateSpIdpConnection", + resource: resources.SpIdpConnection(PingFederateClientInfo), + ignoredErrors: []string{ + "Error: Invalid Object Attribute Type", + }, + }, { name: "PingFederateSPAuthenticationPolicyContractMapping", resource: resources.SPAuthenticationPolicyContractMapping(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_sp_idp_connection.go b/internal/connector/pingfederate/resources/pingfederate_sp_idp_connection.go new file mode 100644 index 00000000..dc277678 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_sp_idp_connection.go @@ -0,0 +1,88 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateSpIdpConnectionResource{} +) + +type PingFederateSpIdpConnectionResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateSpIdpConnectionResource +func SpIdpConnection(clientInfo *connector.PingFederateClientInfo) *PingFederateSpIdpConnectionResource { + return &PingFederateSpIdpConnectionResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateSpIdpConnectionResource) ResourceType() string { + return "pingfederate_sp_idp_connection" +} + +func (r *PingFederateSpIdpConnectionResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + idpConnectionData, err := r.getIdpConnectionData() + if err != nil { + return nil, err + } + + for idpConnectionId, idpConnectionName := range *idpConnectionData { + commentData := map[string]string{ + "Resource Type": r.ResourceType(), + "SP IDP Connection ID": idpConnectionId, + "SP IDP Connection Name": idpConnectionName, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: idpConnectionName, + ResourceID: idpConnectionId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + } + + return &importBlocks, nil +} + +func (r *PingFederateSpIdpConnectionResource) getIdpConnectionData() (*map[string]string, error) { + idpConnectionData := make(map[string]string) + + idpConnections, response, err := r.clientInfo.ApiClient.SpIdpConnectionsAPI.GetConnections(r.clientInfo.Context).Execute() + err = common.HandleClientResponse(response, err, "GetConnections", r.ResourceType()) + if err != nil { + return nil, err + } + + if idpConnections == nil { + return nil, common.DataNilError(r.ResourceType(), response) + } + + idpConnectionsItems, idpConnectionsItemsOk := idpConnections.GetItemsOk() + if !idpConnectionsItemsOk { + return nil, common.DataNilError(r.ResourceType(), response) + } + + for _, idpConnection := range idpConnectionsItems { + idpConnectionId, idpConnectionIdOk := idpConnection.GetIdOk() + idpConnectionName, idpConnectionNameOk := idpConnection.GetNameOk() + + if idpConnectionIdOk && idpConnectionNameOk { + idpConnectionData[*idpConnectionId] = *idpConnectionName + } + } + + return &idpConnectionData, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_sp_idp_connection_test.go b/internal/connector/pingfederate/resources/pingfederate_sp_idp_connection_test.go new file mode 100644 index 00000000..42193f2d --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_sp_idp_connection_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateSpIdpConnectionExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.SpIdpConnection(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_sp_idp_connection", + ResourceName: "testConnection", + ResourceID: "n26SCl49a8lB_ifAaLF_MyUbquv", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} diff --git a/server-profiles/12.1/data.json.subst b/server-profiles/12.1/data.json.subst index 86cdfb56..69675793 100644 --- a/server-profiles/12.1/data.json.subst +++ b/server-profiles/12.1/data.json.subst @@ -4229,6 +4229,68 @@ "authnContextSensitive": false } ] + }, + { + "resourceType": "/sp/idpConnections", + "operationType": "SAVE", + "items": [ + { + "type": "IDP", + "id": "n26SCl49a8lB_ifAaLF_MyUbquv", + "name": "testConnection", + "entityId": "testPartnerId", + "active": true, + "contactInfo": {}, + "loggingMode": "STANDARD", + "virtualEntityIds": [], + "licenseConnectionGroup": "", + "credentials": { + "certs": [ + { + "primaryVerificationCert": true, + "secondaryVerificationCert": false, + "certView": { + "id": "gpmlavn03e4mknkyml4m2ak9q", + "serialNumber": "430421198347763948001683365009287878912609754790", + "subjectDN": "CN=test, O=Ping Identity Corporation, L=Denver, ST=CO, C=US", + "subjectAlternativeNames": [], + "issuerDN": "CN=test, O=Ping Identity Corporation, L=Denver, ST=CO, C=US", + "validFrom": "2024-12-12T23:28:24.000Z", + "expires": "2027-09-08T23:28:24.000Z", + "keyAlgorithm": "RSA", + "keySize": 2048, + "signatureAlgorithm": "SHA256withRSA", + "version": 3, + "sha1Fingerprint": "B1B57BC2A8733287A1A9B65EB60BFFD01EFECEBA", + "sha256Fingerprint": "AA40F0AA0B7A438F15C49FA2A2EBE3B28AAB34A846781211BD170E8D7B06D291", + "status": "VALID" + }, + "x509File": { + "id": "gpmlavn03e4mknkyml4m2ak9q", + "fileData": "-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIUS2TBCdRzpK4Zze+HDKjB9EQSHqYwDQYJKoZIhvcNAQELBQAwXjELMAkG\nA1UEBhMCVVMxCzAJBgNVBAgMAkNPMQ8wDQYDVQQHDAZEZW52ZXIxIjAgBgNVBAoMGVBpbmcgSWRl\nbnRpdHkgQ29ycG9yYXRpb24xDTALBgNVBAMMBHRlc3QwHhcNMjQxMjEyMjMyODI0WhcNMjcwOTA4\nMjMyODI0WjBeMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xDzANBgNVBAcMBkRlbnZlcjEiMCAG\nA1UECgwZUGluZyBJZGVudGl0eSBDb3Jwb3JhdGlvbjENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAJdoGurgDvSRBL2cIeUaCY3po5YDZnV1eyuOQTxQc6OT2JS0\n+40gJbJmfNrbcOSt+1DbxzP+Ixblkcz569VOC5lbROn38yeaMU32Xc/4DGSp1HCY/JfSygz/+qr8\n8YTqMaI21AbZnAiY5x0Rw56IDmJglXaXeVbCUJy7oPTyAoYYT93DJDk41Ze51UcTmUsTKN4K3gvv\nSaRuyq5+g6EXBq7AkeOnbP0bSHybN1KEV5BXNNpgk9h0Jw3PE+qkm/5nYRzxBf4RA/Agfv9esG9N\nz3XgDowAGBmxr+rU/na7pwEEudMh668DEDeRVwh1ZapYpBtVcxMHmdJPgFJrBlo6mMECAwEAAaNT\nMFEwHQYDVR0OBBYEFGJc3Z0j9kXPsTmmbgAsY/PK2cupMB8GA1UdIwQYMBaAFGJc3Z0j9kXPsTmm\nbgAsY/PK2cupMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJVBvcHhh+00gzQ0\npnZKtRJxvEg+pGh+B9E+5i2PsNGyIAvAXw4mdBcQZKxfiXM31ZE2ge1mP+4di11+PKYNH2E973PL\nJ+wGHeQZ1ETDG5fo79t0MG1RzHtGoirZW7v4BNUI6ZM2FjEaCOtZg1rUhkdIfqDx4CeNjzb0rhXI\nzXNTS4Y6VlxWArQnwAgqPtb5poJG3Mm/3f6uQg/l0LIKTY/GR6yQsNCkzTZQhrIpXj4RpqnX3QgD\n1IWToMon7ntp4gAP/lASM5/xm5Jzb6dmF+hoN073g02UeV2TDLze80+K+Xr1GZeeULuXNrhOEXDR\nytvube8OXPPY6/zCphVb21g=\n-----END CERTIFICATE-----\n" + }, + "activeVerificationCert": true, + "encryptionCert": false + } + ] + }, + "modificationDate": "2025-01-02T16:40:14.548Z", + "creationDate": "2025-01-02T16:40:14.548Z", + "wsTrust": { + "attributeContract": { + "coreAttributes": [ + { + "name": "TOKEN_SUBJECT", + "masked": false + } + ], + "extendedAttributes": [] + }, + "tokenGeneratorMappings": [], + "generateLocalToken": false + } + } + ] } ] } From 893c8ac8b6b722d4f22167dbb8daa0ecb9c6218e Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Thu, 2 Jan 2025 09:59:02 -0700 Subject: [PATCH 24/30] Add PF resource export for pingfederate_sp_target_url_mappings --- .../pingfederate/pingfederate_connector.go | 3 +- .../pingfederate_connector_test.go | 9 +++- .../pingfederate_sp_target_url_mappings.go | 53 +++++++++++++++++++ ...ingfederate_sp_target_url_mappings_test.go | 26 +++++++++ 4 files changed, 88 insertions(+), 3 deletions(-) create mode 100644 internal/connector/pingfederate/resources/pingfederate_sp_target_url_mappings.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_sp_target_url_mappings_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index 78ee0c15..62379f6d 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -108,8 +108,9 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.SessionAuthenticationPolicy(&c.clientInfo), resources.SessionSettings(&c.clientInfo), resources.SpAdapter(&c.clientInfo), - resources.SpIdpConnection(&c.clientInfo), resources.SPAuthenticationPolicyContractMapping(&c.clientInfo), + resources.SpIdpConnection(&c.clientInfo), + resources.SpTargetUrlMappings(&c.clientInfo), resources.VirtualHostNames(&c.clientInfo), } diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index e70ca104..4875050b 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -369,6 +369,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.SpAdapter(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateSPAuthenticationPolicyContractMapping", + resource: resources.SPAuthenticationPolicyContractMapping(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateSpIdpConnection", resource: resources.SpIdpConnection(PingFederateClientInfo), @@ -377,8 +382,8 @@ func TestPingFederateTerraformPlan(t *testing.T) { }, }, { - name: "PingFederateSPAuthenticationPolicyContractMapping", - resource: resources.SPAuthenticationPolicyContractMapping(PingFederateClientInfo), + name: "PingFederateSpTargetUrlMappings", + resource: resources.SpTargetUrlMappings(PingFederateClientInfo), ignoredErrors: nil, }, { diff --git a/internal/connector/pingfederate/resources/pingfederate_sp_target_url_mappings.go b/internal/connector/pingfederate/resources/pingfederate_sp_target_url_mappings.go new file mode 100644 index 00000000..f9d7b3ed --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_sp_target_url_mappings.go @@ -0,0 +1,53 @@ +package resources + +import ( + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateSpTargetUrlMappingsResource{} +) + +type PingFederateSpTargetUrlMappingsResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateSpTargetUrlMappingsResource +func SpTargetUrlMappings(clientInfo *connector.PingFederateClientInfo) *PingFederateSpTargetUrlMappingsResource { + return &PingFederateSpTargetUrlMappingsResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateSpTargetUrlMappingsResource) ResourceType() string { + return "pingfederate_sp_target_url_mappings" +} + +func (r *PingFederateSpTargetUrlMappingsResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + spTargetUrlMappingsId := "sp_target_url_mappings_singleton_id" + spTargetUrlMappingsName := "SP Target URL Mappings" + + commentData := map[string]string{ + "Resource Type": r.ResourceType(), + "Singleton ID": common.SINGLETON_ID_COMMENT_DATA, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: spTargetUrlMappingsName, + ResourceID: spTargetUrlMappingsId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + + return &importBlocks, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_sp_target_url_mappings_test.go b/internal/connector/pingfederate/resources/pingfederate_sp_target_url_mappings_test.go new file mode 100644 index 00000000..c5a8a791 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_sp_target_url_mappings_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateSpTargetUrlMappingsExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.SpTargetUrlMappings(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_sp_target_url_mappings", + ResourceName: "SP Target URL Mappings", + ResourceID: "sp_target_url_mappings_singleton_id", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} From 7bc0b794d7a2157f19dc6dcf40bec3d90cd8afbd Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Thu, 2 Jan 2025 10:21:30 -0700 Subject: [PATCH 25/30] Add PF resource export for pingfederate_token_processor_to_token_generator_mapping --- .../pingfederate/pingfederate_connector.go | 1 + .../pingfederate_connector_test.go | 5 + ...en_processor_to_token_generator_mapping.go | 95 +++++++++++++++++++ ...ocessor_to_token_generator_mapping_test.go | 26 +++++ server-profiles/12.1/data.json.subst | 23 +++++ 5 files changed, 150 insertions(+) create mode 100644 internal/connector/pingfederate/resources/pingfederate_token_processor_to_token_generator_mapping.go create mode 100644 internal/connector/pingfederate/resources/pingfederate_token_processor_to_token_generator_mapping_test.go diff --git a/internal/connector/pingfederate/pingfederate_connector.go b/internal/connector/pingfederate/pingfederate_connector.go index 62379f6d..9a7ec18d 100644 --- a/internal/connector/pingfederate/pingfederate_connector.go +++ b/internal/connector/pingfederate/pingfederate_connector.go @@ -111,6 +111,7 @@ func (c *PingFederateConnector) Export(format, outputDir string, overwriteExport resources.SPAuthenticationPolicyContractMapping(&c.clientInfo), resources.SpIdpConnection(&c.clientInfo), resources.SpTargetUrlMappings(&c.clientInfo), + resources.TokenProcessorToTokenGeneratorMapping(&c.clientInfo), resources.VirtualHostNames(&c.clientInfo), } diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 4875050b..9ef3aeaa 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -386,6 +386,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { resource: resources.SpTargetUrlMappings(PingFederateClientInfo), ignoredErrors: nil, }, + { + name: "PingFederateTokenProcessorToTokenGeneratorMapping", + resource: resources.TokenProcessorToTokenGeneratorMapping(PingFederateClientInfo), + ignoredErrors: nil, + }, { name: "PingFederateVirtualHostNames", resource: resources.VirtualHostNames(PingFederateClientInfo), diff --git a/internal/connector/pingfederate/resources/pingfederate_token_processor_to_token_generator_mapping.go b/internal/connector/pingfederate/resources/pingfederate_token_processor_to_token_generator_mapping.go new file mode 100644 index 00000000..1371598f --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_token_processor_to_token_generator_mapping.go @@ -0,0 +1,95 @@ +package resources + +import ( + "fmt" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/common" + "github.com/pingidentity/pingcli/internal/logger" +) + +// Verify that the resource satisfies the exportable resource interface +var ( + _ connector.ExportableResource = &PingFederateTokenProcessorToTokenGeneratorMappingResource{} +) + +type PingFederateTokenProcessorToTokenGeneratorMappingResource struct { + clientInfo *connector.PingFederateClientInfo +} + +// Utility method for creating a PingFederateTokenProcessorToTokenGeneratorMappingResource +func TokenProcessorToTokenGeneratorMapping(clientInfo *connector.PingFederateClientInfo) *PingFederateTokenProcessorToTokenGeneratorMappingResource { + return &PingFederateTokenProcessorToTokenGeneratorMappingResource{ + clientInfo: clientInfo, + } +} + +func (r *PingFederateTokenProcessorToTokenGeneratorMappingResource) ResourceType() string { + return "pingfederate_token_processor_to_token_generator_mapping" +} + +func (r *PingFederateTokenProcessorToTokenGeneratorMappingResource) ExportAll() (*[]connector.ImportBlock, error) { + l := logger.Get() + l.Debug().Msgf("Exporting all '%s' Resources...", r.ResourceType()) + + importBlocks := []connector.ImportBlock{} + + tokenToTokenMappingsData, err := r.getTokenToTokenMappingsData() + if err != nil { + return nil, err + } + + for tokenToTokenMappingId, tokenToTokenMappingInfo := range *tokenToTokenMappingsData { + tokenToTokenMappingSourceId := tokenToTokenMappingInfo[0] + tokenToTokenMappingTargetId := tokenToTokenMappingInfo[1] + + commentData := map[string]string{ + "Resource Type": r.ResourceType(), + "Token Processor to Token Generator Mapping ID": tokenToTokenMappingId, + "Token Processor ID": tokenToTokenMappingSourceId, + "Token Generator ID": tokenToTokenMappingTargetId, + } + + importBlock := connector.ImportBlock{ + ResourceType: r.ResourceType(), + ResourceName: fmt.Sprintf("%s_to_%s", tokenToTokenMappingSourceId, tokenToTokenMappingTargetId), + ResourceID: tokenToTokenMappingId, + CommentInformation: common.GenerateCommentInformation(commentData), + } + + importBlocks = append(importBlocks, importBlock) + } + + return &importBlocks, nil +} + +func (r *PingFederateTokenProcessorToTokenGeneratorMappingResource) getTokenToTokenMappingsData() (*map[string][]string, error) { + tokenToTokenMappingsData := make(map[string][]string) + + tokenToTokenMappings, response, err := r.clientInfo.ApiClient.TokenProcessorToTokenGeneratorMappingsAPI.GetTokenToTokenMappings(r.clientInfo.Context).Execute() + err = common.HandleClientResponse(response, err, "GetTokenToTokenMappings", r.ResourceType()) + if err != nil { + return nil, err + } + + if tokenToTokenMappings == nil { + return nil, common.DataNilError(r.ResourceType(), response) + } + + tokenToTokenMappingsItems, tokenToTokenMappingsItemsOk := tokenToTokenMappings.GetItemsOk() + if !tokenToTokenMappingsItemsOk { + return nil, common.DataNilError(r.ResourceType(), response) + } + + for _, tokenToTokenMapping := range tokenToTokenMappingsItems { + tokenToTokenMappingId, tokenToTokenMappingIdOk := tokenToTokenMapping.GetIdOk() + tokenToTokenMappingSourceId, tokenToTokenMappingSourceIdOk := tokenToTokenMapping.GetSourceIdOk() + tokenToTokenMappingTargetId, tokenToTokenMappingTargetIdOk := tokenToTokenMapping.GetTargetIdOk() + + if tokenToTokenMappingIdOk && tokenToTokenMappingSourceIdOk && tokenToTokenMappingTargetIdOk { + tokenToTokenMappingsData[*tokenToTokenMappingId] = []string{*tokenToTokenMappingSourceId, *tokenToTokenMappingTargetId} + } + } + + return &tokenToTokenMappingsData, nil +} diff --git a/internal/connector/pingfederate/resources/pingfederate_token_processor_to_token_generator_mapping_test.go b/internal/connector/pingfederate/resources/pingfederate_token_processor_to_token_generator_mapping_test.go new file mode 100644 index 00000000..9ddf97d5 --- /dev/null +++ b/internal/connector/pingfederate/resources/pingfederate_token_processor_to_token_generator_mapping_test.go @@ -0,0 +1,26 @@ +package resources_test + +import ( + "testing" + + "github.com/pingidentity/pingcli/internal/connector" + "github.com/pingidentity/pingcli/internal/connector/pingfederate/resources" + "github.com/pingidentity/pingcli/internal/testing/testutils" +) + +func TestPingFederateTokenProcessorToTokenGeneratorMappingExport(t *testing.T) { + // Get initialized apiClient and resource + PingFederateClientInfo := testutils.GetPingFederateClientInfo(t) + resource := resources.TokenProcessorToTokenGeneratorMapping(PingFederateClientInfo) + + // Defined the expected ImportBlocks for the resource + expectedImportBlocks := []connector.ImportBlock{ + { + ResourceType: "pingfederate_token_processor_to_token_generator_mapping", + ResourceName: "tokenprocessor_to_tokengenerator", + ResourceID: "tokenprocessor|tokengenerator", + }, + } + + testutils.ValidateImportBlocks(t, resource, &expectedImportBlocks) +} diff --git a/server-profiles/12.1/data.json.subst b/server-profiles/12.1/data.json.subst index 69675793..6399d65a 100644 --- a/server-profiles/12.1/data.json.subst +++ b/server-profiles/12.1/data.json.subst @@ -4291,6 +4291,29 @@ } } ] + }, + { + "resourceType": "/tokenProcessorToTokenGeneratorMappings", + "operationType": "SAVE", + "items": [ + { + "attributeSources": [], + "attributeContractFulfillment": { + "SAML_SUBJECT": { + "source": { + "type": "CONTEXT" + }, + "value": "ClientIp" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + }, + "id": "tokenprocessor|tokengenerator", + "sourceId": "tokenprocessor", + "targetId": "tokengenerator" + } + ] } ] } From 09be3e3bc769086ed8e1c4e91431bf5227f02046 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Thu, 2 Jan 2025 11:26:16 -0700 Subject: [PATCH 26/30] Use non-subst data.json file exported from newer PF 12.1.4 instance --- Makefile | 2 +- .../pingfederate_connector_test.go | 8 +- ...oauth_token_exchange_generator_settings.go | 4 +- ...st_sts_settings_issuer_certificate_test.go | 2 +- .../12.1/{data.json.subst => data.json} | 6579 +++++++++-------- server-profiles/shared-profile/env_vars | 37 - .../{data.json.subst => data.json} | 0 7 files changed, 3484 insertions(+), 3148 deletions(-) rename server-profiles/12.1/{data.json.subst => data.json} (74%) delete mode 100644 server-profiles/shared-profile/env_vars rename server-profiles/shared-profile/instance/bulk-config/{data.json.subst => data.json} (100%) diff --git a/Makefile b/Makefile index 75f5a9c6..e3cb2c6c 100644 --- a/Makefile +++ b/Makefile @@ -33,7 +33,7 @@ starttestcontainer: -p 9999:9999 \ --env-file "${HOME}/.pingidentity/config" \ -v $$(pwd)/server-profiles/shared-profile:/opt/in \ - -v $$(pwd)/server-profiles/12.1/data.json.subst:/opt/in/instance/bulk-config/data.json.subst \ + -v $$(pwd)/server-profiles/12.1/data.json:/opt/in/instance/bulk-config/data.json \ pingidentity/pingfederate:latest # Wait for the instance to become ready sleep 1 diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 9ef3aeaa..9c9ac981 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -335,9 +335,11 @@ func TestPingFederateTerraformPlan(t *testing.T) { ignoredErrors: nil, }, { - name: "PingFederateServerSettingsWsTrustStsSettingsIssuerCertificate", - resource: resources.ServerSettingsWsTrustStsSettingsIssuerCertificate(PingFederateClientInfo), - ignoredErrors: nil, + name: "PingFederateServerSettingsWsTrustStsSettingsIssuerCertificate", + resource: resources.ServerSettingsWsTrustStsSettingsIssuerCertificate(PingFederateClientInfo), + ignoredErrors: []string{ + "Error: Missing Configuration for Required Attribute", + }, }, { name: "PingFederateServiceAuthentication", diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings.go b/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings.go index 3998364c..12cf11fb 100644 --- a/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings.go +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings.go @@ -32,8 +32,8 @@ func (r *PingFederateOAuthTokenExchangeGeneratorSettingsResource) ExportAll() (* importBlocks := []connector.ImportBlock{} - oauthTokenExchangeGeneratorSettingsId := "oauth_token_exchange_generator_settings_singleton_id" - oauthTokenExchangeGeneratorSettingsName := "OAuth Token Exchange Generator Settings" + oauthTokenExchangeGeneratorSettingsId := "oauth_token_exchange_generator_settings_singleton_id" // #nosec G101 + oauthTokenExchangeGeneratorSettingsName := "OAuth Token Exchange Generator Settings" // #nosec G101 commentData := map[string]string{ "Resource Type": r.ResourceType(), diff --git a/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate_test.go b/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate_test.go index 6e3a7482..1ee24e87 100644 --- a/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate_test.go +++ b/internal/connector/pingfederate/resources/pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate_test.go @@ -18,7 +18,7 @@ func TestPingFederateServerSettingsWsTrustStsSettingsIssuerCertificateExport(t * { ResourceType: "pingfederate_server_settings_ws_trust_sts_settings_issuer_certificate", ResourceName: "CN=test, O=Ping Identity Corporation, L=Denver, ST=CO, C=US_430421198347763948001683365009287878912609754790", - ResourceID: "test-ws-trust-issuer-certificate", + ResourceID: "ycrgw3j4ckw91gxdmd479qftb", }, } diff --git a/server-profiles/12.1/data.json.subst b/server-profiles/12.1/data.json similarity index 74% rename from server-profiles/12.1/data.json.subst rename to server-profiles/12.1/data.json index 6399d65a..91280532 100644 --- a/server-profiles/12.1/data.json.subst +++ b/server-profiles/12.1/data.json @@ -1,49 +1,220 @@ { "metadata": { - "pfVersion": "10.1.2.0" + "pfVersion": "12.1.4.0" }, "operations": [ { + "resourceType": "/configStore", "operationType": "SAVE", + "subResource": "cert-time-tracking", "items": [ { - "accepted": true, - "licenseAgreementUrl": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/license-agreement" + "id": "419x9yg43rlawqwq9v6az997k", + "type": "STRING", + "stringValue": "1735840760" + }, + { + "id": "sslservercert", + "type": "STRING", + "stringValue": "1735840761" } - ], - "resourceType": "/license/agreement" + ] }, { + "resourceType": "/configStore", "operationType": "SAVE", + "subResource": "org.sourceid.oauth20.domain.ClientManagerXmlFileImpl", "items": [ { - "password": "${administrativeAccounts_items_Administrator_password}", - "roles": [ - "CRYPTO_ADMINISTRATOR", - "ADMINISTRATOR", - "EXPRESSION_ADMINISTRATOR", - "USER_ADMINISTRATOR" + "id": "MigrationComplete8.4", + "type": "STRING", + "stringValue": "true" + } + ] + }, + { + "resourceType": "/configStore", + "operationType": "SAVE", + "subResource": "org.sourceid.saml20.domain.mgmt.AdminUserManager", + "items": [ + { + "id": "isEaRoleUpdated", + "type": "STRING", + "stringValue": "true" + } + ] + }, + { + "resourceType": "/configStore", + "operationType": "SAVE", + "subResource": "org.sourceid.saml20.domain.mgmt.impl.PartnerCertMigrator", + "items": [ + { + "id": "partner.cert.migration.complete", + "type": "STRING", + "stringValue": "true" + } + ] + }, + { + "resourceType": "/configStore", + "operationType": "SAVE", + "subResource": "org.sourceid.saml20.metadata.partner.impl.MetadataDirectoryHybridDbImpl", + "items": [ + { + "id": "MigrationComplete8.4", + "type": "STRING", + "stringValue": "true" + } + ] + }, + { + "resourceType": "/license/agreement", + "operationType": "SAVE", + "items": [ + { + "licenseAgreementUrl": "https://localhost:9999/pf-admin-api/license-agreement", + "accepted": true + } + ] + }, + { + "resourceType": "/certificates/ca", + "operationType": "SAVE", + "items": [ + { + "id": "sslservercert", + "fileData": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURVekNDQWoyZ0F3SUJBZ0lRSFJOTEZ3a0RRTHc3WGZ6NVZKTlJnekFMQmdrcWhraUc5dzBCQVFzd1N6RU9NQXdHQTFVRUNBd0YKVkVWWVFWTXhEekFOQmdOVkJBY01Ca0ZWVTFSSlRqRU5NQXNHQTFVRUN3d0VVRWxPUnpFTU1Bb0dBMVVFQ2d3RFEwUlNNUXN3Q1FZRApWUVFHREFKVlV6QWVGdzB5TkRBNE1USXhPVFEzTVRkYUZ3MDBOREE0TURjeE9UUTNNVGRhTUVzeERqQU1CZ05WQkFnTUJWUkZXRUZUCk1ROHdEUVlEVlFRSERBWkJWVk5VU1U0eERUQUxCZ05WQkFzTUJGQkpUa2N4RERBS0JnTlZCQW9NQTBORVVqRUxNQWtHQTFVRUJnd0MKVlZNd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNodTE3Z1FiYnZNdnBsbkJ0YnBLOTNVVTMvYjRUZApKamJ5dXJNRDRQOFMrakNWeER4cDF4ZGxUeGJxbFphcVRuaE8yOG1GRHdFRFlhdVgyZHdENmUwTUxkNEV5aWQ3eUp5T2ViZmdQUzRMClJrc3ZVb3RlUlUxV2RoZ1I4NDdyRFNOZnFha3JQUkRaVWZJOUpmY0pqMG4rWElJT2hobEhQZXB4bE56aDRyK0xUY3ZqcXIvTWgxMEgKNzhteG1xZUhvUWlZYmhydExpaGgxN2N2cGVJWlhPT3dVU0JvV1pDWkcreXlYVXNGd2RHU3VoV1l0clNPbE1TZnZlTm5rbk41amh5aApVZWJRQ05vVUhTdEs1cW9YeTFVVU1HRE5IcEFHSDNWNHJpWmhCNkxhTkszZ3gwbmF5d3RvcDF0WkpaNXg0ZllJMFQvVTVreTlGZWxlCkE2SEMzZmR4QWdNQkFBR2pOekExTUIwR0ExVWREZ1FXQkJSWVBlRkVtTkxHcURGQ2pOcWhBUVc3NThZT3FqQVVCZ05WSFJFRURUQUwKZ2dsc2IyTmhiR2h2YzNRd0N3WUpLb1pJaHZjTkFRRUxBNElCQVFBVVBRM1hKSmtJZ3JNSU5xVjJPdnB4bUR2c0JsVEVjQmE4Z2JRcwpTMXZuQUdDNFRsKzV2QWpwa0Z4VFhUbnBHaWtJU25POVp3SWJRYTJ1RlZRMjZFbkNKazF3Z3JMWFRkY0FXQjRLQmZRYWRKUTdVQzltCmE3RTZYaW5FSjBUWGd5UXNSc3R4cldVNldLWGV1d3lYZEFidGE1ZWhzRjZZUDNPYzNZZTBqR201L1FtaWZhVmwzWUJNQ3JxOUVGdkwKUzQ1MUVTcVJMaDA4QUZjZ3RaWlc4RGo1MHNyUGlWbDZidVVQOWd3YWxqamhYV01FTDBNVWtKMlgweHlVMHlGMytNV2lMMU9oaThURwpNeEw5YzliN3JScUQyWk9mU2xXVGN1Sm83OXM1ZkNFOG1leDU3VGdlSEh5eC9GVEIrUzhpMWYvT1J5WTl0ZlErbjJvQk1obnRzN2pkCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + } + ] + }, + { + "resourceType": "/keyPairs/sslServer", + "operationType": "SAVE", + "items": [ + { + "id": "sslservercert", + "fileData": "MIIKgAIBAzCCCioGCSqGSIb3DQEHAaCCChsEggoXMIIKEzCCBaoGCSqGSIb3DQEHAaCCBZsEggWXMIIFkzCCBY8GCyqGSIb3DQEMCgECoIIFQDCCBTwwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFAnDQs-qMuN4DIQVwyQkj1GUEmHWAgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQzFhjowQWE8ITWEAPCxzPtgSCBNBYqfffomrqua2btFQbtdNC7wXc4VsWS1sYCLVM5OLIfMrkpuIsIwmVgPN3skkvhLcC1rVU1tby-TlI1fB3It6u-9R_jSO5IZfrH58E5ldZ66xu7OxlPQYX35VpRhLX_7ypRaxdGnaRy7SBUEgShUWGn1OQEY-upQgikJNJXdEJOr8bkwOHzP3BUMMtv5Me4BKDC42A56s-zhydPN2EJWmRZjHTxtBqzrsjppNbVr-f-kPyUknUSZ4OyNx-cQ3y8fa4OmGMPtjOq2sWGxl8BZlXLh7b_Pby7lB2l0wtstYHEo22No1GvrGCSU93j28dYmiMaxJ-lqYmdf4q8vlyWaxajzkoW8meJQdsjsPu9yd3_kefe9IwDFUFcGeAXNe4jZn-AQcPGl0Obrtvap1Ai8q4JE2ObUTGt7XvmwbDOb0ZDgaqdui6_zDXs9hAG0HR_fg6skoGR6hT1-j4gFOivt5Dw4qKnWDokjgrr3qAYZC3-x5TJTD4lQvvi_yjOUOU5NENoMhJY3PkcRYnK_xFzQ1xi4iRuJGJmtQPOtDOj_4ZMs5nZL3HZGEpoVwutUbUCXvLjWnQoscKZlMGFJXUFFahETMSk0q4xIBPms9swzulHl0gHjmbdb3xdJfYnRNndCzm04uPOv7gWYY2Icg2yTu9fUDmwcOeQ1Ks9rzdLEgo2jN4B4glwryJCfqjb92xj3LhFFpIA506ny-SXNsfDsQ2MBiFuHsZyyIEIfNz_CPRCijrWn0uNoIm3rAFGaP2F6H3_4ZQCi-YCMLWwf9VRW5exxz-S0vAuEXQaLtAGONXSlmQVggOx0gD6aihFGw9JQBXKk9NlzFAmef6tfyLgHuwhJnc0g0K78ecTrfV5-M4RFT3xr9MED6q-P-yK8wE1htTcfIy_Ia8l68yP90u6MT1y5fQ6rqQQs369I_h8D6QA31Fcp_0uWB17zYtc-B1WUMwr6nWPuL4TG2SqUiDBeZg-jvGlrL4r8MsEaFGteYNl2tNOPSIALxKLuJ60StESsdQuHphOrBV_V8oaHp8rtGq6gjQ347o2PnWZPt9tS4hPazm6Pozgu3WDNkKGmBDjFoRxdilQ9Ngzotn_5ay19Uql4hx2sHMT0sqXGy597K4xOHMKoLcKO9EgrlRTsigL0gYe2UJeCqUJP8_2M8EpDIBHmMYrc-zWqgZlOGsnHKqxSykavJohxj9FET2sw-Lr7RyMqvC2mELTCPoV1wgSu8tk9KAOfW4_W1EqsOzz09cMLSXLH0-DEj7Xw9Sb3gHyV9ldkuxR3HCpe0Oh1Y3UTNgfU4Z5CtvjErgghVMsLWqHPWMkIzYktixOmrwa24m9QP9lMjhAn7V6uhoboURE5yTO0riU6_to5ckSQSckhiTqXlj1ezobUFK_xyNPf73qUKybQBavJpkrJV4HuXnv41HN-PvjsIwutU3mSHBzqibJJUBCNZdAp9sicSu7U-N6beOUI5fXPz3kgiQYVal7itprvpRICIeUBl7Kzm7M_G-HN9zfEICJR-3Zav7y93GnJ_JrcGJL0i2HB8BuFtfqwNcZ46QJPuA2SmDV1a6GsXvEZ8x7T3yNOBFH9JOBfqlCKAzsXfaN77cQCSZ2iegbTWqL_bkS8tGA8YZ6p7P_bjAfjE8MBcGCSqGSIb3DQEJFDEKHggAcABpAG4AZzAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNzM1ODQxMzM1MzIzMIIEYQYJKoZIhvcNAQcGoIIEUjCCBE4CAQAwggRHBgkqhkiG9w0BBwEwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFAGV3aQl-8S0DYVAf-y-Cg03xbFQAgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQd79_gTqcpKzXikELsk_htoCCA9ABG8EocRo23dqwip2HTy4fQEFhSZR8BnNuyusB6g-SHdGuNXD19jCKe2gBvQXLNj1HHxJpmsQ6Aw33RHPo2V_zlcQf7bQx9SgPE4Mb6Gc32Ycd7QWvE4gu0al2xSVtQR14Ktu4lU1Pw4z-GZg_-A_VuOB2uNCdBtOp0Oz6RcxPA8HXpYHgCGBJORuzj-noOnXJUQweO6oiDw_qM4kFOL3mvjhm8q8a5STaJA-bJl8ukTkRf3mKawDhfnft7gjc8U72dHPdJd0iHa3kcMONZ4Pt_iwKb6ukCE5HOti2uO0S-eZ5Bmgk4_TUZwN75B-JYfICqQIz9qAokRx6yIo58425ZHNQLXHJI9IETQSyiwcDm1esQHF4xHECdwmN7f4nFeOQjoVODhO8FfArmZcFNGgYbOVQlhJtDBMmZdjhsReTaaSKzimmQT4Lta6LpW9TWnkb2IaGuFMmaq1d9dAn9udqHR5IHxJy6MfoM1N9RSLynGOMLpRvM0ZbzW1y3KHhjb0kb16hXrCarTtO9n2zYEqXNble0H_IxMosn6H7TBFIDG2MYdYNDXnk6yf1CxdoXTMQcs4whToW6GkRGEeTsEvLtT5i2aWAi-MQGHDwgq-vaL3Vn3xBkPo3flVZXQkZaF0uQgWnZhkPiL_o71O2RRhf9KVjy-euhgYvMRYSGhIcaSdyi2k5936gSdLVdozsCh6GzUPiSFeQCzvjQK8X2ZYGduNErTaCAd1WjHZ426OiGJSDUqjvUBIXYEtQcghfUw8whUw5eCRGWwvvdDimdaMGEZOuwkx1k7aQ0KCvdBhNwqZSHIF5zngy2fF34ARMGBmMO3_b4FnoeUCJ0-3yhdy8-miVX7-d4uW8mcVZaHdX0sByMZxSoepP5fpJASAUNp1u0_3ywksPvc9th5yfhQqLpQgDSQ53gFOtlVPaLGJH2nRctxBULmcVMmaa1hweesmx0DTtM4Vcn9eNn6LpcFDVh1S_lF9HuCi29ohUdPR7-VNFAuPZSOOZLZ4iJhyCmBTskoAL8d-ypl_d2m9w6iaR0KIawl50V9oM_bb10AJvSu2K2rhECYK7nfR7SzFepLm1eeZGoJRbVtgpOKrsRZkEP4QK8vFoszwUC72r_gyjM6DVmyt31dLREioF7fEZ8FgB40gAyd7pwiIqBkcLZoR1aq2uFwkucd4d4qc4zb8NXyxPZ5diYee07zH-m9TbvBwD3BwinhWHrrg3L2OSmrkilSt1qRJaKnUZUG3eh8VwroCS4-1bJfaGoLAGiO7GItwBgNJLlAfuhlllt-lyqcswME0wMTANBglghkgBZQMEAgEFAAQgeMWD6JvscHbeWnLYF2sfV1etD5bnP9Fr45PRXAOrlxQEFGm6ysPf_eqUWpSdVEVtkqLGAtvzAgInEA==", + "format": "PKCS12", + "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..A-LZsxtyC8owMs9kLjxSPA.uNxqBKlEXsv9Dq0UPNxldqspvFz2lLu-vfnEqr_72LM.Yyw-JEZF4KLS0Iqyrrvivw" + } + ] + }, + { + "resourceType": "/keyPairs/sslServer/settings", + "operationType": "SAVE", + "items": [ + { + "runtimeServerCertRef": { + "id": "sslservercert", + "location": "https://localhost:9999/pf-admin-api/v1/keyPairs/sslServer/sslservercert" + }, + "adminConsoleCertRef": { + "id": "sslservercert", + "location": "https://localhost:9999/pf-admin-api/v1/keyPairs/sslServer/sslservercert" + }, + "activeRuntimeServerCerts": [ + { + "id": "sslservercert", + "location": "https://localhost:9999/pf-admin-api/v1/keyPairs/sslServer/sslservercert" + } ], - "auditor": false, - "description": "Initial administrator user.", - "active": true, - "username": "Administrator" + "activeAdminConsoleCerts": [ + { + "id": "sslservercert", + "location": "https://localhost:9999/pf-admin-api/v1/keyPairs/sslServer/sslservercert" + } + ] } - ], - "resourceType": "/administrativeAccounts" + ] }, { + "resourceType": "/keyPairs/signing", "operationType": "SAVE", "items": [ { - "id": "myauthenticationapiapplication", - "name": "myauthenticationapiapplication", - "additionalAllowedOrigins": [], - "url": "https://example.com", - "description": "example" + "id": "419x9yg43rlawqwq9v6az997k", + "fileData": "MIIKAAIBAzCCCaoGCSqGSIb3DQEHAaCCCZsEggmXMIIJkzCCBaoGCSqGSIb3DQEHAaCCBZsEggWXMIIFkzCCBY8GCyqGSIb3DQEMCgECoIIFQDCCBTwwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFBu9lcfQZYSEy7gQlbdEmd8rxXOIAgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQAtt_1Q-X_bvGNTYd7XOPhwSCBNCA4qR5dMYpQFgWA29AYTj8Uhpz0X901I_bWw9jT2Yprw0X7q4gO8QAp_aE4STPmsjaeFLqY4gV2YGwevvnj4F1rKXInzNOOichgLssAXPEGymuTXpmMwDinI34suVrEwDxTdrpCfjuVFT3eTDY1LOgHqPpfY71PvpuGB9rAahcjPRNsUp79OEE6LmSJv5m8ivzyxvwROV5Md_ns6ZXmLyoJkuDOS_n0ei5ReUT55V5ytRTy2qSb48NbQH5n7OVOQvdGjqpWV7OZH7lOBruJ52obVvD56OLVnGKp-WlGwOZH9MD-ZVFZ8SaOhjw__Zs1Ozc_hqnjzxLa8sg0v3ZKEWVbmkcYBEBcOHaDWadF3i9hYa2C_tMhpHvb8NfpMbn-q8ApZDguMjveVSjeBHUs2Ag-0KhMonL9h_noVFMYpveKQQIIM7wLdhcxC4DBq0eUFiEM3QHmz92bsRcH8jNRrWJWK1VbUvjO6jS5f7cU04W7xzwoacmhM7sbebtdmJrIKrgACNbqzZ9PwxYfjhlfHFA20GeYMzHttpWBbJJkbF_UmOWT2Eg0TvXUqStKm6ADRbG5ASxsmVfUX-Hyn1aNx-FM6Ht0Vsc0LHjryzQnuB9NDkBULq_sW0VW8C2NLnP_wFu0fuh9jyoEF5RC-8dMkjXLyJRvccFBaOKi-Qk7fR0zvTmLKDCHTZBbyOOQxNbcLaEOh6r7kYdIpLhe-Q_yNSrqfnz8F64V_L0gLwC9v9FtZ3cuhcUkvgq7tKHyTZw2aJyUF-q-6f-Bk6612SAdgCkgk8hpot5f0vzDz2L8k-3zvGywQe7ujlTQ-C5AdNAiNtLvKT2uisFIbzG9WC0jqYH_L8OQAvSFw-P2E4MLWPPjZT0g47YSdqd5S5Ola2iC64T5uk4S5oB4VW3ws7Rf5L3wBQQaIMyNLpg4rZkrRiLcgfjzKK4dMPLTTxAGyWBHTufyHKBvs706aPXzIFbL3GXM7cMo5dIdM5W-aSGh9NtfdphOWs2vwhxIosFp_UMr3CIHkqvwnPt-O4xzyTLKmUGKr2p3ruQeHT5JJeWhsKL6eDHR3-DNR4OVvQ5sd7GJAaq3K1VLOu6gscDfw_fCBFOccoj5QQXIvFVFb3NyKIKGS87rYlkigUzjqLLkR33tqOyXlHqhjS0AN9-oy8vZGrjqemZDaevpM64poY2QmhqfAVC85YjwejjAKZx-plTJ8eYqfj1cIG7aVPTB2tZddj1YdGmFTkxcskPuqXIP-vnclgtgUrApmCeSq0AhodmC7uOHp9PSRIwMDRFvznt6LpgW0PSL-1f2yczuat80Tr4UWhTUIbBm78xzeG5T-dyNQ_zViR5vPjvqT28FrZT2sRVAQ4J7JR9iblgnh7ke3cmB_eP86gkQcOBBQb6jeQFGcq-RPANVa2zAehuF-fYmqOAAo-zE3QzUAlnGojqesFo-ayAr3cAVBFb5lyq9kln7oVqrjWX4z1K0C9RX40WCsTsQg3aBjCoIoVhx4JXcbcnUYvn4ySD_YkTLxaB19nNXdbrsumtiWKzpzc5rjRU2uVqp-TPKm0XwNsEewAW1UJhNMl977X195K-r67IkNYnU5aUVY2k7Tuf0Rf-yPCL6UKoTIHwlc48DKupJIjxKYoRODE8MBcGCSqGSIb3DQEJFDEKHggAcABpAG4AZzAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNzM1ODQxMzM1MzYzMIID4QYJKoZIhvcNAQcGoIID0jCCA84CAQAwggPHBgkqhkiG9w0BBwEwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFOfUPzmOx94MyP_4sBLYVGeDmfe4AgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQNM0-fUC3gt4mEoi-hLB0TICCA1BXPjb4_4mjcv18ckV6TNUXcj_P3ijZB09hnmufljw1h7yOw_Un9c567Ev3w9g_JJzmMGzhX2sAcaS_SDLDoB34z3z3QTM_JvAQ3M8sIX4XF5dMysfefrm4wrT4b-GFVTlsjH_LSWJ7N7Vd32GT1K08EXx2nxSmVKoO-mP9NUInGsfvqERV-CcDkaOF-g8aP2_uBKBZQG_kjzMh7I52T8HDCIVZRojbhdKsOKDzkuBZ_A__RSZwohfAPsok_GMvuKeothcoE3SDvaj-O7eUuJLXxVRsgMznex9PKHU4xpTzhY1iu_8HPkQLTu5YaNkEN6yBbPsfKkUQH2yO3REsISNUjykOBpD5nFm9VveNUWZXjYXJFxgCz7Xpz49mQF0bRT4tk4MnKzzSs1BDXXpYTEr3ZGKHWjlPPOKta_jkYOazW5yl8CGj-mM7JVvHMefPOpR36GDCgGkHEJHSgDpyNjswyHMG2Kml8IH0AeBOSx2KxK90VszF6aNanlGZ0gUVT8jzXnNTc5HGROEW3M4Tunc0gAL5XhgZh9rZxh3Syyq5goc58H7hfDMm7AVsvtGVaTQ5PJN2z7KhQQBd6gcxxiaI2DzprUwdbrNJ9mYkDO0rXhaiOE9glpSC29xzy6H-IHs2tX628sGMK4Xm--6yWwhK8_JcTuinOmYJ2tIqeEy0_LZwS9c-qdOv-1DSJyOs_1XQPOxG72lLjm_6EzSOvRw1S80AFOIpVJOZObyeuLrDGpWIt2RpYguH9QC0SZjj9xT-2W44kkmk4smsSlAjQjyJwsg4wbeS1ZRuMUYwO1ysx1vKw3dfiOi4yrMZNzuNb1i4qJ-G749ErwY-6P9VFHcokFDPXdnE2M2U11mPDejWcGn-ewkPMybDPjPxkZC9Df5Ezcw57H168sU9K0FYvlD2bQA5F8OGm-KIzOx8u-1jDTsMO_LihQYlnCumhQrjePaj14uVGaEuof-MLajhLhb8wf5Vntt1LEom5N1m99IN8FE4v2iktzQ437uMAaC8kgnopRGsJnGNFPyemo069Hu57hNPNRtyt6SEkQWEUsrkrLOQaqwZZGSzJePlkchsY5nElV_mW-72C-1mtypy4M8azGEa-OPmZ1gAaroNGPJ50zBNMDEwDQYJYIZIAWUDBAIBBQAEIEbwzQEf168Lsd_OJ1LCzhAwmLN9mzzdaaYuBzspI7gXBBQCHaD1KUeSv7pgYVsXNv8cx2n8WQICJxA=", + "format": "PKCS12", + "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..Pu65zkeybTU9lLx85fBi5g.1_1VeJsKIef5zAVui6NDHLTebyJMDH2ucGi8luVulVQ.lz9Bf1wwsOb1GYnOPHTylw" + } + ] + }, + { + "resourceType": "/keyPairs/oauthOpenIdConnect", + "operationType": "SAVE", + "items": [ + { + "staticJwksEnabled": false + } + ] + }, + { + "resourceType": "/certificates/groups", + "operationType": "SAVE", + "subResource": "STS Settings Mutual SSL Authentication Certs", + "items": [ + { + "id": "ycrgw3j4ckw91gxdmd479qftb", + "fileData": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURuVENDQW9XZ0F3SUJBZ0lVUzJUQkNkUnpwSzRaemUrSERLakI5RVFTSHFZd0RRWUpLb1pJaHZjTkFRRUxCUUF3WGpFTE1Ba0cKQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdNQWtOUE1ROHdEUVlEVlFRSERBWkVaVzUyWlhJeElqQWdCZ05WQkFvTUdWQnBibWNnU1dSbApiblJwZEhrZ1EyOXljRzl5WVhScGIyNHhEVEFMQmdOVkJBTU1CSFJsYzNRd0hoY05NalF4TWpFeU1qTXlPREkwV2hjTk1qY3dPVEE0Ck1qTXlPREkwV2pCZU1Rc3dDUVlEVlFRR0V3SlZVekVMTUFrR0ExVUVDQXdDUTA4eER6QU5CZ05WQkFjTUJrUmxiblpsY2pFaU1DQUcKQTFVRUNnd1pVR2x1WnlCSlpHVnVkR2wwZVNCRGIzSndiM0poZEdsdmJqRU5NQXNHQTFVRUF3d0VkR1Z6ZERDQ0FTSXdEUVlKS29aSQpodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUpkb0d1cmdEdlNSQkwyY0llVWFDWTNwbzVZRFpuVjFleXVPUVR4UWM2T1QySlMwCis0MGdKYkptZk5yYmNPU3QrMURieHpQK0l4YmxrY3o1NjlWT0M1bGJST24zOHllYU1VMzJYYy80REdTcDFIQ1kvSmZTeWd6LytxcjgKOFlUcU1hSTIxQWJabkFpWTV4MFJ3NTZJRG1KZ2xYYVhlVmJDVUp5N29QVHlBb1lZVDkzREpEazQxWmU1MVVjVG1Vc1RLTjRLM2d2dgpTYVJ1eXE1K2c2RVhCcTdBa2VPbmJQMGJTSHliTjFLRVY1QlhOTnBnazloMEp3M1BFK3FrbS81bllSenhCZjRSQS9BZ2Z2OWVzRzlOCnozWGdEb3dBR0JteHIrclUvbmE3cHdFRXVkTWg2NjhERURlUlZ3aDFaYXBZcEJ0VmN4TUhtZEpQZ0ZKckJsbzZtTUVDQXdFQUFhTlQKTUZFd0hRWURWUjBPQkJZRUZHSmMzWjBqOWtYUHNUbW1iZ0FzWS9QSzJjdXBNQjhHQTFVZEl3UVlNQmFBRkdKYzNaMGo5a1hQc1RtbQpiZ0FzWS9QSzJjdXBNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSlZCdmNIaGgrMDBnelEwCnBuWkt0Ukp4dkVnK3BHaCtCOUUrNWkyUHNOR3lJQXZBWHc0bWRCY1FaS3hmaVhNMzFaRTJnZTFtUCs0ZGkxMStQS1lOSDJFOTczUEwKSit3R0hlUVoxRVRERzVmbzc5dDBNRzFSekh0R29pclpXN3Y0Qk5VSTZaTTJGakVhQ090WmcxclVoa2RJZnFEeDRDZU5qemIwcmhYSQp6WE5UUzRZNlZseFdBclFud0FncVB0YjVwb0pHM01tLzNmNnVRZy9sMExJS1RZL0dSNnlRc05Da3pUWlFocklwWGo0UnBxblgzUWdECjFJV1RvTW9uN250cDRnQVAvbEFTTTUveG01SnpiNmRtRitob04wNzNnMDJVZVYyVERMemU4MCtLK1hyMUdaZWVVTHVYTnJoT0VYRFIKeXR2dWJlOE9YUFBZNi96Q3BoVmIyMWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + } + ] + }, + { + "resourceType": "/secretManagers", + "operationType": "SAVE", + "items": [ + { + "id": "testSecretManager", + "name": "Test Secret Manager", + "pluginDescriptorRef": { + "id": "com.pingidentity.pf.secretmanagers.cyberark.CyberArkCredentialProvider", + "location": "https://localhost:9999/pf-admin-api/v1/secretManagers/descriptors/com.pingidentity.pf.secretmanagers.cyberark.CyberArkCredentialProvider" + }, + "configuration": { + "tables": [], + "fields": [ + { + "name": "APP ID", + "value": "testAppId" + }, + { + "name": "Connection Port", + "value": "18923" + }, + { + "name": "Connection Timeout (sec)", + "value": "30" + }, + { + "name": "Username Retrieval Property Name", + "value": "username" + } + ] + }, + "lastModified": "2025-01-02T17:59:25.681Z" + } + ] + }, + { + "resourceType": "/pingOneConnections", + "operationType": "SAVE", + "items": [ + { + "id": "noeOvj5ltBnf4rcmtZAKdJ", + "name": "internal_brassteam_893438732", + "active": true, + "encryptedCredential": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..sZUhJG6aS4P0ZXDNWK7XjQ.JtO_yZJ-TAPVdup6werUdjmo7tACboMfAJi0cgxELtK7pusQrpc_0iSsOLRVjX7QaHJmXMaLpiBZehCCbdFOTzUUZmXfMahndKkiSENGAoEFAcFK5siQ-_wfzCK9vaiceSik3cKelwuo8MmLVBNjPAFeZP7tfr1NFak1Fr1qrCIZNLft7v5fnTbe7sVaF4aZdaWlTsDPcD_6Gl-0oDrtRvLhYAgakAkcCugZjHmm5rijrQlYEuo4ip0Xn8z300uJ_-aXdsalbo_AA5lnhtTSCqoZamOXyrUWxWlpK6ner-QuHjbnIpDRIFH2A1qJPmphcuJWBGgrHJkH8eCj5qPsx0fr8uaTaW5G9Xxz0rORRf5JK-fDwge_XoqYo-vLOMeHjletKAoqF4weKzupGcrnLy8Nhx34SQOewG4uKCGc--Xm2VkaM6-P9VO9U6J6c09brq0z49kJ_ZdVG-wCqc-ADOUb1G-d7GQ9NsEyS1WxGLEVqcRYtJ8mRtjl32Co1GwrF9Bvd-_0cuqqWc8dAx2h0JVaQkURSKNiVO_a8SkOh6120k_2frr0bAuWOQZS9C6VLsX8vnnH-khrmexoNBYUtWDAUMH2EGoH6tPnSK5mhsDgXXvcUeGWo3Q2eOb_tqCnsXAQTzKQJQ9GpKoUdNcxjn2j_QGNZG0gDkKBAvSCyDhCbdVSHm3vofmaAi1wd4vHcMo_Hi6_Law5iKpdGwpJuEH32HWKnCq3JXVr8R-q8fwRsgREuN0Ioz1LoP3-i5HcguJG-WjvfK1udTKn0iXldvJCqKdjNm8vHusev33Ibf5Ko3t7BNROIEcCvXGT7qOo7Irki8SLkhY6K2KKuvBV1oNZiG2tIT0blsbm2fRYQ_Bqbree_iRClh8WHhv7gP4kK2ZnhSNA4R5JMIlrnxM5ffrGw5oO9k_DiZLNMtp59kvEIkdDm8SZUZBpxR_GV2o_LK03BX7E63Q1nMXYtLeMqIm7Wr-_0qOTBw0FWM8gwf-JZpKbZeWP298O7DJD_OIqaTBCFoSXjZZXxZFmd_Yp6UmxZ2vMaju2cphm51bBV724WF6Up99suq4xiMrU7tqv1cdLTkIZ-1ng6YpVUSNndVtvhdFx43F-1LnQjHa6nnEUP3zuvcm8s29gw1FfHvreTOIn2LOn2JoctvVYg42WWDCTWxNsjNBp0qgWeTdGeV-4Kpk9hOswlMzjAJhPXVZJoMSIlEkKmUgTozdKf3H3VnMNdGDCavTa-1xrMn4gTmmk5WjJXZAO3WAN-oUKAKKA4D1eJtST-NzlQfSWIJQnwEFlKCCFKt2hYJYb8sSfjwfgeYo60I-dV-5do4uImzQ8glEwIcSDc42IG4CNYzVqVRH-0Gtoml9UIFc8Tq2oclV32Xflgi054OgxLf4c4N-zG5jAQs9Hl7T46enBVdFlgi2V5clxfmLx8XkvyaA8YiLxqXxtVQ3XqoNzguzWWRIWPAYEf25mIbnTuwIuaHb6EJZWkT3MH9qD5_TEOYCREXjbUKI95wiAfpA26qsoo1x8z2x081qGcghDJJ1c4mBOOLr7HO_Ggwnj-Q8vZAYO5t8GSXD7zM-NkEwR2qi6W9bv6J2x8y5C9zaDtcEFD9oZgZLtZ6FuyheohkODZ_Lq3aJZ0HTge1Npx7KSCkHPf8VzKRfMsncwkQYN3Q3t5oq43YNdYAVi42aQTRvG8K-Z5zt1ivg5enUkEov9YlB860BJquU00Ohuqm0WOSzjK9UkdA.BeKp73q8pwVZrsknfzDGRQ", + "creationDate": "2025-01-02T17:59:21.234Z", + "credentialId": "971b5d20-0955-4030-b49b-7e349b3b9b1e", + "pingOneConnectionId": "554257ac-76ca-447a-a210-722343328312", + "environmentId": "f5901536-2b60-4d4a-a987-3d56aadad46d", + "organizationName": "internal_brassteam_893438732", + "region": "North America", + "pingOneManagementApiEndpoint": "https://api.pingone.com", + "pingOneAuthenticationApiEndpoint": "https://auth.pingone.com" } - ], - "resourceType": "/authenticationApi" + ] }, { "resourceType": "/dataStores", @@ -59,7 +230,7 @@ "ldapType": "PING_DIRECTORY", "bindAnonymously": false, "userDN": "cn=pingfederate", - "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4wLjEuMCJ9..6RewNBX62O0tgFLaPtvcDg.IshqqZsUlopyadcCUEr9Gg.-7q9bdH2EpKMIcdz1MVMNQ", + "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..hHAlDvmt1Ks5fwUh4l1gyw.pEJ038M0X9dylJ6eH_1NUQ.Ik2S0INx5QtmI7xChZrnUw", "useSsl": false, "useDnsSrvRecords": false, "name": "PingDirectory", @@ -71,6 +242,7 @@ "defaultSource": true } ], + "lastModified": "2025-01-02T17:59:20.482Z", "retryFailedOperations": false, "testOnBorrow": false, "testOnReturn": false, @@ -85,7 +257,8 @@ "binaryAttributes": [], "dnsTtl": 0, "ldapDnsSrvPrefix": "_ldap._tcp", - "ldapsDnsSrvPrefix": "_ldaps._tcp" + "ldapsDnsSrvPrefix": "_ldaps._tcp", + "useStartTLS": false }, { "type": "JDBC", @@ -94,7 +267,7 @@ "connectionUrl": "jdbc:hsqldb:${pf.server.data.dir}${/}hypersonic${/}ProvisionerDefaultDB;hsqldb.lock_file=false", "driverClass": "org.hsqldb.jdbcDriver", "userName": "sa", - "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4wLjEuMCJ9..7tDRsYYYhUm3zb_BtMcn0Q.HrYxxlXpI5s3HgjXaJaW2w.uaGsFAv9XrmgKTYvMn329g", + "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..wxVrzkuEU1rs99EBnEhZtg._bLhQUpQL42SYEXtgb2X3g.OnqR5MNMsSLgpeovbonxFA", "allowMultiValueAttributes": false, "name": "ProvisionerDS (sa)", "connectionUrlTags": [ @@ -102,7 +275,12 @@ "connectionUrl": "jdbc:hsqldb:${pf.server.data.dir}${/}hypersonic${/}ProvisionerDefaultDB;hsqldb.lock_file=false", "defaultSource": true } - ] + ], + "lastModified": "2025-01-02T17:59:20.498Z", + "minPoolSize": 10, + "maxPoolSize": 100, + "blockingTimeout": 5000, + "idleTimeout": 5 }, { "type": "LDAP", @@ -114,7 +292,7 @@ "ldapType": "PING_DIRECTORY", "bindAnonymously": false, "userDN": "cn=pingfederate", - "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4wLjEuMCJ9..OHfrNaAuajm1AMtNq9XB-Q.6SLl-a107TOUuQ8foVSDJA.k4pH_u0FmunvC8JhxUlOOA", + "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..k1L9m-3jpjS2sXo9554-cQ.VslnEnAz5XwI9Pgipvn9NA.Me39IBEPU6hUMnaGnftV3A", "useSsl": false, "useDnsSrvRecords": false, "name": "pingdirectory", @@ -126,6 +304,7 @@ "defaultSource": true } ], + "lastModified": "2025-01-02T17:59:20.508Z", "retryFailedOperations": false, "testOnBorrow": false, "testOnReturn": false, @@ -140,414 +319,599 @@ "binaryAttributes": [], "dnsTtl": 60000, "ldapDnsSrvPrefix": "_ldap._tcp", - "ldapsDnsSrvPrefix": "_ldaps._tcp" + "ldapsDnsSrvPrefix": "_ldaps._tcp", + "useStartTLS": false } ] }, { + "resourceType": "/notificationPublishers", "operationType": "SAVE", "items": [ { + "id": "exampleSmtpPublisher", + "name": "exampleSmtpPublisher", + "pluginDescriptorRef": { + "id": "com.pingidentity.email.SmtpNotificationPlugin", + "location": "https://localhost:9999/pf-admin-api/v1/notificationPublishers/descriptors/com.pingidentity.email.SmtpNotificationPlugin" + }, "configuration": { - "tables": [ - { - "name": "Authentication Error Overrides", - "rows": [] - } - ], + "tables": [], "fields": [ { - "name": "LDAP Datastore", - "value": "pingdirectory" + "name": "From Address", + "value": "example@pingidentity.com" }, { - "name": "Search Base", - "value": "${USER_BASE_DN}" + "name": "Email Server", + "value": "example.com" }, { - "name": "Search Filter", - "value": "(&(objectClass=person)(|(mail=${username})(cn=${username})(uid=${username})))" + "name": "Sender Name", + "value": "" }, { - "name": "Scope of Search", - "value": "Subtree" + "name": "SMTP Port", + "value": "25" }, { - "name": "Case-Sensitive Matching", - "value": "false" + "name": "Encryption Method", + "value": "NONE" }, { - "name": "Display Name Attribute", - "value": "displayName" + "name": "SMTPS Port", + "value": "465" }, { - "name": "Mail Attribute", - "value": "mail" + "name": "Verify Hostname", + "value": "true" }, { - "name": "SMS Attribute", - "value": "" + "name": "UTF-8 Message Header Support", + "value": "false" }, { - "name": "PingID Username Attribute", + "name": "Username", "value": "" }, { - "name": "Mail Search Filter", + "name": "Password", "value": "" }, { - "name": "Username Attribute", + "name": "Test Address", "value": "" }, { - "name": "Mail Verified Attribute", - "value": "" + "name": "Connection Timeout", + "value": "30" + }, + { + "name": "Enable SMTP Debugging Messages", + "value": "false" } ] }, - "name": "pingdirectory", - "id": "pingdirectory", + "lastModified": "2025-01-02T17:59:22.146Z" + }, + { + "id": "exampleSmtpPublisher2", + "name": "exampleSmtpPublisher2", "pluginDescriptorRef": { - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/passwordCredentialValidators/descriptors/org.sourceid.saml20.domain.LDAPUsernamePasswordCredentialValidator", - "id": "org.sourceid.saml20.domain.LDAPUsernamePasswordCredentialValidator" + "id": "com.pingidentity.email.SmtpNotificationPlugin", + "location": "https://localhost:9999/pf-admin-api/v1/notificationPublishers/descriptors/com.pingidentity.email.SmtpNotificationPlugin" }, - "attributeContract": { - "coreAttributes": [ + "configuration": { + "tables": [], + "fields": [ { - "name": "mail" + "name": "From Address", + "value": "example@pingdemo.example" }, { - "name": "givenName" + "name": "Email Server", + "value": "pingdemo.example" }, { - "name": "DN" + "name": "Sender Name", + "value": "" }, { - "name": "username" - } - ], - "extendedAttributes": [ + "name": "SMTP Port", + "value": "25" + }, { - "name": "entryUUID" + "name": "Encryption Method", + "value": "NONE" + }, + { + "name": "SMTPS Port", + "value": "465" + }, + { + "name": "Verify Hostname", + "value": "true" + }, + { + "name": "UTF-8 Message Header Support", + "value": "false" + }, + { + "name": "Username", + "value": "" + }, + { + "name": "Password", + "value": "" + }, + { + "name": "Test Address", + "value": "" + }, + { + "name": "Connection Timeout", + "value": "30" + }, + { + "name": "Enable SMTP Debugging Messages", + "value": "false" } ] - } - }, + }, + "lastModified": "2025-01-02T17:59:22.157Z" + } + ] + }, + { + "resourceType": "/notificationPublishers/settings", + "operationType": "SAVE", + "items": [ { - "configuration": { - "tables": [ - { - "name": "Users", - "rows": [ - { - "defaultRow": false, - "fields": [ - { - "name": "Username", - "value": "joe" - }, - { - "name": "Password", - "value": "${passwordCredentialValidators_items_simple_configuration_tables_rows_fields_Password_value}" - }, - { - "name": "Confirm Password", - "value": "${passwordCredentialValidators_items_simple_configuration_tables_rows_fields_Confirm_Password_value}" - }, - { - "name": "Relax Password Requirements", - "value": "true" - } - ] - } - ] - } - ], - "fields": [] - }, - "name": "simple", - "id": "simple", - "pluginDescriptorRef": { - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/passwordCredentialValidators/descriptors/org.sourceid.saml20.domain.SimpleUsernamePasswordCredentialValidator", - "id": "org.sourceid.saml20.domain.SimpleUsernamePasswordCredentialValidator" - }, - "attributeContract": { - "coreAttributes": [ - { - "name": "username" - } - ] + "defaultNotificationPublisherRef": { + "id": "exampleSmtpPublisher", + "location": "https://localhost:9999/pf-admin-api/v1/notificationPublishers/exampleSmtpPublisher" } } - ], - "resourceType": "/passwordCredentialValidators" - }, - { - "resourceType": "/keyPairs/signing", - "operationType": "SAVE", - "items": [ - { - "id": "419x9yg43rlawqwq9v6az997k", - "fileData": "MIIKAAIBAzCCCaoGCSqGSIb3DQEHAaCCCZsEggmXMIIJkzCCBaoGCSqGSIb3DQEHAaCCBZsEggWXMIIFkzCCBY8GCyqGSIb3DQEMCgECoIIFQDCCBTwwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFLTKPJwidJYF-vbm9h9ij2NGhf9oAgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQ79KdD_qxBVa0U7JyU_DiaASCBNDYe72YOp8awn68_hl524b1wEmFaJxXreKC3SRPDR_7NgFlD1jKQQ0CtPaUVgxgZ1LMMBqtvj2j__jF2SYxVJ-eWvz4sExEXPuyNY1RZbppB24h_4gfzpCL_F1QPAuG5agBy-7GoIjJMszuuW-RYudB-bwZqwwducg42VYBOMD8_XNT49qoVpYA0A0HeBrPkfP32AVddrdFEzJFsxYbj2NfrONCaJTwJrFHAdbvBiHRxD4Spg1VQVw6-4NjBC5DgcrKfdPl3NwVQFMxpHLrS-5dr8kFZICwm4UdlLwq0NPr7aREYsLr2G-pCJLCvGZz_9-WYmlqL-ZfGNrLpHYqv3gD7srSbwMxdz1bNoV9MfDlGspc2a2J3pASca3GSfAvAiJXS4p_VpNxc6bXDB5zwbZpksCc1ISmtM2Hoh1f6EffjeVHFI03-sWQsRLZNSiUrOV9b0qNCj2m9U5quagx9JyM3ZzFfemibTYrdoU3oPVHHf_EHKqh-MaDAowcenHfxwo5WWJapjyFUswzSgjZr8OyDE0z9Sr67VFrFLL670qHCnoMQm7ell-C9Lbt637Oqhf3eYoWlJSO5tglEt-QyOSc-G-Iw9I-0-UgQf4QaZHEXMTopSE4O_XSkTNrM-HG73zagcByj8BHTD7YyvPNs55H7wCcs_n1vtoiPaWefBwMkDUHr2vu84OOyA-9GI1hhO1nCR7p1ThLy_b8KT1i2E3ktJ5-RjQPGHIrzOv0h7AnbPB_jqlqmN1q9nwzprjmh9oYlBmuCTXOCDZk0BQpYsOaCSZt9mHrU9pcp63mG05A3YTF8_zSnBgKD3MAL3ieaTd98ki6g_czAxm3Zfv1qC7frGJOobqZQjd1v8CcZG502RmSGDttiyusH6BMMuHlJQP98n5QDRZa7MGYKz7bVt4IZC0IfGGe7hqYZId2Pt7fSgWYd3wjKDby8OdWKpEvUq74rUYKzqjHGHPaujUssJ1qxkoe2jrTCVvwvJmbDfsI-Mcd3Yt4blS1ytfD0HERnB3KJiG7nHlTlWlae0kECOCbLq1aTxtHoXBqWkz3kG6oNG5u-QmtO4EGlOVgXrbx6HuJ-h9KEInSmnFKmesDCkCGhWuy0NA3zp4xMIjGMUFkx7cgTi6jPFHmNfOIpR7Vow2b1yDYlCvV6_EOhHnE3_z9I2rh90cqsTE22MFEH9i9OLijIWP4EqAxXYLF01QJznB4Cmgxel4R8r7a0eN0gf9otWsaUcnVAJuBAtU1J5JbQKsCin9Cf6BQ64u53gaTtAEKOqCh_LUFCfrBjXvbC64CNjWHyAmRy_sM2BVqjExzh35LGpzPPvaO1PzPGOsWETzzd5fwbigOR46a4f5z_dstneLnG_WDaGQwoedXvKeHW4RDE5oQ49b-_0A8MXy-RIlsiU-r3sbYoil7rsrzy_0j3dglNAFlIVmc6zvb4xSiPdnieohN_iv2VVCZdwYBH-xux9pLV4hF2BL2s-YFIQWPUd9TiEeAtikYyXOu7l9F9cld2OqMlbdOtOVJ1V2vn8xm8al91YKJHXd9yEyDP4PUHwu4nz0KZrXVqPuXDAoZB_buoxv2mEgbGQ0WKFXTDrz-opq2L9SSoiAh5Mf9-efBC3d6sPO_jMh74q2rl2p5qjE8MBcGCSqGSIb3DQEJFDEKHggAcABpAG4AZzAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNjk2NTMyNTEwODY0MIID4QYJKoZIhvcNAQcGoIID0jCCA84CAQAwggPHBgkqhkiG9w0BBwEwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFAFdj0s4XgV7ONDqUlU2K0ZGWk3nAgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQslddrqq6CVi_URYA6GwnEYCCA1C4uJ1QZpXZFFU72fKc3GWE1wrg4tOKVsMyfqewoUh88O3MdFJIcqfHn1xGc1DVD2s3GoYax1maMlfigHDHxIu5vUV6PS6z9TYdMsh8JCoUNwl_HRccRH8ssMJ0uO6dgETnjmQaTEpghx1JCN-_ssXVtGHJY3gok_SFCtRuyo8p2xiy6xOTvh_Sf1F1jbqau62Bt1W-pveqEDGe7zu9Y0q-6a7lS386oS5TSLdU0d_w-9Rteut-zkMJqzfyUhbPBS4IU8uQqm9GIRx2loNgv14is5v8A7guXUInXy2XXWFQJAJAZ5Q_fQheiGKyJJiJXyvVF9Dh9zEM5MmOwCvuu0uXarnY4PHdO4UbYF_KnEFU7z_lpZf3xrOW84zEjVaGS3erIfusQp3P7ocQHYsIpwBOYguFCCNB5ESndnKgXHquX-kOYgmFIbGVu5OOn6ThA_HNzga2hlnj19CM3T5cT_T8o1rhS15TzUP-68L6-0yZa_gCb1UtjPGya3HEncgEpnzCHSlLp-a5nc2LP8VBpTanjqmhhn8G4jnTm6odTm9-e2HptimFUEE-17T5_D6BFCZnybYhYbyAoGFWqEQun-iqC4U34vUrYabVzp6L61bwQwr2pMNHpvn19BWI7gj-5Fiv2LX_-i3RM9JNTtHxr-XyhnnObSzEE06BWDzbYc_Mix3Lo9YG1_GczqamZaFLDuw6DjsfWS46ak_s05Xb8VB5L8hvuGPLIBDTI4ekvVhnuaLz02hHGt7b6BsMu6BlnaJH0dQ823e3cqN3-6ZK1wDIevKhhfxk063K1RysbsAwD-881lotTbVy4Ni2PQo_aldUNVoO4b6Z_t1iJeIyMCyE6iLNK8dQ3jcHlJVfuQ5wiVYTPvzpyO_75X-FVzn3z7nYr_-6_ifldADvGH129NzbiIS_pyqGagNeGievYy__6mRk6eggii6FlIUmXs9gmDgN_SKTH5GrYhRvVGXYIcssLIcOWoBjCmzZcLuvnqPL26lLWREVICZAZJKFN2Z9PEeLGYjnfzf5_fWTEVnTSrUkpKuRYkt3ZHGrGaddmhifK2EnPiZNow5Deb5PnTsKDzAxde72zE1nqtqYxOKZcMO9kX2FVSkgijSLaRhKaAmetTBNMDEwDQYJYIZIAWUDBAIBBQAEINbpIfulyYknJxcBpJ1nPDeqtR-_CVqeWCqd5Rru8To8BBRJ0_5HpFO0PxATZveX8rK8cEqvtgICJxA=", - "format": "PKCS12", - "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMS4yLjUuMCJ9..QxamhMMTPjLpYZ-1uhf-ww.EL3oTIlhI-wlX1oWrWiyWKR42hCwXxpHTBA62UiReDw.0VKa9gKWPEmASgS68xCErA" - } ] }, { + "resourceType": "/captchaProviders", "operationType": "SAVE", "items": [ { - "password": "${PRIVATE_KEYSTORE_PIN}", - "fileData": "${PRIVATE_KEYSTORE}", - "id": "sslservercert" - } - ], - "resourceType": "/keyPairs/sslServer" - }, - { - "operationType": "SAVE", - "items": [ - { - "activeRuntimeServerCerts": [ - { - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/keyPairs/sslServer/sslservercert", - "id": "sslservercert" - } - ], - "activeAdminConsoleCerts": [ - { - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/keyPairs/sslServer/sslservercert", - "id": "sslservercert" - } - ], - "adminConsoleCertRef": { - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/keyPairs/sslServer/sslservercert", - "id": "sslservercert" - }, - "runtimeServerCertRef": { - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/keyPairs/sslServer/sslservercert", - "id": "sslservercert" - } - } - ], - "resourceType": "/keyPairs/sslServer/settings" - }, - { - "resourceType": "/sp/tokenGenerators", - "operationType": "SAVE", - "items": [ - { - "id": "tokengenerator", - "name": "token generator", + "id": "exampleCaptchaProvider", + "name": "exampleCaptchaProvider", "pluginDescriptorRef": { - "id": "org.sourceid.wstrust.generator.saml.Saml20TokenGenerator", - "location": "${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/sp/tokenGenerators/descriptors/org.sourceid.wstrust.generator.saml.Saml20TokenGenerator" + "id": "com.pingidentity.captcha.recaptchaV3.ReCaptchaV3Plugin", + "location": "https://localhost:9999/pf-admin-api/v1/captchaProviders/descriptors/com.pingidentity.captcha.recaptchaV3.ReCaptchaV3Plugin" }, "configuration": { "tables": [], "fields": [ { - "name": "Minutes Before", - "value": "60" - }, - { - "name": "Minutes After", - "value": "60" - }, - { - "name": "Issuer", - "value": "issuer" - }, - { - "name": "Signing Certificate", - "value": "419x9yg43rlawqwq9v6az997k" - }, - { - "name": "Signing Algorithm", - "value": "SHA1" + "name": "Site Key", + "value": "asdf" }, { - "name": "Include Certificate in KeyInfo", - "value": "false" + "name": "Secret Key", + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..3pPidj27zSRP-4oQzB9ETQ.Z40HefyO6l_bTuMVL5uLrg.AzHOXB98M79pKPInlFj8-A" }, { - "name": "Include Raw Key in KeyValue", - "value": "false" + "name": "Pass Score Threshold", + "value": "1" }, { - "name": "Audience", - "value": "audience" - }, + "name": "JavaScript File Name", + "value": "recaptcha-v3.js" + } + ] + }, + "lastModified": "2025-01-02T17:59:22.192Z" + }, + { + "id": "exampleCaptchaProviderV2", + "name": "exampleCaptchaProviderV2", + "pluginDescriptorRef": { + "id": "com.pingidentity.captcha.ReCaptchaV2InvisiblePlugin", + "location": "https://localhost:9999/pf-admin-api/v1/captchaProviders/descriptors/com.pingidentity.captcha.ReCaptchaV2InvisiblePlugin" + }, + "configuration": { + "tables": [], + "fields": [ { - "name": "Confirmation Method", - "value": "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches" + "name": "Site Key", + "value": "exampleCaptchaProviderV2" }, { - "name": "Encryption Certificate", - "value": "" + "name": "Secret Key", + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..wwvv0AxaHNm6KcJp-myEIQ.cjnIlRFrAIU7mD4E-cPP4A.WtsTJg4ghSIGvcltRc6Jjg" }, { - "name": "Message Customization Expression", - "value": "" + "name": "JavaScript File Name", + "value": "recaptcha-v2-invisible.js" } ] }, - "attributeContract": { - "coreAttributes": [ - { - "name": "SAML_SUBJECT" - } - ], - "extendedAttributes": [] + "lastModified": "2025-01-02T17:59:22.181Z" + } + ] + }, + { + "resourceType": "/captchaProviders/settings", + "operationType": "SAVE", + "items": [ + { + "defaultCaptchaProviderRef": { + "id": "exampleCaptchaProviderV2", + "location": "https://localhost:9999/pf-admin-api/v1/captchaProviders/exampleCaptchaProviderV2" } } ] }, { - "resourceType": "/idp/tokenProcessors", + "resourceType": "/serverSettings", "operationType": "SAVE", "items": [ { - "id": "tokenprocessor", - "name": "token processor", - "pluginDescriptorRef": { - "id": "org.sourceid.wstrust.processor.saml.Saml20TokenProcessor", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/idp/tokenProcessors/descriptors/org.sourceid.wstrust.processor.saml.Saml20TokenProcessor" + "contactInfo": {}, + "rolesAndProtocols": { + "oauthRole": { + "enableOauth": true, + "enableOpenIdConnect": true + }, + "idpRole": { + "enable": true, + "enableSaml11": true, + "enableSaml10": true, + "enableWsFed": true, + "enableWsTrust": true, + "saml20Profile": { + "enable": true + }, + "enableOutboundProvisioning": true + }, + "spRole": { + "enable": true, + "enableSaml11": true, + "enableSaml10": true, + "enableWsFed": true, + "enableWsTrust": true, + "saml20Profile": { + "enable": true, + "enableXASP": true + }, + "enableInboundProvisioning": true, + "enableOpenIDConnect": true + }, + "enableIdpDiscovery": true }, - "configuration": { - "tables": [ - { - "name": "Valid Certificate Issuer DNs", - "rows": [] - }, - { - "name": "Valid Certificate Subject DNs", - "rows": [] - } - ], - "fields": [ - { - "name": "Audience", - "value": "audience" - } - ] + "federationInfo": { + "baseUrl": "https://localhost:9031", + "saml2EntityId": "samlEntityId", + "saml1xIssuerId": "", + "saml1xSourceId": "", + "wsfedRealm": "" }, - "attributeContract": { - "coreAttributes": [ - { - "name": "SAML_SUBJECT", - "masked": false - } - ], - "extendedAttributes": [], - "maskOgnlValues": false + "notifications": { + "notifyAdminUserPasswordChanges": false, + "expiringCertificateAdministrativeConsoleWarningDays": 14, + "expiredCertificateAdministrativeConsoleWarningDays": 14, + "threadPoolExhaustionNotificationSettings": { + "emailAddress": "", + "threadDumpEnabled": true, + "notificationMode": "LOGGING_ONLY" + } } } ] }, { - "resourceType": "/oauth/tokenExchange/processor/policies", + "resourceType": "/serverSettings/systemKeys", "operationType": "SAVE", "items": [ { - "id": "tokenexchangeprocessorpolicy", - "name": "tokenexchangeprocessorpolicy", - "actorTokenRequired": false, - "attributeContract": { - "coreAttributes": [ - { - "name": "subject" - } - ], - "extendedAttributes": [] + "current": { + "creationDate": "2025-01-02T17:59:19.959Z", + "encryptedKeyData": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCIsInppcCI6IkRFRiJ9..mBwXJBuBBcBb1iuF7_J_oQ.aD0ENEXvfHwWh_wJBCV6_uj98eJ8hFuLpstFj19YSB6kFScALLsDk_6r4oSzepix.dj8Utcj8m66bpfazwNsw8A" }, - "processorMappings": [ - { - "attributeSources": [], - "attributeContractFulfillment": { - "subject": { - "source": { - "type": "TEXT" - }, - "value": "value" - } - }, - "issuanceCriteria": { - "conditionalCriteria": [ - { - "errorResult": "error", - "source": { - "type": "CONTEXT" - }, - "attributeName": "ClientIp", - "condition": "EQUALS", - "value": "value" - } - ] - }, - "subjectTokenType": "urn:ietf:params:oauth:token-type:saml2", - "subjectTokenProcessor": { - "id": "tokenprocessor", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/idp/tokenProcessors/tokenprocessor" - }, - "actorTokenType": "", - "actorTokenProcessor": {} - } - ] + "pending": { + "creationDate": "2025-01-02T17:59:19.960Z", + "encryptedKeyData": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCIsInppcCI6IkRFRiJ9..lTUXjpewvJW85TygS2XTtw.tn7hmeI-KHBTvmRmev2pvqN8R2qeW5PHhMBTUa761u6vbJ7wH70SJyU-RoZ3mYX0.XLC2NhA4WJ4mmmE-RtRyQw" + } } ] }, { - "resourceType": "/authenticationPolicyContracts", + "resourceType": "/serverSettings/outboundProvisioning", "operationType": "SAVE", "items": [ { - "id": "DkhZxRcZchsed90U", - "name": "Fragment - Subject", - "coreAttributes": [ - { - "name": "subject" - } - ], - "extendedAttributes": [] - }, + "dataStoreRef": { + "id": "ProvisionerDS", + "location": "https://localhost:9999/pf-admin-api/v1/dataStores/ProvisionerDS" + }, + "synchronizationFrequency": 60 + } + ] + }, + { + "resourceType": "/serverSettings/wsTrustStsSettings", + "operationType": "SAVE", + "items": [ { - "id": "QGxlec5CX693lBQL", - "name": "apc", - "coreAttributes": [ - { - "name": "subject" - } + "basicAuthnEnabled": true, + "clientCertAuthnEnabled": true, + "restrictBySubjectDn": true, + "restrictByIssuerCert": true, + "subjectDns": [ + "CN=test, O=Ping Identity Corporation, L=Denver, ST=CO, C=US" ], - "extendedAttributes": [] - }, - { - "id": "default", - "name": "Default", - "coreAttributes": [ + "users": [ { - "name": "subject" + "username": "testUser", + "encryptedPassword": "lPkeLavAtN0Qb4eY579HVgd5Uk3vdODyatGvGAV-tVQ.odLwjB--.2" } ], - "extendedAttributes": [ + "issuerCerts": [ { - "name": "firstName" - }, - { - "name": "lastName" - }, - { - "name": "ImmutableID" - }, + "id": "ycrgw3j4ckw91gxdmd479qftb", + "location": "https://localhost:9999/pf-admin-api/v1/serverSettings/wsTrustStsSettings/ycrgw3j4ckw91gxdmd479qftb" + } + ] + } + ] + }, + { + "resourceType": "/serverSettings/wsTrustStsSettings/issuerCertificates", + "operationType": "SAVE", + "items": [ + { + "id": "ycrgw3j4ckw91gxdmd479qftb", + "fileData": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURuVENDQW9XZ0F3SUJBZ0lVUzJUQkNkUnpwSzRaemUrSERLakI5RVFTSHFZd0RRWUpLb1pJaHZjTkFRRUxCUUF3WGpFTE1Ba0cKQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdNQWtOUE1ROHdEUVlEVlFRSERBWkVaVzUyWlhJeElqQWdCZ05WQkFvTUdWQnBibWNnU1dSbApiblJwZEhrZ1EyOXljRzl5WVhScGIyNHhEVEFMQmdOVkJBTU1CSFJsYzNRd0hoY05NalF4TWpFeU1qTXlPREkwV2hjTk1qY3dPVEE0Ck1qTXlPREkwV2pCZU1Rc3dDUVlEVlFRR0V3SlZVekVMTUFrR0ExVUVDQXdDUTA4eER6QU5CZ05WQkFjTUJrUmxiblpsY2pFaU1DQUcKQTFVRUNnd1pVR2x1WnlCSlpHVnVkR2wwZVNCRGIzSndiM0poZEdsdmJqRU5NQXNHQTFVRUF3d0VkR1Z6ZERDQ0FTSXdEUVlKS29aSQpodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUpkb0d1cmdEdlNSQkwyY0llVWFDWTNwbzVZRFpuVjFleXVPUVR4UWM2T1QySlMwCis0MGdKYkptZk5yYmNPU3QrMURieHpQK0l4YmxrY3o1NjlWT0M1bGJST24zOHllYU1VMzJYYy80REdTcDFIQ1kvSmZTeWd6LytxcjgKOFlUcU1hSTIxQWJabkFpWTV4MFJ3NTZJRG1KZ2xYYVhlVmJDVUp5N29QVHlBb1lZVDkzREpEazQxWmU1MVVjVG1Vc1RLTjRLM2d2dgpTYVJ1eXE1K2c2RVhCcTdBa2VPbmJQMGJTSHliTjFLRVY1QlhOTnBnazloMEp3M1BFK3FrbS81bllSenhCZjRSQS9BZ2Z2OWVzRzlOCnozWGdEb3dBR0JteHIrclUvbmE3cHdFRXVkTWg2NjhERURlUlZ3aDFaYXBZcEJ0VmN4TUhtZEpQZ0ZKckJsbzZtTUVDQXdFQUFhTlQKTUZFd0hRWURWUjBPQkJZRUZHSmMzWjBqOWtYUHNUbW1iZ0FzWS9QSzJjdXBNQjhHQTFVZEl3UVlNQmFBRkdKYzNaMGo5a1hQc1RtbQpiZ0FzWS9QSzJjdXBNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSlZCdmNIaGgrMDBnelEwCnBuWkt0Ukp4dkVnK3BHaCtCOUUrNWkyUHNOR3lJQXZBWHc0bWRCY1FaS3hmaVhNMzFaRTJnZTFtUCs0ZGkxMStQS1lOSDJFOTczUEwKSit3R0hlUVoxRVRERzVmbzc5dDBNRzFSekh0R29pclpXN3Y0Qk5VSTZaTTJGakVhQ090WmcxclVoa2RJZnFEeDRDZU5qemIwcmhYSQp6WE5UUzRZNlZseFdBclFud0FncVB0YjVwb0pHM01tLzNmNnVRZy9sMExJS1RZL0dSNnlRc05Da3pUWlFocklwWGo0UnBxblgzUWdECjFJV1RvTW9uN250cDRnQVAvbEFTTTUveG01SnpiNmRtRitob04wNzNnMDJVZVYyVERMemU4MCtLK1hyMUdaZWVVTHVYTnJoT0VYRFIKeXR2dWJlOE9YUFBZNi96Q3BoVmIyMWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + } + ] + }, + { + "resourceType": "/serverSettings/generalSettings", + "operationType": "SAVE", + "items": [ + { + "disableAutomaticConnectionValidation": false, + "idpConnectionTransactionLoggingOverride": "DONT_OVERRIDE", + "spConnectionTransactionLoggingOverride": "DONT_OVERRIDE", + "datastoreValidationIntervalSecs": 300, + "requestHeaderForCorrelationId": "" + } + ] + }, + { + "resourceType": "/serverSettings/logSettings", + "operationType": "SAVE", + "items": [ + { + "logCategories": [ + { + "id": "core", + "name": "Core", + "description": "Debug logging for core components.", + "enabled": false + }, + { + "id": "protocolrequestresponse", + "name": "Protocol Requests and Responses", + "description": "Log protocol request and response messages.", + "enabled": false + }, + { + "id": "policytree", + "name": "Policy Tree", + "description": "Policy tree debug logging.", + "enabled": false + }, + { + "id": "dsresponsetime", + "name": "Data Store Response Times", + "description": "Log response times for data store requests.", + "enabled": false + }, + { + "id": "trustedcas", + "name": "Trusted CAs", + "description": "Log PingFederate and JRE trusted CAs when they are loaded.", + "enabled": false + }, + { + "id": "xmlsig", + "name": "XML Signatures", + "description": "Debug logging for XML signature operations.", + "enabled": false + }, + { + "id": "requestheaders", + "name": "HTTP Request Headers", + "description": "Log HTTP request headers. Sensitive information, such as passwords, may be logged when this category is enabled.", + "enabled": false + }, + { + "id": "requestparams", + "name": "HTTP Request Parameters", + "description": "Log HTTP GET request parameters. Sensitive information, such as passwords, may be logged when this category is enabled.", + "enabled": false + }, + { + "id": "restdatastore", + "name": "REST Data Store Requests and Responses", + "description": "Log REST datastore requests and responses. Sensitive information, such as passwords, may be logged when this category is enabled.", + "enabled": false + } + ] + } + ] + }, + { + "resourceType": "/administrativeAccounts", + "operationType": "SAVE", + "items": [ + { + "username": "Administrator", + "encryptedPassword": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..jBDjd_P2W09Lxg21LPH_TQ.LcJj3oEw5H3BAfKTRf-l46GTJ_tpah6B_D_1u_y_0UblIF6xWdgL56frbuInCouyB4QG1kxamINlTylY-AMnOw.SEMXVSMaRFcH_GLATiKZKw", + "description": "Initial administrator user.", + "auditor": false, + "active": true, + "roles": [ + "CRYPTO_ADMINISTRATOR", + "ADMINISTRATOR", + "USER_ADMINISTRATOR", + "EXPRESSION_ADMINISTRATOR" + ] + } + ] + }, + { + "resourceType": "/certificates/revocation/ocspCertificates", + "operationType": "SAVE", + "items": [ + { + "id": "opcey20sf9djwvk8snv1actzq", + "fileData": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURuVENDQW9XZ0F3SUJBZ0lVUzJUQkNkUnpwSzRaemUrSERLakI5RVFTSHFZd0RRWUpLb1pJaHZjTkFRRUxCUUF3WGpFTE1Ba0cKQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdNQWtOUE1ROHdEUVlEVlFRSERBWkVaVzUyWlhJeElqQWdCZ05WQkFvTUdWQnBibWNnU1dSbApiblJwZEhrZ1EyOXljRzl5WVhScGIyNHhEVEFMQmdOVkJBTU1CSFJsYzNRd0hoY05NalF4TWpFeU1qTXlPREkwV2hjTk1qY3dPVEE0Ck1qTXlPREkwV2pCZU1Rc3dDUVlEVlFRR0V3SlZVekVMTUFrR0ExVUVDQXdDUTA4eER6QU5CZ05WQkFjTUJrUmxiblpsY2pFaU1DQUcKQTFVRUNnd1pVR2x1WnlCSlpHVnVkR2wwZVNCRGIzSndiM0poZEdsdmJqRU5NQXNHQTFVRUF3d0VkR1Z6ZERDQ0FTSXdEUVlKS29aSQpodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUpkb0d1cmdEdlNSQkwyY0llVWFDWTNwbzVZRFpuVjFleXVPUVR4UWM2T1QySlMwCis0MGdKYkptZk5yYmNPU3QrMURieHpQK0l4YmxrY3o1NjlWT0M1bGJST24zOHllYU1VMzJYYy80REdTcDFIQ1kvSmZTeWd6LytxcjgKOFlUcU1hSTIxQWJabkFpWTV4MFJ3NTZJRG1KZ2xYYVhlVmJDVUp5N29QVHlBb1lZVDkzREpEazQxWmU1MVVjVG1Vc1RLTjRLM2d2dgpTYVJ1eXE1K2c2RVhCcTdBa2VPbmJQMGJTSHliTjFLRVY1QlhOTnBnazloMEp3M1BFK3FrbS81bllSenhCZjRSQS9BZ2Z2OWVzRzlOCnozWGdEb3dBR0JteHIrclUvbmE3cHdFRXVkTWg2NjhERURlUlZ3aDFaYXBZcEJ0VmN4TUhtZEpQZ0ZKckJsbzZtTUVDQXdFQUFhTlQKTUZFd0hRWURWUjBPQkJZRUZHSmMzWjBqOWtYUHNUbW1iZ0FzWS9QSzJjdXBNQjhHQTFVZEl3UVlNQmFBRkdKYzNaMGo5a1hQc1RtbQpiZ0FzWS9QSzJjdXBNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSlZCdmNIaGgrMDBnelEwCnBuWkt0Ukp4dkVnK3BHaCtCOUUrNWkyUHNOR3lJQXZBWHc0bWRCY1FaS3hmaVhNMzFaRTJnZTFtUCs0ZGkxMStQS1lOSDJFOTczUEwKSit3R0hlUVoxRVRERzVmbzc5dDBNRzFSekh0R29pclpXN3Y0Qk5VSTZaTTJGakVhQ090WmcxclVoa2RJZnFEeDRDZU5qemIwcmhYSQp6WE5UUzRZNlZseFdBclFud0FncVB0YjVwb0pHM01tLzNmNnVRZy9sMExJS1RZL0dSNnlRc05Da3pUWlFocklwWGo0UnBxblgzUWdECjFJV1RvTW9uN250cDRnQVAvbEFTTTUveG01SnpiNmRtRitob04wNzNnMDJVZVYyVERMemU4MCtLK1hyMUdaZWVVTHVYTnJoT0VYRFIKeXR2dWJlOE9YUFBZNi96Q3BoVmIyMWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + } + ] + }, + { + "resourceType": "/certificates/revocation/settings", + "operationType": "SAVE", + "items": [ + { + "ocspSettings": { + "requesterAddNonce": false, + "actionOnResponderUnavailable": "CONTINUE", + "actionOnStatusUnknown": "FAIL", + "actionOnUnsuccessfulResponse": "FAIL", + "currentUpdateGracePeriod": 5, + "nextUpdateGracePeriod": 5, + "responseCachePeriod": 48, + "responderTimeout": 5, + "responderCertReference": { + "id": "opcey20sf9djwvk8snv1actzq", + "location": "https://localhost:9999/pf-admin-api/v1/certificates/revocation/ocspCertificates/opcey20sf9djwvk8snv1actzq" + } + } + } + ] + }, + { + "resourceType": "/virtualHostNames", + "operationType": "SAVE", + "items": [ + { + "virtualHostNames": [] + } + ] + }, + { + "resourceType": "/redirectValidation", + "operationType": "SAVE", + "items": [ + { + "redirectValidationLocalSettings": { + "enableTargetResourceValidationForSSO": false, + "enableTargetResourceValidationForSLO": false, + "enableTargetResourceValidationForIdpDiscovery": false, + "enableInErrorResourceValidation": false, + "whiteList": [], + "uriAllowList": [] + }, + "redirectValidationPartnerSettings": { + "enableWreplyValidationSLO": false + } + } + ] + }, + { + "resourceType": "/incomingProxySettings", + "operationType": "SAVE", + "items": [ + { + "proxyTerminatesHttpsConns": false + } + ] + }, + { + "resourceType": "/protocolMetadata/lifetimeSettings", + "operationType": "SAVE", + "items": [ + { + "cacheDuration": 1440, + "reloadDelay": 1440 + } + ] + }, + { + "resourceType": "/protocolMetadata/signingSettings", + "operationType": "SAVE", + "items": [ + {} + ] + }, + { + "resourceType": "/serviceAuthentication", + "operationType": "SAVE", + "items": [ + {} + ] + }, + { + "resourceType": "/authenticationPolicyContracts", + "operationType": "SAVE", + "items": [ + { + "id": "DkhZxRcZchsed90U", + "name": "Fragment - Subject", + "coreAttributes": [ + { + "name": "subject" + } + ], + "extendedAttributes": [], + "lastModified": "2025-01-02T17:59:21.192Z" + }, + { + "id": "QGxlec5CX693lBQL", + "name": "apc", + "coreAttributes": [ + { + "name": "subject" + } + ], + "extendedAttributes": [], + "lastModified": "2025-01-02T17:59:21.200Z" + }, + { + "id": "default", + "name": "Default", + "coreAttributes": [ + { + "name": "subject" + } + ], + "extendedAttributes": [ + { + "name": "firstName" + }, + { + "name": "lastName" + }, + { + "name": "ImmutableID" + }, { "name": "mail" }, { "name": "SAML_AUTHN_CTX" } - ] + ], + "lastModified": "2025-01-02T17:59:21.203Z" }, { "id": "samplePolicyContract", @@ -573,7 +937,8 @@ { "name": "SAML_AUTHN_CTX" } - ] + ], + "lastModified": "2025-01-02T17:59:21.207Z" }, { "id": "wIdHhK789PmadmMS", @@ -593,3190 +958,2901 @@ { "name": "mail" } - ] - } - ] - }, - { - "resourceType": "/pingOneConnections", - "operationType": "SAVE", - "items": [ - { - "id": "${PF_TF_P1_CONNECTION_ID}", - "name": "${PF_TF_P1_CONNECTION_NAME}", - "active": "${PF_TF_P1_CONNECTION_ACTIVE}", - "encryptedCredential": "${PF_TF_P1_CONNECTION_ENCRYPTED_CRED}", - "creationDate": "${PF_TF_P1_CONNECTION_CREATION_DATE}", - "credentialId": "${PF_TF_P1_CONNECTION_CRED_ID}", - "pingOneConnectionId": "${PF_TF_P1_CONNECTION_P1_CONNECTION_ID}", - "environmentId": "${PF_TF_P1_CONNECTION_ENV_ID}", - "organizationName": "${PF_TF_P1_CONNECTION_ORG_NAME}", - "region": "${PF_TF_P1_CONNECTION_REGION}", - "pingOneManagementApiEndpoint": "${PF_TF_P1_CONNECTION_P1_MANAGEMENT_API_EP}", - "pingOneAuthenticationApiEndpoint": "${PF_TF_P1_CONNECTION_P1_AUTH_API_EP}" + ], + "lastModified": "2025-01-02T17:59:21.210Z" } ] }, { - "resourceType": "/idp/spConnections", + "resourceType": "/passwordCredentialValidators", "operationType": "SAVE", "items": [ { - "type": "SP", - "id": "iIoQK.-GWcXI5kLp4KDNxQqAhDF", - "name": "test", - "entityId": "test", - "active": true, - "contactInfo": {}, - "loggingMode": "STANDARD", - "virtualEntityIds": [], - "licenseConnectionGroup": "", - "credentials": { - "certs": [], - "signingSettings": { - "signingKeyPairRef": { - "id": "419x9yg43rlawqwq9v6az997k", - "location": "https://localhost:9999/pf-admin-api/v1/keyPairs/signing/419x9yg43rlawqwq9v6az997k" - }, - "algorithm": "SHA256withRSA", - "includeCertInSignature": false, - "includeRawKeyInSignature": false - } + "id": "PDPCV", + "name": "PD PCV", + "pluginDescriptorRef": { + "id": "org.sourceid.saml20.domain.LDAPUsernamePasswordCredentialValidator", + "location": "https://localhost:9999/pf-admin-api/v1/passwordCredentialValidators/descriptors/org.sourceid.saml20.domain.LDAPUsernamePasswordCredentialValidator" }, - "modificationDate": "2024-08-19T20:05:54.484Z", - "creationDate": "2024-08-19T20:05:54.483Z", - "wsTrust": { - "partnerServiceIds": [ - "test" - ], - "oAuthAssertionProfiles": false, - "defaultTokenType": "SAML20", - "generateKey": false, - "encryptSaml2Assertion": false, - "minutesBefore": 5, - "minutesAfter": 30, - "attributeContract": { - "coreAttributes": [ - { - "name": "TOKEN_SUBJECT" - } - ], - "extendedAttributes": [] - }, - "tokenProcessorMappings": [ + "configuration": { + "tables": [ { - "attributeSources": [], - "attributeContractFulfillment": { - "TOKEN_SUBJECT": { - "source": { - "type": "NO_MAPPING" - } - } - }, - "issuanceCriteria": { - "conditionalCriteria": [] - }, - "idpTokenProcessorRef": { - "id": "tokenprocessor", - "location": "https://localhost:9999/pf-admin-api/v1/idp/tokenProcessors/tokenprocessor" - }, - "restrictedVirtualEntityIds": [] + "name": "Authentication Error Overrides", + "rows": [] } - ] - }, - "connectionTargetType": "STANDARD" - } - ] - }, - { - "resourceType": "/sp/adapters", - "operationType": "SAVE", - "items": [ - { - "id": "spadapter", - "name": "SpAdapter", - "pluginDescriptorRef": { - "id": "com.pingidentity.adapters.opentoken.SpAuthnAdapter", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/sp/adapters/descriptors/com.pingidentity.adapters.opentoken.SpAuthnAdapter" - }, - "configuration": { - "tables": [], + ], "fields": [ { - "name": "Password", - "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMS4yLjUuMCJ9..S07IsBZUPvN0EMWSjHeZzw.NufB_dB-tIV-xAYXb-e9QA.xlrVRdYjjd20jrx6g6Mnzw" + "name": "LDAP Datastore", + "value": "LDAP-PingDirectory" }, { - "name": "Confirm Password", - "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMS4yLjUuMCJ9..GS_uAbFh8qRrcLKa628Pgw.EBrVy9hMqdTFgqWmGKbyfg.zaCOoRj9GTUyYgoAt4TXfA" + "name": "Search Base", + "value": "dc=example,dc=com" }, { - "name": "Transport Mode", - "value": "2" + "name": "Search Filter", + "value": "(|(uid=${username})(mail=${username}))" }, { - "name": "Token Name", - "value": "opentoken" + "name": "Scope of Search", + "value": "Subtree" }, { - "name": "Cipher Suite", - "value": "2" + "name": "Case-Sensitive Matching", + "value": "true" }, { - "name": "Authentication Service", - "value": "" + "name": "Display Name Attribute", + "value": "displayName" }, { - "name": "Account Link Service", - "value": "" + "name": "Mail Attribute", + "value": "mail" }, { - "name": "Logout Service", + "name": "SMS Attribute", "value": "" }, { - "name": "SameSite Cookie", - "value": "3" + "name": "PingID Username Attribute", + "value": "uid" }, { - "name": "Cookie Domain", - "value": "" + "name": "Mail Search Filter", + "value": "mail=${mail}" }, { - "name": "Cookie Path", - "value": "/" + "name": "Username Attribute", + "value": "uid" }, { - "name": "Token Lifetime", - "value": "300" + "name": "Trim Username Spaces For Search", + "value": "true" }, { - "name": "Session Lifetime", - "value": "43200" + "name": "Mail Verified Attribute", + "value": "" }, { - "name": "Not Before Tolerance", - "value": "0" + "name": "Account Disabled Attribute", + "value": "" }, { - "name": "Force SunJCE Provider", + "name": "Enable PingDirectory Detailed Password Policy Requirement Messaging", "value": "false" }, { - "name": "Use Verbose Error Messages", + "name": "Expect Password Expired Control", "value": "false" + } + ] + }, + "lastModified": "2025-01-02T17:59:24.814Z", + "attributeContract": { + "coreAttributes": [ + { + "name": "mail" }, { - "name": "Obfuscate Password", - "value": "true" + "name": "givenName" }, { - "name": "Session Cookie", + "name": "DN" + }, + { + "name": "username" + } + ], + "extendedAttributes": [ + { + "name": "entryUUID" + }, + { + "name": "uid" + }, + { + "name": "sn" + } + ] + } + }, + { + "id": "pingdirectory", + "name": "pingdirectory", + "pluginDescriptorRef": { + "id": "org.sourceid.saml20.domain.LDAPUsernamePasswordCredentialValidator", + "location": "https://localhost:9999/pf-admin-api/v1/passwordCredentialValidators/descriptors/org.sourceid.saml20.domain.LDAPUsernamePasswordCredentialValidator" + }, + "configuration": { + "tables": [ + { + "name": "Authentication Error Overrides", + "rows": [] + } + ], + "fields": [ + { + "name": "LDAP Datastore", + "value": "pingdirectory" + }, + { + "name": "Search Base", + "value": "dc=example,dc=com" + }, + { + "name": "Search Filter", + "value": "(&(objectClass=person)(|(mail=${username})(cn=${username})(uid=${username})))" + }, + { + "name": "Scope of Search", + "value": "Subtree" + }, + { + "name": "Case-Sensitive Matching", "value": "false" }, { - "name": "Secure Cookie", - "value": "true" + "name": "Display Name Attribute", + "value": "displayName" }, { - "name": "HTTP Only Flag", - "value": "true" + "name": "Mail Attribute", + "value": "mail" }, { - "name": "Send Subject as Query Parameter", + "name": "SMS Attribute", "value": "" }, { - "name": "Subject Query Parameter ", + "name": "PingID Username Attribute", "value": "" }, { - "name": "Send Extended Attributes", + "name": "Mail Search Filter", "value": "" }, { - "name": "Skip Trimming of Trailing Backslashes", + "name": "Username Attribute", + "value": "" + }, + { + "name": "Mail Verified Attribute", + "value": "" + }, + { + "name": "Trim Username Spaces For Search", "value": "false" }, { - "name": "URL Encode Cookie Values", - "value": "true" + "name": "Account Disabled Attribute", + "value": "" + }, + { + "name": "Enable PingDirectory Detailed Password Policy Requirement Messaging", + "value": "false" + }, + { + "name": "Expect Password Expired Control", + "value": "false" } ] }, + "lastModified": "2025-01-02T17:59:24.838Z", "attributeContract": { "coreAttributes": [ { - "name": "subject" + "name": "mail" + }, + { + "name": "givenName" + }, + { + "name": "DN" + }, + { + "name": "username" } ], - "extendedAttributes": [] - }, - "targetApplicationInfo": { - "applicationName": "test", - "applicationIconUrl": "https://test.com" + "extendedAttributes": [ + { + "name": "entryUUID" + } + ] } - } - ] - }, - { - "resourceType": "/sp/authenticationPolicyContractMappings", - "operationType": "SAVE", - "items": [ + }, { - "attributeSources": [], - "attributeContractFulfillment": { - "subject": { - "source": { - "type": "NO_MAPPING" - } - } + "id": "simple", + "name": "simple", + "pluginDescriptorRef": { + "id": "org.sourceid.saml20.domain.SimpleUsernamePasswordCredentialValidator", + "location": "https://localhost:9999/pf-admin-api/v1/passwordCredentialValidators/descriptors/org.sourceid.saml20.domain.SimpleUsernamePasswordCredentialValidator" }, - "issuanceCriteria": { - "conditionalCriteria": [] + "configuration": { + "tables": [ + { + "name": "Users", + "rows": [ + { + "fields": [ + { + "name": "Username", + "value": "joe" + }, + { + "name": "Password", + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..-Qv4Sd0wFeXAG8puOowEBg.wAQ3J5TwfTZACc95p7sqCsVQ0Y1B2ciWsqXACy3Q56u8DY21dqAmQXI5vgZBxFdwk3JpcsQ8UWEPImoIUAHMAg.8cHqccWO0m40fXQjSYwFmw" + }, + { + "name": "Confirm Password", + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..jPnuTOZfNQa4nAv22ehD6w.ahGcJ9BvykNsRv2RANyiivxnnLO5MRNzoB_kjgtqsujogTKcqGPi1lEneQKqhivK_sPDjrar7vC0XHkezwV6fg.ZMKWcQRGgmYSG7gs1C8Hng" + }, + { + "name": "Relax Password Requirements", + "value": "true" + } + ], + "defaultRow": false + } + ] + } + ], + "fields": [] }, - "id": "wIdHhK789PmadmMS|spadapter", - "sourceId": "wIdHhK789PmadmMS", - "targetId": "spadapter" + "lastModified": "2025-01-02T17:59:24.866Z", + "attributeContract": { + "coreAttributes": [ + { + "name": "username" + } + ] + } } ] }, { - "resourceType": "/notificationPublishers", + "resourceType": "/localIdentity/identityProfiles", "operationType": "SAVE", "items": [ { - "id": "exampleSmtpPublisher", - "name": "exampleSmtpPublisher", - "pluginDescriptorRef": { - "id": "com.pingidentity.email.SmtpNotificationPlugin" - }, - "configuration": { - "tables": [], + "id": "adminIdentityProfile", + "name": "Admin Identity Profile", + "apcId": { + "id": "default", + "location": "https://localhost:9999/pf-admin-api/v1/authenticationPolicyContracts/default" + }, + "authSources": [ + { + "source": "SecurityKey", + "id": "SecurityKey" + }, + { + "source": "FIDO", + "id": "FIDO" + } + ], + "authSourceUpdatePolicy": { + "storeAttributes": false, + "retainAttributes": false, + "updateAttributes": false, + "updateInterval": 0 + }, + "fieldConfig": { "fields": [ { - "name": "From Address", - "value": "example@pingidentity.com" + "type": "TEXT", + "id": "fullName", + "label": "Full Name", + "registrationPageField": false, + "profilePageField": true, + "attributes": { + "Read-Only": false, + "Required": false, + "Unique ID Field": false, + "Mask Log Values": false + }, + "defaultValue": "" }, { - "name": "Email Server", - "value": "example.com" - } - ] - } - }, - { - "id": "exampleSmtpPublisher2", - "name": "exampleSmtpPublisher2", - "pluginDescriptorRef": { - "id": "com.pingidentity.email.SmtpNotificationPlugin" - }, - "configuration": { - "tables": [], - "fields": [ - { - "name": "From Address", - "value": "example@pingdemo.example" + "type": "TEXT", + "id": "firstName", + "label": "First Name", + "registrationPageField": false, + "profilePageField": true, + "attributes": { + "Read-Only": false, + "Required": false, + "Unique ID Field": false, + "Mask Log Values": false + }, + "defaultValue": "" }, { - "name": "Email Server", - "value": "pingdemo.example" - } - ] - } - } - ] - }, - { - "resourceType": "/captchaProviders", - "operationType": "SAVE", - "items": [ - { - "id": "exampleCaptchaProviderV2", - "name": "exampleCaptchaProviderV2", - "pluginDescriptorRef": { - "id": "com.pingidentity.captcha.ReCaptchaV2InvisiblePlugin" - }, - "configuration": { - "tables": [], - "fields": [ + "type": "TEXT", + "id": "lastName", + "label": "Last Name", + "registrationPageField": false, + "profilePageField": true, + "attributes": { + "Read-Only": false, + "Required": false, + "Unique ID Field": false, + "Mask Log Values": false + }, + "defaultValue": "" + }, { - "name": "Site Key", - "value": "exampleCaptchaProviderV2" + "type": "EMAIL", + "id": "email", + "label": "Email Address", + "registrationPageField": false, + "profilePageField": true, + "attributes": { + "Read-Only": false, + "Required": true, + "Unique ID Field": false, + "Mask Log Values": false + } }, { - "name": "Secret Key", - "value": "2FederateM0re" + "type": "PHONE", + "id": "phoneNumber", + "label": "Phone Number", + "registrationPageField": false, + "profilePageField": true, + "attributes": { + "Read-Only": false, + "Required": false, + "Unique ID Field": false, + "Mask Log Values": false + } }, { - "name": "JavaScript File Name", - "value": "recaptcha-v2-invisible.js" + "type": "TEXT", + "id": "username", + "label": "Username", + "registrationPageField": false, + "profilePageField": true, + "attributes": { + "Read-Only": false, + "Required": true, + "Unique ID Field": true, + "Mask Log Values": false + }, + "defaultValue": "" } - ] - } - } - ] - }, - { - "resourceType": "/captchaProviders", - "operationType": "SAVE", - "items": [ + ], + "stripSpaceFromUniqueField": true + }, + "emailVerificationConfig": { + "emailVerificationEnabled": false + }, + "dataStoreConfig": { + "type": "LDAP", + "dataStoreRef": { + "id": "LDAP-PingDirectory", + "location": "https://localhost:9999/pf-admin-api/v1/dataStores/LDAP-PingDirectory" + }, + "baseDn": "ou=Administrators,dc=example,dc=com", + "createPattern": "", + "objectClass": "", + "dataStoreMapping": { + "firstName": { + "type": "LDAP", + "name": "givenName", + "metadata": {} + }, + "lastName": { + "type": "LDAP", + "name": "sn", + "metadata": {} + }, + "phoneNumber": { + "type": "LDAP", + "name": "mobile", + "metadata": {} + }, + "fullName": { + "type": "LDAP", + "name": "cn", + "metadata": {} + }, + "email": { + "type": "LDAP", + "name": "mail", + "metadata": {} + }, + "username": { + "type": "LDAP", + "name": "uid", + "metadata": {} + } + } + }, + "profileConfig": { + "deleteIdentityEnabled": false, + "templateName": "local.identity.profile.html" + }, + "profileEnabled": true, + "registrationEnabled": false + }, { - "id": "exampleCaptchaProvider", - "name": "exampleCaptchaProvider", - "pluginDescriptorRef": { - "id": "com.pingidentity.captcha.recaptchaV3.ReCaptchaV3Plugin" + "id": "regIdentityProfile", + "name": "Registration Identity Profile", + "apcId": { + "id": "samplePolicyContract", + "location": "https://localhost:9999/pf-admin-api/v1/authenticationPolicyContracts/samplePolicyContract" }, - "configuration": { - "tables": [], + "authSources": [], + "authSourceUpdatePolicy": { + "storeAttributes": false, + "retainAttributes": false, + "updateAttributes": false, + "updateInterval": 0 + }, + "registrationConfig": { + "captchaEnabled": false, + "templateName": "local.identity.registration.html", + "createAuthnSessionAfterRegistration": true, + "usernameField": "username", + "thisIsMyDeviceEnabled": false + }, + "fieldConfig": { "fields": [ { - "name": "Site Key", - "value": "asdf" + "type": "TEXT", + "id": "firstName", + "label": "First Name", + "registrationPageField": true, + "profilePageField": true, + "attributes": { + "Read-Only": false, + "Required": false, + "Unique ID Field": false, + "Mask Log Values": false + }, + "defaultValue": "" }, { - "name": "Secret Key", - "value": "asdf" + "type": "TEXT", + "id": "lastName", + "label": "Last Name", + "registrationPageField": true, + "profilePageField": true, + "attributes": { + "Read-Only": false, + "Required": false, + "Unique ID Field": false, + "Mask Log Values": false + }, + "defaultValue": "" }, { - "name": "Pass Score Threshold", - "value": "1" - } - ] - } - } + "type": "TEXT", + "id": "fullName", + "label": "Full Name", + "registrationPageField": true, + "profilePageField": true, + "attributes": { + "Read-Only": false, + "Required": false, + "Unique ID Field": false, + "Mask Log Values": false + }, + "defaultValue": "" + }, + { + "type": "EMAIL", + "id": "email", + "label": "Email Address", + "registrationPageField": true, + "profilePageField": true, + "attributes": { + "Read-Only": false, + "Required": true, + "Unique ID Field": false, + "Mask Log Values": false + } + }, + { + "type": "PHONE", + "id": "phoneNumber", + "label": "Phone Number", + "registrationPageField": true, + "profilePageField": true, + "attributes": { + "Read-Only": false, + "Required": false, + "Unique ID Field": false, + "Mask Log Values": false + } + }, + { + "type": "TEXT", + "id": "username", + "label": "Username", + "registrationPageField": true, + "profilePageField": true, + "attributes": { + "Read-Only": false, + "Required": true, + "Unique ID Field": true, + "Mask Log Values": false + }, + "defaultValue": "" + }, + { + "type": "HIDDEN", + "id": "ImmutableID", + "label": "ImmutableID", + "registrationPageField": true, + "profilePageField": true, + "attributes": { + "Unique ID Field": false, + "Mask Log Values": false + } + }, + { + "type": "HIDDEN", + "id": "accountVerified", + "label": "Account Verified", + "registrationPageField": false, + "profilePageField": true, + "attributes": { + "Unique ID Field": false, + "Mask Log Values": false + } + } + ], + "stripSpaceFromUniqueField": false + }, + "emailVerificationConfig": { + "emailVerificationEnabled": false + }, + "dataStoreConfig": { + "type": "LDAP", + "dataStoreRef": { + "id": "LDAP-PingDirectory", + "location": "https://localhost:9999/pf-admin-api/v1/dataStores/LDAP-PingDirectory" + }, + "baseDn": "ou=People,dc=example,dc=com", + "createPattern": "uid=${username}", + "objectClass": "inetOrgPerson", + "auxiliaryObjectClasses": [ + "pf-connected-identities", + "ubidPersonAux" + ], + "dataStoreMapping": { + "firstName": { + "type": "LDAP", + "name": "givenName", + "metadata": {} + }, + "lastName": { + "type": "LDAP", + "name": "sn", + "metadata": {} + }, + "phoneNumber": { + "type": "LDAP", + "name": "mobile", + "metadata": {} + }, + "ImmutableID": { + "type": "LDAP", + "name": "entryUUID", + "metadata": {} + }, + "fullName": { + "type": "LDAP", + "name": "cn", + "metadata": {} + }, + "accountVerified": { + "type": "LDAP", + "name": "ubidAccountVerified", + "metadata": {} + }, + "email": { + "type": "LDAP", + "name": "mail", + "metadata": {} + }, + "username": { + "type": "LDAP", + "name": "uid", + "metadata": {} + } + } + }, + "profileConfig": { + "deleteIdentityEnabled": false, + "templateName": "local.identity.profile.html" + }, + "profileEnabled": true, + "registrationEnabled": true + } ] }, { + "resourceType": "/oauth/accessTokenManagers", "operationType": "SAVE", "items": [ { + "id": "jwt", + "name": "JSON Web Tokens", + "pluginDescriptorRef": { + "id": "com.pingidentity.pf.access.token.management.plugins.JwtBearerAccessTokenManagementPlugin", + "location": "https://localhost:9999/pf-admin-api/v1/oauth/accessTokenManagers/descriptors/com.pingidentity.pf.access.token.management.plugins.JwtBearerAccessTokenManagementPlugin" + }, "configuration": { "tables": [ { - "name": "Credential Validators", + "name": "Symmetric Keys", + "rows": [] + }, + { + "name": "Certificates", "rows": [ { - "defaultRow": false, "fields": [ { - "name": "Password Credential Validator Instance", - "value": "pingdirectory" - } - ] - }, - { - "defaultRow": false, - "fields": [ + "name": "Key ID", + "value": "k1" + }, { - "name": "Password Credential Validator Instance", - "value": "simple" + "name": "Certificate", + "value": "419x9yg43rlawqwq9v6az997k" } - ] + ], + "defaultRow": false } ] } ], "fields": [ { - "name": "Authentication Attempts", - "value": "3" - } - ] - }, - "name": "UsernameTokenProcessor", - "id": "UsernameTokenProcessor", - "pluginDescriptorRef": { - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/idp/tokenProcessors/descriptors/com.pingidentity.pf.tokenprocessors.username.UsernameTokenProcessor", - "id": "com.pingidentity.pf.tokenprocessors.username.UsernameTokenProcessor" - }, - "attributeContract": { - "maskOgnlValues": false, - "coreAttributes": [ - { - "masked": false, - "name": "username" - } - ], - "extendedAttributes": [] - } - } - ], - "resourceType": "/idp/tokenProcessors" - }, - { - "resourceType": "/kerberos/realms", - "operationType": "SAVE", - "items": [ - { - "id": "testKerberosRealm", - "kerberosRealmName": "Test Kerberos Realm", - "keyDistributionCenters": [ - "distCenterTest" - ], - "kerberosUsername": "user", - "kerberosEncryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjAuNCJ9..eSVByfqXC4TmafBIHhQ4aA.QrCCJ_z5orXIZMraSTB-4Q.MrXxFpCyS2s3aXjQsGW0bQ", - "retainPreviousKeysOnPasswordChange": true, - "suppressDomainNameConcatenation": true, - "connectionType": "DIRECT" - } - ] - }, - { - "resourceType": "/kerberos/realms/settings", - "operationType": "SAVE", - "items": [ - { - "forceTcp": false, - "kdcTimeout": "3", - "debugLogOutput": false, - "kdcRetries": "3", - "keySetRetentionPeriodMins": 610 - } - ] - }, - { - "resourceType": "/idp/adapters", - "operationType": "SAVE", - "items": [ - { - "id": "OTIdPJava", - "name": "OTIdPJava", - "pluginDescriptorRef": { - "id": "com.pingidentity.adapters.opentoken.IdpAuthnAdapter", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/idp/adapters/descriptors/com.pingidentity.adapters.opentoken.IdpAuthnAdapter" - }, - "configuration": { - "tables": [], - "fields": [ + "name": "Token Lifetime", + "value": "120" + }, { - "name": "Password", - "value": "2FederateM0re" + "name": "Use Centralized Signing Key", + "value": "false" }, { - "name": "Confirm Password", - "value": "2FederateM0re" + "name": "JWS Algorithm", + "value": "RS256" }, { - "name": "Authentication Service", - "value": "https://localhost:9031/IdpSample/?cmd=sso" + "name": "Active Symmetric Key ID", + "value": "" }, { - "name": "Transport Mode", - "value": "1" + "name": "Active Signing Certificate Key ID", + "value": "k1" }, { - "name": "Token Name", - "value": "idpopentoken" + "name": "JWE Algorithm", + "value": "" }, { - "name": "Cipher Suite", - "value": "2" + "name": "JWE Content Encryption Algorithm", + "value": "" }, { - "name": "Logout Service", - "value": "https://localhost:9031/IdpSample/?cmd=slo" - }, - { - "name": "Cookie Domain", + "name": "Active Symmetric Encryption Key ID", "value": "" }, { - "name": "Cookie Path", - "value": "/" + "name": "Asymmetric Encryption Key", + "value": "" }, { - "name": "Token Lifetime", - "value": "300" + "name": "Asymmetric Encryption JWKS URL", + "value": "" }, { - "name": "Session Lifetime", - "value": "43200" + "name": "Enable Token Revocation", + "value": "false" }, { - "name": "Not Before Tolerance", - "value": "0" + "name": "Include Key ID Header Parameter", + "value": "true" }, { - "name": "Force SunJCE Provider", + "name": "Include X.509 Thumbprint Header Parameter", "value": "false" }, { - "name": "Use Verbose Error Messages", - "value": "false" + "name": "Default JWKS URL Cache Duration", + "value": "720" }, { - "name": "Obfuscate Password", + "name": "Include JWE Key ID Header Parameter", "value": "true" }, { - "name": "Session Cookie", + "name": "Include JWE X.509 Thumbprint Header Parameter", "value": "false" }, { - "name": "Secure Cookie", + "name": "Client ID Claim Name", + "value": "client_id_name" + }, + { + "name": "Scope Claim Name", + "value": "scope" + }, + { + "name": "Space Delimit Scope Values", "value": "false" }, { - "name": "Delete Cookie", + "name": "Authorization Details Claim Name", + "value": "authorization_details" + }, + { + "name": "Issuer Claim Value", + "value": "" + }, + { + "name": "Audience Claim Value", + "value": "" + }, + { + "name": "Not Before Claim Offset", + "value": "" + }, + { + "name": "Include Issued At Claim", "value": "false" }, { - "name": "Replay Prevention", + "name": "JWT ID Claim Length", + "value": "22" + }, + { + "name": "Access Grant GUID Claim Name", + "value": "agid" + }, + { + "name": "JWKS Endpoint Path", + "value": "" + }, + { + "name": "JWKS Endpoint Cache Duration", + "value": "720" + }, + { + "name": "Publish Key ID X.509 URL", "value": "false" }, { - "name": "Skip Malformed Attribute Detection", + "name": "Publish Thumbprint X.509 URL", "value": "false" }, { - "name": "SameSite Cookie", - "value": "3" + "name": "Expand Scope Groups", + "value": "false" }, { - "name": "HTTP Only Flag", - "value": "true" + "name": "Type Header Value", + "value": "" }, { - "name": "Track Authentication Time", - "value": "true" + "name": "Publish Keys to the PingFederate JWKS Endpoint", + "value": "false" } ] }, + "lastModified": "2025-01-02T17:59:24.371Z", "attributeContract": { - "coreAttributes": [ + "coreAttributes": [], + "extendedAttributes": [ { - "name": "subject", - "masked": false, - "pseudonym": true + "name": "Username", + "multiValued": false + }, + { + "name": "OrgName", + "multiValued": false } ], - "extendedAttributes": [], - "maskOgnlValues": false + "defaultSubjectAttribute": "OrgName" }, - "attributeMapping": { - "attributeSources": [], - "attributeContractFulfillment": { - "subject": { - "source": { - "type": "ADAPTER" - }, - "value": "subject" - } - }, - "issuanceCriteria": { - "conditionalCriteria": [] - } + "selectionSettings": { + "resourceUris": [] + }, + "accessControlSettings": { + "restrictClients": false, + "allowedClients": [] + }, + "sessionValidationSettings": { + "checkValidAuthnSession": false, + "checkSessionRevocationStatus": false, + "updateAuthnSessionActivity": false, + "includeSessionId": false + }, + "sequenceNumber": 2 + } + ] + }, + { + "resourceType": "/oauth/accessTokenManagers/settings", + "operationType": "SAVE", + "items": [ + { + "defaultAccessTokenManagerRef": { + "id": "jwt", + "location": "https://localhost:9999/pf-admin-api/v1/oauth/accessTokenManagers/jwt" } } ] }, { - "resourceType": "/oauth/issuers", + "resourceType": "/kerberos/realms", "operationType": "SAVE", "items": [ { - "id": "BmoJwEmyzs4RSNMzVUlCs8qTPC", - "name": "Test Issuer", - "description": "test issuer", - "host": "localhost", - "path": "" + "id": "testKerberosRealm", + "kerberosRealmName": "Test Kerberos Realm", + "keyDistributionCenters": [ + "distCenterTest" + ], + "kerberosUsername": "user", + "kerberosEncryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..oVMPsvzhDSFshvCZN3BKpA.AH_B-y9w97kFD2obrujijQ.erMCc4QM4GArQMDM6aHTIg", + "retainPreviousKeysOnPasswordChange": true, + "suppressDomainNameConcatenation": true, + "connectionType": "DIRECT" } ] }, { - "resourceType": "/oauth/outOfBandAuthPlugins", + "resourceType": "/kerberos/realms/settings", "operationType": "SAVE", "items": [ { - "id": "exampleCibaAuthenticator", - "name": "exampleCibaAuthenticator", + "forceTcp": false, + "kdcTimeout": "3", + "debugLogOutput": false, + "kdcRetries": "3", + "keySetRetentionPeriodMins": 610 + } + ] + }, + { + "resourceType": "/idp/adapters", + "operationType": "SAVE", + "items": [ + { + "id": "IDFirst", + "name": "Identifier-First", "pluginDescriptorRef": { - "id": "com.pingidentity.oobauth.pingone.mfa.PingOneMfaCibaAuthenticator", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/oauth/outOfBandAuthPlugins/descriptors/com.pingidentity.oobauth.pingone.mfa.PingOneMfaCibaAuthenticator" + "id": "com.pingidentity.adapters.identifierfirst.idp.IdentifierFirstAdapter", + "location": "https://localhost:9999/pf-admin-api/v1/idp/adapters/descriptors/com.pingidentity.adapters.identifierfirst.idp.IdentifierFirstAdapter" }, "configuration": { - "tables": [ - { - "name": "PingOne Template Variables", - "rows": [] - } - ], + "tables": [], "fields": [ { - "name": "PingOne Environment", - "value": "${PF_TF_P1_CONNECTION_ID}|${PF_TF_P1_CONNECTION_ENV_ID}" + "name": "Identifier Cookie Lifetime", + "value": "30" }, { - "name": "Application", - "value": "${PF_TF_P1_EXAMPLE_OAUTH_APP_ID}" + "name": "Allow Cancelling Identifier Selection", + "value": "false" }, { - "name": "PingOne Authentication Policy", - "value": "" + "name": "Maximum Identifiers Count", + "value": "5" }, { - "name": "Test Username", - "value": "" + "name": "Identifier Selection Template", + "value": "identifier.first.template.html" }, { - "name": "PingOne Template Name", - "value": "transaction" + "name": "Enable Risk Provider", + "value": "false" }, { - "name": "PingOne Template Variant", + "name": "Risk Provider", "value": "" - }, - { - "name": "Client Context", - "value": "#*\nDefine additional key/value pairs to be received at the mobile application.\nThe following variables are available by default:\n\n$oobAuthRequestContext - Context for the out-of-band authentication/authorization request\n$languagePackMessages - The language-pack file configured for this authenticator\n$subject - The user's PingOne username or user ID.\n$JSONValue - A JSON utility class that can be used to escape text and convert objects to JSON.\n Methods:\n escape(String s) - Escape quotes, \\, /, \\r, \\n, \\b, \\f, \\t and other control characters (U+0000 through U+001F).\n toJSONString(Object value) - Convert an object to JSON text.\n\nAdditionally, any Extended Contract attributes are also available using the $name syntax.\n\nExample:\n\n{\n \"requestingApplicationName\": \"$JSONValue.escape($oobAuthRequestContext.requestingApplication.name)\",\n \"requestedScope\": $JSONValue.toJSONString($oobAuthRequestContext.requestedScope.values()),\n \"amount\": \"$JSONValue.escape($amount)\",\n \"alert.color\": \"red\"\n}\n*#" - }, + } + ] + }, + "lastModified": "2025-01-02T17:59:25.041Z", + "attributeContract": { + "coreAttributes": [ { - "name": "Messages Files", - "value": "pingone-mfa-messages" + "name": "subject", + "masked": false, + "pseudonym": true }, { - "name": "API Request Timeout", - "value": "12000" - }, + "name": "domain", + "masked": false, + "pseudonym": false + } + ], + "extendedAttributes": [ { - "name": "Proxy Settings", - "value": "System Defaults" + "name": "entryUUID", + "masked": false, + "pseudonym": false }, { - "name": "Custom Proxy Host", - "value": "" + "name": "uid", + "masked": false, + "pseudonym": false }, { - "name": "Custom Proxy Port", - "value": "" + "name": "mail", + "masked": false, + "pseudonym": false } - ] + ], + "maskOgnlValues": false }, - "attributeContract": { - "coreAttributes": [ + "attributeMapping": { + "attributeSources": [ { - "name": "subject" - } - ], - "extendedAttributes": [] - } - } - ] - }, - { - "resourceType": "/oauth/cibaServerPolicy/requestPolicies", - "operationType": "SAVE", - "items": [ - { - "id": "exampleCibaReqPolicy", - "name": "exampleCibaReqPolicy", - "authenticatorRef": { - "id": "exampleCibaAuthenticator", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/oauth/outOfBandAuthPlugins/exampleCibaAuthenticator" - }, - "transactionLifetime": 120, - "allowUnsignedLoginHintToken": false, - "requireTokenForIdentityHint": false, - "alternativeLoginHintTokenIssuers": [], - "identityHintContract": { - "coreAttributes": [ - { - "name": "IDENTITY_HINT_SUBJECT" + "type": "LDAP", + "dataStoreRef": { + "id": "LDAP-PingDirectory", + "location": "https://localhost:9999/pf-admin-api/v1/dataStores/LDAP-PingDirectory" + }, + "id": "PD", + "description": "PD", + "baseDn": "dc=example,dc=com", + "searchScope": "SUBTREE", + "searchFilter": "(|(uid=${subject} )(mail=${subject}))", + "binaryAttributeSettings": {}, + "memberOfNestedGroup": false } ], - "extendedAttributes": [] - }, - "identityHintContractFulfillment": { - "attributeSources": [], "attributeContractFulfillment": { - "IDENTITY_HINT_SUBJECT": { + "entryUUID": { "source": { - "type": "REQUEST" + "type": "LDAP_DATA_STORE", + "id": "PD" }, - "value": "IDENTITY_HINT_SUBJECT" - } - }, - "issuanceCriteria": { - "conditionalCriteria": [] - } - }, - "identityHintMapping": { - "attributeSources": [], - "attributeContractFulfillment": { + "value": "entryUUID" + }, + "uid": { + "source": { + "type": "LDAP_DATA_STORE", + "id": "PD" + }, + "value": "uid" + }, + "mail": { + "source": { + "type": "LDAP_DATA_STORE", + "id": "PD" + }, + "value": "mail" + }, "subject": { "source": { - "type": "NO_MAPPING" - } + "type": "ADAPTER" + }, + "value": "subject" }, - "USER_KEY": { + "domain": { "source": { - "type": "NO_MAPPING" - } + "type": "ADAPTER" + }, + "value": "domain" } }, "issuanceCriteria": { "conditionalCriteria": [] } } - } - ] - }, - { - "resourceType": "/oauth/tokenExchange/generator/groups", - "operationType": "SAVE", - "items": [ - { - "id": "exampleGeneratorGroup", - "name": "exampleGeneratorGroup", - "resourceUris": [], - "generatorMappings": [ - { - "requestedTokenType": "urn:ietf:params:oauth:token-type:saml2", - "tokenGenerator": { - "id": "tokengenerator", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/sp/tokenGenerators/tokengenerator" - }, - "defaultMapping": true - } - ] - } - ] - }, - { - "resourceType": "/oauth/tokenExchange/generator/groups", - "operationType": "SAVE", - "items": [ - { - "id": "exampleGeneratorGroup2", - "name": "exampleGeneratorGroup2", - "resourceUris": [], - "generatorMappings": [ - { - "requestedTokenType": "urn:ietf:params:oauth:token-type:saml2", - "tokenGenerator": { - "id": "tokengenerator", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/sp/tokenGenerators/tokengenerator" - }, - "defaultMapping": true - } - ] - } - ] - }, - { - "resourceType": "/certificates/ca", - "operationType": "SAVE", - "items": [ - { - "id": "sslservercert", - "fileData": "MIIDUzCCAj2gAwIBAgIQHRNLFwkDQLw7Xfz5VJNRgzALBgkqhkiG9w0BAQswSzEOMAwGA1UECAwFVEVYQVMxDzANBgNVBAcMBkFVU1RJTjENMAsGA1UECwwEUElORzEMMAoGA1UECgwDQ0RSMQswCQYDVQQGDAJVUzAeFw0yNDA4MTIxOTQ3MTdaFw00NDA4MDcxOTQ3MTdaMEsxDjAMBgNVBAgMBVRFWEFTMQ8wDQYDVQQHDAZBVVNUSU4xDTALBgNVBAsMBFBJTkcxDDAKBgNVBAoMA0NEUjELMAkGA1UEBgwCVVMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQChu17gQbbvMvplnBtbpK93UU3/b4TdJjbyurMD4P8S+jCVxDxp1xdlTxbqlZaqTnhO28mFDwEDYauX2dwD6e0MLd4Eyid7yJyOebfgPS4LRksvUoteRU1WdhgR847rDSNfqakrPRDZUfI9JfcJj0n+XIIOhhlHPepxlNzh4r+LTcvjqr/Mh10H78mxmqeHoQiYbhrtLihh17cvpeIZXOOwUSBoWZCZG+yyXUsFwdGSuhWYtrSOlMSfveNnknN5jhyhUebQCNoUHStK5qoXy1UUMGDNHpAGH3V4riZhB6LaNK3gx0naywtop1tZJZ5x4fYI0T/U5ky9FeleA6HC3fdxAgMBAAGjNzA1MB0GA1UdDgQWBBRYPeFEmNLGqDFCjNqhAQW758YOqjAUBgNVHREEDTALgglsb2NhbGhvc3QwCwYJKoZIhvcNAQELA4IBAQAUPQ3XJJkIgrMINqV2OvpxmDvsBlTEcBa8gbQsS1vnAGC4Tl+5vAjpkFxTXTnpGikISnO9ZwIbQa2uFVQ26EnCJk1wgrLXTdcAWB4KBfQadJQ7UC9ma7E6XinEJ0TXgyQsRstxrWU6WKXeuwyXdAbta5ehsF6YP3Oc3Ye0jGm5/QmifaVl3YBMCrq9EFvLS451ESqRLh08AFcgtZZW8Dj50srPiVl6buUP9gwaljjhXWMEL0MUkJ2X0xyU0yF3+MWiL1Ohi8TGMxL9c9b7rRqD2ZOfSlWTcuJo79s5fCE8mex57TgeHHyx/FTB+S8i1f/ORyY9tfQ+n2oBMhnts7jd" - } - ] - }, - { - "resourceType": "/oauth/accessTokenManagers", - "operationType": "SAVE", - "items": [ + }, { - "id": "jwt", - "name": "JSON Web Tokens", + "id": "OTIdPJava", + "name": "OTIdPJava", "pluginDescriptorRef": { - "id": "com.pingidentity.pf.access.token.management.plugins.JwtBearerAccessTokenManagementPlugin", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/oauth/accessTokenManagers/descriptors/com.pingidentity.pf.access.token.management.plugins.JwtBearerAccessTokenManagementPlugin" + "id": "com.pingidentity.adapters.opentoken.IdpAuthnAdapter", + "location": "https://localhost:9999/pf-admin-api/v1/idp/adapters/descriptors/com.pingidentity.adapters.opentoken.IdpAuthnAdapter" }, "configuration": { - "tables": [ - { - "name": "Symmetric Keys", - "rows": [] - }, - { - "name": "Certificates", - "rows": [ - { - "fields": [ - { - "name": "Key ID", - "value": "k1" - }, - { - "name": "Certificate", - "value": "419x9yg43rlawqwq9v6az997k" - } - ], - "defaultRow": false - } - ] - } - ], + "tables": [], "fields": [ { - "name": "Token Lifetime", - "value": "120" + "name": "Password", + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..Np_5b0Tt7UYXUkrGkGdpmg.bHfUkVCNHWTJmktaACM98Q.yYpSD5Iv5mcWN-KyukjG_g" }, { - "name": "Use Centralized Signing Key", - "value": "false" + "name": "Confirm Password", + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..J1gp-aFFq9Kot5AYURE3tQ.AWD7OPeRxxuCPGCkp6r1kA._qJBdDV9ETA49qJ3Y6y84A" }, { - "name": "JWS Algorithm", - "value": "RS256" + "name": "Authentication Service", + "value": "https://localhost:9031/IdpSample/?cmd=sso" }, { - "name": "Active Symmetric Key ID", - "value": "" + "name": "Transport Mode", + "value": "1" }, { - "name": "Active Signing Certificate Key ID", - "value": "k1" + "name": "Token Name", + "value": "idpopentoken" }, { - "name": "JWE Algorithm", - "value": "" + "name": "Cipher Suite", + "value": "2" }, { - "name": "JWE Content Encryption Algorithm", - "value": "" + "name": "Logout Service", + "value": "https://localhost:9031/IdpSample/?cmd=slo" }, { - "name": "Active Symmetric Encryption Key ID", + "name": "Cookie Domain", "value": "" }, { - "name": "Asymmetric Encryption Key", - "value": "" + "name": "Cookie Path", + "value": "/" }, { - "name": "Asymmetric Encryption JWKS URL", - "value": "" + "name": "Token Lifetime", + "value": "300" }, { - "name": "Enable Token Revocation", - "value": "false" + "name": "Session Lifetime", + "value": "43200" }, { - "name": "Include Key ID Header Parameter", - "value": "true" + "name": "Not Before Tolerance", + "value": "0" }, { - "name": "Include X.509 Thumbprint Header Parameter", + "name": "Force SunJCE Provider", "value": "false" }, { - "name": "Default JWKS URL Cache Duration", - "value": "720" + "name": "Use Verbose Error Messages", + "value": "false" }, { - "name": "Include JWE Key ID Header Parameter", + "name": "Obfuscate Password", "value": "true" }, { - "name": "Include JWE X.509 Thumbprint Header Parameter", + "name": "Session Cookie", "value": "false" }, { - "name": "Client ID Claim Name", - "value": "client_id_name" + "name": "Secure Cookie", + "value": "false" }, { - "name": "Scope Claim Name", - "value": "scope" + "name": "Delete Cookie", + "value": "false" }, { - "name": "Space Delimit Scope Values", + "name": "Replay Prevention", "value": "false" }, { - "name": "Authorization Details Claim Name", - "value": "authorization_details" + "name": "Skip Malformed Attribute Detection", + "value": "false" }, { - "name": "Issuer Claim Value", - "value": "" + "name": "SameSite Cookie", + "value": "3" }, { - "name": "Audience Claim Value", - "value": "" + "name": "HTTP Only Flag", + "value": "true" }, { - "name": "Not Before Claim Offset", - "value": "" - }, + "name": "Track Authentication Time", + "value": "true" + } + ] + }, + "lastModified": "2025-01-02T17:59:25.082Z", + "attributeContract": { + "coreAttributes": [ { - "name": "Include Issued At Claim", - "value": "false" + "name": "subject", + "masked": false, + "pseudonym": true + } + ], + "extendedAttributes": [], + "maskOgnlValues": false + }, + "attributeMapping": { + "attributeSources": [], + "attributeContractFulfillment": { + "subject": { + "source": { + "type": "ADAPTER" + }, + "value": "subject" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + } + } + }, + { + "id": "ciamHtmlForm", + "name": "Customer HTML Form (PF)", + "pluginDescriptorRef": { + "id": "com.pingidentity.adapters.htmlform.idp.HtmlFormIdpAuthnAdapter", + "location": "https://localhost:9999/pf-admin-api/v1/idp/adapters/descriptors/com.pingidentity.adapters.htmlform.idp.HtmlFormIdpAuthnAdapter" + }, + "configuration": { + "tables": [ + { + "name": "Credential Validators", + "rows": [ + { + "fields": [ + { + "name": "Password Credential Validator Instance", + "value": "PDPCV" + } + ], + "defaultRow": false + } + ] + } + ], + "fields": [ + { + "name": "Challenge Retries", + "value": "3" }, { - "name": "JWT ID Claim Length", - "value": "22" + "name": "Session State", + "value": "None" }, { - "name": "Access Grant GUID Claim Name", - "value": "agid" + "name": "Session Timeout", + "value": "60" }, { - "name": "JWKS Endpoint Path", + "name": "Session Max Timeout", + "value": "480" + }, + { + "name": "Allow Password Changes", + "value": "true" + }, + { + "name": "Password Management System", "value": "" }, { - "name": "JWKS Endpoint Cache Duration", - "value": "720" + "name": "Enable 'Remember My Username'", + "value": "true" }, { - "name": "Publish Key ID X.509 URL", + "name": "Enable 'This is My Device'", "value": "false" }, { - "name": "Publish Thumbprint X.509 URL", + "name": "Change Password Policy Contract", + "value": "" + }, + { + "name": "Change Password Email Notification", "value": "false" }, { - "name": "Expand Scope Groups", + "name": "Show Password Expiring Warning", "value": "false" }, { - "name": "Type Header Value", + "name": "Password Reset Type", + "value": "NONE" + }, + { + "name": "Password Reset Policy Contract", "value": "" - } - ] - }, - "attributeContract": { - "coreAttributes": [], - "extendedAttributes": [ + }, { - "name": "Username", - "multiValued": false + "name": "Revoke Sessions After Password Change Or Reset", + "value": "false" }, { - "name": "OrgName", - "multiValued": false - } - ], - "defaultSubjectAttribute": "OrgName" - }, - "selectionSettings": { - "resourceUris": [] - }, - "accessControlSettings": { - "restrictClients": false, - "allowedClients": [] - }, - "sessionValidationSettings": { - "checkValidAuthnSession": false, - "checkSessionRevocationStatus": false, - "updateAuthnSessionActivity": false, - "includeSessionId": false - }, - "sequenceNumber": 2 - } - ] - }, - { - "resourceType": "/oauth/accessTokenManagers/settings", - "operationType": "SAVE", - "items": [ - { - "defaultAccessTokenManagerRef": { - "id": "jwt", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/oauth/accessTokenManagers/jwt" - } - } - ] - }, - { - "resourceType": "/oauth/authServerSettings", - "operationType": "SAVE", - "items": [ - { - "defaultScopeDescription": "", - "scopes": [ - { - "name": "email", - "description": "email scope", - "dynamic": false - } - ], - "scopeGroups": [], - "exclusiveScopes": [], - "exclusiveScopeGroups": [], - "authorizationCodeTimeout": 60, - "authorizationCodeEntropy": 30, - "disallowPlainPKCE": false, - "includeIssuerInAuthorizationResponse": false, - "persistentGrantLifetime": -1, - "persistentGrantLifetimeUnit": "DAYS", - "persistentGrantIdleTimeout": 30, - "persistentGrantIdleTimeoutTimeUnit": "DAYS", - "refreshTokenLength": 42, - "rollRefreshTokenValues": false, - "refreshTokenRollingGracePeriod": 60, - "refreshRollingInterval": 0, - "persistentGrantReuseGrantTypes": [ - "IMPLICIT" - ], - "persistentGrantContract": { - "extendedAttributes": [], - "coreAttributes": [ + "name": "Account Unlock", + "value": "false" + }, { - "name": "USER_KEY" + "name": "Local Identity Profile", + "value": "regIdentityProfile" }, { - "name": "USER_NAME" - } - ] - }, - "bypassAuthorizationForApprovedGrants": false, - "allowUnidentifiedClientROCreds": false, - "allowUnidentifiedClientExtensionGrants": false, - "tokenEndpointBaseUrl": "", - "userAuthorizationUrl": "", - "registeredAuthorizationPath": "", - "pendingAuthorizationTimeout": 600, - "bypassActivationCodeConfirmation": false, - "devicePollingInterval": 5, - "activationCodeCheckMode": "AFTER_AUTHENTICATION", - "userAuthorizationConsentPageSetting": "INTERNAL", - "atmIdForOAuthGrantManagement": "jwt", - "scopeForOAuthGrantManagement": "email", - "allowedOrigins": [], - "trackUserSessionsForLogout": false, - "parReferenceTimeout": 60, - "parReferenceLength": 24, - "parStatus": "ENABLED", - "clientSecretRetentionPeriod": 0, - "jwtSecuredAuthorizationResponseModeLifetime": 600 - } - ] - }, - { - "resourceType": "/oauth/clients", - "operationType": "SAVE", - "items": [ - { - "clientId": "test", - "enabled": true, - "redirectUris": [], - "grantTypes": [ - "CLIENT_CREDENTIALS", - "ACCESS_TOKEN_VALIDATION" - ], - "name": "test", - "description": "", - "logoUrl": "", - "modificationDate": "2024-01-30T20:22:16.054Z", - "creationDate": "2024-01-30T17:50:18.492Z", - "refreshRolling": "SERVER_DEFAULT", - "refreshTokenRollingIntervalType": "SERVER_DEFAULT", - "persistentGrantExpirationType": "SERVER_DEFAULT", - "persistentGrantExpirationTime": 0, - "persistentGrantExpirationTimeUnit": "DAYS", - "persistentGrantIdleTimeoutType": "SERVER_DEFAULT", - "persistentGrantIdleTimeout": 0, - "persistentGrantIdleTimeoutTimeUnit": "DAYS", - "persistentGrantReuseType": "SERVER_DEFAULT", - "allowAuthenticationApiInit": false, - "bypassApprovalPage": false, - "restrictScopes": false, - "requirePushedAuthorizationRequests": false, - "requireJwtSecuredAuthorizationResponseMode": false, - "restrictedScopes": [], - "exclusiveScopes": [], - "restrictedResponseTypes": [], - "authorizationDetailTypes": [], - "defaultAccessTokenManagerRef": { - "id": "jwt", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/oauth/accessTokenManagers/jwt" - }, - "restrictToDefaultAccessTokenManager": false, - "validateUsingAllEligibleAtms": false, - "oidcPolicy": { - "policyGroup": {}, - "grantAccessSessionRevocationApi": false, - "grantAccessSessionSessionManagementApi": false, - "logoutMode": "NONE", - "pingAccessLogoutCapable": false, - "pairwiseIdentifierUserType": false - }, - "clientAuth": { - "type": "SECRET", - "encryptedSecret": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4wLjAuOSJ9..Rsv3b2i5_n5YafLuS-mr9g.3ys3kpiqcbrn6XoSn7qumr3F8tVgLWRNecgYCgNMN3uVft6x5xAjWJktgr3dVw08XK2CYeV2gXHPB5EnOTy7_mLuH9GFtK9i1YdnpPxK82w.hKLjJaBHpaPR3NUklqziLw", - "secondarySecrets": [] - }, - "deviceFlowSettingType": "SERVER_DEFAULT", - "requireProofKeyForCodeExchange": false, - "refreshTokenRollingGracePeriodType": "SERVER_DEFAULT", - "clientSecretRetentionPeriodType": "SERVER_DEFAULT", - "requireSignedRequests": false - } - ] - }, - { - "resourceType": "/oauth/accessTokenMappings", - "operationType": "SAVE", - "items": [ - { - "attributeSources": [], - "attributeContractFulfillment": { - "Username": { - "source": { - "type": "TEXT" + "name": "Notification Publisher", + "value": "" }, - "value": "Administrator" - }, - "OrgName": { - "source": { - "type": "TEXT" + { + "name": "Enable Username Recovery", + "value": "false" }, - "value": "Ping" - } - }, - "issuanceCriteria": { - "conditionalCriteria": [] - }, - "id": "client_credentials|jwt", - "context": { - "type": "CLIENT_CREDENTIALS" - }, - "accessTokenManagerRef": { - "id": "jwt", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/oauth/accessTokenManagers/jwt" - } - }, - { - "attributeSources": [], - "attributeContractFulfillment": { - "Username": { - "source": { - "type": "TEXT" + { + "name": "Login Template", + "value": "html.form.login.template.html" }, - "value": "Administrator" - }, - "OrgName": { - "source": { - "type": "TEXT" + { + "name": "Logout Path", + "value": "" }, - "value": "Ping" - } - }, - "issuanceCriteria": { - "conditionalCriteria": [] - }, - "id": "default|jwt", - "context": { - "type": "DEFAULT" - }, - "accessTokenManagerRef": { - "id": "jwt", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/oauth/accessTokenManagers/jwt" - } - } - ] - }, - { - "resourceType": "/localIdentity/identityProfiles", - "operationType": "SAVE", - "items": [ - { - "id": "adminIdentityProfile", - "name": "Admin Identity Profile", - "apcId": { - "id": "default", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/authenticationPolicyContracts/default" - }, - "authSources": [ - { - "source": "SecurityKey", - "id": "SecurityKey" - }, - { - "source": "FIDO", - "id": "FIDO" - } - ], - "authSourceUpdatePolicy": { - "storeAttributes": false, - "retainAttributes": false, - "updateAttributes": false, - "updateInterval": 0 - }, - "fieldConfig": { - "fields": [ { - "type": "TEXT", - "id": "fullName", - "label": "Full Name", - "registrationPageField": false, - "profilePageField": true, - "attributes": { - "Read-Only": false, - "Required": false, - "Unique ID Field": false, - "Mask Log Values": false - }, - "defaultValue": "" + "name": "Logout Redirect", + "value": "" }, { - "type": "TEXT", - "id": "firstName", - "label": "First Name", - "registrationPageField": false, - "profilePageField": true, - "attributes": { - "Read-Only": false, - "Required": false, - "Unique ID Field": false, - "Mask Log Values": false - }, - "defaultValue": "" + "name": "Logout Template", + "value": "idp.logout.success.page.template.html" }, { - "type": "TEXT", - "id": "lastName", - "label": "Last Name", - "registrationPageField": false, - "profilePageField": true, - "attributes": { - "Read-Only": false, - "Required": false, - "Unique ID Field": false, - "Mask Log Values": false - }, - "defaultValue": "" + "name": "Change Password Template", + "value": "html.form.change.password.template.html" }, { - "type": "EMAIL", - "id": "email", - "label": "Email Address", - "registrationPageField": false, - "profilePageField": true, - "attributes": { - "Read-Only": false, - "Required": true, - "Unique ID Field": false, - "Mask Log Values": false - } + "name": "Change Password Message Template", + "value": "html.form.message.template.html" }, { - "type": "PHONE", - "id": "phoneNumber", - "label": "Phone Number", - "registrationPageField": false, - "profilePageField": true, - "attributes": { - "Read-Only": false, - "Required": false, - "Unique ID Field": false, - "Mask Log Values": false - } + "name": "Password Management System Message Template", + "value": "html.form.message.template.html" }, { - "type": "TEXT", - "id": "username", - "label": "Username", - "registrationPageField": false, - "profilePageField": true, - "attributes": { - "Read-Only": false, - "Required": true, - "Unique ID Field": true, - "Mask Log Values": false - }, - "defaultValue": "" - } - ], - "stripSpaceFromUniqueField": true - }, - "emailVerificationConfig": { - "emailVerificationEnabled": false - }, - "dataStoreConfig": { - "type": "LDAP", - "dataStoreRef": { - "id": "LDAP-PingDirectory", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/dataStores/LDAP-PingDirectory" - }, - "baseDn": "ou=Administrators,dc=example,dc=com", - "createPattern": "", - "objectClass": "", - "dataStoreMapping": { - "firstName": { - "type": "LDAP", - "name": "givenName", - "metadata": {} + "name": "Change Password Email Template", + "value": "message-template-end-user-password-change.html" }, - "lastName": { - "type": "LDAP", - "name": "sn", - "metadata": {} + { + "name": "Expiring Password Warning Template", + "value": "html.form.password.expiring.notification.template.html" }, - "phoneNumber": { - "type": "LDAP", - "name": "mobile", - "metadata": {} + { + "name": "Threshold for Expiring Password Warning", + "value": "7" }, - "fullName": { - "type": "LDAP", - "name": "cn", - "metadata": {} + { + "name": "Snooze Interval for Expiring Password Warning", + "value": "24" }, - "email": { - "type": "LDAP", - "name": "mail", - "metadata": {} + { + "name": "Login Challenge Template", + "value": "html.form.login.challenge.template.html" }, - "username": { - "type": "LDAP", - "name": "uid", - "metadata": {} - } - } - }, - "profileConfig": { - "deleteIdentityEnabled": false, - "templateName": "local.identity.profile.html" - }, - "registrationEnabled": false, - "profileEnabled": true - }, - { - "id": "regIdentityProfile", - "name": "Registration Identity Profile", - "apcId": { - "id": "samplePolicyContract", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/authenticationPolicyContracts/samplePolicyContract" - }, - "authSources": [], - "authSourceUpdatePolicy": { - "storeAttributes": false, - "retainAttributes": false, - "updateAttributes": false, - "updateInterval": 0 - }, - "registrationConfig": { - "captchaEnabled": false, - "templateName": "local.identity.registration.html", - "createAuthnSessionAfterRegistration": true, - "usernameField": "username", - "thisIsMyDeviceEnabled": false - }, - "fieldConfig": { - "fields": [ { - "type": "TEXT", - "id": "firstName", - "label": "First Name", - "registrationPageField": true, - "profilePageField": true, - "attributes": { - "Read-Only": false, - "Required": false, - "Unique ID Field": false, - "Mask Log Values": false - }, - "defaultValue": "" + "name": "'Remember My Username' Lifetime", + "value": "30" }, { - "type": "TEXT", - "id": "lastName", - "label": "Last Name", - "registrationPageField": true, - "profilePageField": true, - "attributes": { - "Read-Only": false, - "Required": false, - "Unique ID Field": false, - "Mask Log Values": false - }, - "defaultValue": "" + "name": "'This is My Device' Lifetime", + "value": "30" }, { - "type": "TEXT", - "id": "fullName", - "label": "Full Name", - "registrationPageField": true, - "profilePageField": true, - "attributes": { - "Read-Only": false, - "Required": false, - "Unique ID Field": false, - "Mask Log Values": false - }, - "defaultValue": "" + "name": "Allow Username Edits During Chaining", + "value": "false" }, { - "type": "EMAIL", - "id": "email", - "label": "Email Address", - "registrationPageField": true, - "profilePageField": true, - "attributes": { - "Read-Only": false, - "Required": true, - "Unique ID Field": false, - "Mask Log Values": false - } + "name": "Track Authentication Time", + "value": "true" }, { - "type": "PHONE", - "id": "phoneNumber", - "label": "Phone Number", - "registrationPageField": true, - "profilePageField": true, - "attributes": { - "Read-Only": false, - "Required": false, - "Unique ID Field": false, - "Mask Log Values": false - } + "name": "Post-Password Change Re-Authentication Delay", + "value": "0" }, { - "type": "TEXT", - "id": "username", - "label": "Username", - "registrationPageField": true, - "profilePageField": true, - "attributes": { - "Read-Only": false, - "Required": true, - "Unique ID Field": true, - "Mask Log Values": false - }, - "defaultValue": "" + "name": "Password Reset Username Template", + "value": "forgot-password.html" }, { - "type": "HIDDEN", - "id": "ImmutableID", - "label": "ImmutableID", - "registrationPageField": true, - "profilePageField": true, - "attributes": { - "Unique ID Field": false, - "Mask Log Values": false - } + "name": "Password Reset Code Template", + "value": "forgot-password-resume.html" }, { - "type": "HIDDEN", - "id": "accountVerified", - "label": "Account Verified", - "registrationPageField": false, - "profilePageField": true, - "attributes": { - "Unique ID Field": false, - "Mask Log Values": false - } - } - ], - "stripSpaceFromUniqueField": false - }, - "emailVerificationConfig": { - "emailVerificationEnabled": false - }, - "dataStoreConfig": { - "type": "LDAP", - "dataStoreRef": { - "id": "LDAP-PingDirectory", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/dataStores/LDAP-PingDirectory" - }, - "baseDn": "ou=People,dc=example,dc=com", - "createPattern": "uid=${username}", - "objectClass": "inetOrgPerson", - "auxiliaryObjectClasses": [ - "pf-connected-identities", - "ubidPersonAux" - ], - "dataStoreMapping": { - "firstName": { - "type": "LDAP", - "name": "givenName", - "metadata": {} - }, - "lastName": { - "type": "LDAP", - "name": "sn", - "metadata": {} + "name": "Password Reset Template", + "value": "forgot-password-change.html" }, - "phoneNumber": { - "type": "LDAP", - "name": "mobile", - "metadata": {} + { + "name": "Password Reset Error Template", + "value": "forgot-password-error.html" }, - "ImmutableID": { - "type": "LDAP", - "name": "entryUUID", - "metadata": {} + { + "name": "Password Reset Success Template", + "value": "forgot-password-success.html" }, - "fullName": { - "type": "LDAP", - "name": "cn", - "metadata": {} + { + "name": "Account Unlock Template", + "value": "account-unlock.html" }, - "accountVerified": { - "type": "LDAP", - "name": "ubidAccountVerified", - "metadata": {} + { + "name": "OTP Length", + "value": "8" }, - "email": { - "type": "LDAP", - "name": "mail", - "metadata": {} + { + "name": "OTP Time to Live", + "value": "10" }, - "username": { - "type": "LDAP", - "name": "uid", - "metadata": {} - } - } - }, - "profileConfig": { - "deleteIdentityEnabled": false, - "templateName": "local.identity.profile.html" - }, - "registrationEnabled": true, - "profileEnabled": true - } - ] - }, - { - "resourceType": "/passwordCredentialValidators", - "operationType": "SAVE", - "items": [ - { - "id": "PDPCV", - "name": "PD PCV", - "pluginDescriptorRef": { - "id": "org.sourceid.saml20.domain.LDAPUsernamePasswordCredentialValidator", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/passwordCredentialValidators/descriptors/org.sourceid.saml20.domain.LDAPUsernamePasswordCredentialValidator" - }, - "configuration": { - "tables": [ { - "name": "Authentication Error Overrides", - "rows": [] - } - ], - "fields": [ + "name": "PingID Properties", + "value": "" + }, { - "name": "LDAP Datastore", - "value": "LDAP-PingDirectory" + "name": "Require Verified Email", + "value": "false" }, { - "name": "Search Base", - "value": "dc=example,dc=com" + "name": "Username Recovery Template", + "value": "username.recovery.template.html" }, { - "name": "Search Filter", - "value": "(|(uid=${username})(mail=${username}))" + "name": "Username Recovery Info Template", + "value": "username.recovery.info.template.html" }, { - "name": "Scope of Search", - "value": "Subtree" + "name": "Username Recovery Email Template", + "value": "message-template-username-recovery.html" }, { - "name": "Case-Sensitive Matching", - "value": "true" + "name": "CAPTCHA for Authentication", + "value": "false" }, { - "name": "Display Name Attribute", - "value": "displayName" + "name": "CAPTCHA for Password change", + "value": "false" }, { - "name": "Mail Attribute", - "value": "mail" + "name": "CAPTCHA for Password Reset", + "value": "false" }, { - "name": "SMS Attribute", - "value": "" + "name": "CAPTCHA for Username recovery", + "value": "false" }, { - "name": "PingID Username Attribute", - "value": "uid" + "name": "Password Update Timeout", + "value": "30" }, { - "name": "Mail Search Filter", - "value": "mail=${mail}" + "name": "Require Re-Authentication For Expiring Password Flow", + "value": "false" }, { - "name": "Username Attribute", - "value": "uid" + "name": "Require Re-Authentication for Change Password Flow", + "value": "true" }, { - "name": "Trim Username Spaces For Search", + "name": "Require Re-Authentication for Password Reset Flow", "value": "true" }, { - "name": "Mail Verified Attribute", - "value": "" + "name": "Password Reset One-Time Link Email Template", + "value": "message-template-forgot-password-link.html" }, { - "name": "Account Disabled Attribute", - "value": "" + "name": "Password Reset One-Time Password Email Template", + "value": "message-template-forgot-password-code.html" }, { - "name": "Enable PingDirectory Detailed Password Policy Requirement Messaging", - "value": "false" + "name": "Account Disabled Email Template", + "value": "message-template-account-disabled.html" }, { - "name": "Expect Password Expired Control", - "value": "false" + "name": "Password Reset Complete Email Template", + "value": "message-template-forgot-password-complete.html" + }, + { + "name": "Password Reset Failed Email Template", + "value": "message-template-forgot-password-failed.html" + }, + { + "name": "Account Unlock Email Template", + "value": "message-template-account-unlock-complete.html" + }, + { + "name": "Allowed OTP Character Set", + "value": "23456789BCDFGHJKMNPQRSTVWXZbcdfghjkmnpqrstvwxz" + }, + { + "name": "CAPTCHA Provider", + "value": "" + }, + { + "name": "Fail Authentication on Account Lockout", + "value": "true" } ] }, + "lastModified": "2025-01-02T17:59:25.127Z", "attributeContract": { "coreAttributes": [ { - "name": "mail" - }, - { - "name": "givenName" - }, - { - "name": "DN" + "name": "policy.action", + "masked": false, + "pseudonym": false }, { - "name": "username" + "name": "username", + "masked": false, + "pseudonym": true } ], "extendedAttributes": [ { - "name": "entryUUID" + "name": "entryUUID", + "masked": false, + "pseudonym": false }, { - "name": "uid" + "name": "uid", + "masked": false, + "pseudonym": false }, { - "name": "sn" + "name": "mail", + "masked": false, + "pseudonym": false + }, + { + "name": "givenName", + "masked": false, + "pseudonym": false + }, + { + "name": "sn", + "masked": false, + "pseudonym": false } - ] + ], + "maskOgnlValues": false + }, + "attributeMapping": { + "attributeSources": [], + "attributeContractFulfillment": { + "entryUUID": { + "source": { + "type": "ADAPTER" + }, + "value": "entryUUID" + }, + "uid": { + "source": { + "type": "ADAPTER" + }, + "value": "uid" + }, + "mail": { + "source": { + "type": "ADAPTER" + }, + "value": "mail" + }, + "policy.action": { + "source": { + "type": "ADAPTER" + }, + "value": "policy.action" + }, + "givenName": { + "source": { + "type": "ADAPTER" + }, + "value": "givenName" + }, + "sn": { + "source": { + "type": "ADAPTER" + }, + "value": "sn" + }, + "username": { + "source": { + "type": "ADAPTER" + }, + "value": "username" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + } } }, { - "id": "pingdirectory", - "name": "pingdirectory", + "id": "htmlForm", + "name": "Employee HTML Form", "pluginDescriptorRef": { - "id": "org.sourceid.saml20.domain.LDAPUsernamePasswordCredentialValidator", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/passwordCredentialValidators/descriptors/org.sourceid.saml20.domain.LDAPUsernamePasswordCredentialValidator" + "id": "com.pingidentity.adapters.htmlform.idp.HtmlFormIdpAuthnAdapter", + "location": "https://localhost:9999/pf-admin-api/v1/idp/adapters/descriptors/com.pingidentity.adapters.htmlform.idp.HtmlFormIdpAuthnAdapter" }, "configuration": { "tables": [ { - "name": "Authentication Error Overrides", - "rows": [] + "name": "Credential Validators", + "rows": [ + { + "fields": [ + { + "name": "Password Credential Validator Instance", + "value": "PDPCV" + } + ], + "defaultRow": false + } + ] } ], "fields": [ { - "name": "LDAP Datastore", - "value": "pingdirectory" + "name": "Challenge Retries", + "value": "3" }, { - "name": "Search Base", - "value": "dc=example,dc=com" + "name": "Session State", + "value": "None" }, { - "name": "Search Filter", - "value": "(&(objectClass=person)(|(mail=${username})(cn=${username})(uid=${username})))" + "name": "Session Timeout", + "value": "60" }, { - "name": "Scope of Search", - "value": "Subtree" + "name": "Session Max Timeout", + "value": "480" }, { - "name": "Case-Sensitive Matching", + "name": "Allow Password Changes", "value": "false" }, { - "name": "Display Name Attribute", - "value": "displayName" + "name": "Password Management System", + "value": "" }, { - "name": "Mail Attribute", - "value": "mail" + "name": "Enable 'Remember My Username'", + "value": "false" }, { - "name": "SMS Attribute", - "value": "" + "name": "Enable 'This is My Device'", + "value": "false" }, { - "name": "PingID Username Attribute", - "value": "" + "name": "Change Password Email Notification", + "value": "false" }, { - "name": "Mail Search Filter", - "value": "" + "name": "Show Password Expiring Warning", + "value": "false" }, { - "name": "Username Attribute", - "value": "" + "name": "Password Reset Type", + "value": "NONE" }, { - "name": "Mail Verified Attribute", + "name": "Password Reset Policy Contract", "value": "" }, { - "name": "Trim Username Spaces For Search", + "name": "Account Unlock", "value": "false" }, { - "name": "Account Disabled Attribute", + "name": "Local Identity Profile", + "value": "adminIdentityProfile" + }, + { + "name": "Notification Publisher", "value": "" }, { - "name": "Enable PingDirectory Detailed Password Policy Requirement Messaging", + "name": "Enable Username Recovery", "value": "false" }, { - "name": "Expect Password Expired Control", + "name": "Change Password Policy Contract", + "value": "" + }, + { + "name": "Revoke Sessions After Password Change Or Reset", "value": "false" - } - ] - }, - "attributeContract": { - "coreAttributes": [ + }, { - "name": "mail" + "name": "Login Template", + "value": "html.form.login.template.html" }, { - "name": "givenName" + "name": "Logout Path", + "value": "" }, { - "name": "DN" + "name": "Logout Redirect", + "value": "" }, { - "name": "username" - } - ], - "extendedAttributes": [ + "name": "Logout Template", + "value": "idp.logout.success.page.template.html" + }, { - "name": "entryUUID" - } - ] - } - }, - { - "id": "simple", - "name": "simple", - "pluginDescriptorRef": { - "id": "org.sourceid.saml20.domain.SimpleUsernamePasswordCredentialValidator", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/passwordCredentialValidators/descriptors/org.sourceid.saml20.domain.SimpleUsernamePasswordCredentialValidator" - }, - "configuration": { - "tables": [ + "name": "Change Password Template", + "value": "html.form.change.password.template.html" + }, { - "name": "Users", - "rows": [ - { - "fields": [ - { - "name": "Username", - "value": "joe" - }, - { - "name": "Password", - "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4wLjEuMCJ9.._Rw8wgxapi44LBCF_Mva2A.DDzCFD5PziQ2cYuBBT-Y7xU7_rVmU0GRh_EYNcrKi0dkvF-uVoiuMJU5SzlQW3tM3l-Ggb5uxXLtldJdXAjzFg.H-K-IJG9WM-Wq-b3yFGnOg" - }, - { - "name": "Confirm Password", - "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4wLjEuMCJ9..S-RNUEPVKvS2sMLsHV3AXg.zZAwob08IHwTMQaLcjA-HJVfy3DxILMqXtI1LY5RSsB4cVtYEoQHa62WG4r3-j3lTHGJCmZdg7DZZHRZsrZuow.f6BXV0L8wMxm3J81SwaPJg" - }, - { - "name": "Relax Password Requirements", - "value": "true" - } - ], - "defaultRow": false - } - ] - } - ], - "fields": [] - }, - "attributeContract": { - "coreAttributes": [ - { - "name": "username" - } - ] - } - } - ] - }, - { - "resourceType": "/authenticationPolicies/fragments", - "operationType": "SAVE", - "items": [ - { - "id": "FirstFactor", - "name": "First_Factor", - "description": "Used for Customer First Factor", - "rootNode": { - "action": { - "type": "AUTHN_SOURCE", - "authenticationSource": { - "type": "IDP_ADAPTER", - "sourceRef": { - "id": "ciamHtmlForm", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/idp/adapters/ciamHtmlForm" - } - }, - "attributeRules": { - "items": [ - { - "attributeSource": { - "type": "ADAPTER", - "id": "ciamHtmlForm" - }, - "attributeName": "policy.action", - "condition": "EQUALS_CASE_INSENSITIVE", - "expectedValue": "identity.registration", - "result": "Register" - } - ], - "fallbackToSuccess": true - } - }, - "children": [ - { - "action": { - "type": "DONE", - "context": "Fail" - } - }, - { - "action": { - "type": "LOCAL_IDENTITY_MAPPING", - "context": "Register", - "localIdentityRef": { - "id": "regIdentityProfile", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/localIdentity/identityProfiles/regIdentityProfile" - }, - "inboundMapping": { - "attributeSources": [], - "attributeContractFulfillment": {}, - "issuanceCriteria": { - "conditionalCriteria": [] - } - }, - "outboundAttributeMapping": { - "attributeSources": [], - "attributeContractFulfillment": { - "firstName": { - "source": { - "type": "LOCAL_IDENTITY_PROFILE", - "id": "regIdentityProfile" - }, - "value": "firstName" - }, - "lastName": { - "source": { - "type": "LOCAL_IDENTITY_PROFILE", - "id": "regIdentityProfile" - }, - "value": "lastName" - }, - "ImmutableID": { - "source": { - "type": "LOCAL_IDENTITY_PROFILE", - "id": "regIdentityProfile" - }, - "value": "ImmutableID" - }, - "mail": { - "source": { - "type": "LOCAL_IDENTITY_PROFILE", - "id": "regIdentityProfile" - }, - "value": "email" - }, - "subject": { - "source": { - "type": "LOCAL_IDENTITY_PROFILE", - "id": "regIdentityProfile" - }, - "value": "username" - }, - "SAML_AUTHN_CTX": { - "source": { - "type": "TEXT" - }, - "value": "registered" - } - }, - "issuanceCriteria": { - "conditionalCriteria": [] - } - } - } - }, - { - "action": { - "type": "LOCAL_IDENTITY_MAPPING", - "context": "Success", - "localIdentityRef": { - "id": "regIdentityProfile", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/localIdentity/identityProfiles/regIdentityProfile" - }, - "inboundMapping": { - "attributeSources": [], - "attributeContractFulfillment": { - "pf.local.identity.unique.id": { - "source": { - "type": "ADAPTER", - "id": "ciamHtmlForm" - }, - "value": "uid" - } - }, - "issuanceCriteria": { - "conditionalCriteria": [] - } - }, - "outboundAttributeMapping": { - "attributeSources": [], - "attributeContractFulfillment": { - "firstName": { - "source": { - "type": "LOCAL_IDENTITY_PROFILE", - "id": "regIdentityProfile" - }, - "value": "firstName" - }, - "lastName": { - "source": { - "type": "LOCAL_IDENTITY_PROFILE", - "id": "regIdentityProfile" - }, - "value": "lastName" - }, - "ImmutableID": { - "source": { - "type": "LOCAL_IDENTITY_PROFILE", - "id": "regIdentityProfile" - }, - "value": "ImmutableID" - }, - "mail": { - "source": { - "type": "LOCAL_IDENTITY_PROFILE", - "id": "regIdentityProfile" - }, - "value": "email" - }, - "subject": { - "source": { - "type": "ADAPTER", - "id": "ciamHtmlForm" - }, - "value": "username" - }, - "SAML_AUTHN_CTX": { - "source": { - "type": "TEXT" - }, - "value": "single_factor" - } - }, - "issuanceCriteria": { - "conditionalCriteria": [] - } - } - } - } - ] - }, - "inputs": { - "id": "DkhZxRcZchsed90U", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/authenticationPolicyContracts/DkhZxRcZchsed90U" - }, - "outputs": { - "id": "samplePolicyContract", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/authenticationPolicyContracts/samplePolicyContract" - } - }, - { - "id": "Identify_First", - "name": "Identify_First", - "description": "Used for First Factors that just use the User Identifier", - "rootNode": { - "action": { - "type": "AUTHN_SOURCE", - "authenticationSource": { - "type": "IDP_ADAPTER", - "sourceRef": { - "id": "IDFirst", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/idp/adapters/IDFirst" - } - }, - "inputUserIdMapping": { - "source": { - "type": "INPUTS", - "id": "Inputs" - }, - "value": "subject" - }, - "userIdAuthenticated": false - }, - "children": [ - { - "action": { - "type": "DONE", - "context": "Fail" - } - }, - { - "action": { - "type": "APC_MAPPING", - "context": "Success", - "authenticationPolicyContractRef": { - "id": "DkhZxRcZchsed90U", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/authenticationPolicyContracts/DkhZxRcZchsed90U" - }, - "attributeMapping": { - "attributeSources": [], - "attributeContractFulfillment": { - "subject": { - "source": { - "type": "ADAPTER", - "id": "IDFirst" - }, - "value": "uid" - } - }, - "issuanceCriteria": { - "conditionalCriteria": [] - } - } - } - } - ] - }, - "inputs": { - "id": "DkhZxRcZchsed90U", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/authenticationPolicyContracts/DkhZxRcZchsed90U" - }, - "outputs": { - "id": "DkhZxRcZchsed90U", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/authenticationPolicyContracts/DkhZxRcZchsed90U" - } - }, - { - "id": "InternalAuthN", - "name": "Internal AuthN", - "description": "Used for Internal Authentication", - "rootNode": { - "action": { - "type": "AUTHN_SOURCE", - "authenticationSource": { - "type": "IDP_ADAPTER", - "sourceRef": { - "id": "htmlForm", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/idp/adapters/htmlForm" - } - } - }, - "children": [ - { - "action": { - "type": "DONE", - "context": "Fail" - } - }, - { - "action": { - "type": "APC_MAPPING", - "context": "Success", - "authenticationPolicyContractRef": { - "id": "default", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/authenticationPolicyContracts/default" - }, - "attributeMapping": { - "attributeSources": [], - "attributeContractFulfillment": { - "firstName": { - "source": { - "type": "NO_MAPPING" - } - }, - "lastName": { - "source": { - "type": "NO_MAPPING" - } - }, - "ImmutableID": { - "source": { - "type": "ADAPTER", - "id": "htmlForm" - }, - "value": "entryUUID" - }, - "mail": { - "source": { - "type": "ADAPTER", - "id": "htmlForm" - }, - "value": "mail" - }, - "subject": { - "source": { - "type": "ADAPTER", - "id": "htmlForm" - }, - "value": "uid" - }, - "SAML_AUTHN_CTX": { - "source": { - "type": "TEXT" - }, - "value": "internal" - } - }, - "issuanceCriteria": { - "conditionalCriteria": [] - } - } - } - } - ] - }, - "inputs": { - "id": "DkhZxRcZchsed90U", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/authenticationPolicyContracts/DkhZxRcZchsed90U" - }, - "outputs": { - "id": "default", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/authenticationPolicyContracts/default" - } - } - ] - }, - { - "resourceType": "/idp/adapters", - "operationType": "SAVE", - "items": [ - { - "id": "IDFirst", - "name": "Identifier-First", - "pluginDescriptorRef": { - "id": "com.pingidentity.adapters.identifierfirst.idp.IdentifierFirstAdapter", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/idp/adapters/descriptors/com.pingidentity.adapters.identifierfirst.idp.IdentifierFirstAdapter" - }, - "configuration": { - "tables": [], - "fields": [ - { - "name": "Identifier Cookie Lifetime", - "value": "30" - }, - { - "name": "Allow Cancelling Identifier Selection", - "value": "false" - }, - { - "name": "Maximum Identifiers Count", - "value": "5" - }, - { - "name": "Identifier Selection Template", - "value": "identifier.first.template.html" - }, - { - "name": "Enable Risk Provider", - "value": "false" - }, - { - "name": "Risk Provider", - "value": "" - } - ] - }, - "attributeContract": { - "coreAttributes": [ - { - "name": "subject", - "masked": false, - "pseudonym": true - }, - { - "name": "domain", - "masked": false, - "pseudonym": false - } - ], - "extendedAttributes": [ - { - "name": "entryUUID", - "masked": false, - "pseudonym": false - }, - { - "name": "uid", - "masked": false, - "pseudonym": false - }, - { - "name": "mail", - "masked": false, - "pseudonym": false - } - ], - "maskOgnlValues": false - }, - "attributeMapping": { - "attributeSources": [ - { - "type": "LDAP", - "dataStoreRef": { - "id": "LDAP-PingDirectory", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/dataStores/LDAP-PingDirectory" - }, - "id": "PD", - "description": "PD", - "baseDn": "dc=example,dc=com", - "searchScope": "SUBTREE", - "searchFilter": "(|(uid=${subject} )(mail=${subject}))", - "binaryAttributeSettings": {}, - "memberOfNestedGroup": false - } - ], - "attributeContractFulfillment": { - "entryUUID": { - "source": { - "type": "LDAP_DATA_STORE", - "id": "PD" - }, - "value": "entryUUID" - }, - "uid": { - "source": { - "type": "LDAP_DATA_STORE", - "id": "PD" - }, - "value": "uid" - }, - "mail": { - "source": { - "type": "LDAP_DATA_STORE", - "id": "PD" - }, - "value": "mail" - }, - "subject": { - "source": { - "type": "ADAPTER" - }, - "value": "subject" - }, - "domain": { - "source": { - "type": "ADAPTER" - }, - "value": "domain" - } - }, - "issuanceCriteria": { - "conditionalCriteria": [] - } - } - }, - { - "id": "OTIdPJava", - "name": "OTIdPJava", - "pluginDescriptorRef": { - "id": "com.pingidentity.adapters.opentoken.IdpAuthnAdapter", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/idp/adapters/descriptors/com.pingidentity.adapters.opentoken.IdpAuthnAdapter" - }, - "configuration": { - "tables": [], - "fields": [ - { - "name": "Password", - "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4wLjEuMCJ9..sL84LT6Vg23hKZYYJHQ1eA.j_TBfypuPWenyRuvs_52ng.yq1SVD8f_NA8WCoD_2QqSA" - }, - { - "name": "Confirm Password", - "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4wLjEuMCJ9..dUg3wwoXYAHkOt08bNxumA.8ZpXKQ1Tx9D5Gz83X2hbtg.txQDke4BznZvq8WGTagyng" - }, - { - "name": "Authentication Service", - "value": "https://localhost:9031/IdpSample/?cmd=sso" - }, - { - "name": "Transport Mode", - "value": "1" - }, - { - "name": "Token Name", - "value": "idpopentoken" + "name": "Change Password Message Template", + "value": "html.form.message.template.html" }, { - "name": "Cipher Suite", - "value": "2" + "name": "Password Management System Message Template", + "value": "html.form.message.template.html" }, { - "name": "Logout Service", - "value": "https://localhost:9031/IdpSample/?cmd=slo" + "name": "Change Password Email Template", + "value": "message-template-end-user-password-change.html" }, { - "name": "Cookie Domain", - "value": "" + "name": "Expiring Password Warning Template", + "value": "html.form.password.expiring.notification.template.html" }, { - "name": "Cookie Path", - "value": "/" + "name": "Threshold for Expiring Password Warning", + "value": "7" }, { - "name": "Token Lifetime", - "value": "300" + "name": "Snooze Interval for Expiring Password Warning", + "value": "24" }, { - "name": "Session Lifetime", - "value": "43200" + "name": "Login Challenge Template", + "value": "html.form.login.challenge.template.html" }, { - "name": "Not Before Tolerance", - "value": "0" + "name": "'Remember My Username' Lifetime", + "value": "30" }, { - "name": "Force SunJCE Provider", - "value": "false" + "name": "'This is My Device' Lifetime", + "value": "30" }, { - "name": "Use Verbose Error Messages", + "name": "Allow Username Edits During Chaining", "value": "false" }, { - "name": "Obfuscate Password", + "name": "Track Authentication Time", "value": "true" }, { - "name": "Session Cookie", - "value": "false" + "name": "Post-Password Change Re-Authentication Delay", + "value": "0" }, { - "name": "Secure Cookie", - "value": "false" + "name": "Password Reset Username Template", + "value": "forgot-password.html" }, { - "name": "Delete Cookie", - "value": "false" + "name": "Password Reset Code Template", + "value": "forgot-password-resume.html" }, { - "name": "Replay Prevention", - "value": "false" + "name": "Password Reset Template", + "value": "forgot-password-change.html" }, { - "name": "Skip Malformed Attribute Detection", - "value": "false" + "name": "Password Reset Error Template", + "value": "forgot-password-error.html" }, { - "name": "SameSite Cookie", - "value": "3" + "name": "Password Reset Success Template", + "value": "forgot-password-success.html" }, { - "name": "HTTP Only Flag", - "value": "true" + "name": "Account Unlock Template", + "value": "account-unlock.html" }, { - "name": "Track Authentication Time", - "value": "true" - } - ] - }, - "attributeContract": { - "coreAttributes": [ - { - "name": "subject", - "masked": false, - "pseudonym": true - } - ], - "extendedAttributes": [], - "maskOgnlValues": false - }, - "attributeMapping": { - "attributeSources": [], - "attributeContractFulfillment": { - "subject": { - "source": { - "type": "ADAPTER" - }, - "value": "subject" - } - }, - "issuanceCriteria": { - "conditionalCriteria": [] - } - } - }, - { - "id": "ciamHtmlForm", - "name": "Customer HTML Form (PF)", - "pluginDescriptorRef": { - "id": "com.pingidentity.adapters.htmlform.idp.HtmlFormIdpAuthnAdapter", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/idp/adapters/descriptors/com.pingidentity.adapters.htmlform.idp.HtmlFormIdpAuthnAdapter" - }, - "configuration": { - "tables": [ - { - "name": "Credential Validators", - "rows": [ - { - "fields": [ - { - "name": "Password Credential Validator Instance", - "value": "PDPCV" - } - ], - "defaultRow": false - } - ] - } - ], - "fields": [ - { - "name": "Challenge Retries", - "value": "3" + "name": "OTP Length", + "value": "8" }, { - "name": "Session State", - "value": "None" + "name": "OTP Time to Live", + "value": "10" }, { - "name": "Session Timeout", - "value": "60" + "name": "PingID Properties", + "value": "" }, { - "name": "Session Max Timeout", - "value": "480" + "name": "Require Verified Email", + "value": "false" }, { - "name": "Allow Password Changes", - "value": "true" + "name": "Username Recovery Template", + "value": "username.recovery.template.html" }, { - "name": "Password Management System", - "value": "" + "name": "Username Recovery Info Template", + "value": "username.recovery.info.template.html" }, { - "name": "Enable 'Remember My Username'", - "value": "true" + "name": "Username Recovery Email Template", + "value": "message-template-username-recovery.html" }, { - "name": "Enable 'This is My Device'", + "name": "CAPTCHA for Authentication", "value": "false" }, { - "name": "Change Password Policy Contract", - "value": "" + "name": "CAPTCHA for Password change", + "value": "false" }, { - "name": "Change Password Email Notification", + "name": "CAPTCHA for Password Reset", "value": "false" }, { - "name": "Show Password Expiring Warning", + "name": "CAPTCHA for Username recovery", "value": "false" }, { - "name": "Password Reset Type", - "value": "NONE" + "name": "Password Update Timeout", + "value": "30" }, { - "name": "Password Reset Policy Contract", - "value": "" + "name": "Require Re-Authentication For Expiring Password Flow", + "value": "false" }, { - "name": "Revoke Sessions After Password Change Or Reset", - "value": "false" + "name": "Require Re-Authentication for Change Password Flow", + "value": "true" }, { - "name": "Account Unlock", - "value": "false" + "name": "Require Re-Authentication for Password Reset Flow", + "value": "true" }, { - "name": "Local Identity Profile", - "value": "regIdentityProfile" + "name": "Password Reset One-Time Link Email Template", + "value": "message-template-forgot-password-link.html" }, { - "name": "Notification Publisher", - "value": "" + "name": "Password Reset One-Time Password Email Template", + "value": "message-template-forgot-password-code.html" }, { - "name": "Enable Username Recovery", - "value": "false" + "name": "Account Disabled Email Template", + "value": "message-template-account-disabled.html" }, { - "name": "Login Template", - "value": "html.form.login.template.html" + "name": "Password Reset Complete Email Template", + "value": "message-template-forgot-password-complete.html" }, { - "name": "Logout Path", - "value": "" + "name": "Password Reset Failed Email Template", + "value": "message-template-forgot-password-failed.html" }, { - "name": "Logout Redirect", - "value": "" + "name": "Account Unlock Email Template", + "value": "message-template-account-unlock-complete.html" }, { - "name": "Logout Template", - "value": "idp.logout.success.page.template.html" + "name": "Allowed OTP Character Set", + "value": "23456789BCDFGHJKMNPQRSTVWXZbcdfghjkmnpqrstvwxz" }, { - "name": "Change Password Template", - "value": "html.form.change.password.template.html" + "name": "CAPTCHA Provider", + "value": "" }, { - "name": "Change Password Message Template", - "value": "html.form.message.template.html" + "name": "Fail Authentication on Account Lockout", + "value": "true" + } + ] + }, + "lastModified": "2025-01-02T17:59:25.207Z", + "attributeContract": { + "coreAttributes": [ + { + "name": "policy.action", + "masked": false, + "pseudonym": false }, { - "name": "Password Management System Message Template", - "value": "html.form.message.template.html" + "name": "username", + "masked": false, + "pseudonym": true + } + ], + "extendedAttributes": [ + { + "name": "entryUUID", + "masked": false, + "pseudonym": false }, { - "name": "Change Password Email Template", - "value": "message-template-end-user-password-change.html" + "name": "uid", + "masked": false, + "pseudonym": false }, { - "name": "Expiring Password Warning Template", - "value": "html.form.password.expiring.notification.template.html" + "name": "mail", + "masked": false, + "pseudonym": false }, { - "name": "Threshold for Expiring Password Warning", - "value": "7" + "name": "givenName", + "masked": false, + "pseudonym": false }, { - "name": "Snooze Interval for Expiring Password Warning", - "value": "24" + "name": "cn", + "masked": false, + "pseudonym": false }, { - "name": "Login Challenge Template", - "value": "html.form.login.challenge.template.html" + "name": "sn", + "masked": false, + "pseudonym": false + } + ], + "maskOgnlValues": false + }, + "attributeMapping": { + "attributeSources": [], + "attributeContractFulfillment": { + "entryUUID": { + "source": { + "type": "ADAPTER" + }, + "value": "entryUUID" + }, + "uid": { + "source": { + "type": "ADAPTER" + }, + "value": "uid" + }, + "mail": { + "source": { + "type": "ADAPTER" + }, + "value": "mail" + }, + "policy.action": { + "source": { + "type": "ADAPTER" + }, + "value": "policy.action" + }, + "givenName": { + "source": { + "type": "ADAPTER" + }, + "value": "givenName" + }, + "cn": { + "source": { + "type": "ADAPTER" + }, + "value": "cn" + }, + "sn": { + "source": { + "type": "ADAPTER" + }, + "value": "sn" }, + "username": { + "source": { + "type": "ADAPTER" + }, + "value": "username" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + } + } + } + ] + }, + { + "resourceType": "/sp/adapters", + "operationType": "SAVE", + "items": [ + { + "id": "spadapter", + "name": "SpAdapter", + "pluginDescriptorRef": { + "id": "com.pingidentity.adapters.opentoken.SpAuthnAdapter", + "location": "https://localhost:9999/pf-admin-api/v1/sp/adapters/descriptors/com.pingidentity.adapters.opentoken.SpAuthnAdapter" + }, + "configuration": { + "tables": [], + "fields": [ { - "name": "'Remember My Username' Lifetime", - "value": "30" + "name": "Password", + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..BjMXSrTTutSuDcmUGsfXwA.999EKovUK5PhOXteo3uNyw.VomGXxTsgaD7IExSmfVUvQ" }, { - "name": "'This is My Device' Lifetime", - "value": "30" + "name": "Confirm Password", + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..4R4qwKfjzaqq6shS7n6y0A.nZlaZeLEB4DnMhyMH_2I4g.xK0OPLmGns8rAO_0_Sg3HA" }, { - "name": "Allow Username Edits During Chaining", - "value": "false" + "name": "Transport Mode", + "value": "2" }, { - "name": "Track Authentication Time", - "value": "true" + "name": "Token Name", + "value": "opentoken" }, { - "name": "Post-Password Change Re-Authentication Delay", - "value": "0" + "name": "Cipher Suite", + "value": "2" }, { - "name": "Password Reset Username Template", - "value": "forgot-password.html" + "name": "Authentication Service", + "value": "" }, { - "name": "Password Reset Code Template", - "value": "forgot-password-resume.html" + "name": "Account Link Service", + "value": "" }, { - "name": "Password Reset Template", - "value": "forgot-password-change.html" + "name": "Logout Service", + "value": "" }, { - "name": "Password Reset Error Template", - "value": "forgot-password-error.html" + "name": "SameSite Cookie", + "value": "3" }, { - "name": "Password Reset Success Template", - "value": "forgot-password-success.html" + "name": "Cookie Domain", + "value": "" }, { - "name": "Account Unlock Template", - "value": "account-unlock.html" + "name": "Cookie Path", + "value": "/" }, { - "name": "OTP Length", - "value": "8" + "name": "Token Lifetime", + "value": "300" }, { - "name": "OTP Time to Live", - "value": "10" + "name": "Session Lifetime", + "value": "43200" }, { - "name": "PingID Properties", - "value": "" + "name": "Not Before Tolerance", + "value": "0" }, { - "name": "Require Verified Email", + "name": "Force SunJCE Provider", "value": "false" }, { - "name": "Username Recovery Template", - "value": "username.recovery.template.html" + "name": "Use Verbose Error Messages", + "value": "false" }, { - "name": "Username Recovery Info Template", - "value": "username.recovery.info.template.html" + "name": "Obfuscate Password", + "value": "true" }, { - "name": "Username Recovery Email Template", - "value": "message-template-username-recovery.html" + "name": "Session Cookie", + "value": "false" }, { - "name": "CAPTCHA for Authentication", - "value": "false" + "name": "Secure Cookie", + "value": "true" }, { - "name": "CAPTCHA for Password change", - "value": "false" + "name": "HTTP Only Flag", + "value": "true" }, { - "name": "CAPTCHA for Password Reset", + "name": "Send Subject as Query Parameter", "value": "false" }, { - "name": "CAPTCHA for Username recovery", - "value": "false" + "name": "Subject Query Parameter ", + "value": "" }, { - "name": "Password Update Timeout", - "value": "30" + "name": "Send Extended Attributes", + "value": "" }, { - "name": "Require Re-Authentication For Expiring Password Flow", + "name": "Skip Trimming of Trailing Backslashes", "value": "false" }, { - "name": "Require Re-Authentication for Change Password Flow", + "name": "URL Encode Cookie Values", "value": "true" + } + ] + }, + "lastModified": "2025-01-02T17:59:22.066Z", + "attributeContract": { + "coreAttributes": [ + { + "name": "subject" + } + ], + "extendedAttributes": [] + }, + "targetApplicationInfo": { + "applicationName": "test", + "applicationIconUrl": "https://test.com" + } + } + ] + }, + { + "resourceType": "/idpToSpAdapterMapping", + "operationType": "SAVE", + "items": [ + { + "attributeSources": [], + "attributeContractFulfillment": { + "subject": { + "source": { + "type": "ADAPTER" }, + "value": "entryUUID" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + }, + "id": "ciamHtmlForm|spadapter", + "sourceId": "ciamHtmlForm", + "targetId": "spadapter" + } + ] + }, + { + "resourceType": "/sp/authenticationPolicyContractMappings", + "operationType": "SAVE", + "items": [ + { + "attributeSources": [], + "attributeContractFulfillment": { + "subject": { + "source": { + "type": "NO_MAPPING" + } + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + }, + "id": "wIdHhK789PmadmMS|spadapter", + "sourceId": "wIdHhK789PmadmMS", + "targetId": "spadapter" + } + ] + }, + { + "resourceType": "/identityStoreProvisioners", + "operationType": "SAVE", + "items": [ + { + "id": "ISPTestID", + "name": "ISP TestName", + "pluginDescriptorRef": { + "id": "com.pingidentity.identitystoreprovisioners.sample.SampleIdentityStoreProvisioner", + "location": "https://localhost:9999/pf-admin-api/v1/identityStoreProvisioners/descriptors/com.pingidentity.identitystoreprovisioners.sample.SampleIdentityStoreProvisioner" + }, + "configuration": { + "tables": [], + "fields": [ { - "name": "Require Re-Authentication for Password Reset Flow", - "value": "true" + "name": "Delete user behavior", + "value": "Disable User" + } + ] + }, + "lastModified": "2025-01-02T17:59:25.465Z", + "attributeContract": { + "coreAttributes": [ + { + "name": "username" + } + ], + "inherited": false + }, + "groupAttributeContract": { + "coreAttributes": [ + { + "name": "groupname" + } + ], + "inherited": false + } + } + ] + }, + { + "resourceType": "/idp/tokenProcessors", + "operationType": "SAVE", + "items": [ + { + "id": "UsernameTokenProcessor", + "name": "UsernameTokenProcessor", + "pluginDescriptorRef": { + "id": "com.pingidentity.pf.tokenprocessors.username.UsernameTokenProcessor", + "location": "https://localhost:9999/pf-admin-api/v1/idp/tokenProcessors/descriptors/com.pingidentity.pf.tokenprocessors.username.UsernameTokenProcessor" + }, + "configuration": { + "tables": [ + { + "name": "Credential Validators", + "rows": [ + { + "fields": [ + { + "name": "Password Credential Validator Instance", + "value": "pingdirectory" + } + ], + "defaultRow": false + }, + { + "fields": [ + { + "name": "Password Credential Validator Instance", + "value": "simple" + } + ], + "defaultRow": false + } + ] + } + ], + "fields": [ + { + "name": "Authentication Attempts", + "value": "3" + } + ] + }, + "lastModified": "2025-01-02T17:59:22.207Z", + "attributeContract": { + "coreAttributes": [ + { + "name": "username", + "masked": false + } + ], + "extendedAttributes": [], + "maskOgnlValues": false + } + }, + { + "id": "tokenprocessor", + "name": "token processor", + "pluginDescriptorRef": { + "id": "org.sourceid.wstrust.processor.saml.Saml20TokenProcessor", + "location": "https://localhost:9999/pf-admin-api/v1/idp/tokenProcessors/descriptors/org.sourceid.wstrust.processor.saml.Saml20TokenProcessor" + }, + "configuration": { + "tables": [ + { + "name": "Valid Certificate Issuer DNs", + "rows": [] }, { - "name": "Password Reset One-Time Link Email Template", - "value": "message-template-forgot-password-link.html" + "name": "Valid Certificate Subject DNs", + "rows": [] + } + ], + "fields": [ + { + "name": "Audience", + "value": "audience" + } + ] + }, + "lastModified": "2025-01-02T17:59:21.089Z", + "attributeContract": { + "coreAttributes": [ + { + "name": "SAML_SUBJECT", + "masked": false + } + ], + "extendedAttributes": [], + "maskOgnlValues": false + } + } + ] + }, + { + "resourceType": "/sp/tokenGenerators", + "operationType": "SAVE", + "items": [ + { + "id": "tokengenerator", + "name": "token generator", + "pluginDescriptorRef": { + "id": "org.sourceid.wstrust.generator.saml.Saml20TokenGenerator", + "location": "https://localhost:9999/pf-admin-api/v1/sp/tokenGenerators/descriptors/org.sourceid.wstrust.generator.saml.Saml20TokenGenerator" + }, + "configuration": { + "tables": [], + "fields": [ + { + "name": "Minutes Before", + "value": "60" + }, + { + "name": "Minutes After", + "value": "60" + }, + { + "name": "Issuer", + "value": "issuer" }, { - "name": "Password Reset One-Time Password Email Template", - "value": "message-template-forgot-password-code.html" + "name": "Signing Certificate", + "value": "419x9yg43rlawqwq9v6az997k" }, { - "name": "Account Disabled Email Template", - "value": "message-template-account-disabled.html" + "name": "Signing Algorithm", + "value": "SHA1" }, { - "name": "Password Reset Complete Email Template", - "value": "message-template-forgot-password-complete.html" + "name": "Include Certificate in KeyInfo", + "value": "false" }, { - "name": "Password Reset Failed Email Template", - "value": "message-template-forgot-password-failed.html" + "name": "Include Raw Key in KeyValue", + "value": "false" }, { - "name": "Account Unlock Email Template", - "value": "message-template-account-unlock-complete.html" + "name": "Audience", + "value": "audience" }, { - "name": "Allowed OTP Character Set", - "value": "23456789BCDFGHJKMNPQRSTVWXZbcdfghjkmnpqrstvwxz" + "name": "Confirmation Method", + "value": "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches" }, { - "name": "CAPTCHA Provider", + "name": "Encryption Certificate", "value": "" }, { - "name": "Fail Authentication on Account Lockout", - "value": "true" + "name": "Message Customization Expression", + "value": "" } ] }, + "lastModified": "2025-01-02T17:59:21.069Z", "attributeContract": { "coreAttributes": [ { - "name": "policy.action", - "masked": false, - "pseudonym": false - }, - { - "name": "username", - "masked": false, - "pseudonym": true + "name": "SAML_SUBJECT" } ], - "extendedAttributes": [ - { - "name": "entryUUID", - "masked": false, - "pseudonym": false + "extendedAttributes": [] + } + } + ] + }, + { + "resourceType": "/tokenProcessorToTokenGeneratorMappings", + "operationType": "SAVE", + "items": [ + { + "attributeSources": [], + "attributeContractFulfillment": { + "SAML_SUBJECT": { + "source": { + "type": "CONTEXT" }, + "value": "ClientIp" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + }, + "id": "tokenprocessor|tokengenerator", + "sourceId": "tokenprocessor", + "targetId": "tokengenerator" + } + ] + }, + { + "resourceType": "/idp/defaultUrls", + "operationType": "SAVE", + "items": [ + { + "confirmIdpSlo": false, + "idpErrorMsg": "errorDetail.idpSsoFailure" + } + ] + }, + { + "resourceType": "/sp/defaultUrls", + "operationType": "SAVE", + "items": [ + { + "confirmSlo": false + } + ] + }, + { + "resourceType": "/extendedProperties", + "operationType": "SAVE", + "items": [ + { + "name": "authNexp", + "description": "Authentication Experience [Single_Factor | Internal | ID-First | Multi_Factor]", + "multiValued": false + }, + { + "name": "useAuthnApi", + "description": "Use the AuthN API", + "multiValued": false + } + ] + }, + { + "resourceType": "/idp/stsRequestParametersContracts", + "operationType": "SAVE", + "items": [ + { + "id": "STSTestID", + "name": "STS TestName", + "parameters": [ + "test" + ], + "lastModified": "2025-01-02T17:59:25.481Z" + } + ] + }, + { + "resourceType": "/metadataUrls", + "operationType": "SAVE", + "items": [ + { + "id": "i8uUHFDebYX7Z7gSfyhZ9yKUA", + "name": "Test Metadata URL", + "url": "https://www.example.com", + "validateSignature": false + } + ] + }, + { + "resourceType": "/oauth/authServerSettings", + "operationType": "SAVE", + "items": [ + { + "defaultScopeDescription": "", + "scopes": [ + { + "name": "email", + "description": "email scope", + "dynamic": false + } + ], + "scopeGroups": [], + "exclusiveScopes": [], + "exclusiveScopeGroups": [], + "authorizationCodeTimeout": 60, + "authorizationCodeEntropy": 30, + "disallowPlainPKCE": false, + "includeIssuerInAuthorizationResponse": false, + "persistentGrantLifetime": -1, + "persistentGrantLifetimeUnit": "DAYS", + "persistentGrantIdleTimeout": 30, + "persistentGrantIdleTimeoutTimeUnit": "DAYS", + "refreshTokenLength": 42, + "rollRefreshTokenValues": false, + "refreshTokenRollingGracePeriod": 60, + "refreshRollingInterval": 0, + "refreshRollingIntervalTimeUnit": "HOURS", + "persistentGrantReuseGrantTypes": [ + "IMPLICIT" + ], + "persistentGrantContract": { + "extendedAttributes": [], + "coreAttributes": [ { - "name": "uid", - "masked": false, - "pseudonym": false + "name": "USER_KEY" }, { - "name": "mail", - "masked": false, - "pseudonym": false - }, + "name": "USER_NAME" + } + ] + }, + "bypassAuthorizationForApprovedGrants": false, + "allowUnidentifiedClientROCreds": false, + "allowUnidentifiedClientExtensionGrants": false, + "tokenEndpointBaseUrl": "", + "requireOfflineAccessScopeToIssueRefreshTokens": false, + "offlineAccessRequireConsentPrompt": false, + "userAuthorizationUrl": "", + "registeredAuthorizationPath": "", + "pendingAuthorizationTimeout": 600, + "bypassActivationCodeConfirmation": false, + "devicePollingInterval": 5, + "activationCodeCheckMode": "AFTER_AUTHENTICATION", + "enableCookielessUserAuthorizationAuthenticationApi": false, + "userAuthorizationConsentPageSetting": "INTERNAL", + "atmIdForOAuthGrantManagement": "jwt", + "scopeForOAuthGrantManagement": "email", + "allowedOrigins": [], + "trackUserSessionsForLogout": false, + "parReferenceTimeout": 60, + "parReferenceLength": 24, + "parStatus": "ENABLED", + "clientSecretRetentionPeriod": 0, + "jwtSecuredAuthorizationResponseModeLifetime": 600, + "dpopProofRequireNonce": false, + "dpopProofLifetimeSeconds": 120, + "dpopProofEnforceReplayPrevention": false, + "bypassAuthorizationForApprovedConsents": false, + "consentLifetimeDays": -1 + } + ] + }, + { + "resourceType": "/sp/idpConnections", + "operationType": "SAVE", + "items": [ + { + "type": "IDP", + "id": "n26SCl49a8lB_ifAaLF_MyUbquv", + "name": "testConnection", + "entityId": "testPartnerId", + "active": true, + "contactInfo": {}, + "loggingMode": "STANDARD", + "virtualEntityIds": [], + "credentials": { + "certs": [ { - "name": "givenName", - "masked": false, - "pseudonym": false + "primaryVerificationCert": true, + "secondaryVerificationCert": false, + "certView": { + "id": "gpmlavn03e4mknkyml4m2ak9q", + "serialNumber": "430421198347763948001683365009287878912609754790", + "subjectDN": "CN=test, O=Ping Identity Corporation, L=Denver, ST=CO, C=US", + "subjectAlternativeNames": [], + "issuerDN": "CN=test, O=Ping Identity Corporation, L=Denver, ST=CO, C=US", + "validFrom": "2024-12-12T23:28:24.000Z", + "expires": "2027-09-08T23:28:24.000Z", + "keyAlgorithm": "RSA", + "keySize": 2048, + "signatureAlgorithm": "SHA256withRSA", + "version": 3, + "sha1Fingerprint": "B1B57BC2A8733287A1A9B65EB60BFFD01EFECEBA", + "sha256Fingerprint": "AA40F0AA0B7A438F15C49FA2A2EBE3B28AAB34A846781211BD170E8D7B06D291", + "status": "VALID" + }, + "x509File": { + "id": "gpmlavn03e4mknkyml4m2ak9q", + "fileData": "-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIUS2TBCdRzpK4Zze+HDKjB9EQSHqYwDQYJKoZIhvcNAQELBQAwXjELMAkG\nA1UEBhMCVVMxCzAJBgNVBAgMAkNPMQ8wDQYDVQQHDAZEZW52ZXIxIjAgBgNVBAoMGVBpbmcgSWRl\nbnRpdHkgQ29ycG9yYXRpb24xDTALBgNVBAMMBHRlc3QwHhcNMjQxMjEyMjMyODI0WhcNMjcwOTA4\nMjMyODI0WjBeMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xDzANBgNVBAcMBkRlbnZlcjEiMCAG\nA1UECgwZUGluZyBJZGVudGl0eSBDb3Jwb3JhdGlvbjENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAJdoGurgDvSRBL2cIeUaCY3po5YDZnV1eyuOQTxQc6OT2JS0\n+40gJbJmfNrbcOSt+1DbxzP+Ixblkcz569VOC5lbROn38yeaMU32Xc/4DGSp1HCY/JfSygz/+qr8\n8YTqMaI21AbZnAiY5x0Rw56IDmJglXaXeVbCUJy7oPTyAoYYT93DJDk41Ze51UcTmUsTKN4K3gvv\nSaRuyq5+g6EXBq7AkeOnbP0bSHybN1KEV5BXNNpgk9h0Jw3PE+qkm/5nYRzxBf4RA/Agfv9esG9N\nz3XgDowAGBmxr+rU/na7pwEEudMh668DEDeRVwh1ZapYpBtVcxMHmdJPgFJrBlo6mMECAwEAAaNT\nMFEwHQYDVR0OBBYEFGJc3Z0j9kXPsTmmbgAsY/PK2cupMB8GA1UdIwQYMBaAFGJc3Z0j9kXPsTmm\nbgAsY/PK2cupMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJVBvcHhh+00gzQ0\npnZKtRJxvEg+pGh+B9E+5i2PsNGyIAvAXw4mdBcQZKxfiXM31ZE2ge1mP+4di11+PKYNH2E973PL\nJ+wGHeQZ1ETDG5fo79t0MG1RzHtGoirZW7v4BNUI6ZM2FjEaCOtZg1rUhkdIfqDx4CeNjzb0rhXI\nzXNTS4Y6VlxWArQnwAgqPtb5poJG3Mm/3f6uQg/l0LIKTY/GR6yQsNCkzTZQhrIpXj4RpqnX3QgD\n1IWToMon7ntp4gAP/lASM5/xm5Jzb6dmF+hoN073g02UeV2TDLze80+K+Xr1GZeeULuXNrhOEXDR\nytvube8OXPPY6/zCphVb21g=\n-----END CERTIFICATE-----\n" + }, + "activeVerificationCert": true, + "encryptionCert": false + } + ] + }, + "modificationDate": "2025-01-02T17:59:25.748Z", + "creationDate": "2025-01-02T17:59:25.748Z", + "wsTrust": { + "attributeContract": { + "coreAttributes": [ + { + "name": "TOKEN_SUBJECT", + "masked": false + } + ], + "extendedAttributes": [] + }, + "tokenGeneratorMappings": [], + "generateLocalToken": false + } + } + ] + }, + { + "resourceType": "/idp/spConnections", + "operationType": "SAVE", + "items": [ + { + "type": "SP", + "id": "iIoQK.-GWcXI5kLp4KDNxQqAhDF", + "name": "test", + "entityId": "test", + "active": true, + "contactInfo": {}, + "loggingMode": "STANDARD", + "virtualEntityIds": [], + "credentials": { + "certs": [], + "signingSettings": { + "signingKeyPairRef": { + "id": "419x9yg43rlawqwq9v6az997k", + "location": "https://localhost:9999/pf-admin-api/v1/keyPairs/signing/419x9yg43rlawqwq9v6az997k" }, - { - "name": "sn", - "masked": false, - "pseudonym": false - } - ], - "maskOgnlValues": false + "algorithm": "SHA256withRSA", + "includeCertInSignature": false, + "includeRawKeyInSignature": false + } }, - "attributeMapping": { - "attributeSources": [], - "attributeContractFulfillment": { - "entryUUID": { - "source": { - "type": "ADAPTER" - }, - "value": "entryUUID" - }, - "uid": { - "source": { - "type": "ADAPTER" + "modificationDate": "2025-01-02T17:59:21.934Z", + "creationDate": "2025-01-02T17:59:21.934Z", + "wsTrust": { + "partnerServiceIds": [ + "test" + ], + "oAuthAssertionProfiles": false, + "defaultTokenType": "SAML20", + "generateKey": false, + "encryptSaml2Assertion": false, + "minutesBefore": 5, + "minutesAfter": 30, + "attributeContract": { + "coreAttributes": [ + { + "name": "TOKEN_SUBJECT" + } + ], + "extendedAttributes": [] + }, + "tokenProcessorMappings": [ + { + "attributeSources": [], + "attributeContractFulfillment": { + "TOKEN_SUBJECT": { + "source": { + "type": "NO_MAPPING" + } + } }, - "value": "uid" - }, - "mail": { - "source": { - "type": "ADAPTER" + "issuanceCriteria": { + "conditionalCriteria": [] }, - "value": "mail" - }, - "policy.action": { - "source": { - "type": "ADAPTER" + "idpTokenProcessorRef": { + "id": "tokenprocessor", + "location": "https://localhost:9999/pf-admin-api/v1/idp/tokenProcessors/tokenprocessor" }, - "value": "policy.action" + "restrictedVirtualEntityIds": [] + } + ] + }, + "connectionTargetType": "STANDARD" + } + ] + }, + { + "resourceType": "/session/settings", + "operationType": "SAVE", + "items": [ + { + "trackAdapterSessionsForLogout": false, + "revokeUserSessionOnLogout": true, + "sessionRevocationLifetime": 490 + } + ] + }, + { + "resourceType": "/session/applicationSessionPolicy", + "operationType": "SAVE", + "items": [ + { + "idleTimeoutMins": 60, + "maxTimeoutMins": 480 + } + ] + }, + { + "resourceType": "/session/authenticationSessionPolicies/global", + "operationType": "SAVE", + "items": [ + { + "enableSessions": false, + "persistentSessions": false, + "hashUniqueUserKeyAttribute": false, + "idleTimeoutMins": 60, + "idleTimeoutDisplayUnit": "MINUTES", + "maxTimeoutMins": 480, + "maxTimeoutDisplayUnit": "MINUTES" + } + ] + }, + { + "resourceType": "/session/authenticationSessionPolicies", + "operationType": "SAVE", + "items": [ + { + "id": "UfdnqYjWycSeo2vZZgSYB3gpw", + "authenticationSource": { + "type": "IDP_ADAPTER", + "sourceRef": { + "id": "OTIdPJava", + "location": "https://localhost:9999/pf-admin-api/v1/idp/adapters/OTIdPJava" + } + }, + "enableSessions": false, + "userDeviceType": "PRIVATE", + "persistent": false, + "timeoutDisplayUnit": "MINUTES", + "authnContextSensitive": false + } + ] + }, + { + "resourceType": "/oauth/issuers", + "operationType": "SAVE", + "items": [ + { + "id": "BmoJwEmyzs4RSNMzVUlCs8qTPC", + "name": "Test Issuer", + "description": "test issuer", + "host": "localhost", + "path": "" + } + ] + }, + { + "resourceType": "/additionalKeySets", + "operationType": "SAVE", + "items": [ + { + "id": "testID", + "name": "testName", + "description": "testDescription", + "signingKeys": { + "rsaActiveCertRef": { + "id": "419x9yg43rlawqwq9v6az997k", + "location": "https://localhost:9999/pf-admin-api/v1/keyPairs/signing/419x9yg43rlawqwq9v6az997k" + }, + "rsaPublishX5cParameter": true + }, + "issuers": [ + { + "id": "BmoJwEmyzs4RSNMzVUlCs8qTPC", + "location": "https://localhost:9999/pf-admin-api/v1/oauth/issuers/BmoJwEmyzs4RSNMzVUlCs8qTPC" + } + ] + } + ] + }, + { + "resourceType": "/oauth/idpAdapterMappings", + "operationType": "SAVE", + "items": [ + { + "attributeSources": [], + "attributeContractFulfillment": { + "USER_NAME": { + "source": { + "type": "CONTEXT" }, - "givenName": { - "source": { - "type": "ADAPTER" - }, - "value": "givenName" + "value": "OAuthScopes" + }, + "USER_KEY": { + "source": { + "type": "ADAPTER" }, - "sn": { - "source": { - "type": "ADAPTER" - }, - "value": "sn" + "value": "subject" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + }, + "id": "OTIdPJava", + "idpAdapterRef": { + "id": "OTIdPJava", + "location": "https://localhost:9999/pf-admin-api/v1/idp/adapters/OTIdPJava" + } + } + ] + }, + { + "resourceType": "/oauth/authenticationPolicyContractMappings", + "operationType": "SAVE", + "items": [ + { + "attributeSources": [], + "attributeContractFulfillment": { + "USER_NAME": { + "source": { + "type": "CONTEXT" }, - "username": { - "source": { - "type": "ADAPTER" - }, - "value": "username" - } + "value": "OAuthScopes" }, - "issuanceCriteria": { - "conditionalCriteria": [] + "USER_KEY": { + "source": { + "type": "AUTHENTICATION_POLICY_CONTRACT" + }, + "value": "subject" } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + }, + "id": "QGxlec5CX693lBQL", + "authenticationPolicyContractRef": { + "id": "QGxlec5CX693lBQL", + "location": "https://localhost:9999/pf-admin-api/v1/authenticationPolicyContracts/QGxlec5CX693lBQL" } - }, + } + ] + }, + { + "resourceType": "/oauth/outOfBandAuthPlugins", + "operationType": "SAVE", + "items": [ { - "id": "htmlForm", - "name": "Employee HTML Form", + "id": "exampleCibaAuthenticator", + "name": "exampleCibaAuthenticator", "pluginDescriptorRef": { - "id": "com.pingidentity.adapters.htmlform.idp.HtmlFormIdpAuthnAdapter", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/idp/adapters/descriptors/com.pingidentity.adapters.htmlform.idp.HtmlFormIdpAuthnAdapter" + "id": "com.pingidentity.oobauth.pingone.mfa.PingOneMfaCibaAuthenticator", + "location": "https://localhost:9999/pf-admin-api/v1/oauth/outOfBandAuthPlugins/descriptors/com.pingidentity.oobauth.pingone.mfa.PingOneMfaCibaAuthenticator" }, "configuration": { "tables": [ { - "name": "Credential Validators", - "rows": [ - { - "fields": [ - { - "name": "Password Credential Validator Instance", - "value": "PDPCV" - } - ], - "defaultRow": false - } - ] + "name": "PingOne Template Variables", + "rows": [] } ], "fields": [ { - "name": "Challenge Retries", - "value": "3" - }, - { - "name": "Session State", - "value": "None" - }, - { - "name": "Session Timeout", - "value": "60" - }, - { - "name": "Session Max Timeout", - "value": "480" - }, - { - "name": "Allow Password Changes", - "value": "false" - }, - { - "name": "Password Management System", - "value": "" - }, - { - "name": "Enable 'Remember My Username'", - "value": "false" - }, - { - "name": "Enable 'This is My Device'", - "value": "false" - }, - { - "name": "Change Password Email Notification", - "value": "false" - }, - { - "name": "Show Password Expiring Warning", - "value": "false" - }, - { - "name": "Password Reset Type", - "value": "NONE" - }, - { - "name": "Password Reset Policy Contract", - "value": "" - }, - { - "name": "Account Unlock", - "value": "false" - }, - { - "name": "Local Identity Profile", - "value": "adminIdentityProfile" - }, - { - "name": "Notification Publisher", - "value": "" - }, - { - "name": "Enable Username Recovery", - "value": "false" - }, - { - "name": "Change Password Policy Contract", - "value": "" - }, - { - "name": "Revoke Sessions After Password Change Or Reset", - "value": "false" + "name": "PingOne Environment", + "value": "noeOvj5ltBnf4rcmtZAKdJ|f5901536-2b60-4d4a-a987-3d56aadad46d" }, { - "name": "Login Template", - "value": "html.form.login.template.html" + "name": "Application", + "value": "2a7c1b5d-415b-4fb5-a6c0-1e290f776785" }, { - "name": "Logout Path", + "name": "PingOne Authentication Policy", "value": "" }, { - "name": "Logout Redirect", + "name": "Test Username", "value": "" }, { - "name": "Logout Template", - "value": "idp.logout.success.page.template.html" - }, - { - "name": "Change Password Template", - "value": "html.form.change.password.template.html" - }, - { - "name": "Change Password Message Template", - "value": "html.form.message.template.html" - }, - { - "name": "Password Management System Message Template", - "value": "html.form.message.template.html" - }, - { - "name": "Change Password Email Template", - "value": "message-template-end-user-password-change.html" - }, - { - "name": "Expiring Password Warning Template", - "value": "html.form.password.expiring.notification.template.html" - }, - { - "name": "Threshold for Expiring Password Warning", - "value": "7" - }, - { - "name": "Snooze Interval for Expiring Password Warning", - "value": "24" - }, - { - "name": "Login Challenge Template", - "value": "html.form.login.challenge.template.html" - }, - { - "name": "'Remember My Username' Lifetime", - "value": "30" - }, - { - "name": "'This is My Device' Lifetime", - "value": "30" - }, - { - "name": "Allow Username Edits During Chaining", - "value": "false" - }, - { - "name": "Track Authentication Time", - "value": "true" - }, - { - "name": "Post-Password Change Re-Authentication Delay", - "value": "0" - }, - { - "name": "Password Reset Username Template", - "value": "forgot-password.html" - }, - { - "name": "Password Reset Code Template", - "value": "forgot-password-resume.html" - }, - { - "name": "Password Reset Template", - "value": "forgot-password-change.html" - }, - { - "name": "Password Reset Error Template", - "value": "forgot-password-error.html" - }, - { - "name": "Password Reset Success Template", - "value": "forgot-password-success.html" - }, - { - "name": "Account Unlock Template", - "value": "account-unlock.html" - }, - { - "name": "OTP Length", - "value": "8" - }, - { - "name": "OTP Time to Live", - "value": "10" + "name": "PingOne Template Name", + "value": "transaction" }, { - "name": "PingID Properties", + "name": "PingOne Template Variant", "value": "" }, { - "name": "Require Verified Email", - "value": "false" - }, - { - "name": "Username Recovery Template", - "value": "username.recovery.template.html" - }, - { - "name": "Username Recovery Info Template", - "value": "username.recovery.info.template.html" - }, - { - "name": "Username Recovery Email Template", - "value": "message-template-username-recovery.html" - }, - { - "name": "CAPTCHA for Authentication", - "value": "false" - }, - { - "name": "CAPTCHA for Password change", - "value": "false" - }, - { - "name": "CAPTCHA for Password Reset", - "value": "false" - }, - { - "name": "CAPTCHA for Username recovery", - "value": "false" - }, - { - "name": "Password Update Timeout", - "value": "30" - }, - { - "name": "Require Re-Authentication For Expiring Password Flow", - "value": "false" - }, - { - "name": "Require Re-Authentication for Change Password Flow", - "value": "true" - }, - { - "name": "Require Re-Authentication for Password Reset Flow", - "value": "true" - }, - { - "name": "Password Reset One-Time Link Email Template", - "value": "message-template-forgot-password-link.html" - }, - { - "name": "Password Reset One-Time Password Email Template", - "value": "message-template-forgot-password-code.html" - }, - { - "name": "Account Disabled Email Template", - "value": "message-template-account-disabled.html" - }, - { - "name": "Password Reset Complete Email Template", - "value": "message-template-forgot-password-complete.html" + "name": "Client Context", + "value": "#*\nDefine additional key/value pairs to be received at the mobile application.\nThe following variables are available by default:\n\n$oobAuthRequestContext - Context for the out-of-band authentication/authorization request\n$languagePackMessages - The language-pack file configured for this authenticator\n$subject - The user's PingOne username or user ID.\n$JSONValue - A JSON utility class that can be used to escape text and convert objects to JSON.\n Methods:\n escape(String s) - Escape quotes, \\, /, \\r, \\n, \\b, \\f, \\t and other control characters (U+0000 through U+001F).\n toJSONString(Object value) - Convert an object to JSON text.\n\nAdditionally, any Extended Contract attributes are also available using the $name syntax.\n\nExample:\n\n{\n \"requestingApplicationName\": \"$JSONValue.escape($oobAuthRequestContext.requestingApplication.name)\",\n \"requestedScope\": $JSONValue.toJSONString($oobAuthRequestContext.requestedScope.values()),\n \"amount\": \"$JSONValue.escape($amount)\",\n \"alert.color\": \"red\"\n}\n*#" }, { - "name": "Password Reset Failed Email Template", - "value": "message-template-forgot-password-failed.html" + "name": "Messages Files", + "value": "pingone-mfa-messages" }, { - "name": "Account Unlock Email Template", - "value": "message-template-account-unlock-complete.html" + "name": "API Request Timeout", + "value": "12000" }, { - "name": "Allowed OTP Character Set", - "value": "23456789BCDFGHJKMNPQRSTVWXZbcdfghjkmnpqrstvwxz" + "name": "Proxy Settings", + "value": "System Defaults" }, { - "name": "CAPTCHA Provider", + "name": "Custom Proxy Host", "value": "" }, { - "name": "Fail Authentication on Account Lockout", - "value": "true" + "name": "Custom Proxy Port", + "value": "" } ] }, + "lastModified": "2025-01-02T17:59:24.220Z", "attributeContract": { "coreAttributes": [ { - "name": "policy.action", - "masked": false, - "pseudonym": false - }, - { - "name": "username", - "masked": false, - "pseudonym": true + "name": "subject" } ], - "extendedAttributes": [ - { - "name": "entryUUID", - "masked": false, - "pseudonym": false - }, - { - "name": "uid", - "masked": false, - "pseudonym": false - }, - { - "name": "mail", - "masked": false, - "pseudonym": false - }, - { - "name": "givenName", - "masked": false, - "pseudonym": false - }, - { - "name": "cn", - "masked": false, - "pseudonym": false - }, + "extendedAttributes": [] + } + } + ] + }, + { + "resourceType": "/oauth/cibaServerPolicy/requestPolicies", + "operationType": "SAVE", + "items": [ + { + "id": "exampleCibaReqPolicy", + "name": "exampleCibaReqPolicy", + "authenticatorRef": { + "id": "exampleCibaAuthenticator", + "location": "https://localhost:9999/pf-admin-api/v1/oauth/outOfBandAuthPlugins/exampleCibaAuthenticator" + }, + "transactionLifetime": 120, + "allowUnsignedLoginHintToken": false, + "requireTokenForIdentityHint": false, + "alternativeLoginHintTokenIssuers": [], + "identityHintContract": { + "coreAttributes": [ { - "name": "sn", - "masked": false, - "pseudonym": false + "name": "IDENTITY_HINT_SUBJECT" } ], - "maskOgnlValues": false + "extendedAttributes": [] }, - "attributeMapping": { + "identityHintContractFulfillment": { "attributeSources": [], "attributeContractFulfillment": { - "entryUUID": { - "source": { - "type": "ADAPTER" - }, - "value": "entryUUID" - }, - "uid": { - "source": { - "type": "ADAPTER" - }, - "value": "uid" - }, - "mail": { - "source": { - "type": "ADAPTER" - }, - "value": "mail" - }, - "policy.action": { - "source": { - "type": "ADAPTER" - }, - "value": "policy.action" - }, - "givenName": { - "source": { - "type": "ADAPTER" - }, - "value": "givenName" - }, - "cn": { + "IDENTITY_HINT_SUBJECT": { "source": { - "type": "ADAPTER" + "type": "REQUEST" }, - "value": "cn" - }, - "sn": { + "value": "IDENTITY_HINT_SUBJECT" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + } + }, + "identityHintMapping": { + "attributeSources": [], + "attributeContractFulfillment": { + "subject": { "source": { - "type": "ADAPTER" - }, - "value": "sn" + "type": "NO_MAPPING" + } }, - "username": { + "USER_KEY": { "source": { - "type": "ADAPTER" - }, - "value": "username" + "type": "NO_MAPPING" + } } }, "issuanceCriteria": { "conditionalCriteria": [] } + }, + "lastModified": "2025-01-02T17:59:24.254Z" + } + ] + }, + { + "resourceType": "/oauth/cibaServerPolicy/settings", + "operationType": "SAVE", + "items": [ + { + "defaultRequestPolicyRef": { + "id": "exampleCibaReqPolicy", + "location": "https://localhost:9999/pf-admin-api/v1/oauth/cibaServerPolicy/requestPolicies/exampleCibaReqPolicy" } } ] @@ -3824,494 +3900,789 @@ "location": "https://localhost:9999/pf-admin-api/v1/oauth/accessTokenManagers/jwt" }, "scopeAttributeMappings": {}, - "lastModified": "2024-09-24T17:02:21.741Z" + "lastModified": "2025-01-02T17:59:25.257Z" } ] }, { - "resourceType": "/extendedProperties", + "resourceType": "/oauth/openIdConnect/settings", "operationType": "SAVE", "items": [ { - "name": "authNexp", - "description": "Authentication Experience [Single_Factor | Internal | ID-First | Multi_Factor]", - "multiValued": false - }, - { - "name": "useAuthnApi", - "description": "Use the AuthN API", - "multiValued": false + "defaultPolicyRef": { + "id": "test-openid-connect-policy", + "location": "https://localhost:9999/pf-admin-api/v1/oauth/openIdConnect/policies/test-openid-connect-policy" + }, + "sessionSettings": { + "trackUserSessionsForLogout": false, + "revokeUserSessionOnLogout": true, + "sessionRevocationLifetime": 490 + } } ] }, { - "resourceType": "/authenticationSelectors", + "resourceType": "/oauth/tokenExchange/processor/policies", "operationType": "SAVE", "items": [ { - "id": "authnExp", - "name": "AuthN Experiences", - "pluginDescriptorRef": { - "id": "com.pingidentity.pf.selectors.ExtendedPropertyAuthnSelector", - "location": "https://${PF_ADMIN_PUBLIC_HOSTNAME}:${PF_ADMIN_PUBLIC_PORT_HTTPS}/pf-admin-api/v1/authenticationSelectors/descriptors/com.pingidentity.pf.selectors.ExtendedPropertyAuthnSelector" - }, - "configuration": { - "tables": [], - "fields": [ - { - "name": "Extended Property", - "value": "authNexp" - }, - { - "name": "Case-Sensitive Matching", - "value": "true" - }, + "id": "tokenexchangeprocessorpolicy", + "name": "tokenexchangeprocessorpolicy", + "actorTokenRequired": false, + "attributeContract": { + "coreAttributes": [ { - "name": "Enable 'No Match' Result Value", - "value": "false" + "name": "subject" } - ] + ], + "extendedAttributes": [] }, - "attributeContract": { - "extendedAttributes": [ - { - "name": "Single_Factor" + "processorMappings": [ + { + "attributeSources": [], + "attributeContractFulfillment": { + "subject": { + "source": { + "type": "TEXT" + }, + "value": "value" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [ + { + "errorResult": "error", + "source": { + "type": "CONTEXT" + }, + "attributeName": "ClientIp", + "condition": "EQUALS", + "value": "value" + } + ] + }, + "subjectTokenType": "urn:ietf:params:oauth:token-type:saml2", + "subjectTokenProcessor": { + "id": "tokenprocessor", + "location": "https://localhost:9999/pf-admin-api/v1/idp/tokenProcessors/tokenprocessor" + }, + "actorTokenType": "", + "actorTokenProcessor": {} + } + ] + } + ] + }, + { + "resourceType": "/oauth/tokenExchange/processor/settings", + "operationType": "SAVE", + "items": [ + { + "defaultProcessorPolicyRef": { + "id": "tokenexchangeprocessorpolicy", + "location": "https://localhost:9999/pf-admin-api/v1/oauth/tokenExchange/processor/policies/tokenexchangeprocessorpolicy" + } + } + ] + }, + { + "resourceType": "/oauth/tokenExchange/generator/groups", + "operationType": "SAVE", + "items": [ + { + "id": "exampleGeneratorGroup", + "name": "exampleGeneratorGroup", + "resourceUris": [], + "generatorMappings": [ + { + "requestedTokenType": "urn:ietf:params:oauth:token-type:saml2", + "tokenGenerator": { + "id": "tokengenerator", + "location": "https://localhost:9999/pf-admin-api/v1/sp/tokenGenerators/tokengenerator" + }, + "defaultMapping": true + } + ] + }, + { + "id": "exampleGeneratorGroup2", + "name": "exampleGeneratorGroup2", + "resourceUris": [], + "generatorMappings": [ + { + "requestedTokenType": "urn:ietf:params:oauth:token-type:saml2", + "tokenGenerator": { + "id": "tokengenerator", + "location": "https://localhost:9999/pf-admin-api/v1/sp/tokenGenerators/tokengenerator" }, - { - "name": "Internal" - } - ] - } + "defaultMapping": true + } + ] } ] }, { - "resourceType": "/certificates/revocation/ocspCertificates", + "resourceType": "/oauth/tokenExchange/generator/settings", "operationType": "SAVE", "items": [ { - "id": "opcey20sf9djwvk8snv1actzq", - "fileData": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURuVENDQW9XZ0F3SUJBZ0lVUzJUQkNkUnpwSzRaemUrSERLakI5RVFTSHFZd0RRWUpLb1pJaHZjTkFRRUxCUUF3WGpFTE1Ba0cKQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdNQWtOUE1ROHdEUVlEVlFRSERBWkVaVzUyWlhJeElqQWdCZ05WQkFvTUdWQnBibWNnU1dSbApiblJwZEhrZ1EyOXljRzl5WVhScGIyNHhEVEFMQmdOVkJBTU1CSFJsYzNRd0hoY05NalF4TWpFeU1qTXlPREkwV2hjTk1qY3dPVEE0Ck1qTXlPREkwV2pCZU1Rc3dDUVlEVlFRR0V3SlZVekVMTUFrR0ExVUVDQXdDUTA4eER6QU5CZ05WQkFjTUJrUmxiblpsY2pFaU1DQUcKQTFVRUNnd1pVR2x1WnlCSlpHVnVkR2wwZVNCRGIzSndiM0poZEdsdmJqRU5NQXNHQTFVRUF3d0VkR1Z6ZERDQ0FTSXdEUVlKS29aSQpodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUpkb0d1cmdEdlNSQkwyY0llVWFDWTNwbzVZRFpuVjFleXVPUVR4UWM2T1QySlMwCis0MGdKYkptZk5yYmNPU3QrMURieHpQK0l4YmxrY3o1NjlWT0M1bGJST24zOHllYU1VMzJYYy80REdTcDFIQ1kvSmZTeWd6LytxcjgKOFlUcU1hSTIxQWJabkFpWTV4MFJ3NTZJRG1KZ2xYYVhlVmJDVUp5N29QVHlBb1lZVDkzREpEazQxWmU1MVVjVG1Vc1RLTjRLM2d2dgpTYVJ1eXE1K2c2RVhCcTdBa2VPbmJQMGJTSHliTjFLRVY1QlhOTnBnazloMEp3M1BFK3FrbS81bllSenhCZjRSQS9BZ2Z2OWVzRzlOCnozWGdEb3dBR0JteHIrclUvbmE3cHdFRXVkTWg2NjhERURlUlZ3aDFaYXBZcEJ0VmN4TUhtZEpQZ0ZKckJsbzZtTUVDQXdFQUFhTlQKTUZFd0hRWURWUjBPQkJZRUZHSmMzWjBqOWtYUHNUbW1iZ0FzWS9QSzJjdXBNQjhHQTFVZEl3UVlNQmFBRkdKYzNaMGo5a1hQc1RtbQpiZ0FzWS9QSzJjdXBNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSlZCdmNIaGgrMDBnelEwCnBuWkt0Ukp4dkVnK3BHaCtCOUUrNWkyUHNOR3lJQXZBWHc0bWRCY1FaS3hmaVhNMzFaRTJnZTFtUCs0ZGkxMStQS1lOSDJFOTczUEwKSit3R0hlUVoxRVRERzVmbzc5dDBNRzFSekh0R29pclpXN3Y0Qk5VSTZaTTJGakVhQ090WmcxclVoa2RJZnFEeDRDZU5qemIwcmhYSQp6WE5UUzRZNlZseFdBclFud0FncVB0YjVwb0pHM01tLzNmNnVRZy9sMExJS1RZL0dSNnlRc05Da3pUWlFocklwWGo0UnBxblgzUWdECjFJV1RvTW9uN250cDRnQVAvbEFTTTUveG01SnpiNmRtRitob04wNzNnMDJVZVYyVERMemU4MCtLK1hyMUdaZWVVTHVYTnJoT0VYRFIKeXR2dWJlOE9YUFBZNi96Q3BoVmIyMWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + "defaultGeneratorGroupRef": { + "id": "exampleGeneratorGroup", + "location": "https://localhost:9999/pf-admin-api/v1/oauth/tokenExchange/generator/groups/exampleGeneratorGroup" + } } ] }, { - "resourceType": "/certificates/revocation/settings", + "resourceType": "/oauth/tokenExchange/tokenGeneratorMappings", "operationType": "SAVE", "items": [ { - "ocspSettings": { - "requesterAddNonce": false, - "actionOnResponderUnavailable": "CONTINUE", - "actionOnStatusUnknown": "FAIL", - "actionOnUnsuccessfulResponse": "FAIL", - "currentUpdateGracePeriod": 5, - "nextUpdateGracePeriod": 5, - "responseCachePeriod": 48, - "responderTimeout": 5, - "responderCertReference": { - "id": "opcey20sf9djwvk8snv1actzq", - "location": "https://localhost:9999/pf-admin-api/v1/certificates/revocation/ocspCertificates/opcey20sf9djwvk8snv1actzq" + "attributeSources": [], + "attributeContractFulfillment": { + "SAML_SUBJECT": { + "source": { + "type": "CONTEXT" + }, + "value": "OAuthScopes" } - } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + }, + "id": "tokenexchangeprocessorpolicy|tokengenerator", + "sourceId": "tokenexchangeprocessorpolicy", + "targetId": "tokengenerator" } ] }, { - "resourceType": "/identityStoreProvisioners", + "resourceType": "/oauth/clients", "operationType": "SAVE", "items": [ { - "id": "ISPTestID", - "name": "ISP TestName", + "clientId": "test", + "enabled": true, + "redirectUris": [], + "grantTypes": [ + "CLIENT_CREDENTIALS", + "ACCESS_TOKEN_VALIDATION" + ], + "name": "test", + "modificationDate": "2025-01-02T17:59:24.610Z", + "creationDate": "2025-01-02T17:59:24.610Z", + "refreshRolling": "SERVER_DEFAULT", + "refreshTokenRollingIntervalType": "SERVER_DEFAULT", + "persistentGrantExpirationType": "SERVER_DEFAULT", + "persistentGrantExpirationTime": 0, + "persistentGrantExpirationTimeUnit": "DAYS", + "persistentGrantIdleTimeoutType": "SERVER_DEFAULT", + "persistentGrantIdleTimeout": 0, + "persistentGrantIdleTimeoutTimeUnit": "DAYS", + "persistentGrantReuseType": "SERVER_DEFAULT", + "allowAuthenticationApiInit": false, + "enableCookielessAuthenticationApi": false, + "bypassApprovalPage": false, + "restrictScopes": false, + "requirePushedAuthorizationRequests": false, + "requireJwtSecuredAuthorizationResponseMode": false, + "restrictedScopes": [], + "exclusiveScopes": [], + "restrictedResponseTypes": [], + "authorizationDetailTypes": [], + "defaultAccessTokenManagerRef": { + "id": "jwt", + "location": "https://localhost:9999/pf-admin-api/v1/oauth/accessTokenManagers/jwt" + }, + "restrictToDefaultAccessTokenManager": false, + "validateUsingAllEligibleAtms": false, + "oidcPolicy": { + "grantAccessSessionRevocationApi": false, + "grantAccessSessionSessionManagementApi": false, + "logoutMode": "NONE", + "pingAccessLogoutCapable": false, + "pairwiseIdentifierUserType": false + }, + "clientAuth": { + "type": "SECRET", + "encryptedSecret": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..Zg03OlCpID5J9ROj30geaQ.oH1hn8K4Tk0Mfx5CA8UjKJTqf6kzpRWp3vfW72WPUYnFTNkB7qc3dsQkvfI94o2rLz4aNelACmk83ypUF97E6ZNSu7UHfSuuoK77d5oCS7s.vMQAGu-BJL2uUmT2HwhZpg", + "secondarySecrets": [] + }, + "deviceFlowSettingType": "SERVER_DEFAULT", + "requireProofKeyForCodeExchange": false, + "refreshTokenRollingGracePeriodType": "SERVER_DEFAULT", + "clientSecretRetentionPeriodType": "SERVER_DEFAULT", + "requireDpop": false, + "requireOfflineAccessScopeToIssueRefreshTokens": "SERVER_DEFAULT", + "offlineAccessRequireConsentPrompt": "SERVER_DEFAULT", + "requireSignedRequests": false + } + ] + }, + { + "resourceType": "/oauth/clientRegistrationPolicies", + "operationType": "SAVE", + "items": [ + { + "id": "testRegistrationPolicy", + "name": "Test Registration Policy", "pluginDescriptorRef": { - "id": "com.pingidentity.identitystoreprovisioners.sample.SampleIdentityStoreProvisioner", - "location": "https://localhost:9999/pf-admin-api/v1/identityStoreProvisioners/descriptors/com.pingidentity.identitystoreprovisioners.sample.SampleIdentityStoreProvisioner" + "id": "com.pingidentity.pf.client.registration.ResponseTypesConstraintsPlugin", + "location": "https://localhost:9999/pf-admin-api/v1/oauth/clientRegistrationPolicies/descriptors/com.pingidentity.pf.client.registration.ResponseTypesConstraintsPlugin" }, "configuration": { "tables": [], "fields": [ { - "name": "Delete user behavior", - "value": "Disable User" - } - ] - }, - "lastModified": "2024-12-13T18:45:28.156Z", - "attributeContract": { - "coreAttributes": [ + "name": "code", + "value": "true" + }, { - "name": "username" - } - ], - "inherited": false - }, - "groupAttributeContract": { - "coreAttributes": [ + "name": "code id_token", + "value": "true" + }, { - "name": "groupname" + "name": "code id_token token", + "value": "true" + }, + { + "name": "code token", + "value": "true" + }, + { + "name": "id_token", + "value": "true" + }, + { + "name": "id_token token", + "value": "true" + }, + { + "name": "token", + "value": "true" } - ], - "inherited": false - } + ] + }, + "lastModified": "2025-01-02T17:59:25.579Z" } ] }, { - "resourceType": "/idp/stsRequestParametersContracts", + "resourceType": "/oauth/clientSettings", "operationType": "SAVE", "items": [ { - "id": "STSTestID", - "name": "STS TestName", - "parameters": [ - "test" - ], - "lastModified": "2024-12-13T18:59:29.324Z" + "clientMetadata": [ + { + "parameter": "authNexp", + "description": "Authentication Experience [Single_Factor | Internal | ID-First | Multi_Factor]", + "multiValued": false + }, + { + "parameter": "useAuthnApi", + "description": "Use the AuthN API", + "multiValued": false + } + ] } ] }, { - "resourceType": "/idpToSpAdapterMapping", + "resourceType": "/oauth/accessTokenMappings", "operationType": "SAVE", "items": [ { "attributeSources": [], "attributeContractFulfillment": { - "subject": { + "Username": { "source": { - "type": "ADAPTER" + "type": "TEXT" }, - "value": "entryUUID" + "value": "Administrator" + }, + "OrgName": { + "source": { + "type": "TEXT" + }, + "value": "Ping" } }, "issuanceCriteria": { "conditionalCriteria": [] }, - "id": "ciamHtmlForm|spadapter", - "sourceId": "ciamHtmlForm", - "targetId": "spadapter" - } - ] - }, - { - "resourceType": "/additionalKeySets", - "operationType": "SAVE", - "items": [ - { - "id": "testID", - "name": "testName", - "description": "testDescription", - "signingKeys": { - "rsaActiveCertRef": { - "id": "419x9yg43rlawqwq9v6az997k", - "location": "https://localhost:9999/pf-admin-api/v1/keyPairs/signing/419x9yg43rlawqwq9v6az997k" - }, - "rsaPublishX5cParameter": true + "id": "client_credentials|jwt", + "context": { + "type": "CLIENT_CREDENTIALS" }, - "issuers": [ - { - "id": "BmoJwEmyzs4RSNMzVUlCs8qTPC", - "location": "https://localhost:9999/pf-admin-api/v1/oauth/issuers/BmoJwEmyzs4RSNMzVUlCs8qTPC" - } - ] - } - ] - }, - { - "resourceType": "/metadataUrls", - "operationType": "SAVE", - "items": [ - { - "id": "i8uUHFDebYX7Z7gSfyhZ9yKUA", - "name": "Test Metadata URL", - "url": "https://www.example.com", - "validateSignature": false - } - ] - }, - { - "resourceType": "/oauth/authenticationPolicyContractMappings", - "operationType": "SAVE", - "items": [ + "accessTokenManagerRef": { + "id": "jwt", + "location": "https://localhost:9999/pf-admin-api/v1/oauth/accessTokenManagers/jwt" + } + }, { "attributeSources": [], "attributeContractFulfillment": { - "USER_NAME": { + "Username": { "source": { - "type": "CONTEXT" + "type": "TEXT" }, - "value": "OAuthScopes" + "value": "Administrator" }, - "USER_KEY": { + "OrgName": { "source": { - "type": "AUTHENTICATION_POLICY_CONTRACT" + "type": "TEXT" }, - "value": "subject" + "value": "Ping" } }, "issuanceCriteria": { "conditionalCriteria": [] }, - "id": "QGxlec5CX693lBQL", - "authenticationPolicyContractRef": { - "id": "QGxlec5CX693lBQL", - "location": "https://localhost:9999/pf-admin-api/v1/authenticationPolicyContracts/QGxlec5CX693lBQL" + "id": "default|jwt", + "context": { + "type": "DEFAULT" + }, + "accessTokenManagerRef": { + "id": "jwt", + "location": "https://localhost:9999/pf-admin-api/v1/oauth/accessTokenManagers/jwt" } } ] }, { - "resourceType": "/oauth/clientRegistrationPolicies", + "resourceType": "/authenticationSelectors", "operationType": "SAVE", "items": [ { - "id": "testRegistrationPolicy", - "name": "Test Registration Policy", + "id": "authnExp", + "name": "AuthN Experiences", "pluginDescriptorRef": { - "id": "com.pingidentity.pf.client.registration.ResponseTypesConstraintsPlugin", - "location": "https://localhost:9999/pf-admin-api/v1/oauth/clientRegistrationPolicies/descriptors/com.pingidentity.pf.client.registration.ResponseTypesConstraintsPlugin" + "id": "com.pingidentity.pf.selectors.ExtendedPropertyAuthnSelector", + "location": "https://localhost:9999/pf-admin-api/v1/authenticationSelectors/descriptors/com.pingidentity.pf.selectors.ExtendedPropertyAuthnSelector" }, "configuration": { "tables": [], "fields": [ { - "name": "code", - "value": "true" - }, - { - "name": "code id_token", - "value": "true" - }, - { - "name": "code id_token token", - "value": "true" + "name": "Extended Property", + "value": "authNexp" }, { - "name": "code token", + "name": "Case-Sensitive Matching", "value": "true" }, { - "name": "id_token", - "value": "true" - }, + "name": "Enable 'No Match' Result Value", + "value": "false" + } + ] + }, + "lastModified": "2025-01-02T17:59:25.335Z", + "attributeContract": { + "extendedAttributes": [ { - "name": "id_token token", - "value": "true" + "name": "Single_Factor" }, { - "name": "token", - "value": "true" + "name": "Internal" } ] - }, - "lastModified": "2024-12-30T21:10:11.943Z" + } } ] }, { - "resourceType": "/oauth/idpAdapterMappings", + "resourceType": "/authenticationApi", "operationType": "SAVE", "items": [ { - "attributeSources": [], - "attributeContractFulfillment": { - "USER_NAME": { - "source": { - "type": "CONTEXT" - }, - "value": "OAuthScopes" - }, - "USER_KEY": { - "source": { - "type": "ADAPTER" - }, - "value": "subject" - } - }, - "issuanceCriteria": { - "conditionalCriteria": [] - }, - "id": "OTIdPJava", - "idpAdapterRef": { - "id": "OTIdPJava", - "location": "https://localhost:9999/pf-admin-api/v1/idp/adapters/OTIdPJava" - } + "id": "myauthenticationapiapplication", + "url": "https://example.com", + "description": "example", + "additionalAllowedOrigins": [], + "name": "myauthenticationapiapplication" } ] }, { - "resourceType": "/oauth/tokenExchange/tokenGeneratorMappings", + "resourceType": "/authenticationApi/settings", "operationType": "SAVE", "items": [ { - "attributeSources": [], - "attributeContractFulfillment": { - "SAML_SUBJECT": { - "source": { - "type": "CONTEXT" - }, - "value": "OAuthScopes" - } - }, - "issuanceCriteria": { - "conditionalCriteria": [] - }, - "id": "tokenexchangeprocessorpolicy|tokengenerator", - "sourceId": "tokenexchangeprocessorpolicy", - "targetId": "tokengenerator" + "apiEnabled": false, + "enableApiDescriptions": true, + "restrictAccessToRedirectlessMode": true, + "includeRequestContext": false } ] }, { - "resourceType": "/secretManagers", + "resourceType": "/authenticationPolicies/fragments", "operationType": "SAVE", "items": [ { - "id": "testSecretManager", - "name": "Test Secret Manager", - "pluginDescriptorRef": { - "id": "com.pingidentity.pf.secretmanagers.cyberark.CyberArkCredentialProvider", - "location": "https://localhost:9999/pf-admin-api/v1/secretManagers/descriptors/com.pingidentity.pf.secretmanagers.cyberark.CyberArkCredentialProvider" + "id": "FirstFactor", + "name": "First_Factor", + "description": "Used for Customer First Factor", + "rootNode": { + "action": { + "type": "AUTHN_SOURCE", + "authenticationSource": { + "type": "IDP_ADAPTER", + "sourceRef": { + "id": "ciamHtmlForm", + "location": "https://localhost:9999/pf-admin-api/v1/idp/adapters/ciamHtmlForm" + } + }, + "attributeRules": { + "items": [ + { + "attributeSource": { + "type": "ADAPTER", + "id": "ciamHtmlForm" + }, + "attributeName": "policy.action", + "condition": "EQUALS_CASE_INSENSITIVE", + "expectedValue": "identity.registration", + "result": "Register" + } + ], + "fallbackToSuccess": true + } + }, + "children": [ + { + "action": { + "type": "DONE", + "context": "Fail" + } + }, + { + "action": { + "type": "LOCAL_IDENTITY_MAPPING", + "context": "Register", + "localIdentityRef": { + "id": "regIdentityProfile", + "location": "https://localhost:9999/pf-admin-api/v1/localIdentity/identityProfiles/regIdentityProfile" + }, + "inboundMapping": { + "attributeSources": [], + "attributeContractFulfillment": {}, + "issuanceCriteria": { + "conditionalCriteria": [] + } + }, + "outboundAttributeMapping": { + "attributeSources": [], + "attributeContractFulfillment": { + "firstName": { + "source": { + "type": "LOCAL_IDENTITY_PROFILE", + "id": "regIdentityProfile" + }, + "value": "firstName" + }, + "lastName": { + "source": { + "type": "LOCAL_IDENTITY_PROFILE", + "id": "regIdentityProfile" + }, + "value": "lastName" + }, + "ImmutableID": { + "source": { + "type": "LOCAL_IDENTITY_PROFILE", + "id": "regIdentityProfile" + }, + "value": "ImmutableID" + }, + "mail": { + "source": { + "type": "LOCAL_IDENTITY_PROFILE", + "id": "regIdentityProfile" + }, + "value": "email" + }, + "subject": { + "source": { + "type": "LOCAL_IDENTITY_PROFILE", + "id": "regIdentityProfile" + }, + "value": "username" + }, + "SAML_AUTHN_CTX": { + "source": { + "type": "TEXT" + }, + "value": "registered" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + } + } + } + }, + { + "action": { + "type": "LOCAL_IDENTITY_MAPPING", + "context": "Success", + "localIdentityRef": { + "id": "regIdentityProfile", + "location": "https://localhost:9999/pf-admin-api/v1/localIdentity/identityProfiles/regIdentityProfile" + }, + "inboundMapping": { + "attributeSources": [], + "attributeContractFulfillment": { + "pf.local.identity.unique.id": { + "source": { + "type": "ADAPTER", + "id": "ciamHtmlForm" + }, + "value": "uid" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + } + }, + "outboundAttributeMapping": { + "attributeSources": [], + "attributeContractFulfillment": { + "firstName": { + "source": { + "type": "LOCAL_IDENTITY_PROFILE", + "id": "regIdentityProfile" + }, + "value": "firstName" + }, + "lastName": { + "source": { + "type": "LOCAL_IDENTITY_PROFILE", + "id": "regIdentityProfile" + }, + "value": "lastName" + }, + "ImmutableID": { + "source": { + "type": "LOCAL_IDENTITY_PROFILE", + "id": "regIdentityProfile" + }, + "value": "ImmutableID" + }, + "mail": { + "source": { + "type": "LOCAL_IDENTITY_PROFILE", + "id": "regIdentityProfile" + }, + "value": "email" + }, + "subject": { + "source": { + "type": "ADAPTER", + "id": "ciamHtmlForm" + }, + "value": "username" + }, + "SAML_AUTHN_CTX": { + "source": { + "type": "TEXT" + }, + "value": "single_factor" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + } + } + } + } + ] }, - "configuration": { - "tables": [], - "fields": [ - { - "name": "APP ID", - "value": "testAppId" + "inputs": { + "id": "DkhZxRcZchsed90U", + "location": "https://localhost:9999/pf-admin-api/v1/authenticationPolicyContracts/DkhZxRcZchsed90U" + }, + "outputs": { + "id": "samplePolicyContract", + "location": "https://localhost:9999/pf-admin-api/v1/authenticationPolicyContracts/samplePolicyContract" + } + }, + { + "id": "Identify_First", + "name": "Identify_First", + "description": "Used for First Factors that just use the User Identifier", + "rootNode": { + "action": { + "type": "AUTHN_SOURCE", + "authenticationSource": { + "type": "IDP_ADAPTER", + "sourceRef": { + "id": "IDFirst", + "location": "https://localhost:9999/pf-admin-api/v1/idp/adapters/IDFirst" + } }, - { - "name": "Connection Port", - "value": "18923" + "inputUserIdMapping": { + "source": { + "type": "INPUTS", + "id": "Inputs" + }, + "value": "subject" }, + "userIdAuthenticated": false + }, + "children": [ { - "name": "Connection Timeout (sec)", - "value": "30" + "action": { + "type": "DONE", + "context": "Fail" + } }, { - "name": "Username Retrieval Property Name", - "value": "username" + "action": { + "type": "APC_MAPPING", + "context": "Success", + "authenticationPolicyContractRef": { + "id": "DkhZxRcZchsed90U", + "location": "https://localhost:9999/pf-admin-api/v1/authenticationPolicyContracts/DkhZxRcZchsed90U" + }, + "attributeMapping": { + "attributeSources": [], + "attributeContractFulfillment": { + "subject": { + "source": { + "type": "ADAPTER", + "id": "IDFirst" + }, + "value": "uid" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + } + } + } } ] }, - "lastModified": "2024-12-30T22:15:09.275Z" - } - ] - }, - { - "resourceType": "/serverSettings/wsTrustStsSettings/issuerCertificates", - "operationType": "SAVE", - "items": [ - { - "id": "test-ws-trust-issuer-certificate", - "fileData": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURuVENDQW9XZ0F3SUJBZ0lVUzJUQkNkUnpwSzRaemUrSERLakI5RVFTSHFZd0RRWUpLb1pJaHZjTkFRRUxCUUF3WGpFTE1Ba0cKQTFVRUJoTUNWVk14Q3pBSkJnTlZCQWdNQWtOUE1ROHdEUVlEVlFRSERBWkVaVzUyWlhJeElqQWdCZ05WQkFvTUdWQnBibWNnU1dSbApiblJwZEhrZ1EyOXljRzl5WVhScGIyNHhEVEFMQmdOVkJBTU1CSFJsYzNRd0hoY05NalF4TWpFeU1qTXlPREkwV2hjTk1qY3dPVEE0Ck1qTXlPREkwV2pCZU1Rc3dDUVlEVlFRR0V3SlZVekVMTUFrR0ExVUVDQXdDUTA4eER6QU5CZ05WQkFjTUJrUmxiblpsY2pFaU1DQUcKQTFVRUNnd1pVR2x1WnlCSlpHVnVkR2wwZVNCRGIzSndiM0poZEdsdmJqRU5NQXNHQTFVRUF3d0VkR1Z6ZERDQ0FTSXdEUVlKS29aSQpodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUpkb0d1cmdEdlNSQkwyY0llVWFDWTNwbzVZRFpuVjFleXVPUVR4UWM2T1QySlMwCis0MGdKYkptZk5yYmNPU3QrMURieHpQK0l4YmxrY3o1NjlWT0M1bGJST24zOHllYU1VMzJYYy80REdTcDFIQ1kvSmZTeWd6LytxcjgKOFlUcU1hSTIxQWJabkFpWTV4MFJ3NTZJRG1KZ2xYYVhlVmJDVUp5N29QVHlBb1lZVDkzREpEazQxWmU1MVVjVG1Vc1RLTjRLM2d2dgpTYVJ1eXE1K2c2RVhCcTdBa2VPbmJQMGJTSHliTjFLRVY1QlhOTnBnazloMEp3M1BFK3FrbS81bllSenhCZjRSQS9BZ2Z2OWVzRzlOCnozWGdEb3dBR0JteHIrclUvbmE3cHdFRXVkTWg2NjhERURlUlZ3aDFaYXBZcEJ0VmN4TUhtZEpQZ0ZKckJsbzZtTUVDQXdFQUFhTlQKTUZFd0hRWURWUjBPQkJZRUZHSmMzWjBqOWtYUHNUbW1iZ0FzWS9QSzJjdXBNQjhHQTFVZEl3UVlNQmFBRkdKYzNaMGo5a1hQc1RtbQpiZ0FzWS9QSzJjdXBNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSlZCdmNIaGgrMDBnelEwCnBuWkt0Ukp4dkVnK3BHaCtCOUUrNWkyUHNOR3lJQXZBWHc0bWRCY1FaS3hmaVhNMzFaRTJnZTFtUCs0ZGkxMStQS1lOSDJFOTczUEwKSit3R0hlUVoxRVRERzVmbzc5dDBNRzFSekh0R29pclpXN3Y0Qk5VSTZaTTJGakVhQ090WmcxclVoa2RJZnFEeDRDZU5qemIwcmhYSQp6WE5UUzRZNlZseFdBclFud0FncVB0YjVwb0pHM01tLzNmNnVRZy9sMExJS1RZL0dSNnlRc05Da3pUWlFocklwWGo0UnBxblgzUWdECjFJV1RvTW9uN250cDRnQVAvbEFTTTUveG01SnpiNmRtRitob04wNzNnMDJVZVYyVERMemU4MCtLK1hyMUdaZWVVTHVYTnJoT0VYRFIKeXR2dWJlOE9YUFBZNi96Q3BoVmIyMWc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" - } - ] - }, - { - "resourceType": "/session/authenticationSessionPolicies", - "operationType": "SAVE", - "items": [ + "inputs": { + "id": "DkhZxRcZchsed90U", + "location": "https://localhost:9999/pf-admin-api/v1/authenticationPolicyContracts/DkhZxRcZchsed90U" + }, + "outputs": { + "id": "DkhZxRcZchsed90U", + "location": "https://localhost:9999/pf-admin-api/v1/authenticationPolicyContracts/DkhZxRcZchsed90U" + } + }, { - "id": "UfdnqYjWycSeo2vZZgSYB3gpw", - "authenticationSource": { - "type": "IDP_ADAPTER", - "sourceRef": { - "id": "OTIdPJava", - "location": "https://localhost:9999/pf-admin-api/v1/idp/adapters/OTIdPJava" - } + "id": "InternalAuthN", + "name": "Internal AuthN", + "description": "Used for Internal Authentication", + "rootNode": { + "action": { + "type": "AUTHN_SOURCE", + "authenticationSource": { + "type": "IDP_ADAPTER", + "sourceRef": { + "id": "htmlForm", + "location": "https://localhost:9999/pf-admin-api/v1/idp/adapters/htmlForm" + } + } + }, + "children": [ + { + "action": { + "type": "DONE", + "context": "Fail" + } + }, + { + "action": { + "type": "APC_MAPPING", + "context": "Success", + "authenticationPolicyContractRef": { + "id": "default", + "location": "https://localhost:9999/pf-admin-api/v1/authenticationPolicyContracts/default" + }, + "attributeMapping": { + "attributeSources": [], + "attributeContractFulfillment": { + "firstName": { + "source": { + "type": "NO_MAPPING" + } + }, + "lastName": { + "source": { + "type": "NO_MAPPING" + } + }, + "ImmutableID": { + "source": { + "type": "ADAPTER", + "id": "htmlForm" + }, + "value": "entryUUID" + }, + "mail": { + "source": { + "type": "ADAPTER", + "id": "htmlForm" + }, + "value": "mail" + }, + "subject": { + "source": { + "type": "ADAPTER", + "id": "htmlForm" + }, + "value": "uid" + }, + "SAML_AUTHN_CTX": { + "source": { + "type": "TEXT" + }, + "value": "internal" + } + }, + "issuanceCriteria": { + "conditionalCriteria": [] + } + } + } + } + ] }, - "enableSessions": false, - "userDeviceType": "PRIVATE", - "persistent": false, - "timeoutDisplayUnit": "MINUTES", - "authnContextSensitive": false + "inputs": { + "id": "DkhZxRcZchsed90U", + "location": "https://localhost:9999/pf-admin-api/v1/authenticationPolicyContracts/DkhZxRcZchsed90U" + }, + "outputs": { + "id": "default", + "location": "https://localhost:9999/pf-admin-api/v1/authenticationPolicyContracts/default" + } } ] }, { - "resourceType": "/sp/idpConnections", + "resourceType": "/authenticationPolicies/default", "operationType": "SAVE", "items": [ { - "type": "IDP", - "id": "n26SCl49a8lB_ifAaLF_MyUbquv", - "name": "testConnection", - "entityId": "testPartnerId", - "active": true, - "contactInfo": {}, - "loggingMode": "STANDARD", - "virtualEntityIds": [], - "licenseConnectionGroup": "", - "credentials": { - "certs": [ - { - "primaryVerificationCert": true, - "secondaryVerificationCert": false, - "certView": { - "id": "gpmlavn03e4mknkyml4m2ak9q", - "serialNumber": "430421198347763948001683365009287878912609754790", - "subjectDN": "CN=test, O=Ping Identity Corporation, L=Denver, ST=CO, C=US", - "subjectAlternativeNames": [], - "issuerDN": "CN=test, O=Ping Identity Corporation, L=Denver, ST=CO, C=US", - "validFrom": "2024-12-12T23:28:24.000Z", - "expires": "2027-09-08T23:28:24.000Z", - "keyAlgorithm": "RSA", - "keySize": 2048, - "signatureAlgorithm": "SHA256withRSA", - "version": 3, - "sha1Fingerprint": "B1B57BC2A8733287A1A9B65EB60BFFD01EFECEBA", - "sha256Fingerprint": "AA40F0AA0B7A438F15C49FA2A2EBE3B28AAB34A846781211BD170E8D7B06D291", - "status": "VALID" - }, - "x509File": { - "id": "gpmlavn03e4mknkyml4m2ak9q", - "fileData": "-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIUS2TBCdRzpK4Zze+HDKjB9EQSHqYwDQYJKoZIhvcNAQELBQAwXjELMAkG\nA1UEBhMCVVMxCzAJBgNVBAgMAkNPMQ8wDQYDVQQHDAZEZW52ZXIxIjAgBgNVBAoMGVBpbmcgSWRl\nbnRpdHkgQ29ycG9yYXRpb24xDTALBgNVBAMMBHRlc3QwHhcNMjQxMjEyMjMyODI0WhcNMjcwOTA4\nMjMyODI0WjBeMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xDzANBgNVBAcMBkRlbnZlcjEiMCAG\nA1UECgwZUGluZyBJZGVudGl0eSBDb3Jwb3JhdGlvbjENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAJdoGurgDvSRBL2cIeUaCY3po5YDZnV1eyuOQTxQc6OT2JS0\n+40gJbJmfNrbcOSt+1DbxzP+Ixblkcz569VOC5lbROn38yeaMU32Xc/4DGSp1HCY/JfSygz/+qr8\n8YTqMaI21AbZnAiY5x0Rw56IDmJglXaXeVbCUJy7oPTyAoYYT93DJDk41Ze51UcTmUsTKN4K3gvv\nSaRuyq5+g6EXBq7AkeOnbP0bSHybN1KEV5BXNNpgk9h0Jw3PE+qkm/5nYRzxBf4RA/Agfv9esG9N\nz3XgDowAGBmxr+rU/na7pwEEudMh668DEDeRVwh1ZapYpBtVcxMHmdJPgFJrBlo6mMECAwEAAaNT\nMFEwHQYDVR0OBBYEFGJc3Z0j9kXPsTmmbgAsY/PK2cupMB8GA1UdIwQYMBaAFGJc3Z0j9kXPsTmm\nbgAsY/PK2cupMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJVBvcHhh+00gzQ0\npnZKtRJxvEg+pGh+B9E+5i2PsNGyIAvAXw4mdBcQZKxfiXM31ZE2ge1mP+4di11+PKYNH2E973PL\nJ+wGHeQZ1ETDG5fo79t0MG1RzHtGoirZW7v4BNUI6ZM2FjEaCOtZg1rUhkdIfqDx4CeNjzb0rhXI\nzXNTS4Y6VlxWArQnwAgqPtb5poJG3Mm/3f6uQg/l0LIKTY/GR6yQsNCkzTZQhrIpXj4RpqnX3QgD\n1IWToMon7ntp4gAP/lASM5/xm5Jzb6dmF+hoN073g02UeV2TDLze80+K+Xr1GZeeULuXNrhOEXDR\nytvube8OXPPY6/zCphVb21g=\n-----END CERTIFICATE-----\n" - }, - "activeVerificationCert": true, - "encryptionCert": false - } - ] - }, - "modificationDate": "2025-01-02T16:40:14.548Z", - "creationDate": "2025-01-02T16:40:14.548Z", - "wsTrust": { - "attributeContract": { - "coreAttributes": [ - { - "name": "TOKEN_SUBJECT", - "masked": false - } - ], - "extendedAttributes": [] - }, - "tokenGeneratorMappings": [], - "generateLocalToken": false - } + "failIfNoSelection": false, + "authnSelectionTrees": [], + "defaultAuthenticationSources": [], + "trackedHttpParameters": [] } ] }, { - "resourceType": "/tokenProcessorToTokenGeneratorMappings", + "resourceType": "/authenticationPolicies/settings", "operationType": "SAVE", "items": [ { - "attributeSources": [], - "attributeContractFulfillment": { - "SAML_SUBJECT": { - "source": { - "type": "CONTEXT" - }, - "value": "ClientIp" - } - }, - "issuanceCriteria": { - "conditionalCriteria": [] - }, - "id": "tokenprocessor|tokengenerator", - "sourceId": "tokenprocessor", - "targetId": "tokengenerator" + "enableIdpAuthnSelection": false, + "enableSpAuthnSelection": false } ] } diff --git a/server-profiles/shared-profile/env_vars b/server-profiles/shared-profile/env_vars deleted file mode 100644 index 8ce35942..00000000 --- a/server-profiles/shared-profile/env_vars +++ /dev/null @@ -1,37 +0,0 @@ -# .suppress-container-warning -# -# NOTICE: Settings in this file will override values set at the -# image or orchestraton layers of the container. Examples -# include variables that are specific to this server profile. -# Options include: -# -# ALWAYS OVERRIDE the value in the container -# NAME=VAL -# -# SET TO DEFAULT VALUE if not already set -# export NAME=${NAME:=myDefaultValue} # Sets to string of "myDefaultValue" -# export NAME=${NAME:-OTHER_VAR} # Sets to value of OTHER_VAR variable -# -export dataStores_items_ProvisionerDS_ProvisionerDS_password="secretpass" -export keyPairs_sslServer_items_vtcm75en83g6v1r87ytm7lihi_vtcm75en83g6v1r87ytm7lihi_fileData="MIIJeQIBAzCCCT8GCSqGSIb3DQEHAaCCCTAEggksMIIJKDCCA98GCSqGSIb3DQEHBqCCA9AwggPMAgEAMIIDxQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQInjmCIniDoPwCAggAgIIDmFraiJVk7FgGjSHnySwUY7LPWVniqQz1MWPGa1U+6Bqe4yAVnv9owagOPUViYOfGCIwrgfg+FW1Dx8INvdHjs6gTqcTz3k+C8I4zhoKpXuSjpxnhyTDtfB5zUFDm6gGyawl4VuwMNoVMAAVvpWTEJi993lWb9QXmdFntPjZU7bC4yGoJzhFDTiZnTBRtCKcH0PbDR8f+8dDmHxk8oLRNL2+HfAmzYBPuxzhpcfH3HQI44RAKR+OJDluZF99PU8qO3\/G1hjYcSSIrSc7bTPJ+b2XVtjdZ1WANB2BOAiGdzvwSNvrU6MzHKrs1qLKoD58mGupE2ckeQVY7soUZGW+eWNSM98ykrcyxXOBgWcSdOjfHx7nc7XBSIEhaaaCDwkRbFdS2Iw+ehBQPQtYvbqA2Vn0+G9jzYyrERGZzLIKGApPYyOCeVuR4+5yI+E64Owrde2cxqkqrqmYIy+omzUBgMgawxBgTk2TqzRVaAoVSXqbvi8dxmXv9nt17gNS9GsUg+DnDZ\/26NPOLBoZNkegBehtKX1aVgEDtMPkyIlkfU8tz9L8tKV6sbcJ\/GCK34XuSjkfwDf2GHCjEP8U64Z\/7bwjGm8\/GEZ2ZUi5OkacPhiJ0UWdiC5YIjrGY0EORV26MpjoSIIOWh14vy2Yf3AJEeEur0OIwS8J\/xQlHMbyNr+K4kzRf6jnUc4gS6wgV33WeXMN72P6Gauh82x8gdGwWoFtrHNiJZIDecDVZHIMFlQq1XioMLXkkWRDGNPB+XupmWGoUmHZz5iFSbW6PxYju9Gzze5P7fHiNEo4qmst2QwmWjJET8DTksopu0cUV2NoeAWt0FgOkLkd3Se9grfW5Yr3C5gIgk5dYSVom28oVZUVFabnVGVzOeMMBWkFwMsuoxssP7S+X6BrK7OWmJRQOO7NX165pT4iBecxyc1BuGsZMVvAxumleTe7XIpuVqg7kkJYiFGCXC3IwEYyCpuQkTrys0ZOHCoAQfO5J\/Yji8q4\/8XyxSN\/bZRCyQjfTCFNDmFPXUmtNTv5BbuaIZw3HpG28Cqo3gY5nS9iH6xxNz2Jvx0BYZsOV2OJchfwBGkSiPQRI2bXJmEj0e+BvcsXPrGwvAe\/YTWF9esOv+qt+SgG4eP6X9cAoGPtxsfMbj9\/9+wUfgZ74tCkocHHTLa4H7q30PRrpl2iOOG5FTRHqWjKH4wk6hL7J9ex7qoaUJJ5Z6DqaG8\/cUbqaMIIFQQYJKoZIhvcNAQcBoIIFMgSCBS4wggUqMIIFJgYLKoZIhvcNAQwKAQKgggTuMIIE6jAcBgoqhkiG9w0BDAEDMA4ECPdbHIBZDZQoAgIIAASCBMiLELpnbMnje5Q3uXKsGoLoQpEMJatS1SRGVipDLKYDzccc9g9jG\/UVkSc9a0MbL0MJEpK5GPdsNguuB\/n3D0hWp1b3DoaimyJ6VmtjaJHExs0TcCC+5Q1rUm2tjIAi7CiqBYNbs1QnZXHdlsNRxsmfYGLxL910OQqxGdy+\/qUfW8+n\/DmR0X8C28Wqz0Uxn5mc8NfGTMC36OVAnghy58BZk2sijjUz+yJYXRDVCQkqVsMWVTe8fFQibHJvfKMX7Sj5DNIQ3CD6KvtIVDvDusMTFQcj3RUFq553Kti\/BhmVIvxxZ0Ak3W\/DDAzTLX9EBYwB80pmHlrXdnEFPztKY2NiU+0zl4HY5bQyUQ8IBour0KGwsPo4oZ3EH7EbwCKxNPuwE3N0jIJuOVn4yY9q\/dxTdT1QE01abywBDd7ixvJFkW3LUrGO7ciOb7jDp7OD0TtLFjdbSX2ahmb7sIqqWp3MU1Mqfsa30mqiGbWPvgpDuPIenwoQyjtME6WP3sMsML1QlLySvCXJCyfxeIMWeIOLZEg+c17udi01MkWInLgM9RXkUA84yXuSIb5JoyLLsR8UDIDpD9dPzz2wnpoGnpk+o0fwjXvgrmkXyCd49rAE\/8zCpainG5d0yANE6lMilm2cPVG5RbMhx58vAG5PoLEoCMqlGIZkdKDr\/yZT9ufgV1LlWjyDV0vcYxJeUb0wLH6iCj\/lQcoJ8ryf8Vo2HkEcPLWSobpvxR4XU8kyksLf8YIeRmJ289oM9closfnNmFOk3td+v1yqFqQWlyqxtFSOkx+LWacHrTc65cOWt6TjG+NyvVOrSvYcudK8nxIyzt\/L9IetLgo2KMpqAsGOIH+r7K6K45nuFFg\/HeUwnsy4ETBujx9Emo3TNJ7bmaQ6G6fmCZWf3IYnomdopSOfTvGzENA9qnSi\/MXEPX7MqUUUMohtOtSFFZcmH0tpp+bAXytJq7hj\/t0eqRoY\/OM8bDRQQPEpFlIHUryY\/BExSP7xDIz3ArVJziODT0L0au0cnX2sGhNSPl5HrXG6SRPi7XzTi9HWXWnT1QSG9UWvZcl2rr70n3KR\/flcaIBzHJ2HKLcVZlgJENOIFWyG7rd9Ri8HFKyho+2uV+8NgWFeHJsjcdK2gsp\/t2UhEgrneEbPFBd\/MjFjeEJM8wFbAKve6jWjVDMaZ1TMBjWZo3AIy3yiajpAWqXdAPlM+02CQJCc25lt0sTCUMV+h\/xhtre\/fJLvW\/D84UmwgYTTVmJOBaGT4wWYNjA+BhELZCwDh5CHm\/3ax01D\/IIsJfDhchtc1yJNSiopEzG9F5H6RK7uC65VqZ\/qxqpghGX\/Pqet55lgy6bgN0OknLP+QMhFYxW7MT9xXq+80\/jrSYKsehZqo671FIXCpIAYCudQWkMGB54TOTD8l3pgjUqrq7rgeE7wWwq71dqxg3K4z+xa8O9+S5ESjcjp7PpCpzpVzj2cmI0OsoV0q232TcjJefLKIyJpIgl4I5dvvpPKhXZsTrUF\/1sxPlZV86tF\/hCvy5Y+od+QiTMlgg4YS2DS8LLSH6gGs9MjQ3Y3kQihJ5rfn4d+6wnXkarBvk1Z\/+WJya4zu8itnO4+kmOZX7uBuHCMO+ozc7aKvngh+tD2GuMxJTAjBgkqhkiG9w0BCRUxFgQUPP5CHtYo987+CLAt6z60+13puS0wMTAhMAkGBSsOAwIaBQAEFAw2inxnEl2AnG\/29s23ELeulGgaBAhq+OSHGvOzZwICCAA=%" -export keyPairs_sslServer_items_vtcm75en83g6v1r87ytm7lihi_vtcm75en83g6v1r87ytm7lihi_password="2FederateM0re" -export serverSettings_systemKeys_items_current_keyData="zXq7Idi2Buey5Gu9UZjLz7AHcywCsF6g3uxj0tYK52A=" -export serverSettings_systemKeys_items_pending_keyData="7ZuraJ9Iz9H0tczsx4Ta2YOPZJUlN7Oksp4EcTwjCW0=" -export PING_IDENTITY_PASSWORD=${PING_IDENTITY_PASSWORD:=2FederateM0re} -export PD_ENGINE_PRIVATE_HOSTNAME=${PD_ENGINE_PRIVATE_HOSTNAME:=pingdirectory} -export PD_ENGINE_PRIVATE_PORT_LDAP=${PD_ENGINE_PRIVATE_PORT_LDAP:=1389} - -## Variables for PF Bulk JSON -export dataStores_pingdirectory_password="2FederateM0re" -export PRIVATE_KEYSTORE="MIIKhgIBAzCCCjAGCSqGSIb3DQEHAaCCCiEEggodMIIKGTCCBbAGCSqGSIb3DQEHAaCCBaEEggWdMIIFmTCCBZUGCyqGSIb3DQEMCgECoIIFQDCCBTwwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFGGyrPQwzbe+q82TqhvdXtTSt+JkAgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQRYLr0nyaduHSF0rwzlns7QSCBNCKP4Q6K8fH2VkQmzZhIxtp8s4wnbYU4VPa3NhWVHIGNmfRbKnTIryma+6MB1vIe66LQRzDT1B1w8c/5ivHF3Ro6NfFEmeNeUxW0Tz6Tc9xyXvP7B+OdE3KfzT46RvuqrPhr86LHsmtROqSUUbOro2FhuQRTfaoI10ISscymmou2QCLY0+UZMzel+FwsFqombldGCTB1Qr+ColLzx9z5U6HaZf/o+KtgaJR1V4Y5pGuGKDkvlaRv1WFdi8wqjUtBpmceyV9X75P6GV7uMbKfma0KfCsBcxVUPEiHvPiVNtdWHXhAWB7IZGcJuhty+FVwgkNU/3k68ShvnSNz+WCue+oFk6EHwgdEkavMPag4qTq9D+NIYhmQsqtjFwo4KHvF7OSssi+UVQIu1eVwy2QAcIAZAnlsecKDNqJQ12z8ZhuHGlGlsIBhDhSuJeRFCI+fTwlm9Dywtdzi+MOK4j0+h9gLu1qiXAd2IciyG8YWxZlQigVvenj94XexZCjgB8BYWfLKxNoUkRVVb6e3qLVat/jUmEhBgmapEEku5XKgAGxtEb/Z1WmUaCXyf3JplhAbRahOvEoMeuwezEtc2DGnJT3CcMH3aXeO+MVtpUpuBWPKcdNyJIsPsL7sjm4xGxMTJUjwAJjLJ8lDkIIpFq4zwAfgT4t/YEzfuLBz960ljh06wZWR+eFCo6LrTyZUJbNP0/ab8eSKW7bhci40v2aORHWXkMvJz7MUkjq9GeCu5svhI8MhFAEdx/P/yZzD5U7EhIbaIkDvz847ZYDoZdr9tW+sdLDwr/9SDya8sZXVd4bATv9/WOUcv/UOleHRQkOqKkMAGe7x0DVb3XdNCBfxAxPbXjQsLg5is3C1a84RzFF5g7pmL9z56ub/QY0r6P4a/YYXymIrLgiwq0uBijd1IkHutfO2XJVEyOoJvZbfvQmwd/Ti/l0N/yFNW33mOgc6owWvkHL0HheS3KWun3eHc6r72pFm3qb+NSeR9W5ij6fCuuBfHrakQmH2aQp9QtwmQoYooBGAlU1gQ/X0mHB/6/Rnf0V2RIGhWRDDag5mJm9cKY8ovIQeId+co3f7f3b2fbBNOrizbNmVAfOZ+NOiu6VmW1eJadPUD5s/NERW/9TB9f3vx7kw/OZ1fSbcpmVabnJkswu/Nhh4eCRNTD7yBiY0tv4nDf2tPILgL0AA3CSQ3GiSVGdfA2VkRdGXqs746KZXgcDO3WK7H4Bl5FnDMl/1wGU/dbvJOXIYA0l+uxGkVyCkPeo7B/7ZpJ/FPLrBmYC7H73N6ZSVWmMkq6f/uhH2lAbTdXmvyKbEw+oxQzkJfFiyaG1tI1l2pIbD3h0RvDRyrlJvq/tIp0L/pmID6h9O/tkXwWPINprzeyik6kRpkpbKDoA07OL4ubKpjQFNY2iEW/i8Yc7SMoFebwmLi1RrXRDPJx78/8P8LuYjoPc7m4e3Oa13JzULgsk90ZUQJSyWtZvP8v2vqp4MOcMdRMpt5OrVk+bT/4VeUuFiWhhocudTeiXOEPOjyapJbYP9yrOWY75a/5Ox26a9iiwYQXMav6iGQhniHmNausVI9bWqvCSnsX/kqbMLjTLVv3j/TTazRc/p4z3sNjRRd7p9lB582vF4FoJRunOy9+KV0q8QjFCMB0GCSqGSIb3DQEJFDEQHg4AYwBhAC0AYwBlAHIAdDAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNzIzNDkyMDM3MzgxMIIEYQYJKoZIhvcNAQcGoIIEUjCCBE4CAQAwggRHBgkqhkiG9w0BBwEwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFB8hB1tEOIKlMKG3BcwG57ZNrW6zAgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQdGKC6eOC/WGTryUk2WhMNoCCA9AByxmlPUonipwqhBc+IQoz1LGio8XHsIgzn5pqW46AXl3REzIWu4Yo3sDlt+gjiWOrn9tRbCu97cl3HDOMJhoekZxuzdknnLAoscDSbchZ2KP00HZX05cVP/PCzTjqff2YJQKIYXZFmUKC8O5j+/YdM8L5hSivZTZH00mzZARLzeFPeWAj1tGKVS6yGI+Ki3+YBjHRfnsoK+j4mv/vUgibTzrRxLGvlasdNefLKCbsdtN68jfdsumToPnRXSUp25113RMt7v3UiI2Yjq0cIXASpKpDysr5wzyqZaP+H1m2kQtqRGf9osrMUQEom0U7nXFIJ1RYEgzK5NB2Sg+HFJvABF5/psd2yrcQFInD2z9p8W+Mw1HaU7uier9Gb/YUl/64GoWtr4bteIe5JgpIfQzcJCezoEManyvlOUNmD0ZnNmS9Z+6Bk+uVZsrf5LCd5J8nvSls9KEWvn35TZ41lmxGK55RsZ+9RuET65mQChWwoUb7DLjoQLbhQXhxdwibVZQXyFI3JfGLxOLIUEUw3V9Uc1sIRgy1xqNdLFxz5zwej9aJOWHZFHAs+i9RVbpPdikNBtiLRrnQzMg4hBp7NoOJP9jcg6z4Uly3UB+t7xqAaFV2EVvd1+U8FJPacCv4iMy/Jag3dKyVKo9CvSkZ/+9WQv0M+PLf+PcrEMpwdXFp4CZcGC9sCrLtSQdb/vhdC/SMgiGsEiklRVlKGGaQ+ZiPSKMC4jIpCs7kjG+Xrz8wEmN4CPMHLQMhOshORSCbWIBmz/KMVcbl7Xd3+iFKXPMUkWLM5hG234LpM2vaIVJimCv2Yggj8IgEkI4+zRGL1I4LPIb4GYc8zdE1mSwQfxG703k1G3WP+9RiTJGL7TVVh2OfKckYDjU40uTKDSohF5uy53RwuCOi46aApT0lojxQgUMXV8QdWcLZhQtbwvIXUpuDhx5/C1Dvevp4IF5PeP9578hDCqyPx6B0rdh7fauTddIPz8GhR2ijEb4a3o+Ec7pFRWUbelV/iBEYJaPiMyTUHiJePzEK6O5q5oZYMZK4uEdBDR7azKrRuvciJJeJWZjMFd+xK+cowfJkdipQsrjBU79kdD2EQz1H6J6+BuUjEzHWjpHWcAgDI7sWiFEqOxeNt5Y58761XI1hpOJybevjoLE67XD3t3Xifz7NskToVV9qxraAEsCSQInctAdMW1ScHIW820qIAvhY+H7nRDxNKwJT37rJB+LWjT6t4l2vsLvXBLle526ccBEKu9MUwyquhASVS0uZ9FJZ2Irqc1KzSSp00fGts+FfN1Lju0fcME0wMTANBglghkgBZQMEAgEFAAQgh6VOTJ/L4uau0eNydTJ5WXTOv8+jsM8w+2i6EVtzkGcEFH6EmSPFeUu7hQF+aVQPIOLZ2xgeAgInEA==" -export PRIVATE_KEYSTORE_PIN="2FederateM0re" -export passwordCredentialValidators_items_simple_configuration_tables_rows_fields_Password_value="2FederateM0re" -export certificates_ca_items_50z1hm968rdu2irr31i5ridbh_50z1hm968rdu2irr31i5ridbh_fileData="LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUY4akNDQTlxZ0F3SUJBZ0lFZFlEZWt6QU5CZ2txaGtpRzl3MEJBUXNGQURCaE1Rc3dDUVlEVlFRR0V3SjFjekVMTUFrR0ExVUUKQ0JNQ1kyOHhEekFOQmdOVkJBY1RCbVJsYm5abGNqRVZNQk1HQTFVRUNoTU1jR2x1WjJsa1pXNTBhWFI1TVE4d0RRWURWUVFMRXdaawpiMk5yWlhJeEREQUtCZ05WQkFNVEEyUmxkakFlRncweE9UQTFNREV5TURRNE1ERmFGdzB5T1RBME1qZ3lNRFE0TURGYU1HRXhDekFKCkJnTlZCQVlUQW5Wek1Rc3dDUVlEVlFRSUV3SmpiekVQTUEwR0ExVUVCeE1HWkdWdWRtVnlNUlV3RXdZRFZRUUtFd3h3YVc1bmFXUmwKYm5ScGRIa3hEekFOQmdOVkJBc1RCbVJ2WTJ0bGNqRU1NQW9HQTFVRUF4TURaR1YyTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQwpBZzhBTUlJQ0NnS0NBZ0VBak9uZCtqdUd6T3pTL0N0OHFtZmg2SFJ4WmY4NTZ5UjM5Q3ZxOHFZMlhhOUsxU3FuTFBoS0kyeUJocVNpCkFoQ01laHAvRHRQdEFJaXgvNUVVZmwvUWxuOU1Ka3dGTkt5QTVUQ090SHVBWE5maGhSY0p2VCs4TDZaM0VsOGduQWE1S1A5b1BtVzkKcngvWHhUcU11RGVOQWhuSGZIaVlsdEdXc3F1TGY2WnVaMVhWcHp3NmZWRzZWcVdwNmdTSU0wRXQrS2ZFMVczeUNyekIzajdCQ0hMRQp0V0ZGdEdWVjB6cS8zZE5wUFlCbG5XOEtreC9Cd3hhNkE4ZldDeEVzVjk0NUQzUDRWR2V5VmlMUklWS1hQNjVTOTZ3eGRPYk1xYjJOCis4K0VKdERxNmlZYUplWDMrYStiOG9yOFJ0MHZIRm83YXkrV3NLSVljZWlDUW5wTEcwQkRJb1pYQnhNVnc5OVpjN0x2dGRmaGpBRlcKaEI1T2dJQ3duck51YkR0djArN3d0Y0lROVV5akpYZWw4bTI2QjlsNFRXWjYyNXozR2EzbkZSK2c2TmdUb2JyWkRYbzBwV2dxU0R3eQpTem9QQ3FWT3N6VFduVzBscFNRM3diZnNkQ0w1YXVzeFE0STR5bnY3anJQS3V5WFRxdGRSK0lCajEyeFBrcy94ckM3eW9aV2RjcGN1CmRrYkR4U3REK1VCeUM4QlYvOFpzZm9LSU8rSFhKM2drc0dOYUhGQ2YyZVIyZXVVT3cycWJDRGYxYnJYOEk3RU1KdFNJajd4YnpqajQKbGFiT0NIWnF5a2FBajNveWlaTVN4ZjFnUUdRMmNKMHNYdFRERG5BNWRocjhtNUZPcUFuc0VTN2tsNEMvVzFuMCtZd3FzZisvNERyVQpoc3VKNjhQMHhIV0gwNk1DQXdFQUFhT0JzVENCcmpDQmpBWURWUjBSQklHRU1JR0JnZ3B3YVc1bllXTmpaWE56Z2c5d2FXNW5aR0YwCllXTnZibk52YkdXQ0VuQnBibWRrWVhSaFoyOTJaWEp1WVc1alpZSU1jR2x1WjJSaGRHRnplVzVqZ2cxd2FXNW5aR2x5WldOMGIzSjUKZ2d4d2FXNW5abVZrWlhKaGRHV0NFbkJwYm1kbVpXUmxjbUYwWlMxaFpHMXBib0lKYkc5allXeG9iM04waHdSL0FBQUJNQjBHQTFVZApEZ1FXQkJRSnpnbGdaeTdOczlpR3J2V0U3TjlWWXBnV0FqQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FnRUFaRXpqblhZUGpSSUYwdlQ1CnZYaGRQUlN5L3pMamZVQWVZSkZTWENuUUh1ODVkS0N0SExtekdXMjQ5aGd4c2VjQW03MS9UMHFoKzMvWlA0UTNwL2doU3dWOHlsK0wKM2kxak9mUWF1dlRXQnNmQzBla29MNHZReEpJSXkxMmRJYzJpd3pCUklOSUpUaGlJVmdaVTJiTjVqdGRzRER4Y09CU2UzMVN5RWFPSwpOVWUvRUV6WnBIRXpHUDFETjVqMzRZYXBkQjNtNXVrUWZnN1laT0dNb0k2QjFmejlNcFZOMklORmcyenF0TmRKVkhVZlI0M0NxbDk2CnpDangvQVZFejJPMUFMeVd3KzNMZXFGeWo1Q1pVL1pWaXpwWFRFM0d3VmRRVlFnVkZPcndIS29HODcvRDhaSUpvQmI5MW4zNlZ4RXEKcVZFUjNJeC9WL3R5bWNCLzFTMnhKL0Zza1NBR1lQeFNkVlBlRlNRNTN3NkJkaHFvT0krdk5hSXR4aW5yV3V3Y1dBWHVMLzJabGd5TQppNGpZeXQ0UDI0anE0dTBMRytkSE1meW15VTV6MHhWaUMxSjdsZDdJMytUM2lCLzgyTTBjeVFrSDJGNmNKbVNyZ1o3cEtZQ3BaV2J2CjZ3R3ZGdzFnaUtHa1VERFhKT0E5NTBmSzY2cUZFSmdXb3RoV3J6SFRuZ1RMSHZZakpZOUZiMElocjRWb3VLOG1WdTBLYmxUY2x3eVoKNjNKcXhBZEl0alNvbzZVVUcyZnFoOHpSdTRTWjNLaXVZVGF1Q3dUZFpmbmE5ejNlZk83RHg5Y3dPWWwxQy9Ea01BOVBHdExTOW0vagpEOElOQnFFdmxIMFgyTVBNWS9mWGdEUFhlbFU5TEs4aStaZ2FvbDhnVkd3dlNUL0dWdGtuaGVSWVVoMD0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" -export keyPairs_signing_items_devsigningcert_devsigningcert_fileData="MIIRAQIBAzCCEMcGCSqGSIb3DQEHAaCCELgEghC0MIIQsDCCC2cGCSqGSIb3DQEHBqCCC1gwggtUAgEAMIILTQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIrKxJULvuRF4CAggAgIILIHPRkAXu98f7ImcM7oYxW1QCZm4i8JLwyqbTNLtuiM5UyfCXYeQe0a1xYRH2ey1iJPP9vFzCGUyH2zN6jFeuhbICBBnozHEQ4lkWJmt9oJYy84Qmmht9c+NS98OY0+CZGKHbiOFHOH\/HNIMm3\/OI\/ei\/CJv+0PmvMaGY9yZYCG1ATUCOEESOi3UMx2Hg1e1k+a9UjsZwVQJQA7Qt3QEQOSuptx1MlzBT7Lc3fmUGFtWfXqFFeyoLN+wZR6Ff8vsrNm40jtUZLGEhCwoDppF4nX3yoo0UJnPou5pw1ep50Ge7Px0gajP4XRq9lB6SJh0H4dM\/pgtkA8WAJZ9FiMUzCXyuBSqJzOtTR+wjJlUg7aVav\/3gYN4CTF1CFHzDvpXFssI8M175XL9q3sfrmBm7nzGVMnuj4SvX7RXf3tyrld6RQecBA7k5y+dAzOc+VgZzKcS4UzOenUJ6dueHliYjK\/IJyZwfNCO1nZ+1NSY69BgW4e7EZRLtVwLXp2haKvbJ7f6XiuhcaWxZVCylx5Ws0Tf+laLtjPOIDkpmAqwljaIMDH+J+YmdcTRDLnn6XoGhgfSG7\/37b0WcD02n3\/9gwuZ4K\/Z6wVmOmIilaaf\/ramLAqjY89sTwalPua3\/hY6h9XMQv19c0oP+yt3WPnNDs6yaRAR+RY5EhdUP8yjYQ\/wG9adM68nXivUm7BCOTcvCixWchKJ1+FTZBY7JbgGlXmjeY\/+OxTQ4i3l+Oujv71CCvJRlOHk0et5gB2TOfL8ckXQRJeVBc\/DDc\/bv6K9DT6gNRLaQ\/bA4Nh7QB2au3kEL2fFg\/vmgIWREjot0RFVmYuRFyYhvHVRbXHu4kkJvXx5xqbLOEyOkDd96bH2M7soYCz\/Y5xKq12Xy2CpkuT7JdIZ7h+q0sVcADHKcBzcyIfKjejHdUSa0PBZ+ilrSIRTvR0JyyEqvfkD6qz17ulxq2Q2+lN3+Eiv5l5IRDrrXWgJVVov4N17nBHqd7IsW882CTFBFsv5IJOBVWHptL4QDJH13TnMY7mbYT3z7Gl0mSqDjvmA\/tq+owlrYkNoYcV86Qc1hY5sDosc5IQbmIIlHTcPIQYj9cYyfRcUJTDSRFMqeMUdXWiy+3pAqA+o5pvsZfd+q4d7Kk6xVxh5KgagXXEKyliLGA\/yjVjyKCsfGNIBlo6V\/wBgDw6FFJV5IEELB+C67Bla6DPd\/IijssFFNeQuhanDPTYlPD9tNg\/fs3qyXdgLtAD5wFTpItkiW9sCIl0sdiKKYenKTEP0Kzl7m5rHRysKDmvpAz4B7qpSWHHdj7wUWNTnb3cJBZruDfs6J8nGLi\/mdRxQBiZjqNHk+NdoLGP5+Se85nS73YcvnQNM+R3BgRGCRg\/Oz6F2BEFw4Pg6VWtaOWPj1PIc\/\/iuRtfWYtg5xFHXnqQgs\/UmYlQ9rIdal1kxEBaCzgb43mXE+Sb5AyFnCxn0sgw\/sNIFvZyUs86+mj7qYXVUtqozz0REEn78XroBEJaDpSbfVW+97VLSGTjdGmIr47vu3lOL\/p3DM9ojy8QObunklWN1rowob+5Qp6BMQ5OLFX9RMjJeRqUyXfuDGuGfVMQ\/XLMMn6dZzgB\/tUs29cpPyfFEVlp0PeKw3TsB2CurZqV8a7eJIve1DU6C2VNyud0dDf4v1PIkQ61GcEZLJPbx\/jL4cUGG+VUF+jWy5lK6mqLbu60gq58x7M2RJvbdHqZIMhnfS6GMuY4BDYCnDWScjFOOs6JN9teRus2vSlv3tyk6Bi4w3i+ipntczD0uVmE9ehPVk361+tBqgfc4FojALrG6LWC\/JdAEuBuCgF+LOBaCD\/q35zfq2b4VSQ+tSeCScB24F\/GMVTich1oBJEILHciuWYFeGd8OkyXLYP4p0W12MEs+NqTbrjb\/2UqwK0ugGs6sPOOg5ijteoNTE31oEW3zJ8DKgAjvKc9KK7mwgDyO\/9UOe1eoZu6Ej0CqfrGyuMTuj6g+TFbUuYMWFK+3FM7Gf7uDaAHXhARQ07OatUJ2b73x0kNhMSobx2LYcCzveItbZDc7iSAi0meGvGrRLyuv2D0Tts7UqZgn+NIpflv57HtQ7TYuoJt\/MZR0q4eQTfdIL2UKYhIHFb5L4AXTNlN2n9HkPlBfnaEPl7o6QlUHd9byjmD\/oDiPDeDOKkY4KIshuasu0P3HGCD3od\/oQ0GuGrSzVzXi3kwfCKOPSIUrUUILa0TqHe3bYCWyBwHPa0ROZ4+eNQRr4TdRkn8L5gHWPjp3TikMH1opA+i8kCL7vSTzos7m9vrjde02Nn0cXRVqpaYtXt9Wi\/znvURpUNpKIsdXxb6A8+T6qtFsN+8sdQBDcYuiyje870Rt6p5BLoDYrsH2jkdWBqKhi5EJ3Uh9VRHAq8aJP9h9gngV3bdVW3bv0FEMjKmvpUQnBLBonXJUX\/kksuVMGdOwFovs9F7lWsso\/4B9N0eIoXcUP5NosC0KECWOBW4NCx5+sDETNCzrXBsZ4KDR6DOjrbvVQF3u4Le9Fp97CFgcX5UPlS6E1NbO3ueISzpOoWyo1KwCbl4UA7Xuo2og9al\/xXXf9bUSbi9ElyBhK7gM1gY+ZtWnZpLrd+0UaIJcKNVESblsROA+B\/4hG8F0oJPoOJNm3mGG7C8itWM4+YknrSVwDQEwwOqbbYB4b9kB2SrkS6Taz3cmIhhPPe2cTYfEV7j\/\/zY0GfCW0MTjvLv2j\/2inItKLv3scYVBbZCVva9co+CtL+tI7xPrOegXWHgfOEz9k8V2FRZxXKml9SJwMWtXHUgs\/qox9++uk9Pxyn051lL2Jwyfzn4CJWyp9LWMHY71Y+svwagLUJ6Il6pnq6OgO0OeFcP\/bmh5BGdfe8WYCCBaWAd\/yBrfppTrm50yUqXBXlXToWzajJNqXs+7w7Qk2Q4A5K+At8XfwRXMLxfViSrDJjx+wYv0jpkCDHnPu76fmSWIgZ6wwN+8L7M7\/uIURnV5fDAARTnR37VW2Pbk24Bt5ElZR5i+ALF\/BvxBHz+Q9JK2r\/vlSGKys\/TCGVCJ98eydmKNsXGWQjeWs\/61D4E7ocMPENKH05qrHZGVW5p5VHKLeK+1mxcLMyw2g46M86R6vUeukvv7CWv1mooSzxQHteDDP07CvTbaUEuJHBAbg1RCTD667HljRYDBd2FUgcE5ZIJGONQZh+6MCt4lvGxePTyKxn1KsomY9fomY9queDz7MD9yYux8s2fhDIhEBmUl9IdQOc9wOJwAMrLiBhx0rrWCrJe04Qo0d9m70avZcef9sxVk\/qO\/AqweL1vI9Lo5yO9jL1jutS3aaVBiECv9FrMIy7FU7Old6LPqEaPY2uNquegFT+E9L6TzH4vqNl2\/OrG2ydn1HDkTD2X4orEwMuGQ9skk8LD1+Vte8NOQjrnuKgaVjZ8mZr0oQqvqq9IqB79NNtzhw5BzCVFbm9NZTqJLrqwMosXDgS4E8EyMDz16cqv20ab1hBqPWwLy+D5QUrmfuQXL\/wdyWxe+KYxuRWowzEBXlz2Upz6kwnMn6etMKV0tLczV\/o7+iceHmS3KTgDLV5Kz7NtwYh1hToxtHVT\/WzpabHzzVQPFV0dvhABTXJNDfGNfdBIWeVm92mk0WFRSEdPAV6WZsq3Xuxo6pKytgwe0vKv\/YpArdP1W3tVmea0GVZpVLeRGsH0sYsVWMtcYBfhNZVUu3z85p9hxRy46e7T27ut7lUpQ5EyzIXEoO\/MZk98rT70oZJL5eP80yon5OPVVvWY0X7PtxpPTP\/GGVw9KAB0vaF+jv4Ail\/R\/1QMowggVBBgkqhkiG9w0BBwGgggUyBIIFLjCCBSowggUmBgsqhkiG9w0BDAoBAqCCBO4wggTqMBwGCiqGSIb3DQEMAQMwDgQIAm\/3u0BvULYCAggABIIEyMdBeIlp7aF8dRnxx1SDdQR50XRKmsnq2\/4tRqVZj2MegksqdOahiPPWTZB7BWBbqwE+Su\/NvKTcueA1Mk7Hd\/t3CkeQGxVsRp5vyqnuIqTU1kdUMO8AkG5tLIuxIGD9rLPyglKUomGsqkR9fQ\/QFQZ+VPzYfkwklpcWQ6pvscejFZxQEgFyE5XaHod+tQypN6oZoBg0EwRJdbwLePgR6o2vARcxMu3XbykRiYPJEIaYWOmoqg2tJrvHrIpvtliGaFSNOOVxw5uENu3s6zNENGtMohw\/IAjhqxuRDpfEaLTgpVRdy9Iig6RPL1WQLejRQTOgxbEdBB4+xLIzIxt4gFRyxN0JbR\/GQgxzfdHYTGbJJL58DRN2HxBJGVR8skRaTVKRHtjbD2glvRaafJS8bcmp44TPGA7QyGhwNGGMqthHwFMTnQA6DUuu+ecX+RSDNHh\/8Lyufq384k\/R7RIA33hMwaCBAsB8SrQCJoEzO3PeWiRin+mg1zig8UBpmJzmbGeE1n0hupmU5K8IWXpmwWBetkxFFEof+QXGWndMiB5LFW\/0RYcGrilNh5Wrvc\/yn6u5lSEWY7OurcESUWoZ\/Z9wKPR9xvoOKm2R4I2k\/ZngsKGqH4E1wWYyf1dtKbSYM9ddtpcGcCr7tzmvETS2kQJUohMPodI79NZby7cOgvi4hYxYMiT4PmDzBtZSOMOiGHwbtgb5UDOpL5Xre5X\/Kmef8ncJQ2wjdPsmvUXWplxr2rdqd6tU5K4dOSQBIs3FgZBXUY9dlXi5hI6mPvJzCEjs9IN8WxMPCtIzpelexOUgzuCLNvwcKzYCkXTXvAyoRkRvxPTrtkw9OzaskriY+lXtST3PUR52zGynC5mvnCE8P0ah1VzEG6+sDOVkN8963qehyVkavuSyv5glW8TmBBg9KC3vefrJjvfoA8CpVpfvVw9d6DRjvXLC48GUATuRDGU9XYzM0XBwsWitYbutYYLQuhDVAT7o1KI6YN3+axkot9pzHDRKEx9sS08x9ZaVUoS3CjgGIVJ\/mN+5vKKJS1uXq54nmjoEB7wdA\/r7uPNjK+aM4y+rMBWC8J+is910QkTLlaQhitjYOFnECuyMKdyKoGceiIjc2C\/IXlGhk\/U6i47W4Ry56UBWUJoluf9aytr3cuJPOTaBJTKMWwg8KHgbL6OdlY+cWmW\/R3libJH2yUKsNVqJxLHbwfw3To2+prrDnSziSTkv\/aHe+dR3H35IwRwjFdU72TgGkjhs0EjZjMDYohtfYljUvTf3+LvmLBhOxhiB1AY0CAYD7svmE1bXSRMiq6vQ8nGQyk\/TPMt2wiqETx4K5B\/oE3iEZFcno6oxoM8CcaYT8KFXm+XlJfMS6Y5p7lEZZUUrJZ9DmyWFnOK2N5X4DVVoz90b0xHOPoySxdHVxPEkhki+\/hyMe\/5Af++AF08fW0UkNrcysm9oL+JcxLhIFmYKeXOp6ndc2l8LriGdYwnQIslsNz7NS4CyMWevFCxdtHdtDHCMeNR4vVZ\/H4tKjQAN+MSGlJUivnf+4O7aAza3JFYrHebvEnZ2bOXDBEO8Wg2KdlU9\/kWT7+Mbx4uDoBx5uSlc\/EjEyMMwaRFWNLT0BE1rEhjZ\/2dgnSJicoQxxzElMCMGCSqGSIb3DQEJFTEWBBREJ\/fTZniwl+QwiadKGFDCt3RQkDAxMCEwCQYFKw4DAhoFAAQUAI+SRcJd8x0\/muoSflbGrh4sOgYECAo5YVCkatpXAgIIAA==" -export keyPairs_signing_items_devsigningcert_devsigningcert_password="2FederateM0re" -export serverSettings_systemKeys_items_current_keyData="zXq7Idi2Buey5Gu9UZjLz7AHcywCsF6g3uxj0tYK52A=" -export serverSettings_systemKeys_items_pending_keyData="7ZuraJ9Iz9H0tczsx4Ta2YOPZJUlN7Oksp4EcTwjCW0=" -export sp_idpConnections_items_aLGfLX1_K4VP6a3uGh33YOuZodG_credentials_certs_x509File_a5kvb66kyxbmdfwp506gijvn6_a5kvb66kyxbmdfwp506gijvn6_fileData="LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTakNDQWpLZ0F3SUJBZ0lHQVdpU2M5cERNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1HWXhDekFKQmdOVkJBWVRBbFZUTVFzd0NRWUQKVlFRSUV3SkRUekVQTUEwR0ExVUVCeE1HUkdWdWRtVnlNUTB3Q3dZRFZRUUtFd1JRYVc1bk1Rd3dDZ1lEVlFRTEV3TkVaWFl4SERBYQpCZ05WQkFNVEUwTnZibVpwWnlCVGFXZHVhVzVuSUVObGNuUXdIaGNOTVRrd01USTRNRE14TkRVeVdoY05NelF3TVRJME1ETXhORFV5CldqQm1NUXN3Q1FZRFZRUUdFd0pWVXpFTE1Ba0dBMVVFQ0JNQ1EwOHhEekFOQmdOVkJBY1RCa1JsYm5abGNqRU5NQXNHQTFVRUNoTUUKVUdsdVp6RU1NQW9HQTFVRUN4TURSR1YyTVJ3d0dnWURWUVFERXhORGIyNW1hV2NnVTJsbmJtbHVaeUJEWlhKME1JSUJJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXJBVlJrcXcyOEFkQXhBRkdZR0IvOUkydWZiMnQxRlg3NDc2bml1bndHQ2JDCm5wdUxyOTk4QVZRMFNsQTJUY1EvazNDU2pMdnBXcE8zRzRGcGV5RS96L3EyUlp6L3VLMm9qWDYzVGg5MHc3TjN2dnU3VjJqSWovWXAKWXZtV1hPN3hBNkNnU0VKZmVvTUp0dC8xT29seXpSOENlZjFvNkFPeE4rVnNrcFVKQ0R1NFJpcW1SVW9GMjJLcVhadUxVN010WmQ3WApOK1RicHVKa0EweWlxb3FBdXp2VjF2TVlDWTdMMFQraW9zT054TUt0WTA1TjltTW9qNUFBSnFpeFJrM2FjQ2I4UzJVekdUY3J6eUtHCjZ0NkRTdUpJc1RnSHlzZ2FPYUI5YkdMRXBDSThyVUovWGRlS3ZMSUxPbzFDNU5zQkpRNE5QaHRFSjRkWDhuaFJxV2crVndJREFRQUIKTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFDUElaeUdwRGFpK1ZsalNrYTMxaHdjbncybC9DVnJVSWI5NG5XRW9vRk8vT1FTNm9VawpVSXF0S01OMTFrVm44YzRyTmhuNWZlbENvNzQ3VlM1ZkxRdkhUWTlwK3F0Z2hIY3lQRDdYNVlaTDZNVTJ2cVBJbmxzOUk1QUNGbUE5CnBacEI0Yk1ManZXY1F2YzV4WXEzRlJRdENVdm5RTGhWdlN5UnErVWt5NWxaOTVpM1JRM2lWV2lwQ1BMSTBxWmxtbXkxcGJtc0VjdSsKL2VFRW9GblJRWm82bjRBUWhaTFYweWp6Y3gzcUV1c3pYTXd1VlhqL1lwRlc0M1JjVG10MHhWYTRsYUNtRVVvOUVOcGUyR1Bidk9LSwp3MTdYeDhKaEdjY2oyNEptUjducGk4bENVNHVmbExLdFNRQUZNRElzTTI4M0Yxd1ZFeEZ4dUx6YlF1ajVGbnRZCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=" -export dataStores_items_ProvisionerDS_ProvisionerDS_password="secretpass" -export passwordCredentialValidators_items_simple_configuration_tables_rows_fields_Confirm_Password_value="2FederateM0re" -export administrativeAccounts_items_Administrator_password="${PING_IDENTITY_PASSWORD:=2FederateM0re}" diff --git a/server-profiles/shared-profile/instance/bulk-config/data.json.subst b/server-profiles/shared-profile/instance/bulk-config/data.json similarity index 100% rename from server-profiles/shared-profile/instance/bulk-config/data.json.subst rename to server-profiles/shared-profile/instance/bulk-config/data.json From 5ce57e645d98ee92ab47c36a5e898e91779dd561 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Thu, 2 Jan 2025 11:29:19 -0700 Subject: [PATCH 27/30] Update dependencies --- go.mod | 8 +++++--- go.sum | 18 ++++++++++++------ 2 files changed, 17 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index c54dcb0c..aa592975 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.23.3 require ( github.com/fatih/color v1.18.0 - github.com/golangci/golangci-lint v1.62.2 + github.com/golangci/golangci-lint v1.63.2 github.com/hashicorp/go-uuid v1.0.3 github.com/manifoldco/promptui v0.9.0 github.com/patrickcping/pingone-go-sdk-v2 v0.12.5 @@ -37,6 +37,7 @@ require ( github.com/alexkohler/nakedret/v2 v2.0.5 // indirect github.com/alexkohler/prealloc v1.0.0 // indirect github.com/alingse/asasalint v0.0.11 // indirect + github.com/alingse/nilnesserr v0.1.1 // indirect github.com/ashanbrown/forbidigo v1.6.0 // indirect github.com/ashanbrown/makezero v1.2.0 // indirect github.com/beorn7/perks v1.0.1 // indirect @@ -80,7 +81,6 @@ require ( github.com/golangci/go-printf-func-name v0.1.0 // indirect github.com/golangci/gofmt v0.0.0-20241223200906-057b0627d9b9 // indirect github.com/golangci/misspell v0.6.0 // indirect - github.com/golangci/modinfo v0.3.4 // indirect github.com/golangci/plugin-module-register v0.1.1 // indirect github.com/golangci/revgrep v0.5.3 // indirect github.com/golangci/unconvert v0.0.0-20240309020433-c5143eacb3ed // indirect @@ -108,9 +108,11 @@ require ( github.com/kunwardeep/paralleltest v1.0.10 // indirect github.com/kyoh86/exportloopref v0.1.11 // indirect github.com/lasiar/canonicalheader v1.1.2 // indirect + github.com/ldez/exptostd v0.3.0 // indirect github.com/ldez/gomoddirectives v0.6.0 // indirect github.com/ldez/grignotin v0.7.0 // indirect github.com/ldez/tagliatelle v0.7.1 // indirect + github.com/ldez/usetesting v0.4.1 // indirect github.com/leonklingele/grouper v1.1.2 // indirect github.com/macabu/inamedparam v0.1.3 // indirect github.com/magiconair/properties v1.8.9 // indirect @@ -154,7 +156,7 @@ require ( github.com/sagikazarmark/locafero v0.6.0 // indirect github.com/sagikazarmark/slog-shim v0.1.0 // indirect github.com/sanposhiho/wastedassign/v2 v2.1.0 // indirect - github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect + github.com/santhosh-tekuri/jsonschema/v6 v6.0.1 // indirect github.com/sashamelentyev/interfacebloat v1.1.0 // indirect github.com/sashamelentyev/usestdlibvars v1.28.0 // indirect github.com/securego/gosec/v2 v2.21.4 // indirect diff --git a/go.sum b/go.sum index 0f104088..5e05861c 100644 --- a/go.sum +++ b/go.sum @@ -36,6 +36,8 @@ github.com/alexkohler/prealloc v1.0.0 h1:Hbq0/3fJPQhNkN0dR95AVrr6R7tou91y0uHG5pO github.com/alexkohler/prealloc v1.0.0/go.mod h1:VetnK3dIgFBBKmg0YnD9F9x6Icjd+9cvfHR56wJVlKE= github.com/alingse/asasalint v0.0.11 h1:SFwnQXJ49Kx/1GghOFz1XGqHYKp21Kq1nHad/0WQRnw= github.com/alingse/asasalint v0.0.11/go.mod h1:nCaoMhw7a9kSJObvQyVzNTPBDbNpdocqrSP7t/cW5+I= +github.com/alingse/nilnesserr v0.1.1 h1:7cYuJewpy9jFNMEA72Q1+3Nm3zKHzg+Q28D5f2bBFUA= +github.com/alingse/nilnesserr v0.1.1/go.mod h1:1xJPrXonEtX7wyTq8Dytns5P2hNzoWymVUIaKm4HNFg= github.com/ashanbrown/forbidigo v1.6.0 h1:D3aewfM37Yb3pxHujIPSpTf6oQk9sc9WZi8gerOIVIY= github.com/ashanbrown/forbidigo v1.6.0/go.mod h1:Y8j9jy9ZYAEHXdu723cUlraTqbzjKF1MUyfOKL+AjcU= github.com/ashanbrown/makezero v1.2.0 h1:/2Lp1bypdmK9wDIq7uWBlDF1iMUpIIS4A+pF6C9IEUU= @@ -89,6 +91,8 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/denis-tingaikin/go-header v0.5.0 h1:SRdnP5ZKvcO9KKRP1KJrhFR3RrlGuD+42t4429eC9k8= github.com/denis-tingaikin/go-header v0.5.0/go.mod h1:mMenU5bWrok6Wl2UsZjy+1okegmwQ3UgWl4V1D8gjlY= +github.com/dlclark/regexp2 v1.11.0 h1:G/nrcoOa7ZXlpoa/91N3X7mM3r8eIlMBBJZvsz/mxKI= +github.com/dlclark/regexp2 v1.11.0/go.mod h1:DHkYz0B9wPfa6wondMfaivmHpzrQ3v9q8cnmRbL6yW8= github.com/ettle/strcase v0.2.0 h1:fGNiVF21fHXpX1niBgk0aROov1LagYsOwV/xqKDKR/Q= github.com/ettle/strcase v0.2.0/go.mod h1:DajmHElDSaX76ITe3/VHVyMin4LWSJN5Z909Wp+ED1A= github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= @@ -147,12 +151,10 @@ github.com/golangci/go-printf-func-name v0.1.0 h1:dVokQP+NMTO7jwO4bwsRwLWeudOVUP github.com/golangci/go-printf-func-name v0.1.0/go.mod h1:wqhWFH5mUdJQhweRnldEywnR5021wTdZSNgwYceV14s= github.com/golangci/gofmt v0.0.0-20241223200906-057b0627d9b9 h1:t5wybL6RtO83VwoMOb7U/Peqe3gGKQlPIC66wXmnkvM= github.com/golangci/gofmt v0.0.0-20241223200906-057b0627d9b9/go.mod h1:Ag3L7sh7E28qAp/5xnpMMTuGYqxLZoSaEHZDkZB1RgU= -github.com/golangci/golangci-lint v1.62.2 h1:b8K5K9PN+rZN1+mKLtsZHz2XXS9aYKzQ9i25x3Qnxxw= -github.com/golangci/golangci-lint v1.62.2/go.mod h1:ILWWyeFUrctpHVGMa1dg2xZPKoMUTc5OIMgW7HZr34g= +github.com/golangci/golangci-lint v1.63.2 h1:igdU9duGfb/TiON2SRuNh0SXK0qtx72jjApj1NbaJso= +github.com/golangci/golangci-lint v1.63.2/go.mod h1:O2+mo4qsJuG4cSXBzLbEV+5NAtntoNIbAv428zaEY/s= github.com/golangci/misspell v0.6.0 h1:JCle2HUTNWirNlDIAUO44hUsKhOFqGPoC4LZxlaSXDs= github.com/golangci/misspell v0.6.0/go.mod h1:keMNyY6R9isGaSAu+4Q8NMBwMPkh15Gtc8UCVoDtAWo= -github.com/golangci/modinfo v0.3.4 h1:oU5huX3fbxqQXdfspamej74DFX0kyGLkw1ppvXoJ8GA= -github.com/golangci/modinfo v0.3.4/go.mod h1:wytF1M5xl9u0ij8YSvhkEVPP3M5Mc7XLl1pxH3B2aUM= github.com/golangci/plugin-module-register v0.1.1 h1:TCmesur25LnyJkpsVrupv1Cdzo+2f7zX0H6Jkw1Ol6c= github.com/golangci/plugin-module-register v0.1.1/go.mod h1:TTpqoB6KkwOJMV8u7+NyXMrkwwESJLOkfl9TxR1DGFc= github.com/golangci/revgrep v0.5.3 h1:3tL7c1XBMtWHHqVpS5ChmiAAoe4PF/d5+ULzV9sLAzs= @@ -228,12 +230,16 @@ github.com/kyoh86/exportloopref v0.1.11 h1:1Z0bcmTypkL3Q4k+IDHMWTcnCliEZcaPiIe0/ github.com/kyoh86/exportloopref v0.1.11/go.mod h1:qkV4UF1zGl6EkF1ox8L5t9SwyeBAZ3qLMd6up458uqA= github.com/lasiar/canonicalheader v1.1.2 h1:vZ5uqwvDbyJCnMhmFYimgMZnJMjwljN5VGY0VKbMXb4= github.com/lasiar/canonicalheader v1.1.2/go.mod h1:qJCeLFS0G/QlLQ506T+Fk/fWMa2VmBUiEI2cuMK4djI= +github.com/ldez/exptostd v0.3.0 h1:iKdMtUedzov89jDvuwmo0qpo+ARpZJg9hMp3428WwNg= +github.com/ldez/exptostd v0.3.0/go.mod h1:iZBRYaUmcW5jwCR3KROEZ1KivQQp6PHXbDPk9hqJKCQ= github.com/ldez/gomoddirectives v0.6.0 h1:Jyf1ZdTeiIB4dd+2n4qw+g4aI9IJ6JyfOZ8BityWvnA= github.com/ldez/gomoddirectives v0.6.0/go.mod h1:TuwOGYoPAoENDWQpe8DMqEm5nIfjrxZXmxX/CExWyZ4= github.com/ldez/grignotin v0.7.0 h1:vh0dI32WhHaq6LLPZ38g7WxXuZ1+RzyrJ7iPG9JMa8c= github.com/ldez/grignotin v0.7.0/go.mod h1:uaVTr0SoZ1KBii33c47O1M8Jp3OP3YDwhZCmzT9GHEk= github.com/ldez/tagliatelle v0.7.1 h1:bTgKjjc2sQcsgPiT902+aadvMjCeMHrY7ly2XKFORIk= github.com/ldez/tagliatelle v0.7.1/go.mod h1:3zjxUpsNB2aEZScWiZTHrAXOl1x25t3cRmzfK1mlo2I= +github.com/ldez/usetesting v0.4.1 h1:T/4Bk3YDX6XUBtdNDDFymlr5GBekKA4j7HUtrv1YaaI= +github.com/ldez/usetesting v0.4.1/go.mod h1:eEs46T3PpQ+9RgN9VjpY6qWdiw2/QmfiDeWmdZdrjIQ= github.com/leonklingele/grouper v1.1.2 h1:o1ARBDLOmmasUaNDesWqWCIFH3u7hoFlM84YrjT3mIY= github.com/leonklingele/grouper v1.1.2/go.mod h1:6D0M/HVkhs2yRKRFZUoGjeDy7EZTfFBE9gl4kjmIGkA= github.com/macabu/inamedparam v0.1.3 h1:2tk/phHkMlEL/1GNe/Yf6kkR/hkcUdAEY3L0hjYV1Mk= @@ -357,8 +363,8 @@ github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6g github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= github.com/sanposhiho/wastedassign/v2 v2.1.0 h1:crurBF7fJKIORrV85u9UUpePDYGWnwvv3+A96WvwXT0= github.com/sanposhiho/wastedassign/v2 v2.1.0/go.mod h1:+oSmSC+9bQ+VUAxA66nBb0Z7N8CK7mscKTDYC6aIek4= -github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4= -github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= +github.com/santhosh-tekuri/jsonschema/v6 v6.0.1 h1:PKK9DyHxif4LZo+uQSgXNqs0jj5+xZwwfKHgph2lxBw= +github.com/santhosh-tekuri/jsonschema/v6 v6.0.1/go.mod h1:JXeL+ps8p7/KNMjDQk3TCwPpBy0wYklyWTfbkIzdIFU= github.com/sashamelentyev/interfacebloat v1.1.0 h1:xdRdJp0irL086OyW1H/RTZTr1h/tMEOsumirXcOJqAw= github.com/sashamelentyev/interfacebloat v1.1.0/go.mod h1:+Y9yU5YdTkrNvoX0xHc84dxiN1iBi9+G8zZIhPVoNjQ= github.com/sashamelentyev/usestdlibvars v1.28.0 h1:jZnudE2zKCtYlGzLVreNp5pmCdOxXUzwsMDBkR21cyQ= From 548e016214ee36ef2c2e2371bd92167f497128d2 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Thu, 2 Jan 2025 12:42:45 -0700 Subject: [PATCH 28/30] Remove unneeded ignored error for PingFederateServerSettings terraform plan testing --- .../connector/pingfederate/pingfederate_connector_test.go | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 9c9ac981..9513bacf 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -308,11 +308,9 @@ func TestPingFederateTerraformPlan(t *testing.T) { ignoredErrors: nil, }, { - name: "PingFederateServerSettings", - resource: resources.ServerSettings(PingFederateClientInfo), - ignoredErrors: []string{ - "Error: Invalid Attribute Value Length", - }, + name: "PingFederateServerSettings", + resource: resources.ServerSettings(PingFederateClientInfo), + ignoredErrors: nil, }, { name: "PingFederateServerSettingsGeneral", From cd966adc0d60cd3a5f66ecc63f1174a4eb019459 Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Thu, 2 Jan 2025 14:10:30 -0700 Subject: [PATCH 29/30] PR review changes for rotation settings --- .../pingfederate_connector_test.go | 8 +- ..._keypairs_signing_key_rotation_settings.go | 14 +- ...airs_signing_key_rotation_settings_test.go | 4 +- server-profiles/12.1/data.json | 204 +++++++++++------- 4 files changed, 138 insertions(+), 92 deletions(-) diff --git a/internal/connector/pingfederate/pingfederate_connector_test.go b/internal/connector/pingfederate/pingfederate_connector_test.go index 9513bacf..763d02fd 100644 --- a/internal/connector/pingfederate/pingfederate_connector_test.go +++ b/internal/connector/pingfederate/pingfederate_connector_test.go @@ -166,11 +166,9 @@ func TestPingFederateTerraformPlan(t *testing.T) { ignoredErrors: nil, }, { - name: "PingFederateKeypairsSigningKeyRotationSettings", - resource: resources.KeypairsSigningKeyRotationSettings(PingFederateClientInfo), - ignoredErrors: []string{ - "Error: Cannot import non-existent remote object", - }, + name: "PingFederateKeypairsSigningKeyRotationSettings", + resource: resources.KeypairsSigningKeyRotationSettings(PingFederateClientInfo), + ignoredErrors: nil, }, { name: "PingFederateKeypairsSslServerSettings", diff --git a/internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings.go b/internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings.go index 9575aff5..b9adfe93 100644 --- a/internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings.go +++ b/internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings.go @@ -82,12 +82,16 @@ func (r *PingFederateKeypairsSigningKeyRotationSettingsResource) getSigningKeyPa } for _, signingKeyPair := range signingKeyPairsItems { - signingKeyPairId, signingKeyPairIdOk := signingKeyPair.GetIdOk() - signingKeyPairIssuerDN, signingKeyPairIssuerDNOk := signingKeyPair.GetIssuerDNOk() - signingKeyPairSerialNumber, signingKeyPairSerialNumberOk := signingKeyPair.GetSerialNumberOk() + _, signingKeyPairRotationSettingsOk := signingKeyPair.GetRotationSettingsOk() - if signingKeyPairIdOk && signingKeyPairIssuerDNOk && signingKeyPairSerialNumberOk { - signingKeyPairData[*signingKeyPairId] = []string{*signingKeyPairIssuerDN, *signingKeyPairSerialNumber} + if signingKeyPairRotationSettingsOk { + signingKeyPairId, signingKeyPairIdOk := signingKeyPair.GetIdOk() + signingKeyPairIssuerDN, signingKeyPairIssuerDNOk := signingKeyPair.GetIssuerDNOk() + signingKeyPairSerialNumber, signingKeyPairSerialNumberOk := signingKeyPair.GetSerialNumberOk() + + if signingKeyPairIdOk && signingKeyPairIssuerDNOk && signingKeyPairSerialNumberOk { + signingKeyPairData[*signingKeyPairId] = []string{*signingKeyPairIssuerDN, *signingKeyPairSerialNumber} + } } } diff --git a/internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings_test.go b/internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings_test.go index 62972e16..61e3d214 100644 --- a/internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings_test.go +++ b/internal/connector/pingfederate/resources/pingfederate_keypairs_signing_key_rotation_settings_test.go @@ -17,8 +17,8 @@ func TestPingFederateKeypairsSigningKeyRotationSettingsExport(t *testing.T) { expectedImportBlocks := []connector.ImportBlock{ { ResourceType: "pingfederate_keypairs_signing_key_rotation_settings", - ResourceName: "CN=common, O=org, C=US_1696532438981_rotation_settings", - ResourceID: "419x9yg43rlawqwq9v6az997k", + ResourceName: "CN=rotationTest, O=pingidentity, L=Denver, ST=CO, C=US_1735851845119_rotation_settings", + ResourceID: "9vgmnd36wykte1l2nm8s8uead", }, } diff --git a/server-profiles/12.1/data.json b/server-profiles/12.1/data.json index 91280532..e1c28e2c 100644 --- a/server-profiles/12.1/data.json +++ b/server-profiles/12.1/data.json @@ -9,14 +9,19 @@ "subResource": "cert-time-tracking", "items": [ { - "id": "419x9yg43rlawqwq9v6az997k", + "id": "9vgmnd36wykte1l2nm8s8uead", "type": "STRING", - "stringValue": "1735840760" + "stringValue": "1735851845" }, { "id": "sslservercert", "type": "STRING", "stringValue": "1735840761" + }, + { + "id": "tiq4n26axjircjk30oz5zf6k3", + "type": "STRING", + "stringValue": "1735851641" } ] }, @@ -32,6 +37,23 @@ } ] }, + { + "resourceType": "/configStore", + "operationType": "SAVE", + "subResource": "org.sourceid.saml20.domain.LoggingMode", + "items": [ + { + "id": "IdPOverrideOn", + "type": "STRING", + "stringValue": "false" + }, + { + "id": "SPOverrideOn", + "type": "STRING", + "stringValue": "false" + } + ] + }, { "resourceType": "/configStore", "operationType": "SAVE", @@ -94,9 +116,9 @@ "items": [ { "id": "sslservercert", - "fileData": "MIIKgAIBAzCCCioGCSqGSIb3DQEHAaCCChsEggoXMIIKEzCCBaoGCSqGSIb3DQEHAaCCBZsEggWXMIIFkzCCBY8GCyqGSIb3DQEMCgECoIIFQDCCBTwwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFAnDQs-qMuN4DIQVwyQkj1GUEmHWAgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQzFhjowQWE8ITWEAPCxzPtgSCBNBYqfffomrqua2btFQbtdNC7wXc4VsWS1sYCLVM5OLIfMrkpuIsIwmVgPN3skkvhLcC1rVU1tby-TlI1fB3It6u-9R_jSO5IZfrH58E5ldZ66xu7OxlPQYX35VpRhLX_7ypRaxdGnaRy7SBUEgShUWGn1OQEY-upQgikJNJXdEJOr8bkwOHzP3BUMMtv5Me4BKDC42A56s-zhydPN2EJWmRZjHTxtBqzrsjppNbVr-f-kPyUknUSZ4OyNx-cQ3y8fa4OmGMPtjOq2sWGxl8BZlXLh7b_Pby7lB2l0wtstYHEo22No1GvrGCSU93j28dYmiMaxJ-lqYmdf4q8vlyWaxajzkoW8meJQdsjsPu9yd3_kefe9IwDFUFcGeAXNe4jZn-AQcPGl0Obrtvap1Ai8q4JE2ObUTGt7XvmwbDOb0ZDgaqdui6_zDXs9hAG0HR_fg6skoGR6hT1-j4gFOivt5Dw4qKnWDokjgrr3qAYZC3-x5TJTD4lQvvi_yjOUOU5NENoMhJY3PkcRYnK_xFzQ1xi4iRuJGJmtQPOtDOj_4ZMs5nZL3HZGEpoVwutUbUCXvLjWnQoscKZlMGFJXUFFahETMSk0q4xIBPms9swzulHl0gHjmbdb3xdJfYnRNndCzm04uPOv7gWYY2Icg2yTu9fUDmwcOeQ1Ks9rzdLEgo2jN4B4glwryJCfqjb92xj3LhFFpIA506ny-SXNsfDsQ2MBiFuHsZyyIEIfNz_CPRCijrWn0uNoIm3rAFGaP2F6H3_4ZQCi-YCMLWwf9VRW5exxz-S0vAuEXQaLtAGONXSlmQVggOx0gD6aihFGw9JQBXKk9NlzFAmef6tfyLgHuwhJnc0g0K78ecTrfV5-M4RFT3xr9MED6q-P-yK8wE1htTcfIy_Ia8l68yP90u6MT1y5fQ6rqQQs369I_h8D6QA31Fcp_0uWB17zYtc-B1WUMwr6nWPuL4TG2SqUiDBeZg-jvGlrL4r8MsEaFGteYNl2tNOPSIALxKLuJ60StESsdQuHphOrBV_V8oaHp8rtGq6gjQ347o2PnWZPt9tS4hPazm6Pozgu3WDNkKGmBDjFoRxdilQ9Ngzotn_5ay19Uql4hx2sHMT0sqXGy597K4xOHMKoLcKO9EgrlRTsigL0gYe2UJeCqUJP8_2M8EpDIBHmMYrc-zWqgZlOGsnHKqxSykavJohxj9FET2sw-Lr7RyMqvC2mELTCPoV1wgSu8tk9KAOfW4_W1EqsOzz09cMLSXLH0-DEj7Xw9Sb3gHyV9ldkuxR3HCpe0Oh1Y3UTNgfU4Z5CtvjErgghVMsLWqHPWMkIzYktixOmrwa24m9QP9lMjhAn7V6uhoboURE5yTO0riU6_to5ckSQSckhiTqXlj1ezobUFK_xyNPf73qUKybQBavJpkrJV4HuXnv41HN-PvjsIwutU3mSHBzqibJJUBCNZdAp9sicSu7U-N6beOUI5fXPz3kgiQYVal7itprvpRICIeUBl7Kzm7M_G-HN9zfEICJR-3Zav7y93GnJ_JrcGJL0i2HB8BuFtfqwNcZ46QJPuA2SmDV1a6GsXvEZ8x7T3yNOBFH9JOBfqlCKAzsXfaN77cQCSZ2iegbTWqL_bkS8tGA8YZ6p7P_bjAfjE8MBcGCSqGSIb3DQEJFDEKHggAcABpAG4AZzAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNzM1ODQxMzM1MzIzMIIEYQYJKoZIhvcNAQcGoIIEUjCCBE4CAQAwggRHBgkqhkiG9w0BBwEwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFAGV3aQl-8S0DYVAf-y-Cg03xbFQAgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQd79_gTqcpKzXikELsk_htoCCA9ABG8EocRo23dqwip2HTy4fQEFhSZR8BnNuyusB6g-SHdGuNXD19jCKe2gBvQXLNj1HHxJpmsQ6Aw33RHPo2V_zlcQf7bQx9SgPE4Mb6Gc32Ycd7QWvE4gu0al2xSVtQR14Ktu4lU1Pw4z-GZg_-A_VuOB2uNCdBtOp0Oz6RcxPA8HXpYHgCGBJORuzj-noOnXJUQweO6oiDw_qM4kFOL3mvjhm8q8a5STaJA-bJl8ukTkRf3mKawDhfnft7gjc8U72dHPdJd0iHa3kcMONZ4Pt_iwKb6ukCE5HOti2uO0S-eZ5Bmgk4_TUZwN75B-JYfICqQIz9qAokRx6yIo58425ZHNQLXHJI9IETQSyiwcDm1esQHF4xHECdwmN7f4nFeOQjoVODhO8FfArmZcFNGgYbOVQlhJtDBMmZdjhsReTaaSKzimmQT4Lta6LpW9TWnkb2IaGuFMmaq1d9dAn9udqHR5IHxJy6MfoM1N9RSLynGOMLpRvM0ZbzW1y3KHhjb0kb16hXrCarTtO9n2zYEqXNble0H_IxMosn6H7TBFIDG2MYdYNDXnk6yf1CxdoXTMQcs4whToW6GkRGEeTsEvLtT5i2aWAi-MQGHDwgq-vaL3Vn3xBkPo3flVZXQkZaF0uQgWnZhkPiL_o71O2RRhf9KVjy-euhgYvMRYSGhIcaSdyi2k5936gSdLVdozsCh6GzUPiSFeQCzvjQK8X2ZYGduNErTaCAd1WjHZ426OiGJSDUqjvUBIXYEtQcghfUw8whUw5eCRGWwvvdDimdaMGEZOuwkx1k7aQ0KCvdBhNwqZSHIF5zngy2fF34ARMGBmMO3_b4FnoeUCJ0-3yhdy8-miVX7-d4uW8mcVZaHdX0sByMZxSoepP5fpJASAUNp1u0_3ywksPvc9th5yfhQqLpQgDSQ53gFOtlVPaLGJH2nRctxBULmcVMmaa1hweesmx0DTtM4Vcn9eNn6LpcFDVh1S_lF9HuCi29ohUdPR7-VNFAuPZSOOZLZ4iJhyCmBTskoAL8d-ypl_d2m9w6iaR0KIawl50V9oM_bb10AJvSu2K2rhECYK7nfR7SzFepLm1eeZGoJRbVtgpOKrsRZkEP4QK8vFoszwUC72r_gyjM6DVmyt31dLREioF7fEZ8FgB40gAyd7pwiIqBkcLZoR1aq2uFwkucd4d4qc4zb8NXyxPZ5diYee07zH-m9TbvBwD3BwinhWHrrg3L2OSmrkilSt1qRJaKnUZUG3eh8VwroCS4-1bJfaGoLAGiO7GItwBgNJLlAfuhlllt-lyqcswME0wMTANBglghkgBZQMEAgEFAAQgeMWD6JvscHbeWnLYF2sfV1etD5bnP9Fr45PRXAOrlxQEFGm6ysPf_eqUWpSdVEVtkqLGAtvzAgInEA==", + "fileData": "MIIKgAIBAzCCCioGCSqGSIb3DQEHAaCCChsEggoXMIIKEzCCBaoGCSqGSIb3DQEHAaCCBZsEggWXMIIFkzCCBY8GCyqGSIb3DQEMCgECoIIFQDCCBTwwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFPuABWO8ptmKcJXs9b-XgaOinzp5AgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQcBBm_TEmBVYlVvaLeZXhvASCBNDP863DClAhDO7dQZVVeTjcbwSdV9g63w5peKhdpIBiC3TctBs5ziJQqaAa_Owpvuj6WX4OSL1_h7SIpIDtfsRkDda8WWS9WNe6RW5Gi7PIP48cEJPU5d4MpzkHtK3dJwmItP-IqquUIzL5YGjacjHYO62mY8GLA3H2sjREjAuUafeolAnE8qmv0hAWmAk-RGAjZe1jAeaTwBrTIfNlN3BJYBZJj18KINsVOpPEYwSe3EJk8bGMZPpQJJkVfmAfauSMfMHDUVsWoOu5SJ8ZQ_WKbxm6z0fPPeJlmPfgeNhnSQnTCYnZ-mAXRVfz4SaNUS2ZLI89uZJ-ZXzky5e9-cFwC_mWe7LobPc9rEJ09uIhLUmwc2QoMcLuX1JxJ-Od0C8OszHjlNtm_qe8kaQUt6Xt7BPGTnci5rwuC2EQ9Yvc173cEOpSUWdH4pmVYuOCfyB9tJvqcDQn_OTzKnJ3w0YqQJcBhf6z04NLgw9hruow_dX8nzXMMGlK2OrJwUqaJ9AvS3EK7JZaeL5Ulk5cIErPlwqv2yJP0WDjFoaP3Wl62p1KVthl27S4M6tW533bCi-fp8zZVecVL1RkYU33_ahTI2H40hqRyB2cx7CIvauR_pRFhhQzBg1Q3tq8kLjJ4xlAkKWcjSesu3-nmneO38EOcd7aZmpcleW0L0M7EJbm0rknaCTJG0jDERAVTTa2lxOQ-ve1Pian3IofTpNj29D4lXZ2ITUWJv5QBDptWaoguhLLlZh-bFv97DdJlpU6tSmaN6FfSm1sdWivDrPdg6FcQDpmKIbnZ6nTMVlcnRNQjlI-yMg3hz5eQsXJ4dNY-8jyPiHYofmDD52k5Rt1Nl53E_HZlmpqxTNTi9gK0ERDSqJs-5G_2BKRR_bs9bt7VuQ8aGDkgd6EGTzsfXJatwcEJVp5WSZL0l0vB_n0SindZyWb3gTCZupR_i2zvUKC1mPKIHnm6Zz2jTxJcILkSXDWqOM4y87wmrf5E_TnDt8uylMmbV34TFLx5UiKR16MhWvXt6WIwSWdxNg5RxHoOtKpN19UKiy3I3xqQPk5omaU4D_8AuhRShSJ2fG21L4i0zbvS-T5V2v4AWCgToD9GGsNQk9lC4re5fiyNSXiGFvePbuHOtCA1DsPRDVXG_aYLU-WDTZo5crtGVPWv7Ef8ftMJ0QMjA9QDa5ylY2BLE1PCLklrfwIHS1CJvGvoCYlxT6OmWzsh1D2ZIxfUhEfKh0EJwqnFAwFDEz8o-6ven0LuqErITI6ABB6FlN25FXDOGHW8LaLDPmCwv5ClBjOpzSwTl5KcNjPDxH-0cQ9UUhOWt5K0hbjTYtThFQw4uP3vKojWHl3epc52BypGCXPJ-xwfxYWNLLgNieFprmBPQv55o0fDWtqw2dXM7ZOMHaqGyU0h7C57ERQ4u1bL1UPmkymupROhfcUv12CWks2YHy37Y728PdBfH3LUtAU7JUj3pdUVEajoDEZx_GPa-VkbVommt_FQ3Mm0Mae2Lrdxs3WEegrTcQED-QBX1M6yBvPlL4hXM32ui_7mqjyAevN8e1BbtYoPEly0aMKAG4nnn-_Tojn3QngAs8BFxszhRH-HoxjSRNarnMHZn5FtFIkSjrB1brCytbX3bARkd_K2oiavDE8MBcGCSqGSIb3DQEJFDEKHggAcABpAG4AZzAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNzM1ODUxODg4Njk5MIIEYQYJKoZIhvcNAQcGoIIEUjCCBE4CAQAwggRHBgkqhkiG9w0BBwEwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFHY4D_fBrMhfQNs4Lg9K95j9YlzlAgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQVry1YbQR-2P2nSrmsq6YYoCCA9C3PPFwQt7y6i9hvd8RDCSGy4gRUHwU-CXYqmL5y7lkNStpdHpg1MliRGR6PMYO-t8pbCllhTU8Bh8rpfBthgye2FqQIAhYRd3qPL9ZT15kxgEXu2R72Bgxlq9_7dRI-YOLpyWryeTNYxUjL-MBN6g29QqKUn4i8MNKADaRmihT3W1mEsnXe_1z2qJ0U99pcQz6hs5FySq6WcwtQkyC_paoxLk3GQkqggzYP5357KaDuHpMoGEUGl_aRVvHu-LTUchcDC2PmJnzJ2aYVHTNdroBOqyYFk3NqJaUZsBtdA3RvXOqWvMgdEuWgrjFtu85LWMV3-9SSpN5ZUy3lAl2BKhoTDoeMz2Ntv6JhxFSi9521L5U5fvXGSgubEXtKYz79zVWr25lFhTC3az0CfhriIEnuzB4JeVTm_0WeO_FHKooIczEmv6C9BZI-8g9w4dH0CHTQp2wDDQCMuyF1kP3qN5KEGnMVz2kikBUMrs7kOGZUCA9EF8QqH3KGrxEcXtFCUItOeb80vuojCu2cH1dra3PCGbdIt5ihrQFbKvluQous_Ya1nlpodseCvnCYibDP9REqLPKrkYGMy1r8gmnU5a01trWS8Wtum63bl0AoYZ4nIxLnvJi2z_GKWAPxnI6QJY-CXj1jQTvA8rg107NDKgKuzYHQyGPMTteG0JvMKg_mCBXbcvf2jODey81ISWuP92uJKdZjlmbjyPyd-fsb4oxj9Tksr0VCshrH9QVa9clwXB7DLrcADcNcwlAL222khRAfaAXrZxS-ohNccJR__KRpnwzAiYjX-CEAnUlz9tGuBhuQoKUhzfrFXDAEXumrvaT30uSGrWLK0Ng068zR85p7kDf7z2kaTUjYUDU1wKlXKlSGOMdyGX5u6wiEgVKx8QnESCW6q8IAVks9zDQw56YqC_A19AY8piAPsYKjrpV49Vi2VhYqCK5rrmW1ndo_nJGyHO2m-2QiQhQGc9KY4nSm7jGSKb5oTf1casGECuct4RvMy4Rh4RYugknVnOeho9qpBxnSo9NAwrNVGsJK2hoXNrMpwMgxgtjaOtwk-qCEu1TP8evZFnL10c6Z-VPY-XSJU9LM4hUyprI_66kRPmUGnIYLqRFyG9bQgp8YynrQ2C1I4FIMB6rpugxMW1lPZ3Y5RwV2bN0gqlvymd-1K3pHgVg2IxnOAZC0oIfzOvfEs49VKy_LUqqJWV24MSEgwcERx4G1nsDSehcUO58BPeKXtYz2fLj-0TbixSdk3rvRQodg8KjW2Xr_IbxAhVupkU2mCcU8jsmgWeqcvJW5Xk2ME0wMTANBglghkgBZQMEAgEFAAQgRwd9qggqKC8aIdiNRaz8heGvmlm-fObce-VjP7HeZCAEFJsFQbD7XTEmnb64EY4aVgn2HrXQAgInEA==", "format": "PKCS12", - "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..A-LZsxtyC8owMs9kLjxSPA.uNxqBKlEXsv9Dq0UPNxldqspvFz2lLu-vfnEqr_72LM.Yyw-JEZF4KLS0Iqyrrvivw" + "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..nh0iT6ggPLhQCMgMxwqr3Q.qGBGQ_3CtkTar-wyD2099VW787Wo1-HbGR-mQLccgfU.BNZbBgfA9wppAcOYXjw7Lg" } ] }, @@ -133,10 +155,31 @@ "operationType": "SAVE", "items": [ { - "id": "419x9yg43rlawqwq9v6az997k", - "fileData": "MIIKAAIBAzCCCaoGCSqGSIb3DQEHAaCCCZsEggmXMIIJkzCCBaoGCSqGSIb3DQEHAaCCBZsEggWXMIIFkzCCBY8GCyqGSIb3DQEMCgECoIIFQDCCBTwwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFBu9lcfQZYSEy7gQlbdEmd8rxXOIAgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQAtt_1Q-X_bvGNTYd7XOPhwSCBNCA4qR5dMYpQFgWA29AYTj8Uhpz0X901I_bWw9jT2Yprw0X7q4gO8QAp_aE4STPmsjaeFLqY4gV2YGwevvnj4F1rKXInzNOOichgLssAXPEGymuTXpmMwDinI34suVrEwDxTdrpCfjuVFT3eTDY1LOgHqPpfY71PvpuGB9rAahcjPRNsUp79OEE6LmSJv5m8ivzyxvwROV5Md_ns6ZXmLyoJkuDOS_n0ei5ReUT55V5ytRTy2qSb48NbQH5n7OVOQvdGjqpWV7OZH7lOBruJ52obVvD56OLVnGKp-WlGwOZH9MD-ZVFZ8SaOhjw__Zs1Ozc_hqnjzxLa8sg0v3ZKEWVbmkcYBEBcOHaDWadF3i9hYa2C_tMhpHvb8NfpMbn-q8ApZDguMjveVSjeBHUs2Ag-0KhMonL9h_noVFMYpveKQQIIM7wLdhcxC4DBq0eUFiEM3QHmz92bsRcH8jNRrWJWK1VbUvjO6jS5f7cU04W7xzwoacmhM7sbebtdmJrIKrgACNbqzZ9PwxYfjhlfHFA20GeYMzHttpWBbJJkbF_UmOWT2Eg0TvXUqStKm6ADRbG5ASxsmVfUX-Hyn1aNx-FM6Ht0Vsc0LHjryzQnuB9NDkBULq_sW0VW8C2NLnP_wFu0fuh9jyoEF5RC-8dMkjXLyJRvccFBaOKi-Qk7fR0zvTmLKDCHTZBbyOOQxNbcLaEOh6r7kYdIpLhe-Q_yNSrqfnz8F64V_L0gLwC9v9FtZ3cuhcUkvgq7tKHyTZw2aJyUF-q-6f-Bk6612SAdgCkgk8hpot5f0vzDz2L8k-3zvGywQe7ujlTQ-C5AdNAiNtLvKT2uisFIbzG9WC0jqYH_L8OQAvSFw-P2E4MLWPPjZT0g47YSdqd5S5Ola2iC64T5uk4S5oB4VW3ws7Rf5L3wBQQaIMyNLpg4rZkrRiLcgfjzKK4dMPLTTxAGyWBHTufyHKBvs706aPXzIFbL3GXM7cMo5dIdM5W-aSGh9NtfdphOWs2vwhxIosFp_UMr3CIHkqvwnPt-O4xzyTLKmUGKr2p3ruQeHT5JJeWhsKL6eDHR3-DNR4OVvQ5sd7GJAaq3K1VLOu6gscDfw_fCBFOccoj5QQXIvFVFb3NyKIKGS87rYlkigUzjqLLkR33tqOyXlHqhjS0AN9-oy8vZGrjqemZDaevpM64poY2QmhqfAVC85YjwejjAKZx-plTJ8eYqfj1cIG7aVPTB2tZddj1YdGmFTkxcskPuqXIP-vnclgtgUrApmCeSq0AhodmC7uOHp9PSRIwMDRFvznt6LpgW0PSL-1f2yczuat80Tr4UWhTUIbBm78xzeG5T-dyNQ_zViR5vPjvqT28FrZT2sRVAQ4J7JR9iblgnh7ke3cmB_eP86gkQcOBBQb6jeQFGcq-RPANVa2zAehuF-fYmqOAAo-zE3QzUAlnGojqesFo-ayAr3cAVBFb5lyq9kln7oVqrjWX4z1K0C9RX40WCsTsQg3aBjCoIoVhx4JXcbcnUYvn4ySD_YkTLxaB19nNXdbrsumtiWKzpzc5rjRU2uVqp-TPKm0XwNsEewAW1UJhNMl977X195K-r67IkNYnU5aUVY2k7Tuf0Rf-yPCL6UKoTIHwlc48DKupJIjxKYoRODE8MBcGCSqGSIb3DQEJFDEKHggAcABpAG4AZzAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNzM1ODQxMzM1MzYzMIID4QYJKoZIhvcNAQcGoIID0jCCA84CAQAwggPHBgkqhkiG9w0BBwEwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFOfUPzmOx94MyP_4sBLYVGeDmfe4AgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQNM0-fUC3gt4mEoi-hLB0TICCA1BXPjb4_4mjcv18ckV6TNUXcj_P3ijZB09hnmufljw1h7yOw_Un9c567Ev3w9g_JJzmMGzhX2sAcaS_SDLDoB34z3z3QTM_JvAQ3M8sIX4XF5dMysfefrm4wrT4b-GFVTlsjH_LSWJ7N7Vd32GT1K08EXx2nxSmVKoO-mP9NUInGsfvqERV-CcDkaOF-g8aP2_uBKBZQG_kjzMh7I52T8HDCIVZRojbhdKsOKDzkuBZ_A__RSZwohfAPsok_GMvuKeothcoE3SDvaj-O7eUuJLXxVRsgMznex9PKHU4xpTzhY1iu_8HPkQLTu5YaNkEN6yBbPsfKkUQH2yO3REsISNUjykOBpD5nFm9VveNUWZXjYXJFxgCz7Xpz49mQF0bRT4tk4MnKzzSs1BDXXpYTEr3ZGKHWjlPPOKta_jkYOazW5yl8CGj-mM7JVvHMefPOpR36GDCgGkHEJHSgDpyNjswyHMG2Kml8IH0AeBOSx2KxK90VszF6aNanlGZ0gUVT8jzXnNTc5HGROEW3M4Tunc0gAL5XhgZh9rZxh3Syyq5goc58H7hfDMm7AVsvtGVaTQ5PJN2z7KhQQBd6gcxxiaI2DzprUwdbrNJ9mYkDO0rXhaiOE9glpSC29xzy6H-IHs2tX628sGMK4Xm--6yWwhK8_JcTuinOmYJ2tIqeEy0_LZwS9c-qdOv-1DSJyOs_1XQPOxG72lLjm_6EzSOvRw1S80AFOIpVJOZObyeuLrDGpWIt2RpYguH9QC0SZjj9xT-2W44kkmk4smsSlAjQjyJwsg4wbeS1ZRuMUYwO1ysx1vKw3dfiOi4yrMZNzuNb1i4qJ-G749ErwY-6P9VFHcokFDPXdnE2M2U11mPDejWcGn-ewkPMybDPjPxkZC9Df5Ezcw57H168sU9K0FYvlD2bQA5F8OGm-KIzOx8u-1jDTsMO_LihQYlnCumhQrjePaj14uVGaEuof-MLajhLhb8wf5Vntt1LEom5N1m99IN8FE4v2iktzQ437uMAaC8kgnopRGsJnGNFPyemo069Hu57hNPNRtyt6SEkQWEUsrkrLOQaqwZZGSzJePlkchsY5nElV_mW-72C-1mtypy4M8azGEa-OPmZ1gAaroNGPJ50zBNMDEwDQYJYIZIAWUDBAIBBQAEIEbwzQEf168Lsd_OJ1LCzhAwmLN9mzzdaaYuBzspI7gXBBQCHaD1KUeSv7pgYVsXNv8cx2n8WQICJxA=", + "id": "9vgmnd36wykte1l2nm8s8uead", + "fileData": "MIIKYAIBAzCCCgoGCSqGSIb3DQEHAaCCCfsEggn3MIIJ8zCCBaoGCSqGSIb3DQEHAaCCBZsEggWXMIIFkzCCBY8GCyqGSIb3DQEMCgECoIIFQDCCBTwwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFO4EbhtEqcxLaUv_fc60-2VMF1A2AgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQBw3TwL4CGSHaXYcMNJwZkwSCBNCLjN9KOUJeHcYD4qG7NLB7d7WYkjsXDWx59kgTd_5e1JEyRqyiJ6MJ-9U9KNbW_rZme3-eF3lrGz_Gi4kV75MmB0gZD9oUUM582TCvk9iNVXsHVgR4lTbGhYGpNFKEJ4CdUnKAXlM0Daqm4aWZuhnPm2amWtRkcxJiQ7VPPSGRiZpC2h0SMZvgR4qK5F8i46AEFFCfvj167eZdnuiR4g3cEGq6ecCwy1C8KnXo0S2bc6vpgB8gODYK1MotwbEm2lNKlsXOrRzbJade9gODb49gBeeZK04yZnS5B1pWuQMGS9AUa6RozIqEdloPnymRqOQ4IIBSwrfcCZvwFVoLjggATJiD-Z6HG1s1o1vJR3ucbcc-1OS-xnWrfqzlvZRfQDkpQHrXF1Z0aHXbbWyKGMWASZaofpDhs8z2jAMg5TDYD16qNCe6dr1w6Wv24KWNcgmzsKZAzGCvBGMOlBy7FfnCzKCo-KBpEiJt_KosEzdTDQCkwX1RCDfcyxZJBvprLsouUpZNJYbmF18LAHh92cSgFwKizwLfYahxKcCh2WwoHi5PTN4rkp5iif08JG9JjBPW4PkficWUOCkidyGiOf8UYNHgaV_AZcYqvpq0Es9yvBpb1QFkcLWWCvISqSLMg0xz8ATUjvzDFuoaif_gr9ou5NGI4eXeS3ZSyFeLR7SxTXyd8m6zACjkWnf0Bkkk6TmSAz-SgLm7twBXg20HYOIyuHslntH4OWdG_lGCzHvG9Rvg75ORRYIzyuqd4ZhNzarVJXS3kshDr01ldZ8LlMGEunM-s8zmz_yIBQbvt4m9T7ijfOuySzShAvccZzM_x2aQQk1ZTl5w3uTW_637iov5Un1Eo9ZPglNhjPjVCSkfjmoHxa3B4jVUGpU-UueRWz1hiHwnGrf7qwe0OJ4RcFiG3JvflrYcf-gZw7hVcC1dAXNBfK5eBFFdrISlp6PNQs42tWGfsdwtn72f1EyDnXnB8gyHv21NByjahth6TC-0nOuZiFdjv6RNQHHletji2LL3OVu3rxNCpC1TOlpf2U-1ow0pdAf2IJblLjkKeUWwkiEp_3dxEoYCBFUtNlfTVuMTTxWiHZlmAA-TCWExBl42KQ8Vx9DD5xxxV8OmYfeGdzfUSTZ_qmsNGCP7wuypumYKYvagPmFos-4kgSnN5UYj4cx4_YKZqKH8avwZJfnja4lPMp9X_2lIrCdWeig9pYVAkDTfdf0jtSLIZ_fJY-MIMdCZCof0sHTmQHoVHZHDiTbqYMU7XwZws0SjYpwmSnDQhZ0A-njyglWZjuinxGqsI09zjIA-ZUV5g-WNbNfwm3RJ9xhmbKSns6XBzkDaQKQIIgWWP-qswEP7cMpa9JdQJVzzGzDhHwVbC5X5jpcZhOpQRLFlgtIHoNdWTR3yTLm7FlQXBXrDZc4QM9Q3SyYVNtaUNx2YmliHtmT2APoSMMlh624Mnbb2BHampKquN3P643-CgS-3wtDw0L_kb7_5HvGQlGqD3SRG6kF5BOfDU71uP0YncrzLMMSmJJRYxCkGe_hXmN4aAAOsFJ7YlX481ZHmFF5X3sIR8CLiIeDKzhXOwQi-ROEqvZwq_D7JDTNkKG0s7tjmp0CuxSPlMF-dYImt5DHgQtNnxFc7pjjSvjE8MBcGCSqGSIb3DQEJFDEKHggAcABpAG4AZzAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNzM1ODUxODg4NzYyMIIEQQYJKoZIhvcNAQcGoIIEMjCCBC4CAQAwggQnBgkqhkiG9w0BBwEwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFIQVlcb11NV71Xob726EKV4iQOg2AgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQ-m25PwxVJLdRRqyDH618LoCCA7AQcptAIhfvFUOl2B5pVSEBocX66xnyTXAn0uiwgrkIKgNakDBq_5TgFAQaoyXw3CksXmpjOfnWCNxeBDQ88RU_lyLgFwLl6_abB9eRR9nf17VkGwmw9I56SkXO0-QV-aEvBoOkMD-Kd6dtShskg7kI52Tr0_OmOuTtpyg_NNR93J6QCLYrb-PjQdwq5-BbFTU5r3zL9HhK9QWIOSZjqw9LHsvx7NQMbYCXWk7Vd7HP0a7vdcp6TYtgPecsRAomtlVzxQ0aOcLjhTtIu6tDC1wH9rtSbNxSMoDDwsPTNnpSeN3-Yzbp8qqEFhi4eJq9H5-HGgaowbfukrrUk6tlEiVU2GanMndJriRIhE9PvmDdcVy3lunZ1x_jozY-MpqgYuutWGhRHP58Q9wwZleVeeIdjZOm2ADseb27bWgbF4SR0pvOx7Gf7ZZHAESTpkPMutRic7Lt0TInGyYd1-LYay1HvSuY-SGpkkHDjaNClBQ4LZ4N8misgEfP4pmbEH_DxKjVQEpDhnad1SR2pg6ThMjPYL1XZVrcZXdouCPTGft8k_lMFqs6ZcCgza1ueRhy4jzNF8kMJ_zMeOX3kHhwISanNEBUe0aSqpNaCGN2x3as3UULOBDWwAmQTM_M3AzEX3NKv4ZmfzX5VlOd5GraQvdjbdlckdGC93_mOpt2AsZs_L3XDlhk_yML4S_e23BJhLKVtyhrB180YRQy4Bkb2sX7vYGLCYQE_s9w2AQOZQfr6wb0tlk8-hcE2I-4UDjVpcqRwxu1Kg9FRSzhgq-eqJaNT1tVY_Z-BJkrmwWD8ZdN6zf5FP0YlbvLJKpOJMi_vVTqfoG2mITYwbcxhGXTg4MGsZggX0rht5uJEIX1-3sIv7liJeIAP5qcLFEnSfUUcJ5j6M4Zg9NS0c6AfMqO7Sfiouh9SxjeVGEd1xTO9PKFP6gocJW_Qq1aXhuyPnHCbk3kUNAlLEDa9yNszAYqeTyDCLNpxRwbi1zHeiaDETnwngKlE7KRdWTbhRJ7rfrXs3KpEEeZgb1N35ZFi0j5k-zsj4namgv86QzHilDh8PgOmDj0_ueNw3Jde4yC-db-iTFRySgfTUnwvkzVYsI_O48DwwyPyi8PMVnaMFOylnqOQvaAaZ9O5KdqSRSnVvFSW5K44gKJ4dJ14wnICvrHbdSEbWwT0B3JXutLvMu-wd1jdhhfw0lV9Wpi6crfhdTkk2mfnW9L1gxONeqGIGDjOVhHDVod-68p5GfvBRZXQDHcUjBNMDEwDQYJYIZIAWUDBAIBBQAEIP-IiDHhHUT-35PcbBNPq_p8-9LENbKqf0SyUozFaVijBBS1fZ7XSUc6vj-xMrbNAH_y_-5NOQICJxA=", + "format": "PKCS12", + "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..gVeXHink3QWNt1epfwgDUQ.t0SNfTR3XBMc1HSscAdnMj4YMLntPZ0T4eJxt4QNYe0.0KGyXlb-966FjXAVMkAIyg" + }, + { + "id": "tiq4n26axjircjk30oz5zf6k3", + "fileData": "MIIKUAIBAzCCCfoGCSqGSIb3DQEHAaCCCesEggnnMIIJ4zCCBaoGCSqGSIb3DQEHAaCCBZsEggWXMIIFkzCCBY8GCyqGSIb3DQEMCgECoIIFQDCCBTwwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFLQ0848EZD6gPUE_cf3A9mwmcaiNAgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQrIDyyig5vv5b41nRTJ4aSgSCBNA1rjNcEmpE7k9YfCK3Q6zB32mzFgRq4kCy-EPdPn291BPsAFaxNmiNB6rz18D_XORoYfbe9LnCY6hhFseljUHGzzJ6D3VNwNWuj1lls1wo5nFlHCd2bVLFpI2kUdDrym8Z7sWBrrUvw3bqcMJm91_SEFwzcnkGDXTYI2paxkeqtR5hPyZ1EsEk6qfTZKyWJE6-C5ZRfQRQ03TFl1iU8eAYZ_zZU_txrRek-M3uPVN9C4fAElj_naWlxv_kRCqAThQVwCYyxL6-SG_AN0Z8mRR9Lc12mMdFzms3WCXBehJyi8rNsu3htRc-PlP7JPIpHvbU4hKDdVV2YhcyieDucqn_uazt-YOKm_o_z7v6Al6TGLBCXFJAwNrVFtbNHxRaYlJTSD_-Lw3LLodPo20vdrEFYh93hMQ6DNxEcDPMQWP9l7zDCilShAgWclzwpNYyZKW0DbMBI53L51Ar4PgnNZd0JppouPXHzLEc3bYbIO_VfYQgeSfey-5UHITMk-FJ-0dfpJsfDg-bnoaRdTPnCcVPoml06BG2s4x1n7A185XGkhzBmZm5T1JRNsOtR3Atm1CvtSuPGdLsd0Yh5C15dTYMxM8Vq6fjoKqJDmo2BrBLgzhrSrPZKb5o3R0hEkcYfRlZwxiIasqxyhaGyR1DiN89s7zEkrmon4dYYgzfoipq0sh9Cc88Mvlej8tkIpKQxYRc8ggqln7lyiVj_FLCgezRcyPiukGchDlQgJqP7YQTmcMqtfH1HqRPmNmw4JKuQYTWjfKObbNFHWQmU9H_TeWWfGN9gwrS030kxmgr68CmETCqnjqmFK2sRDdtPzZcra5D3lBk4Z1VQfrR180NmmWiwQYvPwwu9hJpFe1eQVxE43EuJz4JNfU97Om8I35zKWuHA2lIR_DNL8HmaJZIcXYqneihe662mFc7qx8VhednFZNZq8P-r0dj1t3Yv9C6u-5sX0Prz6VNe62cHR3krs5Tgd9R3YxfH_wGWCpT_iH1bPxZhgIJcUYQ0Li8Y42ok10X5jZZAz84AXje0LmmTugGNWXgfhRmAfNDqMihPn443Z_umC7jW1NuDCIYv57Tll3uh0xqPpcjIyjuLLMEb8tyPScvqPQqAYrJPQ9gSVaUAwftzOkCg-eAqb8xYxZW9W89hmOSOudkU4MmH9IQJw3IeJzsGqnuxA3_S4PLa5G3Cs18ybVuVH4ScmgO9S753BCyVUu_8I60bLhQdYT36LqtK3SrJiOhwgqIG16utdw2kD2I_tkM04HMN-1sEZEk1_Md6UE1F0GbGm9QsYnagHu-BGd6MWntE_CMvGYtcnomTC548xMbAGeRotaEBkygZRoh92TZBAtOBwYz1YfemGAslLd7EnK0aBbYpx0fJWT9Lokclbxbam2Lrx16DsBjbw03istMoob8nDNiih6LQYDeqyMbCxJiHhyYs-xpfxPVoE5UKgxIKgpnRvJL6jEitwYtoB077Farme4YW3VFdvXT_NIzDi7uVGvrBhbpERVFqMn1zq7Zfl-bJJij-2AXyih8ETjI-WG9rOXXyJctxTsbeNotVgklLCZDGqD7PchcVaz1QwDPEphNnugQmKR-CrVylUnpx7081z4ZMtGaBSmgwdudRbZcfa-66CJFyuEewjE8MBcGCSqGSIb3DQEJFDEKHggAcABpAG4AZzAhBgkqhkiG9w0BCRUxFAQSVGltZSAxNzM1ODUxODg4NzM3MIIEMQYJKoZIhvcNAQcGoIIEIjCCBB4CAQAwggQXBgkqhkiG9w0BBwEwZgYJKoZIhvcNAQUNMFkwOAYJKoZIhvcNAQUMMCsEFBKpNCiu7LPjMk2pt9v0sLpDSfXTAgInEAIBIDAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQx78GwXfQZdSc7-2ZsHqdG4CCA6B5oCi9i7w4kmfOsUlSdb2WhxF5AI4FzZovbh6H4-8eDxZwEVWu1tiSXyJEfpOxvo-5EMOAvOCZ2VUj8SqmWGkCuzDixX8mSD4zuCwIg9QrhZ2r3LBJtMosrewrfsvc77Vw9aGtkIuK6inJQe8BG0BijuGsvjMjNTQGJOMp_63pE-Y4Xvkt6uv0YHJCCZotmzy0pjrRS8JY4h0NEf1jo9CEcH-yI2skFJtC3XrbQsur5UrIlWzEibfQSO6ozQbO2cGnFEsfRNLtTkl4QMIj98DVcBh9MRisapysmD_vWFGeXJPaDeMrV17JBmNzbLNZ_q0EJ2CPr-2VX9nmAyoYL7MIbAYChxzaCM8Xl2dlXe9lD7DBpEbsz7rakCEwAG0Rf0yw_lOwf1FUDFmt4mYJJPGXC3L5Mf48XpWilfU3toqNDhi1KtHuA7OymYBBZJw9jC9_cHg9KXak-U6068pfYe57SbrEwE4esSPtn6jF4uWq3-G3LniC_oHR9BCllZOB-1otGR7Z3rtterPoZFpdNWaUzfGXLFQlGx7g4_5zccVkUGSO43imjO8fLRvDEpOXc61bAbXct7nEnGEzlHki2wrzn9PdnRrpJm6nwQQY5yCu2jtMU12xBE7XhBW-1be4HKrUFknXcdORZEI3Zrqhaj_3IMudg_MXWhD5vcdyyNmeRd7ggul3-9I1TCYXhWRYtsBee8E7xW9rZfTRZ3REC1XOecOrMqsQlUTATQ5oiWO4VooDI1mVTiciK-IAk5CK-0H5Pwq20i8I_4NuWPbelNb76iMvdteHlygCSSp5-MvghfIwqClhqW0rMeAc-kLC8fzrZjME2L5WPgpqc8cKHm-xcxgSLbGpgHaRsS-ZxBuOi0tOGeZ6hknPlFnNmBttlJmNK2O8ykTNX6mE8I8pRoPCgUTYNNuhDCArBVwAV_q4vlEAMmBz7yBajG7CGQgFeU_r10lEKOyQSpG8J2aq2WeV7VQI6BLwXHiLfY7bakW5txu_X3z1DSDlMqFaGon1D6ic8aTPDjAxwNKd06q_9-0Eg-CyjYNK8JKsEqglh794WtK4iaVLmJPlcU0qReHLvOHqVYghgEgH4mpWAIEvXrSnRd-2HKnI2_5HVL5hA9NjbQkm5hLq1xr15320nTdVat10MNwr63OkDd8DaLwznK_Baq5Akrzu8i-ejKAxwitnmXSavdLSiVbth95u320yheHvkc6MLt3vtFOjATVXLq3VME0wMTANBglghkgBZQMEAgEFAAQg_7SjIvZ0aEKK1Apo2CkUIBNTbC8vQUFECFZZfc1fMHIEFItpHnkFo2hGFRTpr6cnzSrxUN1mAgInEA==", "format": "PKCS12", - "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..Pu65zkeybTU9lLx85fBi5g.1_1VeJsKIef5zAVui6NDHLTebyJMDH2ucGi8luVulVQ.lz9Bf1wwsOb1GYnOPHTylw" + "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..YD9GwH9hHVbqNjRm2lbFrg.Y7USHUUM7NPHoScEqgvKdE3ZLfLlavaRNOQM3nNxSEY.wGYYwuzkXbTeAIK4r9Fq0w" + } + ] + }, + { + "resourceType": "/keyPairs/signing/rotationSettings", + "operationType": "SAVE", + "items": [ + { + "id": "9vgmnd36wykte1l2nm8s8uead", + "validDays": 36500, + "keySize": 2048, + "signatureAlgorithm": "SHA256withRSA", + "creationBufferDays": 9125, + "activationBufferDays": 3650, + "keyAlgorithm": "RSA" } ] }, @@ -192,7 +235,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:25.681Z" + "lastModified": "2025-01-02T19:37:46.072Z" } ] }, @@ -204,8 +247,8 @@ "id": "noeOvj5ltBnf4rcmtZAKdJ", "name": "internal_brassteam_893438732", "active": true, - "encryptedCredential": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..sZUhJG6aS4P0ZXDNWK7XjQ.JtO_yZJ-TAPVdup6werUdjmo7tACboMfAJi0cgxELtK7pusQrpc_0iSsOLRVjX7QaHJmXMaLpiBZehCCbdFOTzUUZmXfMahndKkiSENGAoEFAcFK5siQ-_wfzCK9vaiceSik3cKelwuo8MmLVBNjPAFeZP7tfr1NFak1Fr1qrCIZNLft7v5fnTbe7sVaF4aZdaWlTsDPcD_6Gl-0oDrtRvLhYAgakAkcCugZjHmm5rijrQlYEuo4ip0Xn8z300uJ_-aXdsalbo_AA5lnhtTSCqoZamOXyrUWxWlpK6ner-QuHjbnIpDRIFH2A1qJPmphcuJWBGgrHJkH8eCj5qPsx0fr8uaTaW5G9Xxz0rORRf5JK-fDwge_XoqYo-vLOMeHjletKAoqF4weKzupGcrnLy8Nhx34SQOewG4uKCGc--Xm2VkaM6-P9VO9U6J6c09brq0z49kJ_ZdVG-wCqc-ADOUb1G-d7GQ9NsEyS1WxGLEVqcRYtJ8mRtjl32Co1GwrF9Bvd-_0cuqqWc8dAx2h0JVaQkURSKNiVO_a8SkOh6120k_2frr0bAuWOQZS9C6VLsX8vnnH-khrmexoNBYUtWDAUMH2EGoH6tPnSK5mhsDgXXvcUeGWo3Q2eOb_tqCnsXAQTzKQJQ9GpKoUdNcxjn2j_QGNZG0gDkKBAvSCyDhCbdVSHm3vofmaAi1wd4vHcMo_Hi6_Law5iKpdGwpJuEH32HWKnCq3JXVr8R-q8fwRsgREuN0Ioz1LoP3-i5HcguJG-WjvfK1udTKn0iXldvJCqKdjNm8vHusev33Ibf5Ko3t7BNROIEcCvXGT7qOo7Irki8SLkhY6K2KKuvBV1oNZiG2tIT0blsbm2fRYQ_Bqbree_iRClh8WHhv7gP4kK2ZnhSNA4R5JMIlrnxM5ffrGw5oO9k_DiZLNMtp59kvEIkdDm8SZUZBpxR_GV2o_LK03BX7E63Q1nMXYtLeMqIm7Wr-_0qOTBw0FWM8gwf-JZpKbZeWP298O7DJD_OIqaTBCFoSXjZZXxZFmd_Yp6UmxZ2vMaju2cphm51bBV724WF6Up99suq4xiMrU7tqv1cdLTkIZ-1ng6YpVUSNndVtvhdFx43F-1LnQjHa6nnEUP3zuvcm8s29gw1FfHvreTOIn2LOn2JoctvVYg42WWDCTWxNsjNBp0qgWeTdGeV-4Kpk9hOswlMzjAJhPXVZJoMSIlEkKmUgTozdKf3H3VnMNdGDCavTa-1xrMn4gTmmk5WjJXZAO3WAN-oUKAKKA4D1eJtST-NzlQfSWIJQnwEFlKCCFKt2hYJYb8sSfjwfgeYo60I-dV-5do4uImzQ8glEwIcSDc42IG4CNYzVqVRH-0Gtoml9UIFc8Tq2oclV32Xflgi054OgxLf4c4N-zG5jAQs9Hl7T46enBVdFlgi2V5clxfmLx8XkvyaA8YiLxqXxtVQ3XqoNzguzWWRIWPAYEf25mIbnTuwIuaHb6EJZWkT3MH9qD5_TEOYCREXjbUKI95wiAfpA26qsoo1x8z2x081qGcghDJJ1c4mBOOLr7HO_Ggwnj-Q8vZAYO5t8GSXD7zM-NkEwR2qi6W9bv6J2x8y5C9zaDtcEFD9oZgZLtZ6FuyheohkODZ_Lq3aJZ0HTge1Npx7KSCkHPf8VzKRfMsncwkQYN3Q3t5oq43YNdYAVi42aQTRvG8K-Z5zt1ivg5enUkEov9YlB860BJquU00Ohuqm0WOSzjK9UkdA.BeKp73q8pwVZrsknfzDGRQ", - "creationDate": "2025-01-02T17:59:21.234Z", + "encryptedCredential": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..fG2nO6u8N6RRXRfo4EQTkQ.tI42SGPft_Q-orzKHKhEudp1nQz-omqC_3CyV0rlNTjrcu4YLHV1ytB_O0tV0xh9KHx2_250ISGtNiACtdh5mz0N2RG4k57ZE7wDfftECtNaDvB4Ay4lvWDL20o76w03Uh27OqJeTsJ_oZs2DcRv5vyFSP7AiM-bdFHTUzb0rROxLEp0ogmv73B739kqtIdEk9CgImMl6PwZxDf8xESyrYJhB5xG74uXbW6-alofdjskdgCmXgvARIBegH8ztox_zTYK23O6hiTngE4lxZ712qUHRLUy6TWrUR435hNPixBviW74Yr1S-TyVgKvdrMUYrS5V1DHJmjqv2SPbBpe7pVixlSba-EVmG1WJ-qZ4HpzmITbXY4doft90XYZxRTDLpZCJmP4OeI8ocnIpVv6gjG1PFofpELm7VoVpHNz4kueR7rmGeYl_5G1GALmcCIqJARKqaj89DKEnIbs8CZY36EFwLJ9z47SKSucHMpPw4Aw7M52MPDK8V59Tz3IU35_RWYJQmHeCL2ZGzq6aZeLAwaDP-DLg0ojtyRilNSixuBqWv2_s0L5OA1BrjY1pSLmnGLwknqG7n8li7b5OMnY3FpifFVb6mAVntdfxUI5lfUbG_HAm-OzwIf5AgTjd1cETkb6OwRJkx4660obEf6oSFGuB6EkXumyx4YM9MpmarVeU3JDTsbFJFF4SSVlMooM5AjxHEyFDPf96CIXBHe4mb_e8HDVNNsg7WISnAb1Tovgx7meI_pwvqPHEfMmAfxiHva3qRM9eRHXB75UuVpiqHfd67lTIVMUS10zB5I2Oh4PV9VLm8ytYnH-xCs46xPAErW4XrBtVp5-Sxp11Gsl11egezjjjl_1L4eo-eW7Cok-UqEnl87on1ZCNuYJvXB8iL6E4LnFbclzFV0xYN5Ex5LrWt5osHn8qoKcKlovrVA1A9FIZ2tW02An8gX66N1R5wUESCNHG1hpqTYVUF92yLqIke11CotygnVf4zJrqM98Ytvw2aW-Nda3y8dKDrETc7g-sXT376BGoZFpNbPWid4MaQPzC_mCoqyjdE1yw4GsshUF6ksQtcBQQ6X1ga5ozGb3C6TuxrvuD2inekbMnF67UKluN6r4NjtBCsnVkSrKmIsrI_gOAsHMU_GgeA7V4Eb3AU4eSbQj_Sk8rGSqFirP4Ce0iMcrNuygnCXScU61ff45ogTYRCvkytoT_SPVZGhlF9DhTGxSExLnGNPDc-6ZqHlis-o5qCQ7ZrnOcMlCgd4bOnoXyQUSAP1PptYSfIqmn6eWZWzkFRDSsxBI2kXuPlEUavZb7wbtuV51VkxxZVTuTHShOKta98RrjXL62Qjy9Yvumv3ulZXwDm797O-VTIPWeiEvdOlFscPmLEgqxGK6XEtmPBdPpznJ9btm2YxtJVenaqI53jvyhSUbmk34zaGR3EATHkyITUjtuw_5j_CFg1OMvcZbhEKfdPt4Xnxd8UqhGPiV1GbXw3UcY6oarcWFqs6v56OvftoVGBgckxjzr76CByO-KHM0XLelDnzkCNxXFPHDsp662tKOfSMgowllSM4dfaUZz7KvrmrFGco6unKup5HbwtJw1D_nft0vwrCaTXdQybcoZpfJqbOtw2IyT-mhR18QhgJv22w_XFfRoYTo1L7NuIngSdXxILlvskSdgcP6n7EP6zR0jWs6L64nZ_7lI9Zxg88mNBxv_dXtQmPLsK4sHg-qG9-7yaa5B8z_VY2xIfBIysp7Wnw.09YLtWJ2ySQEySbFxfF4Eg", + "creationDate": "2025-01-02T19:37:46.117Z", "credentialId": "971b5d20-0955-4030-b49b-7e349b3b9b1e", "pingOneConnectionId": "554257ac-76ca-447a-a210-722343328312", "environmentId": "f5901536-2b60-4d4a-a987-3d56aadad46d", @@ -230,7 +273,7 @@ "ldapType": "PING_DIRECTORY", "bindAnonymously": false, "userDN": "cn=pingfederate", - "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..hHAlDvmt1Ks5fwUh4l1gyw.pEJ038M0X9dylJ6eH_1NUQ.Ik2S0INx5QtmI7xChZrnUw", + "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..jVe3x5VP0IgQZvJr2JLHfg.XDPhm9vICFG6gX2ZRZNmnw.Xldpt0OEEvnVqKemr8dHCA", "useSsl": false, "useDnsSrvRecords": false, "name": "PingDirectory", @@ -242,7 +285,7 @@ "defaultSource": true } ], - "lastModified": "2025-01-02T17:59:20.482Z", + "lastModified": "2025-01-02T19:37:46.201Z", "retryFailedOperations": false, "testOnBorrow": false, "testOnReturn": false, @@ -267,7 +310,7 @@ "connectionUrl": "jdbc:hsqldb:${pf.server.data.dir}${/}hypersonic${/}ProvisionerDefaultDB;hsqldb.lock_file=false", "driverClass": "org.hsqldb.jdbcDriver", "userName": "sa", - "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..wxVrzkuEU1rs99EBnEhZtg._bLhQUpQL42SYEXtgb2X3g.OnqR5MNMsSLgpeovbonxFA", + "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..cgdPSsU0UfdWiwPsPqxGUA.TRaaGAQls383_kOGr0PgXQ.z6_gZTKKD3AjU9eT22eTXA", "allowMultiValueAttributes": false, "name": "ProvisionerDS (sa)", "connectionUrlTags": [ @@ -276,7 +319,7 @@ "defaultSource": true } ], - "lastModified": "2025-01-02T17:59:20.498Z", + "lastModified": "2025-01-02T19:37:46.221Z", "minPoolSize": 10, "maxPoolSize": 100, "blockingTimeout": 5000, @@ -292,7 +335,7 @@ "ldapType": "PING_DIRECTORY", "bindAnonymously": false, "userDN": "cn=pingfederate", - "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..k1L9m-3jpjS2sXo9554-cQ.VslnEnAz5XwI9Pgipvn9NA.Me39IBEPU6hUMnaGnftV3A", + "encryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..e33Qf9teVnpwxWVlc005gQ.tT6vc5-7C_nXBHShlyYWfg.h5eDFEzXeX4OCq56r_h0gw", "useSsl": false, "useDnsSrvRecords": false, "name": "pingdirectory", @@ -304,7 +347,7 @@ "defaultSource": true } ], - "lastModified": "2025-01-02T17:59:20.508Z", + "lastModified": "2025-01-02T19:37:46.233Z", "retryFailedOperations": false, "testOnBorrow": false, "testOnReturn": false, @@ -392,7 +435,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:22.146Z" + "lastModified": "2025-01-02T19:37:46.288Z" }, { "id": "exampleSmtpPublisher2", @@ -458,7 +501,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:22.157Z" + "lastModified": "2025-01-02T19:37:46.274Z" } ] }, @@ -494,7 +537,7 @@ }, { "name": "Secret Key", - "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..3pPidj27zSRP-4oQzB9ETQ.Z40HefyO6l_bTuMVL5uLrg.AzHOXB98M79pKPInlFj8-A" + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..o7T4HppXKm-kANjU8t8avQ.01xAEx3TosV-Hq79Lt_h5A.KIUJsGsyQvM5_hYcjpeazg" }, { "name": "Pass Score Threshold", @@ -506,7 +549,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:22.192Z" + "lastModified": "2025-01-02T19:37:46.323Z" }, { "id": "exampleCaptchaProviderV2", @@ -524,7 +567,7 @@ }, { "name": "Secret Key", - "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..wwvv0AxaHNm6KcJp-myEIQ.cjnIlRFrAIU7mD4E-cPP4A.WtsTJg4ghSIGvcltRc6Jjg" + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..u286rd3MOERi4xzzKUwLaA.0okr6lY8i_0z-EiqfgE1rA.GNL3zQoBD2S1h6SumzUmAg" }, { "name": "JavaScript File Name", @@ -532,7 +575,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:22.181Z" + "lastModified": "2025-01-02T19:37:46.348Z" } ] }, @@ -754,15 +797,15 @@ "items": [ { "username": "Administrator", - "encryptedPassword": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..jBDjd_P2W09Lxg21LPH_TQ.LcJj3oEw5H3BAfKTRf-l46GTJ_tpah6B_D_1u_y_0UblIF6xWdgL56frbuInCouyB4QG1kxamINlTylY-AMnOw.SEMXVSMaRFcH_GLATiKZKw", + "encryptedPassword": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..zoe8s-EawoF5uNaA5bcNGw.U6EWDLaI4lNtmMPSCb8GgFlfon_ugdY0OwYMRpj2SYNys2lY8D5pVSUCMAJ-bz4XI8fet_8ekfgFG6C4DKSwCg.df5PlUPdVn_6dl6Fqv0R5w", "description": "Initial administrator user.", "auditor": false, "active": true, "roles": [ - "CRYPTO_ADMINISTRATOR", - "ADMINISTRATOR", "USER_ADMINISTRATOR", - "EXPRESSION_ADMINISTRATOR" + "EXPRESSION_ADMINISTRATOR", + "ADMINISTRATOR", + "CRYPTO_ADMINISTRATOR" ] } ] @@ -873,7 +916,7 @@ } ], "extendedAttributes": [], - "lastModified": "2025-01-02T17:59:21.192Z" + "lastModified": "2025-01-02T19:37:46.770Z" }, { "id": "QGxlec5CX693lBQL", @@ -884,7 +927,7 @@ } ], "extendedAttributes": [], - "lastModified": "2025-01-02T17:59:21.200Z" + "lastModified": "2025-01-02T19:37:46.783Z" }, { "id": "default", @@ -911,7 +954,7 @@ "name": "SAML_AUTHN_CTX" } ], - "lastModified": "2025-01-02T17:59:21.203Z" + "lastModified": "2025-01-02T19:37:46.788Z" }, { "id": "samplePolicyContract", @@ -938,7 +981,7 @@ "name": "SAML_AUTHN_CTX" } ], - "lastModified": "2025-01-02T17:59:21.207Z" + "lastModified": "2025-01-02T19:37:46.792Z" }, { "id": "wIdHhK789PmadmMS", @@ -959,7 +1002,7 @@ "name": "mail" } ], - "lastModified": "2025-01-02T17:59:21.210Z" + "lastModified": "2025-01-02T19:37:46.796Z" } ] }, @@ -1048,7 +1091,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:24.814Z", + "lastModified": "2025-01-02T19:37:47.125Z", "attributeContract": { "coreAttributes": [ { @@ -1158,7 +1201,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:24.838Z", + "lastModified": "2025-01-02T19:37:47.141Z", "attributeContract": { "coreAttributes": [ { @@ -1201,11 +1244,11 @@ }, { "name": "Password", - "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..-Qv4Sd0wFeXAG8puOowEBg.wAQ3J5TwfTZACc95p7sqCsVQ0Y1B2ciWsqXACy3Q56u8DY21dqAmQXI5vgZBxFdwk3JpcsQ8UWEPImoIUAHMAg.8cHqccWO0m40fXQjSYwFmw" + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..AcscU84nJxctW3DLpLtYtg.TbnXFMwsWczwhOOKiA59dv_GvnguFKcqzT5Q6WmM6j0hi6-o5Cu841lMJwbaOTXW1wFMPo_oN_RSfgemVD2LIQ.kclQSHNUcLXNGjAjnfNgXg" }, { "name": "Confirm Password", - "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..jPnuTOZfNQa4nAv22ehD6w.ahGcJ9BvykNsRv2RANyiivxnnLO5MRNzoB_kjgtqsujogTKcqGPi1lEneQKqhivK_sPDjrar7vC0XHkezwV6fg.ZMKWcQRGgmYSG7gs1C8Hng" + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..1w4OjpjNLzRL86GrhO-mbA.0HoCYeRsGMd0tnwqVPh_P5EsIFb2mMU3_IlUnvUn_9ZF1SNr1p-7ZoAadzFLZH01h776PhExOCFfYnwJvXEE2Q.4bXHFzFd3qna7JNBvtv37A" }, { "name": "Relax Password Requirements", @@ -1219,7 +1262,7 @@ ], "fields": [] }, - "lastModified": "2025-01-02T17:59:24.866Z", + "lastModified": "2025-01-02T19:37:47.158Z", "attributeContract": { "coreAttributes": [ { @@ -1393,8 +1436,8 @@ "deleteIdentityEnabled": false, "templateName": "local.identity.profile.html" }, - "profileEnabled": true, - "registrationEnabled": false + "registrationEnabled": false, + "profileEnabled": true }, { "id": "regIdentityProfile", @@ -1589,8 +1632,8 @@ "deleteIdentityEnabled": false, "templateName": "local.identity.profile.html" }, - "profileEnabled": true, - "registrationEnabled": true + "registrationEnabled": true, + "profileEnabled": true } ] }, @@ -1622,7 +1665,7 @@ }, { "name": "Certificate", - "value": "419x9yg43rlawqwq9v6az997k" + "value": "tiq4n26axjircjk30oz5zf6k3" } ], "defaultRow": false @@ -1735,6 +1778,10 @@ "name": "Access Grant GUID Claim Name", "value": "agid" }, + { + "name": "Publish Keys to the PingFederate JWKS Endpoint", + "value": "false" + }, { "name": "JWKS Endpoint Path", "value": "" @@ -1758,14 +1805,10 @@ { "name": "Type Header Value", "value": "" - }, - { - "name": "Publish Keys to the PingFederate JWKS Endpoint", - "value": "false" } ] }, - "lastModified": "2025-01-02T17:59:24.371Z", + "lastModified": "2025-01-02T21:03:19.303Z", "attributeContract": { "coreAttributes": [], "extendedAttributes": [ @@ -1820,7 +1863,7 @@ "distCenterTest" ], "kerberosUsername": "user", - "kerberosEncryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..oVMPsvzhDSFshvCZN3BKpA.AH_B-y9w97kFD2obrujijQ.erMCc4QM4GArQMDM6aHTIg", + "kerberosEncryptedPassword": "eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..p7-lBq1Be8b9E7z-8F2kew.wqyvKe3Irq0yJ9GjbI3tQA.oAcTXO6pdze88hL_mwQyQA", "retainPreviousKeysOnPasswordChange": true, "suppressDomainNameConcatenation": true, "connectionType": "DIRECT" @@ -1880,7 +1923,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:25.041Z", + "lastModified": "2025-01-02T19:37:47.471Z", "attributeContract": { "coreAttributes": [ { @@ -1982,11 +2025,11 @@ "fields": [ { "name": "Password", - "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..Np_5b0Tt7UYXUkrGkGdpmg.bHfUkVCNHWTJmktaACM98Q.yYpSD5Iv5mcWN-KyukjG_g" + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..P8-n1_WPyNyDX8d513tRVQ.h9TlPDdMcCffdJw9D15mwA.ietPcUo5-UJiOXr8VJBoNg" }, { "name": "Confirm Password", - "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..J1gp-aFFq9Kot5AYURE3tQ.AWD7OPeRxxuCPGCkp6r1kA._qJBdDV9ETA49qJ3Y6y84A" + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9.._hHGvkU_PjNVpGs_ZTjKIg.F1_wEgClWpvBWBGVWPMXEA.dzFiIh1nXNAs9tziAjBDzA" }, { "name": "Authentication Service", @@ -2074,7 +2117,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:25.082Z", + "lastModified": "2025-01-02T19:37:47.524Z", "attributeContract": { "coreAttributes": [ { @@ -2388,7 +2431,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:25.127Z", + "lastModified": "2025-01-02T19:37:47.596Z", "attributeContract": { "coreAttributes": [ { @@ -2769,7 +2812,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:25.207Z", + "lastModified": "2025-01-02T19:37:47.675Z", "attributeContract": { "coreAttributes": [ { @@ -2892,11 +2935,11 @@ "fields": [ { "name": "Password", - "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..BjMXSrTTutSuDcmUGsfXwA.999EKovUK5PhOXteo3uNyw.VomGXxTsgaD7IExSmfVUvQ" + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..PFrv_FscMq6fEy2yX5N7AQ.GtT55khTeM8eJuVVnNK7Jg.39v7f0ww1MpoHoC_EbsUGA" }, { "name": "Confirm Password", - "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..4R4qwKfjzaqq6shS7n6y0A.nZlaZeLEB4DnMhyMH_2I4g.xK0OPLmGns8rAO_0_Sg3HA" + "encryptedValue": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..76VQ-HU1M3cC97voJmgSFg.SHQw-_wj3-amWgLV-8o2Pg.GhWUxboRZQRqmUPlHIgI0A" }, { "name": "Transport Mode", @@ -2992,7 +3035,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:22.066Z", + "lastModified": "2025-01-02T19:37:47.706Z", "attributeContract": { "coreAttributes": [ { @@ -3073,7 +3116,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:25.465Z", + "lastModified": "2025-01-02T19:37:47.776Z", "attributeContract": { "coreAttributes": [ { @@ -3137,7 +3180,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:22.207Z", + "lastModified": "2025-01-02T19:37:47.792Z", "attributeContract": { "coreAttributes": [ { @@ -3174,7 +3217,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:21.089Z", + "lastModified": "2025-01-02T19:37:47.807Z", "attributeContract": { "coreAttributes": [ { @@ -3216,7 +3259,7 @@ }, { "name": "Signing Certificate", - "value": "419x9yg43rlawqwq9v6az997k" + "value": "tiq4n26axjircjk30oz5zf6k3" }, { "name": "Signing Algorithm", @@ -3248,7 +3291,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:21.069Z", + "lastModified": "2025-01-02T21:02:09.135Z", "attributeContract": { "coreAttributes": [ { @@ -3328,7 +3371,7 @@ "parameters": [ "test" ], - "lastModified": "2025-01-02T17:59:25.481Z" + "lastModified": "2025-01-02T19:37:47.913Z" } ] }, @@ -3456,13 +3499,13 @@ "id": "gpmlavn03e4mknkyml4m2ak9q", "fileData": "-----BEGIN CERTIFICATE-----\nMIIDnTCCAoWgAwIBAgIUS2TBCdRzpK4Zze+HDKjB9EQSHqYwDQYJKoZIhvcNAQELBQAwXjELMAkG\nA1UEBhMCVVMxCzAJBgNVBAgMAkNPMQ8wDQYDVQQHDAZEZW52ZXIxIjAgBgNVBAoMGVBpbmcgSWRl\nbnRpdHkgQ29ycG9yYXRpb24xDTALBgNVBAMMBHRlc3QwHhcNMjQxMjEyMjMyODI0WhcNMjcwOTA4\nMjMyODI0WjBeMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ08xDzANBgNVBAcMBkRlbnZlcjEiMCAG\nA1UECgwZUGluZyBJZGVudGl0eSBDb3Jwb3JhdGlvbjENMAsGA1UEAwwEdGVzdDCCASIwDQYJKoZI\nhvcNAQEBBQADggEPADCCAQoCggEBAJdoGurgDvSRBL2cIeUaCY3po5YDZnV1eyuOQTxQc6OT2JS0\n+40gJbJmfNrbcOSt+1DbxzP+Ixblkcz569VOC5lbROn38yeaMU32Xc/4DGSp1HCY/JfSygz/+qr8\n8YTqMaI21AbZnAiY5x0Rw56IDmJglXaXeVbCUJy7oPTyAoYYT93DJDk41Ze51UcTmUsTKN4K3gvv\nSaRuyq5+g6EXBq7AkeOnbP0bSHybN1KEV5BXNNpgk9h0Jw3PE+qkm/5nYRzxBf4RA/Agfv9esG9N\nz3XgDowAGBmxr+rU/na7pwEEudMh668DEDeRVwh1ZapYpBtVcxMHmdJPgFJrBlo6mMECAwEAAaNT\nMFEwHQYDVR0OBBYEFGJc3Z0j9kXPsTmmbgAsY/PK2cupMB8GA1UdIwQYMBaAFGJc3Z0j9kXPsTmm\nbgAsY/PK2cupMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAJVBvcHhh+00gzQ0\npnZKtRJxvEg+pGh+B9E+5i2PsNGyIAvAXw4mdBcQZKxfiXM31ZE2ge1mP+4di11+PKYNH2E973PL\nJ+wGHeQZ1ETDG5fo79t0MG1RzHtGoirZW7v4BNUI6ZM2FjEaCOtZg1rUhkdIfqDx4CeNjzb0rhXI\nzXNTS4Y6VlxWArQnwAgqPtb5poJG3Mm/3f6uQg/l0LIKTY/GR6yQsNCkzTZQhrIpXj4RpqnX3QgD\n1IWToMon7ntp4gAP/lASM5/xm5Jzb6dmF+hoN073g02UeV2TDLze80+K+Xr1GZeeULuXNrhOEXDR\nytvube8OXPPY6/zCphVb21g=\n-----END CERTIFICATE-----\n" }, - "activeVerificationCert": true, - "encryptionCert": false + "encryptionCert": false, + "activeVerificationCert": true } ] }, - "modificationDate": "2025-01-02T17:59:25.748Z", - "creationDate": "2025-01-02T17:59:25.748Z", + "modificationDate": "2025-01-02T19:37:48.089Z", + "creationDate": "2025-01-02T19:37:48.089Z", "wsTrust": { "attributeContract": { "coreAttributes": [ @@ -3492,20 +3535,21 @@ "contactInfo": {}, "loggingMode": "STANDARD", "virtualEntityIds": [], + "licenseConnectionGroup": "", "credentials": { "certs": [], "signingSettings": { "signingKeyPairRef": { - "id": "419x9yg43rlawqwq9v6az997k", - "location": "https://localhost:9999/pf-admin-api/v1/keyPairs/signing/419x9yg43rlawqwq9v6az997k" + "id": "tiq4n26axjircjk30oz5zf6k3", + "location": "https://localhost:9999/pf-admin-api/v1/keyPairs/signing/tiq4n26axjircjk30oz5zf6k3" }, "algorithm": "SHA256withRSA", "includeCertInSignature": false, "includeRawKeyInSignature": false } }, - "modificationDate": "2025-01-02T17:59:21.934Z", - "creationDate": "2025-01-02T17:59:21.934Z", + "modificationDate": "2025-01-02T21:01:44.089Z", + "creationDate": "2025-01-02T19:37:48.857Z", "wsTrust": { "partnerServiceIds": [ "test" @@ -3629,8 +3673,8 @@ "description": "testDescription", "signingKeys": { "rsaActiveCertRef": { - "id": "419x9yg43rlawqwq9v6az997k", - "location": "https://localhost:9999/pf-admin-api/v1/keyPairs/signing/419x9yg43rlawqwq9v6az997k" + "id": "tiq4n26axjircjk30oz5zf6k3", + "location": "https://localhost:9999/pf-admin-api/v1/keyPairs/signing/tiq4n26axjircjk30oz5zf6k3" }, "rsaPublishX5cParameter": true }, @@ -3774,7 +3818,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:24.220Z", + "lastModified": "2025-01-02T19:37:50.470Z", "attributeContract": { "coreAttributes": [ { @@ -3841,7 +3885,7 @@ "conditionalCriteria": [] } }, - "lastModified": "2025-01-02T17:59:24.254Z" + "lastModified": "2025-01-02T19:37:50.507Z" } ] }, @@ -3900,7 +3944,7 @@ "location": "https://localhost:9999/pf-admin-api/v1/oauth/accessTokenManagers/jwt" }, "scopeAttributeMappings": {}, - "lastModified": "2025-01-02T17:59:25.257Z" + "lastModified": "2025-01-02T19:37:50.605Z" } ] }, @@ -4069,8 +4113,8 @@ "ACCESS_TOKEN_VALIDATION" ], "name": "test", - "modificationDate": "2025-01-02T17:59:24.610Z", - "creationDate": "2025-01-02T17:59:24.610Z", + "modificationDate": "2025-01-02T19:37:50.760Z", + "creationDate": "2025-01-02T19:37:50.760Z", "refreshRolling": "SERVER_DEFAULT", "refreshTokenRollingIntervalType": "SERVER_DEFAULT", "persistentGrantExpirationType": "SERVER_DEFAULT", @@ -4105,7 +4149,7 @@ }, "clientAuth": { "type": "SECRET", - "encryptedSecret": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..Zg03OlCpID5J9ROj30geaQ.oH1hn8K4Tk0Mfx5CA8UjKJTqf6kzpRWp3vfW72WPUYnFTNkB7qc3dsQkvfI94o2rLz4aNelACmk83ypUF97E6ZNSu7UHfSuuoK77d5oCS7s.vMQAGu-BJL2uUmT2HwhZpg", + "encryptedSecret": "OBF:JWE:eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiUWVzOVR5eTV5WiIsInZlcnNpb24iOiIxMi4xLjQuMCJ9..7DwuTz2jKYLtp6DY5xB6ag.Ur20BDlEYLMrRM6yXNbvp5cdnRta7QafBHU1wXw5VU1ba7oERgsMG0buE2L2JxF8W1ZKNM-o2RcWGunpD9nUJVhicoPokdUeFRCdnOp3EU0.rJnSYiuhQUytZKK4ISjDhA", "secondarySecrets": [] }, "deviceFlowSettingType": "SERVER_DEFAULT", @@ -4163,7 +4207,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:25.579Z" + "lastModified": "2025-01-02T19:37:50.792Z" } ] }, @@ -4277,7 +4321,7 @@ } ] }, - "lastModified": "2025-01-02T17:59:25.335Z", + "lastModified": "2025-01-02T19:37:50.879Z", "attributeContract": { "extendedAttributes": [ { From bb9721f9a663ce574b3f4e31dbc88466d41ae73c Mon Sep 17 00:00:00 2001 From: Erik Ostien Date: Thu, 2 Jan 2025 14:12:19 -0700 Subject: [PATCH 30/30] PR review changes --- .../pingfederate_oauth_access_token_manager_settings.go | 4 ++-- .../pingfederate_oauth_token_exchange_generator_settings.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings.go b/internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings.go index 0c586783..7363d688 100644 --- a/internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings.go +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_access_token_manager_settings.go @@ -32,8 +32,8 @@ func (r *PingFederateOAuthAccessTokenManagerSettingsResource) ExportAll() (*[]co importBlocks := []connector.ImportBlock{} - oauthAccessTokenManagerSettingsId := "oauth_access_token_manager_settings_singleton_id" // #nosec G101 - oauthAccessTokenManagerSettingsName := "OAuth Access Token Manager Settings" // #nosec G101 + oauthAccessTokenManagerSettingsId := "oauth_access_token_manager_settings_singleton_id" // #nosec G101 // These variables do not contain sensitive token information + oauthAccessTokenManagerSettingsName := "OAuth Access Token Manager Settings" // #nosec G101 // These variables do not contain sensitive token information commentData := map[string]string{ "Resource Type": r.ResourceType(), diff --git a/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings.go b/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings.go index 12cf11fb..3952ed53 100644 --- a/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings.go +++ b/internal/connector/pingfederate/resources/pingfederate_oauth_token_exchange_generator_settings.go @@ -32,8 +32,8 @@ func (r *PingFederateOAuthTokenExchangeGeneratorSettingsResource) ExportAll() (* importBlocks := []connector.ImportBlock{} - oauthTokenExchangeGeneratorSettingsId := "oauth_token_exchange_generator_settings_singleton_id" // #nosec G101 - oauthTokenExchangeGeneratorSettingsName := "OAuth Token Exchange Generator Settings" // #nosec G101 + oauthTokenExchangeGeneratorSettingsId := "oauth_token_exchange_generator_settings_singleton_id" // #nosec G101 // These variables do not contain sensitive token information + oauthTokenExchangeGeneratorSettingsName := "OAuth Token Exchange Generator Settings" // #nosec G101 // These variables do not contain sensitive token information commentData := map[string]string{ "Resource Type": r.ResourceType(),