diff --git a/docs/janssen-server/auth-server/logging/log4j2.md b/docs/janssen-server/auth-server/logging/log4j2.md index 29b54741e1f..48d470fe59b 100644 --- a/docs/janssen-server/auth-server/logging/log4j2.md +++ b/docs/janssen-server/auth-server/logging/log4j2.md @@ -69,17 +69,7 @@ Sample - - - - - - - - - - + @@ -124,16 +114,12 @@ Sample - - - + - - - + @@ -143,9 +129,7 @@ Sample - - - + diff --git a/docs/janssen-server/auth-server/openid-features/acrs.md b/docs/janssen-server/auth-server/openid-features/acrs.md index b6e7b5b7a9e..fd9d5ff7984 100644 --- a/docs/janssen-server/auth-server/openid-features/acrs.md +++ b/docs/janssen-server/auth-server/openid-features/acrs.md @@ -45,7 +45,7 @@ against the backend datastore. All Janssen Server deployments have `default_ldap_server` ACR which can be enabled to perform authentication against a remote LDAP-based IDP (e.g. ActiveDirectory). By default, this ACR is disabled. This ACR can only authenticate against -LDAP-based IDP or a local LDAP. +LDAP-based IDP. Use the instructions provided in jans-cli [LDAP configuration options](../../config-guide/auth-server-config/ldap-configuration.md) documentation to learn how to enable and configure ACRs that use external LDAP as IDP. diff --git a/docs/janssen-server/config-guide/config-tools/config-api/monitoring.md b/docs/janssen-server/config-guide/config-tools/config-api/monitoring.md index bbf9fe637dd..259884d6beb 100644 --- a/docs/janssen-server/config-guide/config-tools/config-api/monitoring.md +++ b/docs/janssen-server/config-guide/config-tools/config-api/monitoring.md @@ -53,7 +53,7 @@ Sample server status response HTTP/1.1 200 OK Content-Type: application/json { - "dbType":"ldap", + "dbType":"MySQL", "lastUpdate":"2023-03-16T03:17:44", "facterData": { diff --git a/docs/janssen-server/fido/config.md b/docs/janssen-server/fido/config.md index 40bdd1ad928..0f5f5d968a0 100644 --- a/docs/janssen-server/fido/config.md +++ b/docs/janssen-server/fido/config.md @@ -21,7 +21,6 @@ tags: | metricReporterInterval | 300 | The interval for metric reporter in seconds. | | metricReporterKeepDataDays | 15 | The number of days to retain metric reported data in the system | | metricReporterEnabled | true | Boolean value specifying whether to enable Metric Reporter | -| personCustomObjectClassList | ["jansCustomPerson", "jansPerson" ] | LDAP custom object class list for dynamic person enrollment. | | fido2Configuration | See JSON contents in the below example | FIDO2 Configuration | #### Fido2Configuration structure diff --git a/docs/janssen-server/install/setup.md b/docs/janssen-server/install/setup.md index 6aa43bbcc9d..318757060f4 100644 --- a/docs/janssen-server/install/setup.md +++ b/docs/janssen-server/install/setup.md @@ -74,51 +74,19 @@ python3 /opt/jans/jans-setup/setup.py --help ``` ``` -usage: setup.py [-h] [--version] [-c] [-d D] [-f F] [-n] [-N] [-u] [-csx] - [-encode-salt ENCODE_SALT] - [-remote-rdbm {mysql,pgsql,spanner} | -local-rdbm {mysql,pgsql}] - [-ip-address IP_ADDRESS] [-host-name HOST_NAME] - [-org-name ORG_NAME] [-email EMAIL] [-city CITY] - [-state STATE] [-country COUNTRY] [-rdbm-user RDBM_USER] - [-rdbm-password RDBM_PASSWORD] [-rdbm-port RDBM_PORT] - [-rdbm-db RDBM_DB] [-rdbm-host RDBM_HOST] [--reset-rdbm-db] - [--shell] [--dump-config-on-error] [--no-progress] - [-admin-password ADMIN_PASSWORD] [-jans-max-mem JANS_MAX_MEM] - [-properties-password PROPERTIES_PASSWORD] - [-approved-issuer APPROVED_ISSUER] [--force-download] - [--download-exit] [-jans-app-version JANS_APP_VERSION] - [-jans-build JANS_BUILD] [-setup-branch SETUP_BRANCH] - [--disable-config-api-security] [--cli-test-client] - [--import-ldif IMPORT_LDIF] [-enable-script ENABLE_SCRIPT] - [-disable-script DISABLE_SCRIPT] [-java-version {11,17}] - [-stm] [-w] [-t] [-x] [--allow-pre-released-features] - [--local-ldap] [--listen_all_interfaces] - [--remote-ldap | --disable-local-ldap] [--remote-couchbase] - [--local-couchbase] - [-couchbase-admin-user COUCHBASE_ADMIN_USER] - [-couchbase-admin-password COUCHBASE_ADMIN_PASSWORD] - [-couchbase-bucket-prefix COUCHBASE_BUCKET_PREFIX] - [-couchbase-hostname COUCHBASE_HOSTNAME] - [-couchbase-default-mem COUCHBASE_DEFAULT_MEM] - [-couchbase-user-mem COUCHBASE_USER_MEM] - [-couchbase-site-mem COUCHBASE_SITE_MEM] - [-couchbase-cache-mem COUCHBASE_CACHE_MEM] - [-couchbase-token-mem COUCHBASE_TOKEN_MEM] - [-couchbase-session-mem COUCHBASE_SESSION_MEM] [--no-data] - [--no-jsauth] [-ldap-admin-password LDAP_ADMIN_PASSWORD] - [--no-config-api] [--no-scim] [--no-fido2] - [--install-jans-ldap-link] [--install-jans-keycloak-link] - [--with-casa] [--install-jans-saml] [--install-jans-lock] - [--install-opa] [--load-config-api-test] - [-config-patch-creds CONFIG_PATCH_CREDS] - [-spanner-project SPANNER_PROJECT] - [-spanner-instance SPANNER_INSTANCE] - [-spanner-database SPANNER_DATABASE] - [-spanner-emulator-host SPANNER_EMULATOR_HOST | -google-application-credentials GOOGLE_APPLICATION_CREDENTIALS] - [-test-client-id TEST_CLIENT_ID] - [-test-client-pw TEST_CLIENT_PW] - [-test-client-redirect-uri TEST_CLIENT_REDIRECT_URI] - [--test-client-trusted] +usage: setup.py [-h] [--version] [-c] [-d D] [-f F] [-n] [-N] [-u] [-csx] [-encode-salt ENCODE_SALT] [-remote-rdbm {mysql,pgsql,spanner} | -local-rdbm {mysql,pgsql}] [-ip-address IP_ADDRESS] + [-host-name HOST_NAME] [-org-name ORG_NAME] [-email EMAIL] [-city CITY] [-state STATE] [-country COUNTRY] [-rdbm-user RDBM_USER] [-rdbm-password RDBM_PASSWORD] [-rdbm-port RDBM_PORT] + [-rdbm-db RDBM_DB] [-rdbm-host RDBM_HOST] [--reset-rdbm-db] [--shell] [--dump-config-on-error] [--no-progress] [-admin-password ADMIN_PASSWORD] [-jans-max-mem JANS_MAX_MEM] + [-properties-password PROPERTIES_PASSWORD] [-approved-issuer APPROVED_ISSUER] [--force-download] [--download-exit] [-jans-app-version JANS_APP_VERSION] [-jans-build JANS_BUILD] + [-setup-branch SETUP_BRANCH] [--disable-config-api-security] [--cli-test-client] [--import-ldif IMPORT_LDIF] [-enable-script ENABLE_SCRIPT] [-disable-script DISABLE_SCRIPT] + [-java-version {11,17}] [-stm] [-w] [-t] [-x] [--allow-pre-released-features] [--remote-couchbase] [--local-couchbase] [-couchbase-admin-user COUCHBASE_ADMIN_USER] + [-couchbase-admin-password COUCHBASE_ADMIN_PASSWORD] [-couchbase-bucket-prefix COUCHBASE_BUCKET_PREFIX] [-couchbase-hostname COUCHBASE_HOSTNAME] + [-couchbase-default-mem COUCHBASE_DEFAULT_MEM] [-couchbase-user-mem COUCHBASE_USER_MEM] [-couchbase-site-mem COUCHBASE_SITE_MEM] [-couchbase-cache-mem COUCHBASE_CACHE_MEM] + [-couchbase-token-mem COUCHBASE_TOKEN_MEM] [-couchbase-session-mem COUCHBASE_SESSION_MEM] [--no-data] [--no-jsauth] [--no-config-api] [--no-scim] [--no-fido2] [--install-jans-ldap-link] + [--install-jans-keycloak-link] [--with-casa] [--install-jans-saml] [--install-jans-lock] [--install-opa] [--load-config-api-test] [-config-patch-creds CONFIG_PATCH_CREDS] + [-spanner-project SPANNER_PROJECT] [-spanner-instance SPANNER_INSTANCE] [-spanner-database SPANNER_DATABASE] + [-spanner-emulator-host SPANNER_EMULATOR_HOST | -google-application-credentials GOOGLE_APPLICATION_CREDENTIALS] [-test-client-id TEST_CLIENT_ID] [-test-client-pw TEST_CLIENT_PW] + [-test-client-redirect-uri TEST_CLIENT_REDIRECT_URI] [--test-client-trusted] ``` Use this script to configure your Jans Server and to add initial data. If setup.properties is found in this folder, these properties will automatically be used instead of the interactive setup. diff --git a/docs/janssen-server/recipes/social-login.md b/docs/janssen-server/recipes/social-login.md index e61e074fe6c..c0da4de5bf3 100644 --- a/docs/janssen-server/recipes/social-login.md +++ b/docs/janssen-server/recipes/social-login.md @@ -41,9 +41,9 @@ Jans AS->User agent: 10. write Jans session cookie ### User provisioning -After a user has logged in at an external provider a new record is added in local LDAP - or updated if the user is known. +After a user has logged in at an external provider a new record is added in local database - or updated if the user is known. -To determine if a user was already added, a string is composed with the provider name and the user ID. For example, if user "MrBrown123" has logged in at Twitter, the string would look like `passport-twitter:mrbrown123`. An LDAP search is performed for a match in the people branch for an entry where attribute `jansExtUid` equals `passport-twitter:mrbrown123`. +To determine if a user was already added, a string is composed with the provider name and the user ID. For example, if user "MrBrown123" has logged in at Twitter, the string would look like `passport-twitter:mrbrown123`. A database search is performed for a match in the people branch for an entry where attribute `jansExtUid` equals `passport-twitter:mrbrown123`. If there are no matches, an entry is added using the values received from the external provider (after having applied the corresponding attribute mapping) attaching the computed value for `jansExtUid`. The user profile can contain single or multivalued attributes. diff --git a/docs/janssen-server/reference/database/README.md b/docs/janssen-server/reference/database/README.md index 5db90975851..a2d607dce42 100644 --- a/docs/janssen-server/reference/database/README.md +++ b/docs/janssen-server/reference/database/README.md @@ -180,7 +180,7 @@ public class SimpleUser implements Serializable { private static final long serialVersionUID = -1634191420188575733L; - // Define entry primary key. In LDAP terminology it's DN + // Define entry primary key. i.e a distinguished name, DN @DN private String dn; @@ -209,11 +209,6 @@ public class SimpleUser implements Serializable { @AttributesList(name = "name", value = "values", multiValued = "multiValued", sortByName = true) protected List customAttributes = new ArrayList(); - // Specify additional objecClass - // This is needed for LDAP only - @CustomObjectClass - private String[] customObjectClasses; - ... ``` diff --git a/docs/janssen-server/reference/database/mysql-schema.md b/docs/janssen-server/reference/database/mysql-schema.md index 0cbee74e584..b7b50c87306 100644 --- a/docs/janssen-server/reference/database/mysql-schema.md +++ b/docs/janssen-server/reference/database/mysql-schema.md @@ -141,7 +141,7 @@ tags: | jansAttrOrigin | varchar(64) | YES | MUL | None | Specify the person objectclass associated with the attribute, used for display purposes in exclude. | | jansAttrSystemEditTyp | varchar(64) | YES | | None | TODO - still required? | | jansAttrTyp | varchar(64) | YES | | None | Data type of attribute. Values can be string, photo, numeric, date | -| jansClaimName | varchar(64) | YES | | None | Used by jans in conjunction with jansttributeName to map claims to attributes in LDAP. | +| jansClaimName | varchar(64) | YES | | None | Used by jans in conjunction with jansttributeName to map claims to attributes in datastore. | | jansAttrUsgTyp | varchar(64) | YES | | None | TODO - Usg? Value can be OpenID | | jansAttrViewTyp | json | YES | | None | Specify in exclude who can view an attribute, admin or user | | jansSAML1URI | varchar(64) | YES | | None | SAML 1 uri of attribute | diff --git a/docs/janssen-server/reference/database/pgsql-config.md b/docs/janssen-server/reference/database/pgsql-config.md index 68064f33d5f..09454780e14 100644 --- a/docs/janssen-server/reference/database/pgsql-config.md +++ b/docs/janssen-server/reference/database/pgsql-config.md @@ -74,7 +74,7 @@ In order to support transparency for end applications and allow data migration f Each table in **jansdb** PostgreSQL database follow next rules: -1. one table for every LDAP **objectClass** +1. one table for every **objectClass** 1. has 2 mandatory column `DN` and `doc_id` 1. Index for primary key diff --git a/docs/janssen-server/reference/database/spanner-config.md b/docs/janssen-server/reference/database/spanner-config.md index c95b7fed217..3de8c648d90 100644 --- a/docs/janssen-server/reference/database/spanner-config.md +++ b/docs/janssen-server/reference/database/spanner-config.md @@ -71,7 +71,7 @@ In order to support transparency for end applications and allow data migration f Each table in **jansdb** Spanner schema follow next rules: -1. one table for every LDAP **objectClass** +1. one table for every **objectClass** 1. has 2 mandatory column `DN` and `doc_id` 1. Index for primary key 1. Interleaved tables with name pattern **objectClass_propertyName** diff --git a/docs/janssen-server/scim/custom-attributes.md b/docs/janssen-server/scim/custom-attributes.md index 7d0773c3b5f..4136ca9ca22 100644 --- a/docs/janssen-server/scim/custom-attributes.md +++ b/docs/janssen-server/scim/custom-attributes.md @@ -13,7 +13,8 @@ Although the schema covers many attributes one might think of, at times you will * Add an attribute to Database schema -* Include the new attribute in an LDAP's object class such as jansPerson + +* Include the new attribute in an object class such as jansPerson * Register and activate your new attribute through **Jans TUI**. diff --git a/docs/janssen-server/vm-ops/logs.md b/docs/janssen-server/vm-ops/logs.md index 3cb0967ac15..9a94ec72b63 100644 --- a/docs/janssen-server/vm-ops/logs.md +++ b/docs/janssen-server/vm-ops/logs.md @@ -104,9 +104,8 @@ The available logs for Jans server are listed below: | Log File | Description | |--------- |-------------| | **configapi.log** | Config API main log | -| **configapi_persistence.log** | Config API LDAP log | -| **configapi_persistence_duration.log** | Config API LDAP operation duration log | -| **configapi_persistence_ldap_statistics.log**| Config API LDAP statistics | +| **configapi_persistence.log** | Config API persistence log | +| **configapi_persistence_duration.log** | Config API persistence operation duration log | | **[date].jetty.log** | Config API Jetty log | | **configapi_script.log** | Config API custom script log | diff --git a/docs/script-catalog/discovery/discovery/README.md b/docs/script-catalog/discovery/discovery/README.md index 90f53840bcc..c9fbd6045ae 100644 --- a/docs/script-catalog/discovery/discovery/README.md +++ b/docs/script-catalog/discovery/discovery/README.md @@ -36,7 +36,7 @@ The discovery interception script extends the base script type with the methods The `configurationAttributes` parameter is `java.util.Map`. configurationAttributes = new HashMap(); - configurationAttributes.put("Location Type", new SimpleCustomProperty("location_type", "ldap", "Storage Location for the script")); + configurationAttributes.put("Location Type", new SimpleCustomProperty("location_type", "MySQL", "Storage Location for the script")); ### Snippet diff --git a/docs/script-catalog/introspection/README.md b/docs/script-catalog/introspection/README.md index ae18c00715f..ac49cbde510 100644 --- a/docs/script-catalog/introspection/README.md +++ b/docs/script-catalog/introspection/README.md @@ -29,7 +29,7 @@ The introspection interception script extends the base script type with the meth The `configurationAttributes` parameter is `java.util.Map`. configurationAttributes = new HashMap(); - configurationAttributes.put("Location Type", new SimpleCustomProperty("location_type", "ldap", "Storage Location for the script")); + configurationAttributes.put("Location Type", new SimpleCustomProperty("location_type", "MySQL", "Storage Location for the script")); ### Snippet diff --git a/docs/script-catalog/persistence_extension/persistence.md b/docs/script-catalog/persistence_extension/persistence.md index 9c87e939c0a..71054024c7e 100644 --- a/docs/script-catalog/persistence_extension/persistence.md +++ b/docs/script-catalog/persistence_extension/persistence.md @@ -18,9 +18,9 @@ By overriding the interface methods in [PersistenceType](https://github.com/Jans 4. Compare hashed passwords !!! note annotate "What is an Entry Manager?" - The Janssen server's Peristence Layer can be any one of LDAP, MySQL database, Postgres database, Couchbase etc. + The Janssen server's Peristence Layer can be any one of MySQL database, Postgres database, Couchbase etc. Information about an entity (person, session, client, scripts etc) constitutes an Entry. - The Entry Manager (CRUD operations) implementation for each type of Persistence is available in the Janssen server and the relevant Entry Manager ( LDAPEntryManager, SQLEntryManager, etc.) is created when the server starts up. + The Entry Manager (CRUD operations) implementation for each type of Persistence is available in the Janssen server and the relevant Entry Manager (SQLEntryManager, etc.) is created when the server starts up. ## Usage diff --git a/docs/script-catalog/person_authentication/other/twilio_sms/README.md b/docs/script-catalog/person_authentication/other/twilio_sms/README.md index aa5463138bc..a0dd4b696f1 100644 --- a/docs/script-catalog/person_authentication/other/twilio_sms/README.md +++ b/docs/script-catalog/person_authentication/other/twilio_sms/README.md @@ -1,7 +1,7 @@ Twilio SMS Authentication Script This is a two step authentication workflow. The first step is standard username password authentication -against the local Gluu Server LDAP. The second step requires the person to enter a code that is sent via +against the local Gluu Server MySQL. The second step requires the person to enter a code that is sent via SMS to the person's mobile number. Script contents [here](https://github.com/JanssenProject/jans/jans-linux-setup/static/extension/person_authentication/twilio2FA.py) diff --git a/docs/script-catalog/person_authentication/twilio-2fa/README.md b/docs/script-catalog/person_authentication/twilio-2fa/README.md index dce83c072ac..37251854008 100644 --- a/docs/script-catalog/person_authentication/twilio-2fa/README.md +++ b/docs/script-catalog/person_authentication/twilio-2fa/README.md @@ -107,14 +107,14 @@ The designs are being rendered from the [SMS xhtml page](https://github.com/Jans ### Phone Number Enrollment -The script assumes the user phone number is already stored in his corresponding LDAP entry (attribute `phoneNumberVerified`). You can change the attribute by altering the script directly (see authenticate routine). +The script assumes the user phone number is already stored in his corresponding MySQL entry (attribute `phoneNumberVerified`). You can change the attribute by altering the script directly (see authenticate routine). ### Subsequent Logins All authentications will trigger an SMS with an OTP to the registered phone number. Enter the OTP to pass authentication. ### Credential Management -A user's registered phone number can be removed by a Gluu administrator either via the jans TUI, or in LDAP under the user entry. Once the phone number has been removed from the user's account, the user can re-enroll a new phone number following the [phone number enrollment](#phone-number-enrollment) instructions above. +A user's registered phone number can be removed by a Gluu administrator either via the jans TUI, or in MySQL under the user entry. Once the phone number has been removed from the user's account, the user can re-enroll a new phone number following the [phone number enrollment](#phone-number-enrollment) instructions above. ## Troubleshooting If problems are encountered, take a look at the logs, specifically `/opt/jans/jetty/jans-auth/logs/jans-auth_script.log`. Inspect all messages related to Twilio. For instance, the following messages show an example of correct script initialization: diff --git a/docs/script-catalog/scim/scim.md b/docs/script-catalog/scim/scim.md index ebdebd41f23..0fea652bac5 100644 --- a/docs/script-catalog/scim/scim.md +++ b/docs/script-catalog/scim/scim.md @@ -135,7 +135,7 @@ Let's alter `postSearchUsers`'s second parameter (`results`) to ensure addresses This is very straightforward code except for the usage of `jansAddres`. Shouldn't it be simply `addresses` as the known SCIM attribute? -Scripts work with entities that are about to be persisted or have already been saved so they kind of resemble the database structure (schema in LDAP terms). It turns out that database attribute names rarely match with SCIM names. +Scripts work with entities that are about to be persisted or have already been saved so they kind of resemble the database structure (schema in MySQL terms). It turns out that database attribute names rarely match with SCIM names. While it is easy to know the SCIM name of a database attribute, the converse requires checking the code, however since you already have the skill this shouldn't be a problem: in [this](https://github.com/JanssenProject/jans/blob/1753d430037f623cfc11b99ceaa5d172676d9ecb/jans-scim/model/src/main/java/io/jans/scim/model/scim2/user/UserResource.java) Java class you'll find the representation of a user resource in SCIM spec terms. Pay attention to the `addresses` field and its associated `StoreReference` annotation that contains the attribute where addresses are actually stored.