CIL-1975 added versioning for CM API, tests.

oa4mp-server-oauth2/buildNumber.properties

@@ -1,3 +1,3 @@
 #maven.buildNumber.plugin properties file
-#Wed Apr 24 08:18:37 CDT 2024
-buildNumber\\d*=11848
+#Fri May 10 14:58:08 CDT 2024
+buildNumber\\d*=11850

oa4mp-server-oauth2/src/main/webapp/WEB-INF/web.xml

@@ -49,7 +49,7 @@
     </servlet>
     <servlet-mapping>
         <servlet-name>oidc-cm</servlet-name>
-        <url-pattern>/oidc-cm</url-pattern>
+        <url-pattern>/oidc-cm/*</url-pattern>
     </servlet-mapping>
 
 

qdl/buildNumber.properties

@@ -1,3 +1,3 @@
 #maven.buildNumber.plugin properties file
-#Wed Apr 24 08:21:12 CDT 2024
-buildNumber\\d*=12238
+#Fri May 10 14:59:41 CDT 2024
+buildNumber\\d*=12244

server-admin/src/main/resources/qdl/bnl/eic/v1/get_user.qdl

@@ -17,8 +17,8 @@ block[
             bnl_cfg.search_base := ini.'user_search_base';
                    bnl_cfg.type := 'ldap';
               bnl_cfg.ldap_name := 'uid';
-               bnl_cfg.rename.  := {'voPersonID':'sdccid'};
-     bnl_cfg.search_attributes. :=  ['voPersonID','isMemberOf'];
+               bnl_cfg.rename.  := {'voPersonID':'sdccid', 'eduPersonOrcid':'orcid'};
+     bnl_cfg.search_attributes. :=  ['voPersonID','isMemberOf', 'eduPersonOrcid'];
                bnl_cfg.username := ini.'name';
                bnl_cfg.password := ini.'pwd';
      return(claims#get_claims(claims#create_source(bnl_cfg.), user));

server-admin/src/main/resources/qdl/bnl/eic/v1/id-token.qdl

@@ -18,6 +18,7 @@
     * Audience for ID token should be set to OIDC client ID.
     * ID token “sub” claim should be set to “sdccid” of logged in user. This number is currently provisioned into the “voPersonID” field of LDAP. (:speech_balloon: **COMMENT** from Scott Koranda, Mar 22, 2023: The voPersonID just changed from employeeNumber, but has been reconciled and is same in TEST and PROD LDAPs.)
     * ID token claim “isMemberOf” should contain a list of Registry groups to which the logged in user belongs. This is currently provisioned into “isMemberOf” in LDAP
+    * ID token claim "orcid" should contain the authenticated orcid of the user if present in COPerson profile. This is currently provisioned into LDAP field eduPersonOrcid
     * The following scopes are allowed openid, profile, email, org.cilogon.userinfo
     * ID token “acr” claim should convey information from the IDP as to whether the user logged in with Single Factor Authorization(SFA) or Multifactor Authorization(MFA)
     * Users that are denied authorization at the issuer should be redirected to the help page located at [https://www.sdcc.bnl.gov/registry-login-error.php](https://www.sdcc.bnl.gov/registry-login-error.php)

server-loader/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/claims/AbstractPayloadConfig.java

@@ -5,6 +5,7 @@
 import edu.uiuc.ncsa.qdl.scripting.AnotherJSONUtil;
 import edu.uiuc.ncsa.security.core.util.Iso8601;
 import edu.uiuc.ncsa.security.core.util.StringUtils;
+import edu.uiuc.ncsa.security.util.configuration.XMLConfigUtil;
 import edu.uiuc.ncsa.security.util.scripting.ScriptSet;
 import net.sf.json.JSON;
 import net.sf.json.JSONException;
@@ -60,7 +61,13 @@ public void setCreationTS(Date creationTS) {
 
     public void fromJSON(JSONObject jsonObject) {
         if (jsonObject.containsKey(LIFETIME_KEY)) {
-            lifetime = jsonObject.getLong(LIFETIME_KEY);
+            Object rawLifetime = jsonObject.get(LIFETIME_KEY);
+            if(rawLifetime instanceof String){
+                lifetime = XMLConfigUtil.getValueSecsOrMillis((String)rawLifetime, false);
+            }else {
+                // assume it is a long and let JSON figure it out
+                lifetime = jsonObject.getLong(LIFETIME_KEY);
+            }
         }
         if(jsonObject.containsKey(QDLRuntimeEngine.CONFIG_TAG)) {
             try{

server-loader/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/CMConfig.java

@@ -35,7 +35,21 @@ public String toString() {
 
     public String protocol;
     public URI uri;
+    /**
+     * The last component of the uri. This is set as a convenience since it is used for
+     * determining the requested version of this API.
+     */
     public boolean enabled = false;
+
+    public String getEndpoint() {
+        return endpoint;
+    }
+
+    public void setEndpoint(String endpoint) {
+        this.endpoint = endpoint;
+    }
+
+    String endpoint;
     public boolean isConfigured = false; // if this has been properly configured.
 
     /**

server-loader/src/main/java/edu/uiuc/ncsa/myproxy/oa4mp/oauth2/cm/CMConfigs.java

@@ -62,7 +62,9 @@ protected static CMConfig createConfigEntry(String protocol,
             // fine. Ignore it
         }
 
-        return new CMConfig(protocol, uri, isEnabled);
+        CMConfig cmConfig = new CMConfig(protocol, uri, isEnabled);
+        cmConfig.setEndpoint(endpoint);
+        return cmConfig;
     }
 
     public static CMConfig createConfigEntry(String protocol,
@@ -102,6 +104,7 @@ public static CMConfig createConfigEntry(String protocol,
             default:
                 throw new IllegalArgumentException("Error: unknown protocol");
         }
+
     }
 
     protected static CM7591Config create7591ConfigEntry(String protocol,
@@ -152,6 +155,7 @@ protected static CM7591Config create7591ConfigEntry(String protocol,
             config.autoApproverName = rawAutoApproverName;
         }
 
+        config.setEndpoint(endpoint);
         return config;
     }