From a4aa7ef6dfa0e4693f855631db4e14735b291e0e Mon Sep 17 00:00:00 2001 From: Brian Bockelman Date: Fri, 17 Nov 2023 07:41:43 -0600 Subject: [PATCH 01/10] Default to non-public clients This template is used for dynamic client registry where a non-public client is most likely needed. Although clients requests can specify explicitly request a certain client authentication method (implying a non-public client), notably `oidc-client` does not. --- scitokens-server/etc/templates/client-template.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scitokens-server/etc/templates/client-template.xml b/scitokens-server/etc/templates/client-template.xml index be788fd..c3b7487 100644 --- a/scitokens-server/etc/templates/client-template.xml +++ b/scitokens-server/etc/templates/client-template.xml @@ -18,7 +18,7 @@ false localhost:template false -true +false false ["https://localhost:9443/client2/ready"] SciToken client template From 78aa01c13ea0c23ecb2a25ef58480c4feeacd8d5 Mon Sep 17 00:00:00 2001 From: Brian Bockelman Date: Sat, 18 Nov 2023 11:33:06 -0600 Subject: [PATCH 02/10] Allow the id_token to be transformed by an QDL script The default script does very little - just changes around the `sub` based on the eppn or email - as this is mostly seen as useful in applications that want to override the default behavior. --- .../etc/templates/client-template.xml | 2 +- .../var/qdl/scitokens/id_token_policies.qdl | 15 +++++++++++++++ 2 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 scitokens-server/var/qdl/scitokens/id_token_policies.qdl diff --git a/scitokens-server/etc/templates/client-template.xml b/scitokens-server/etc/templates/client-template.xml index c3b7487..4e002c2 100644 --- a/scitokens-server/etc/templates/client-template.xml +++ b/scitokens-server/etc/templates/client-template.xml @@ -11,7 +11,7 @@ 4b289478ab9e80f43a837620fd09e3484b10bb77 2022-01-19T21:39:03.254Z 1209600000 -{"tokens":{"access":{"audience":"ANY","type":"sci_token","qdl": {"load": "vfs#/scripts/scitokens/policies.qdl","xmd": {"exec_phase": ["pre_auth","post_token","post_refresh","post_exchange"]}}}}} +{"tokens":{"access":{"audience":"ANY","type":"sci_token","qdl": {"load": "vfs#/scripts/scitokens/policies.qdl","xmd": {"exec_phase": ["pre_auth","post_token","post_refresh","post_exchange"]}}}, "identity": {"type": "identity", "qdl": {"load": "vfs#/scripts/scitokens/id_token_policies.qdl", "xmd": {"exec_phase": ["post_token", "post_refresh", "post_exchange"]}}} }} false https://localhost:9443/client2 true diff --git a/scitokens-server/var/qdl/scitokens/id_token_policies.qdl b/scitokens-server/var/qdl/scitokens/id_token_policies.qdl new file mode 100644 index 0000000..6c0cff0 --- /dev/null +++ b/scitokens-server/var/qdl/scitokens/id_token_policies.qdl @@ -0,0 +1,15 @@ +/* + Simply prefer the eppn for the subject; otherwise, pass the token through. + */ + +if[ + is_defined(claims.'eppn') +][ + claims.'sub' := claims.'eppn'; +]else[ + if[ + is_defined(claims.'email') + ][ + claims.'sub' := claims.'email'; + ]; +]; From 4ad544f475706b38f6b5a094de431eccb220edcd Mon Sep 17 00:00:00 2001 From: Brian Bockelman Date: Sat, 18 Nov 2023 12:20:06 -0600 Subject: [PATCH 03/10] Enable the new 'unused client cleanup' functionality --- scitokens-server/etc/server-config.xml.tmpl | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/scitokens-server/etc/server-config.xml.tmpl b/scitokens-server/etc/server-config.xml.tmpl index bc5869f..68c67f1 100644 --- a/scitokens-server/etc/server-config.xml.tmpl +++ b/scitokens-server/etc/server-config.xml.tmpl @@ -9,6 +9,7 @@ refreshTokenEnabled="true" enableTokenExchange="true" clientSecretLength="24" + cleanupInterval= "60 min" scheme="oa4mp" schemeSpecificPart="" debug="trace" @@ -17,6 +18,15 @@ issuer="https://{HOSTNAME}/scitokens-server" address="https://{HOSTNAME}/scitokens-server"> + + + localhost:template + + + Date: Thu, 30 Nov 2023 07:52:15 -0600 Subject: [PATCH 04/10] Allow the issuer name to be configurable via env var --- scitokens-server/etc/server-config.xml.tmpl | 2 +- start.sh | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/scitokens-server/etc/server-config.xml.tmpl b/scitokens-server/etc/server-config.xml.tmpl index 68c67f1..7ffb7d9 100644 --- a/scitokens-server/etc/server-config.xml.tmpl +++ b/scitokens-server/etc/server-config.xml.tmpl @@ -15,7 +15,7 @@ debug="trace" OIDCEnabled = "false" serverDN="CN=localhost" - issuer="https://{HOSTNAME}/scitokens-server" + issuer="{ISSUER}" address="https://{HOSTNAME}/scitokens-server"> /opt/scitokens-server/etc/server-config.xml +if [ -z "${ISSUER}" ]; then + ISSUER="https://${HOSTNAME}/scitokens-server" +fi +sed -e s+\{HOSTNAME\}+$HOSTNAME+g -e s+\{ISSUER\}+$ISSUER+g /opt/scitokens-server/etc/server-config.xml.tmpl > /opt/scitokens-server/etc/server-config.xml sed s+\{HOSTNAME\}+$HOSTNAME+g /opt/scitokens-server/etc/proxy-config.xml.tmpl | \ sed s+\{CLIENT_ID\}+$CLIENT_ID+g | \ sed s+\{CLIENT_SECRET\}+$CLIENT_SECRET+g > /opt/scitokens-server/etc/proxy-config.xml From 070e6e02dee2975811268f0ba29f14157287b422 Mon Sep 17 00:00:00 2001 From: Brian Bockelman Date: Thu, 30 Nov 2023 07:54:05 -0600 Subject: [PATCH 05/10] Update Tomcat to latest bugfix release --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index fd3892c..eb720c9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ RUN yum install -y curl java-11-openjdk-headless java-11-openjdk-devel # Download and install tomcat RUN useradd -r -s /sbin/nologin tomcat ;\ mkdir -p /opt/tomcat ;\ - curl -s -L https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.69/bin/apache-tomcat-9.0.69.tar.gz | tar -zxf - -C /opt/tomcat --strip-components=1 ;\ + curl -s -L https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.83/bin/apache-tomcat-9.0.83.tar.gz | tar -zxf - -C /opt/tomcat --strip-components=1 ;\ chgrp -R tomcat /opt/tomcat/conf ;\ chmod g+rwx /opt/tomcat/conf ;\ chmod g+r /opt/tomcat/conf/* ;\ From cc86d79e5a85c8ca99dec6a873f134674990061b Mon Sep 17 00:00:00 2001 From: Brian Bockelman Date: Thu, 30 Nov 2023 07:56:09 -0600 Subject: [PATCH 06/10] Switch to pre-release to test proxy_claims stem fix --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index eb720c9..29b793a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,17 +23,17 @@ RUN \ mkdir -p /opt/scitokens-server/var/storage/file_store &&\ mkdir -p /opt/tomcat/webapps/scitokens-server ;\ # Install the OA4MP webapp and associated dependencies. - curl -s -L https://github.com/ncsa/OA4MP/releases/download/v5.4.1/oauth2.war > /opt/tomcat/webapps/scitokens-server.war ;\ + curl -s -L https://github.com/ncsa/OA4MP/releases/download/mutable/oauth2.war > /opt/tomcat/webapps/scitokens-server.war ;\ curl -s -L https://github.com/javaee/javamail/releases/download/JAVAMAIL-1_6_2/javax.mail.jar > /opt/tomcat/lib/javax.mail.jar ;\ - curl -s -L https://github.com/ncsa/OA4MP/releases/download/v5.4.1/jwt.jar > /opt/scitokens-server/lib/jwt.jar ;\ - curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.4.1/cli.jar > /opt/scitokens-server/lib/scitokens-cli.jar ;\ + curl -s -L https://github.com/ncsa/OA4MP/releases/download/mutable/jwt.jar > /opt/scitokens-server/lib/jwt.jar ;\ + curl -L -s https://github.com/ncsa/OA4MP/releases/download/mutable/cli.jar > /opt/scitokens-server/lib/scitokens-cli.jar ;\ cd /opt/tomcat/webapps/scitokens-server ;\ jar -xf ../scitokens-server.war ;\ chgrp -R tomcat /opt/tomcat/webapps/scitokens-server ;\ mkdir -p /opt/tomcat/var/storage/scitokens-server ;\ chown -R tomcat:tomcat /opt/tomcat/var/storage/scitokens-server ;\ # Install support for the QDL CLI - curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.4.1/qdl-installer.jar >/tmp/oa2-qdl-installer.jar ;\ + curl -L -s https://github.com/ncsa/OA4MP/releases/download/mutable/qdl-installer.jar >/tmp/oa2-qdl-installer.jar ;\ java -jar /tmp/oa2-qdl-installer.jar -dir /opt/qdl ;\ rm /tmp/oa2-qdl-installer.jar ;\ mkdir -p /opt/qdl/var/scripts ;\ From 53342a1999a03be9117c2715fe5199aa1b2f7564 Mon Sep 17 00:00:00 2001 From: "gaynor@illinois.edu" Date: Tue, 16 Jan 2024 10:40:24 -0600 Subject: [PATCH 07/10] Updated to use 5.4.3 --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index fd3892c..83a3a0a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,17 +23,17 @@ RUN \ mkdir -p /opt/scitokens-server/var/storage/file_store &&\ mkdir -p /opt/tomcat/webapps/scitokens-server ;\ # Install the OA4MP webapp and associated dependencies. - curl -s -L https://github.com/ncsa/OA4MP/releases/download/v5.4.1/oauth2.war > /opt/tomcat/webapps/scitokens-server.war ;\ + curl -s -L https://github.com/ncsa/OA4MP/releases/download/v5.4.3/oauth2.war > /opt/tomcat/webapps/scitokens-server.war ;\ curl -s -L https://github.com/javaee/javamail/releases/download/JAVAMAIL-1_6_2/javax.mail.jar > /opt/tomcat/lib/javax.mail.jar ;\ - curl -s -L https://github.com/ncsa/OA4MP/releases/download/v5.4.1/jwt.jar > /opt/scitokens-server/lib/jwt.jar ;\ - curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.4.1/cli.jar > /opt/scitokens-server/lib/scitokens-cli.jar ;\ + curl -s -L https://github.com/ncsa/OA4MP/releases/download/v5.4.3/jwt.jar > /opt/scitokens-server/lib/jwt.jar ;\ + curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.4.3/cli.jar > /opt/scitokens-server/lib/scitokens-cli.jar ;\ cd /opt/tomcat/webapps/scitokens-server ;\ jar -xf ../scitokens-server.war ;\ chgrp -R tomcat /opt/tomcat/webapps/scitokens-server ;\ mkdir -p /opt/tomcat/var/storage/scitokens-server ;\ chown -R tomcat:tomcat /opt/tomcat/var/storage/scitokens-server ;\ # Install support for the QDL CLI - curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.4.1/qdl-installer.jar >/tmp/oa2-qdl-installer.jar ;\ + curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.4.3/qdl-installer.jar >/tmp/oa2-qdl-installer.jar ;\ java -jar /tmp/oa2-qdl-installer.jar -dir /opt/qdl ;\ rm /tmp/oa2-qdl-installer.jar ;\ mkdir -p /opt/qdl/var/scripts ;\ From 93a0cd0c73b6b97f6fb29a5b89c13fe53062e5b3 Mon Sep 17 00:00:00 2001 From: Brian Aydemir Date: Mon, 13 Jan 2025 12:37:52 -0600 Subject: [PATCH 08/10] Use heredocs for long RUN blocks --- Dockerfile | 62 +++++++++++++++++++++++++++--------------------------- 1 file changed, 31 insertions(+), 31 deletions(-) diff --git a/Dockerfile b/Dockerfile index 83a3a0a..7e1bfed 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,43 +3,43 @@ FROM hub.opensciencegrid.org/opensciencegrid/software-base:3.6-al8-release RUN yum install -y curl java-11-openjdk-headless java-11-openjdk-devel # Download and install tomcat -RUN useradd -r -s /sbin/nologin tomcat ;\ - mkdir -p /opt/tomcat ;\ - curl -s -L https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.69/bin/apache-tomcat-9.0.69.tar.gz | tar -zxf - -C /opt/tomcat --strip-components=1 ;\ - chgrp -R tomcat /opt/tomcat/conf ;\ - chmod g+rwx /opt/tomcat/conf ;\ - chmod g+r /opt/tomcat/conf/* ;\ - chown -R tomcat /opt/tomcat/logs/ /opt/tomcat/temp/ /opt/tomcat/webapps/ /opt/tomcat/work/ ;\ - chgrp -R tomcat /opt/tomcat/bin /opt/tomcat/lib ;\ - chmod g+rwx /opt/tomcat/bin ;\ - chmod g+r /opt/tomcat/bin/* ;\ +RUN < /opt/tomcat/webapps/scitokens-server.war ;\ - curl -s -L https://github.com/javaee/javamail/releases/download/JAVAMAIL-1_6_2/javax.mail.jar > /opt/tomcat/lib/javax.mail.jar ;\ - curl -s -L https://github.com/ncsa/OA4MP/releases/download/v5.4.3/jwt.jar > /opt/scitokens-server/lib/jwt.jar ;\ - curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.4.3/cli.jar > /opt/scitokens-server/lib/scitokens-cli.jar ;\ - cd /opt/tomcat/webapps/scitokens-server ;\ - jar -xf ../scitokens-server.war ;\ - chgrp -R tomcat /opt/tomcat/webapps/scitokens-server ;\ - mkdir -p /opt/tomcat/var/storage/scitokens-server ;\ - chown -R tomcat:tomcat /opt/tomcat/var/storage/scitokens-server ;\ + curl -s -L https://github.com/ncsa/OA4MP/releases/download/v5.4.3/oauth2.war > /opt/tomcat/webapps/scitokens-server.war + curl -s -L https://github.com/javaee/javamail/releases/download/JAVAMAIL-1_6_2/javax.mail.jar > /opt/tomcat/lib/javax.mail.jar + curl -s -L https://github.com/ncsa/OA4MP/releases/download/v5.4.3/jwt.jar > /opt/scitokens-server/lib/jwt.jar + curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.4.3/cli.jar > /opt/scitokens-server/lib/scitokens-cli.jar + cd /opt/tomcat/webapps/scitokens-server + jar -xf ../scitokens-server.war + chgrp -R tomcat /opt/tomcat/webapps/scitokens-server + mkdir -p /opt/tomcat/var/storage/scitokens-server + chown -R tomcat:tomcat /opt/tomcat/var/storage/scitokens-server # Install support for the QDL CLI - curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.4.3/qdl-installer.jar >/tmp/oa2-qdl-installer.jar ;\ - java -jar /tmp/oa2-qdl-installer.jar -dir /opt/qdl ;\ - rm /tmp/oa2-qdl-installer.jar ;\ - mkdir -p /opt/qdl/var/scripts ;\ + curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.4.3/qdl-installer.jar >/tmp/oa2-qdl-installer.jar + java -jar /tmp/oa2-qdl-installer.jar -dir /opt/qdl + rm /tmp/oa2-qdl-installer.jar + mkdir -p /opt/qdl/var/scripts # Remove the default manager apps and examples -- we don't use these - rm -rf /opt/tomcat/webapps/ROOT /opt/tomcat/webapps/docs /opt/tomcat/webapps/examples /opt/tomcat/webapps/host-manager /opt/tomcat/webapps/manager ;\ - true; + rm -rf /opt/tomcat/webapps/ROOT /opt/tomcat/webapps/docs /opt/tomcat/webapps/examples /opt/tomcat/webapps/host-manager /opt/tomcat/webapps/manager +ENDRUN # The generate_jwk.sh script is part of the documented bootstrap of the container. ADD generate_jwk.sh /usr/local/bin/generate_jwk.sh From 2b5d495524edca823400cb537fbb04d1875911a0 Mon Sep 17 00:00:00 2001 From: Brian Aydemir Date: Tue, 21 Jan 2025 13:36:30 -0600 Subject: [PATCH 09/10] Update to OA4MP 6.0.3 --- Dockerfile | 72 ++++++++++++++------- qdl/bin/qdl | 2 +- qdl/bin/qdl-run | 2 +- qdl/etc/qdl-cfg.xml | 12 ++-- qdl/var/scripts/boot.qdl | 2 +- scitokens-client/web.xml | 4 +- scitokens-server/etc/server-config.xml.tmpl | 2 +- scitokens-server/web.xml | 36 +++++------ 8 files changed, 78 insertions(+), 54 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7e1bfed..3bd85ae 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,53 +1,77 @@ -FROM hub.opensciencegrid.org/opensciencegrid/software-base:3.6-al8-release +ARG BASE_OSG_SERIES=23 +ARG BASE_OS=el9 +ARG BASE_YUM_REPO=release -RUN yum install -y curl java-11-openjdk-headless java-11-openjdk-devel +FROM hub.opensciencegrid.org/osg-htc/software-base:${BASE_OSG_SERIES}-${BASE_OS}-${BASE_YUM_REPO} -# Download and install tomcat RUN < /opt/tomcat/webapps/scitokens-server.war + curl -s -L https://github.com/ncsa/OA4MP/releases/download/v6.0.3/oauth2.war > /opt/tomcat/webapps/scitokens-server.war + curl -s -L https://github.com/ncsa/OA4MP/releases/download/v6.0.3/jwt.jar > /opt/scitokens-server/lib/jwt.jar + curl -s -L https://github.com/ncsa/OA4MP/releases/download/v6.0.3/cli.jar > /opt/scitokens-server/lib/scitokens-cli.jar curl -s -L https://github.com/javaee/javamail/releases/download/JAVAMAIL-1_6_2/javax.mail.jar > /opt/tomcat/lib/javax.mail.jar - curl -s -L https://github.com/ncsa/OA4MP/releases/download/v5.4.3/jwt.jar > /opt/scitokens-server/lib/jwt.jar - curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.4.3/cli.jar > /opt/scitokens-server/lib/scitokens-cli.jar - cd /opt/tomcat/webapps/scitokens-server - jar -xf ../scitokens-server.war + + ( cd /opt/tomcat/webapps/scitokens-server && jar -xf /opt/tomcat/webapps/scitokens-server.war ) + rm /opt/tomcat/webapps/scitokens-server.war + chgrp -R tomcat /opt/tomcat/webapps/scitokens-server mkdir -p /opt/tomcat/var/storage/scitokens-server chown -R tomcat:tomcat /opt/tomcat/var/storage/scitokens-server - # Install support for the QDL CLI - curl -L -s https://github.com/ncsa/OA4MP/releases/download/v5.4.3/qdl-installer.jar >/tmp/oa2-qdl-installer.jar - java -jar /tmp/oa2-qdl-installer.jar -dir /opt/qdl + + # Install support for the QDL CLI. + curl -s -L https://github.com/ncsa/OA4MP/releases/download/v6.0.3/qdl-installer.jar >/tmp/oa2-qdl-installer.jar + java -jar /tmp/oa2-qdl-installer.jar install -all -dir /opt/qdl rm /tmp/oa2-qdl-installer.jar mkdir -p /opt/qdl/var/scripts - # Remove the default manager apps and examples -- we don't use these + + # Remove Tomcat's default manager apps and examples. rm -rf /opt/tomcat/webapps/ROOT /opt/tomcat/webapps/docs /opt/tomcat/webapps/examples /opt/tomcat/webapps/host-manager /opt/tomcat/webapps/manager + + # Remove packages that were needed only for this build step. + dnf remove -y java-11-openjdk-devel + dnf clean all + rm -rf /var/cache/dnf/* ENDRUN # The generate_jwk.sh script is part of the documented bootstrap of the container. ADD generate_jwk.sh /usr/local/bin/generate_jwk.sh -# Add other QDL CLI tools and configs not part of the default installer +# Add other QDL CLI tools and configs not part of the default installer. COPY qdl /opt/qdl -# Add in the tomcat server configuration +# Add in the Tomcat server configuration. ADD --chown=root:tomcat server.xml /opt/tomcat/conf/server.xml # Copy over our configuration of the OA4MP webapp. diff --git a/qdl/bin/qdl b/qdl/bin/qdl index 6ffeb98..533f0eb 100644 --- a/qdl/bin/qdl +++ b/qdl/bin/qdl @@ -6,4 +6,4 @@ QDL_JAR="$QDL_HOME/lib/qdl.jar" cfgFile=${1:-$CFG_FILE} cfgName=${2:-$CFG_NAME} -java -cp $QDL_JAR edu.uiuc.ncsa.qdl.workspace.QDLWorkspace -cfg $cfgFile -name $cfgName -home_dir $QDL_HOME \ No newline at end of file +java -cp $QDL_JAR org.qdl_lang.workspace.QDLWorkspace -cfg $cfgFile -name $cfgName -home_dir $QDL_HOME diff --git a/qdl/bin/qdl-run b/qdl/bin/qdl-run index fd6d929..26a0f33 100755 --- a/qdl/bin/qdl-run +++ b/qdl/bin/qdl-run @@ -5,4 +5,4 @@ CFG_FILE="$QDL_HOME/etc/qdl-cfg.xml" CFG_NAME="run-it" QDL_JAR="$QDL_HOME/lib/qdl.jar" -java -cp $QDL_JAR edu.uiuc.ncsa.qdl.workspace.QDLWorkspace -cfg $CFG_FILE -name $CFG_NAME -home_dir $QDL_HOME -run "$@" +java -cp $QDL_JAR org.qdl_lang.workspace.QDLWorkspace -cfg $CFG_FILE -name $CFG_NAME -home_dir $QDL_HOME -run "$@" diff --git a/qdl/etc/qdl-cfg.xml b/qdl/etc/qdl-cfg.xml index 548d4f7..f9768b5 100644 --- a/qdl/etc/qdl-cfg.xml +++ b/qdl/etc/qdl-cfg.xml @@ -45,15 +45,15 @@ - edu.uiuc.ncsa.myproxy.oa4mp.qdl.OA2QDLLoader + org.oa4mp.server.loader.qdl.OA2QDLLoader - edu.uiuc.ncsa.oa2.qdl.QDLToolsLoader + org.oa4mp.server.qdl.QDLToolsLoader - edu.uiuc.ncsa.oa2.qdl.storage.StoreAccessLoader + org.oa4mp.server.qdl.storage.StoreAccessLoader @@ -86,15 +86,15 @@ - edu.uiuc.ncsa.myproxy.oa4mp.qdl.OA2QDLLoader + org.oa4mp.server.loader.qdl.OA2QDLLoader - edu.uiuc.ncsa.oa2.qdl.QDLToolsLoader + org.oa4mp.server.qdl.QDLToolsLoader - edu.uiuc.ncsa.oa2.qdl.storage.StoreAccessLoader + org.oa4mp.server.qdl.storage.StoreAccessLoader diff --git a/qdl/var/scripts/boot.qdl b/qdl/var/scripts/boot.qdl index 12e4d9f..aecd8ab 100755 --- a/qdl/var/scripts/boot.qdl +++ b/qdl/var/scripts/boot.qdl @@ -16,7 +16,7 @@ template_dir := st_home + '/etc/templates'; /* Set up access to the client store using the current server configuration. */ -module_import('oa2:/qdl/store', 'clients'); +module_import('oa4mp:/qdl/store', 'clients'); clients#init(st_home+'/etc/server-config.xml', 'scitokens-server', 'client'); diff --git a/scitokens-client/web.xml b/scitokens-client/web.xml index c080214..54b2f93 100644 --- a/scitokens-client/web.xml +++ b/scitokens-client/web.xml @@ -34,7 +34,7 @@ discovery - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.OA2DiscoveryServlet + org.oa4mp.server.loader.oauth2.servlet.OA2DiscoveryServlet discovery @@ -24,7 +24,7 @@ callback - edu.uiuc.ncsa.oa2.servlet.ProxyCallbackServlet + org.oa4mp.server.proxy.ProxyCallbackServlet 0 @@ -35,7 +35,7 @@ accessToken - edu.uiuc.ncsa.oa2.servlet.OA2ATServlet + org.oa4mp.server.proxy.OA2ATServlet 0 @@ -46,7 +46,7 @@ oidc-cm - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.cm.oidc_cm.OIDCCMServlet + org.oa4mp.server.loader.oauth2.cm.oidc_cm.OIDCCMServlet oidc-cm @@ -56,7 +56,7 @@ getCert - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.OA2CertServlet + org.oa4mp.server.proxy.OA2CertServlet @@ -66,7 +66,7 @@ error - edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.ErrorServlet + org.oa4mp.server.api.storage.servlet.ErrorServlet error @@ -75,7 +75,7 @@ authorize - edu.uiuc.ncsa.oa2.servlet.OA2AuthorizationServer + org.oa4mp.server.proxy.OA2AuthorizationServer authorize @@ -84,7 +84,7 @@ device_authorization - edu.uiuc.ncsa.oa2.servlet.RFC8628Servlet + org.oa4mp.server.proxy.RFC8628Servlet device_authorization @@ -93,7 +93,7 @@ device - edu.uiuc.ncsa.oa2.servlet.RFC8628AuthorizationServer + org.oa4mp.server.proxy.RFC8628AuthorizationServer device @@ -102,7 +102,7 @@ admin-register - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.OA2AdminRegistrationServlet + org.oa4mp.server.loader.oauth2.servlet.OA2AdminRegistrationServlet admin-register @@ -112,7 +112,7 @@ clientVetting - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.OA2AutoRegistrationServlet + org.oa4mp.server.loader.oauth2.servlet.OA2RegistrationServlet 1 @@ -122,7 +122,7 @@ client - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.ClientServlet + org.oa4mp.server.loader.oauth2.servlet.ClientServlet 1 @@ -132,7 +132,7 @@ userInfo - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.UserInfoServlet + org.oa4mp.server.loader.oauth2.servlet.UserInfoServlet userInfo @@ -141,7 +141,7 @@ revoke - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.RFC7009 + org.oa4mp.server.loader.oauth2.servlet.RFC7009 0 @@ -151,7 +151,7 @@ introspect - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.servlet.RFC7662 + org.oa4mp.server.loader.oauth2.servlet.RFC7662 0 @@ -203,12 +203,12 @@ - edu.uiuc.ncsa.myproxy.oa4mp.oauth2.loader.OA2Bootstrapper + org.oa4mp.server.loader.oauth2.loader.OA2Bootstrapper - edu.uiuc.ncsa.myproxy.oa4mp.server.servlet.TooManyRequestsException + org.oa4mp.server.api.storage.servlet.TooManyRequestsException /tooManyClientRequests.jsp From fa1f9f83da7399b9e444ba273aca84a492e505e9 Mon Sep 17 00:00:00 2001 From: Cannon Lock Date: Wed, 18 Jun 2025 10:04:24 -0500 Subject: [PATCH 10/10] mutatable --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3bd85ae..c57f5fe 100644 --- a/Dockerfile +++ b/Dockerfile @@ -38,9 +38,9 @@ RUN < /opt/tomcat/webapps/scitokens-server.war - curl -s -L https://github.com/ncsa/OA4MP/releases/download/v6.0.3/jwt.jar > /opt/scitokens-server/lib/jwt.jar - curl -s -L https://github.com/ncsa/OA4MP/releases/download/v6.0.3/cli.jar > /opt/scitokens-server/lib/scitokens-cli.jar + curl -s -L https://github.com/ncsa/OA4MP/releases/download/mutable/oauth2.war > /opt/tomcat/webapps/scitokens-server.war + curl -s -L https://github.com/ncsa/OA4MP/releases/download/mutable/jwt.jar > /opt/scitokens-server/lib/jwt.jar + curl -s -L https://github.com/ncsa/OA4MP/releases/download/mutable/cli.jar > /opt/scitokens-server/lib/scitokens-cli.jar curl -s -L https://github.com/javaee/javamail/releases/download/JAVAMAIL-1_6_2/javax.mail.jar > /opt/tomcat/lib/javax.mail.jar ( cd /opt/tomcat/webapps/scitokens-server && jar -xf /opt/tomcat/webapps/scitokens-server.war ) @@ -51,7 +51,7 @@ RUN </tmp/oa2-qdl-installer.jar + curl -s -L https://github.com/ncsa/OA4MP/releases/download/v6.1.0/qdl-installer.jar >/tmp/oa2-qdl-installer.jar java -jar /tmp/oa2-qdl-installer.jar install -all -dir /opt/qdl rm /tmp/oa2-qdl-installer.jar mkdir -p /opt/qdl/var/scripts