user story #3011011: implement federated login (oidc)

src/main/java/com/microfocus/octane/plugins/admin/SpaceConfigurationOutgoing.java

@@ -53,6 +53,18 @@ public class SpaceConfigurationOutgoing {
     @XmlElement(name = "name")
     private String name;
 
+    @XmlElement(name = "oidcEnabled")
+    private Boolean oidcEnabled;
+
+    @XmlElement(name = "discoveryUrl")
+    private String discoveryUrl;
+
+    @XmlElement(name = "oidcClientId")
+    private String oidcClientId;
+
+    @XmlElement(name = "oidcClientSecret")
+    private String oidcClientSecret;
+
     public String getId() {
         return id;
     }
@@ -97,4 +109,44 @@ public SpaceConfigurationOutgoing setName(String name) {
         this.name = name;
         return this;
     }
+
+    public Boolean getOidcEnabled() {
+        return oidcEnabled;
+    }
+
+    public SpaceConfigurationOutgoing setOidcEnabled(Boolean oidcEnabled) {
+        this.oidcEnabled = oidcEnabled;
+
+        return this;
+    }
+
+    public String getDiscoveryUrl() {
+        return discoveryUrl;
+    }
+
+    public SpaceConfigurationOutgoing setDiscoveryUrl(String discoveryUrl) {
+        this.discoveryUrl = discoveryUrl;
+
+        return this;
+    }
+
+    public String getOidcClientId() {
+        return oidcClientId;
+    }
+
+    public SpaceConfigurationOutgoing setOidcClientId(String oidcClientId) {
+        this.oidcClientId = oidcClientId;
+
+        return this;
+    }
+
+    public String getOidcClientSecret() {
+        return oidcClientSecret;
+    }
+
+    public SpaceConfigurationOutgoing setOidcClientSecret(String oidcClientSecret) {
+        this.oidcClientSecret = oidcClientSecret;
+
+        return this;
+    }
 }

src/main/java/com/microfocus/octane/plugins/configuration/ConfigurationUtil.java

@@ -137,6 +137,15 @@ public static SpaceConfiguration validateRequiredAndConvertToInternal(SpaceConfi
             throw new IllegalArgumentException("Client secret is required");
         }
 
+        if (sco.getOidcEnabled()) {
+            if (StringUtils.isEmpty(sco.getDiscoveryUrl())) {
+                throw new IllegalArgumentException("OIDC Discovery URL is required when OIDC is enabled");
+            }
+            if (StringUtils.isEmpty(sco.getOidcClientId()) || StringUtils.isEmpty(sco.getOidcClientSecret())) {
+                throw new IllegalArgumentException("Octane OIDC client credentials are required when OIDC is enabled");
+            }
+        }
+
         LocationParts locationParts = null;
         try {
             locationParts = parseUiLocation(sco.getLocation().trim());
@@ -146,6 +155,7 @@ public static SpaceConfiguration validateRequiredAndConvertToInternal(SpaceConfi
         }
 
         String clientSecret = sco.getClientSecret();
+        String oidcClientSecret = sco.getOidcClientSecret();
         if (isNew) {
             //validate id is missing
             if (StringUtils.isNotEmpty(sco.getId())) {
@@ -163,28 +173,39 @@ public static SpaceConfiguration validateRequiredAndConvertToInternal(SpaceConfi
             if (PluginConstants.PASSWORD_REPLACE.equals(clientSecret) && !isNew) {
                 clientSecret = opt.get().getClientSecret();
             }
+
+            if (sco.getOidcEnabled()) {
+                if (PluginConstants.PASSWORD_REPLACE.equals(oidcClientSecret)) {
+                    oidcClientSecret = opt.get().getOidcClientSecret();
+                }
+            }
         }
 
         //convert
-        SpaceConfiguration sc = new SpaceConfiguration(
+        return new SpaceConfiguration(
                 sco.getName().trim(),
                 sco.getLocation().trim(),
                 locationParts,
                 sco.getClientId().trim(),
                 clientSecret,
-                sco.getId());
-
-        return sc;
+                sco.getId(),
+                sco.getOidcEnabled(),
+                sco.getDiscoveryUrl(),
+                sco.getOidcClientId(),
+                oidcClientSecret);
     }
 
     public static SpaceConfigurationOutgoing convertToOutgoing(SpaceConfiguration sc) {
-        SpaceConfigurationOutgoing sco = new SpaceConfigurationOutgoing()
+        return new SpaceConfigurationOutgoing()
                 .setId(sc.getId())
                 .setName(sc.getName())
                 .setLocation(sc.getLocation())
                 .setClientSecret(PluginConstants.PASSWORD_REPLACE)
-                .setClientId(sc.getClientId());
-        return sco;
+                .setClientId(sc.getClientId())
+                .setDiscoveryUrl(sc.getDiscoveryUrl())
+                .setOidcClientId(sc.getOidcClientId())
+                .setOidcClientSecret(PluginConstants.PASSWORD_REPLACE)
+                .setOidcEnabled(sc.getOidcEnabled());
     }
 
     public static void doSpaceConfigurationUniquenessValidation(SpaceConfiguration spaceConfiguration, boolean isConnectionTested) {
@@ -220,7 +241,7 @@ public static void validateSpaceConfigurationConnectivity(SpaceConfiguration spa
         } catch (IllegalArgumentException e) {
             throw new IllegalArgumentException("Test connection failed: " + e.getMessage()); //rethrow IllegalArgumentExceptions, so it can catch the Runtime ones
         } catch (RuntimeException e) {
-            throw new IllegalArgumentException("Test connection failed: Error occurred while trying to test the connection. Please check the host.");
+            throw new IllegalArgumentException("Test connection failed: Error occurred while trying to test the connection. Please check the host." + e.getMessage());
         } catch (Exception e) {
             throw new IllegalArgumentException("Test connection failed: " + e.getMessage());
         }
@@ -229,6 +250,8 @@ public static void validateSpaceConfigurationConnectivity(SpaceConfiguration spa
     public static String parseExceptionMessage(RestStatusException e, SpaceConfiguration spaceConfig) {
         if (e.getStatus() == 404 && e.getMessage().contains("SharedSpaceNotFoundException")) {
             return String.format("Space id '%d' does not exist", spaceConfig.getLocationParts().getSpaceId());
+        } else if (e.getStatus() == 401 && e.getMessage().contains("Not Authenticated")) {
+            return "Authentication failed: Please check client ID and client secret";
         } else {
             return "Test connection failed: " + e.getMessage();
         }

src/main/java/com/microfocus/octane/plugins/configuration/PluginConstants.java

@@ -54,4 +54,20 @@ public class PluginConstants {
     public static final String SEPARATOR = ".";
     public static final String FUGEES_VERSION = "15.1.90";
     public static final String GUNSNROSES_PUSH2 = "16.0.16";
+
+    // OIDC Constants
+    public static final String OIDC_GRANT_TYPE_CLIENT_CREDENTIALS = "client_credentials";
+    public static final String OIDC_GRANT_TYPE_TOKEN_EXCHANGE = "urn:ietf:params:oauth:grant-type:token-exchange";
+    public static final String OIDC_SUBJECT_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:access_token";
+    public static final String OIDC_CONTENT_TYPE_FORM = "application/x-www-form-urlencoded";
+    public static final String OIDC_OCTANE_TOKEN_PATH = "/osp/a/au/auth/oauth2/token";
+    public static final String OIDC_DISCOVERY_TOKEN_ENDPOINT = "token_endpoint";
+    public static final String OIDC_ACCESS_TOKEN_FIELD = "access_token";
+    public static final String OIDC_COOKIE_NAME = "access_token";
+
+    public static final String OIDC_PARAM_GRANT_TYPE = "grant_type";
+    public static final String OIDC_PARAM_CLIENT_ID = "client_id";
+    public static final String OIDC_PARAM_CLIENT_SECRET = "client_secret";
+    public static final String OIDC_PARAM_SUBJECT_TOKEN_TYPE = "subject_token_type";
+    public static final String OIDC_PARAM_SUBJECT_TOKEN = "subject_token";
 }

src/main/java/com/microfocus/octane/plugins/configuration/v3/SpaceConfiguration.java

@@ -33,8 +33,8 @@
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
 import com.microfocus.octane.plugins.configuration.LocationParts;
-import com.microfocus.octane.plugins.configuration.OctaneRestManager;
 import com.microfocus.octane.plugins.rest.RestConnector;
+import com.microfocus.octane.plugins.configuration.OctaneRestManager;
 
 import java.util.Objects;
 
@@ -47,6 +47,10 @@ public class SpaceConfiguration {
     private String clientId;
     private String clientSecret;
     private String id;
+    private Boolean oidcEnabled;
+    private String discoveryUrl;
+    private String oidcClientId;
+    private String oidcClientSecret;
 
     @JsonIgnore
     private RestConnector restConnector;
@@ -63,6 +67,19 @@ public SpaceConfiguration(String name, String location, LocationParts locationPa
         this.id = id;
     }
 
+    public SpaceConfiguration(String name, String location, LocationParts locationParts, String clientId, String clientSecret, String id, Boolean oidcEnabled, String discoveryUrl, String oidcClientId, String oidcClientSecret) {
+        this.name = name;
+        this.location = location;
+        this.locationParts = locationParts;
+        this.clientId = clientId;
+        this.clientSecret = clientSecret;
+        this.id = id;
+        this.oidcEnabled = oidcEnabled;
+        this.discoveryUrl = discoveryUrl;
+        this.oidcClientId = oidcClientId;
+        this.oidcClientSecret = oidcClientSecret;
+    }
+
     public String getName() {
         return name;
     }
@@ -111,10 +128,51 @@ public void setId(String id) {
         this.id = id;
     }
 
+    public Boolean getOidcEnabled() {
+        return oidcEnabled;
+    }
+
+    public void setOidcEnabled(Boolean oidcEnabled) {
+        this.oidcEnabled = oidcEnabled;
+    }
+
+    public String getDiscoveryUrl() {
+        return discoveryUrl;
+    }
+
+    public void setDiscoveryUrl(String discoveryUrl) {
+        this.discoveryUrl = discoveryUrl;
+    }
+
+    public String getOidcClientId() {
+        return oidcClientId;
+    }
+
+    public void setOidcClientId(String oidcClientId) {
+        this.oidcClientId = oidcClientId;
+    }
+
+    public String getOidcClientSecret() {
+        return oidcClientSecret;
+    }
+
+    public void setOidcClientSecret(String oidcClientSecret) {
+        this.oidcClientSecret = oidcClientSecret;
+    }
+
     @JsonIgnore
     public RestConnector getRestConnector() {
         if (restConnector == null) {
-            restConnector = OctaneRestManager.getRestConnector(getLocationParts().getBaseUrl(), getClientId(), getClientSecret());
+            if (getOidcEnabled()) {
+                RestConnector rc = new RestConnector();
+                rc.setBaseUrl(getLocationParts().getBaseUrl());
+                rc.setCredentials(getClientId(), getClientSecret());
+                rc.setOidcConfiguration(getDiscoveryUrl(), getOidcClientId(), getOidcClientSecret(), getOidcEnabled());
+
+                return rc;
+            } else {
+                return OctaneRestManager.getRestConnector(getLocationParts().getBaseUrl(), getClientId(), getClientSecret());
+            }
         }
         return restConnector;
     }

src/main/java/com/microfocus/octane/plugins/configuration/v3/upgrader/UpgraderFromV2ToV3.java

@@ -35,6 +35,7 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.stream.Collectors;
@@ -66,7 +67,7 @@ public static ConfigurationCollection upgradeConfigurationFromV2ToV3(String conf
                                 workspaceConfigurationV2.getId(),
                                 workspaceConfigurationV2.getSpaceConfigurationId(),
                                 new OctaneConfigGrouping(
-                                        new HashSet<>(List.of(
+                                        new HashSet<>(Collections.singletonList(
                                                 new OctaneWorkspace(
                                                         String.valueOf(workspaceConfigurationV2.getWorkspaceId()),
                                                         workspaceConfigurationV2.getWorkspaceName()