diff --git a/backend/NotificationService/Kafka/ConsumerSetup.cs b/backend/NotificationService/Kafka/ConsumerSetup.cs index d73e37df..bf581df2 100644 --- a/backend/NotificationService/Kafka/ConsumerSetup.cs +++ b/backend/NotificationService/Kafka/ConsumerSetup.cs @@ -24,7 +24,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic SaslOauthbearerTokenEndpointUrl = config.KafkaCluster.SaslOauthbearerTokenEndpointUrl, SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc, SaslOauthbearerScope = config.KafkaCluster.Scope, - SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https, + SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None, SslCaLocation = config.KafkaCluster.SslCaLocation, SslCertificateLocation = config.KafkaCluster.SslCertificateLocation, SslKeyLocation = config.KafkaCluster.SslKeyLocation @@ -38,7 +38,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic SaslOauthbearerTokenEndpointUrl = config.KafkaCluster.SaslOauthbearerTokenEndpointUrl, SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc, SaslOauthbearerScope = config.KafkaCluster.Scope, - SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https, + SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None, SslCaLocation = config.KafkaCluster.SslCaLocation, SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId, SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret, diff --git a/backend/NotificationService/NotificationServiceConfiguration.cs b/backend/NotificationService/NotificationServiceConfiguration.cs index 941b4f96..27b57570 100644 --- a/backend/NotificationService/NotificationServiceConfiguration.cs +++ b/backend/NotificationService/NotificationServiceConfiguration.cs @@ -33,7 +33,7 @@ public class KafkaClusterConfiguration public string SslKeyLocation { get; set; } = string.Empty; public string Scope { get; set; } = "openid"; public string ConsumerGroupId { get; set; } = "jum-notification-consumer-group"; - + public string HostnameVerification { get; set; } = "Https"; } diff --git a/backend/edt.casemanagement/ConsumerSetup.cs b/backend/edt.casemanagement/ConsumerSetup.cs index 141d7d04..bbf6a314 100644 --- a/backend/edt.casemanagement/ConsumerSetup.cs +++ b/backend/edt.casemanagement/ConsumerSetup.cs @@ -32,7 +32,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc, SocketKeepaliveEnable = true, SaslOauthbearerScope = config.KafkaCluster.Scope, - SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https, + SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None, SslCaLocation = config.KafkaCluster.SslCaLocation, ConnectionsMaxIdleMs = 600000, SslCertificateLocation = config.KafkaCluster.SslCertificateLocation, @@ -49,7 +49,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic SaslOauthbearerScope = config.KafkaCluster.Scope, ClientId = Dns.GetHostName(), RequestTimeoutMs = 60000, - SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https, + SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None, SslCaLocation = config.KafkaCluster.SslCaLocation, SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId, SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret, diff --git a/backend/edt.casemanagement/EdtServiceConfiguration.cs b/backend/edt.casemanagement/EdtServiceConfiguration.cs index 55bb4daa..b836b760 100644 --- a/backend/edt.casemanagement/EdtServiceConfiguration.cs +++ b/backend/edt.casemanagement/EdtServiceConfiguration.cs @@ -106,6 +106,8 @@ public class KafkaClusterConfiguration : BaseKafkafiguration public string AckTopicName { get; set; } = string.Empty; public string ConsumerGroupId { get; set; } = "caseaccess-consumer-group"; public string RetryConsumerGroupId { get; set; } = "caseaccess-retry-consumer-group"; + public string HostnameVerification { get; set; } = "Https"; + } diff --git a/backend/edt.casemanagement/Kafka/ConsumerSetup.cs b/backend/edt.casemanagement/Kafka/ConsumerSetup.cs index 40b8f97e..1c8767fd 100644 --- a/backend/edt.casemanagement/Kafka/ConsumerSetup.cs +++ b/backend/edt.casemanagement/Kafka/ConsumerSetup.cs @@ -29,7 +29,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc, SocketKeepaliveEnable = true, SaslOauthbearerScope = config.KafkaCluster.Scope, - SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https, + SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None, SslCaLocation = config.KafkaCluster.SslCaLocation, ConnectionsMaxIdleMs = 600000, SslCertificateLocation = config.KafkaCluster.SslCertificateLocation, @@ -46,7 +46,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic SaslOauthbearerScope = config.KafkaCluster.Scope, ClientId = Dns.GetHostName(), RequestTimeoutMs = 60000, - SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https, + SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None, SslCaLocation = config.KafkaCluster.SslCaLocation, SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId, SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret, diff --git a/backend/edt.disclosure/EdtDisclosureServiceConfiguration.cs b/backend/edt.disclosure/EdtDisclosureServiceConfiguration.cs index ad143362..1ce61f56 100644 --- a/backend/edt.disclosure/EdtDisclosureServiceConfiguration.cs +++ b/backend/edt.disclosure/EdtDisclosureServiceConfiguration.cs @@ -120,6 +120,7 @@ public class KafkaClusterConfiguration public string ConsumerGroupId { get; set; } = "disclosure-consumer-group"; public string RetryConsumerGroupId { get; set; } = "disclosure-retry-consumer-group"; public string CoreFolioCreationNotificationTopic { get; set; } = string.Empty; + public string HostnameVerification { get; set; } = "Https"; } diff --git a/backend/edt.disclosure/Kafka/ConsumerSetup.cs b/backend/edt.disclosure/Kafka/ConsumerSetup.cs index adc9f62d..150fa109 100644 --- a/backend/edt.disclosure/Kafka/ConsumerSetup.cs +++ b/backend/edt.disclosure/Kafka/ConsumerSetup.cs @@ -35,7 +35,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc, SocketKeepaliveEnable = true, SaslOauthbearerScope = config.KafkaCluster.Scope, - SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https, + SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None, SslCaLocation = config.KafkaCluster.SslCaLocation, ConnectionsMaxIdleMs = 600000, SslCertificateLocation = config.KafkaCluster.SslCertificateLocation, @@ -52,7 +52,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic SaslOauthbearerScope = config.KafkaCluster.Scope, ClientId = Dns.GetHostName(), RequestTimeoutMs = 60000, - SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https, + SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None, SslCaLocation = config.KafkaCluster.SslCaLocation, SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId, SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret, diff --git a/backend/jumwebapi/Infrastructure/Auth/AuthenticationSetup.cs b/backend/jumwebapi/Infrastructure/Auth/AuthenticationSetup.cs index 9ddff518..8e2fee1a 100644 --- a/backend/jumwebapi/Infrastructure/Auth/AuthenticationSetup.cs +++ b/backend/jumwebapi/Infrastructure/Auth/AuthenticationSetup.cs @@ -1,3 +1,4 @@ +using System.IdentityModel.Tokens.Jwt; using Confluent.Kafka; using jumwebapi.Extensions; using jumwebapi.Kafka.Producer; @@ -6,7 +7,6 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.IdentityModel.Tokens; using Newtonsoft.Json; -using System.IdentityModel.Tokens.Jwt; namespace jumwebapi.Infrastructure.Auth { @@ -26,7 +26,7 @@ public static IServiceCollection AddKeycloakAuth(this IServiceCollection service SaslOauthbearerTokenEndpointUrl = config.KafkaCluster.SaslOauthbearerTokenEndpointUrl, SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc, SaslOauthbearerScope = config.KafkaCluster.Scope, - SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https, + SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None, SslCaLocation = config.KafkaCluster.SslCaLocation, SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId, SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret, @@ -62,7 +62,8 @@ public static IServiceCollection AddKeycloakAuth(this IServiceCollection service }; options.Events = new JwtBearerEvents { - OnTokenValidated = context => { + OnTokenValidated = context => + { return Task.CompletedTask; }, OnAuthenticationFailed = context => @@ -72,7 +73,7 @@ public static IServiceCollection AddKeycloakAuth(this IServiceCollection service context.NoResult(); context.Response.StatusCode = StatusCodes.Status401Unauthorized; context.Response.ContentType = "application/json"; - string response = + var response = JsonConvert.SerializeObject("The access token provided is not valid."); if (context.Exception.GetType() == typeof(SecurityTokenExpiredException)) { @@ -82,7 +83,7 @@ public static IServiceCollection AddKeycloakAuth(this IServiceCollection service } await context.Response.WriteAsync(response); }); - + //context.HandleResponse(); //context.Response.WriteAsync(response).Wait(); return Task.CompletedTask; diff --git a/backend/jumwebapi/jumwebapiConfiguration.cs b/backend/jumwebapi/jumwebapiConfiguration.cs index 84c75c08..bf54604f 100644 --- a/backend/jumwebapi/jumwebapiConfiguration.cs +++ b/backend/jumwebapi/jumwebapiConfiguration.cs @@ -65,6 +65,8 @@ public class KafkaClusterConfiguration public string SslCertificateLocation { get; set; } = string.Empty; public string SslKeyLocation { get; set; } = string.Empty; public string Scope { get; set; } = "openid"; + public string HostnameVerification { get; set; } = "Https"; + } public class JustinClientConfiguration { diff --git a/backend/service.edt/EdtServiceConfiguration.cs b/backend/service.edt/EdtServiceConfiguration.cs index 31cfcd14..1b12fb1d 100644 --- a/backend/service.edt/EdtServiceConfiguration.cs +++ b/backend/service.edt/EdtServiceConfiguration.cs @@ -119,6 +119,7 @@ public class KafkaClusterConfiguration public string ConsumerGroupId { get; set; } = "accessrequest-consumer-group"; public string RetryConsumerGroupId { get; set; } = "accessrequest-retry-consumer-group"; public string CoreFolioCreationNotificationTopic { get; set; } = string.Empty; + public string HostnameVerification { get; set; } = "Https"; } diff --git a/backend/service.edt/Kafka/ConsumerSetup.cs b/backend/service.edt/Kafka/ConsumerSetup.cs index 9e053bb4..4c7fd088 100644 --- a/backend/service.edt/Kafka/ConsumerSetup.cs +++ b/backend/service.edt/Kafka/ConsumerSetup.cs @@ -38,7 +38,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic ConnectionsMaxIdleMs = 2147483647, TopicMetadataRefreshIntervalMs = 10000, SaslOauthbearerScope = config.KafkaCluster.Scope, - SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https, + SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None, SslCaLocation = config.KafkaCluster.SslCaLocation, SslCertificateLocation = config.KafkaCluster.SslCertificateLocation, SslKeyLocation = config.KafkaCluster.SslKeyLocation @@ -54,7 +54,7 @@ public static IServiceCollection AddKafkaConsumer(this IServiceCollection servic SaslOauthbearerScope = config.KafkaCluster.Scope, ClientId = Dns.GetHostName(), RequestTimeoutMs = 60000, - SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https, + SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None, SslCaLocation = config.KafkaCluster.SslCaLocation, SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId, SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret, diff --git a/backend/webapi/Features/Admin/Kafka/Topics/TopicQuery.cs b/backend/webapi/Features/Admin/Kafka/Topics/TopicQuery.cs index de149123..9e289fb7 100644 --- a/backend/webapi/Features/Admin/Kafka/Topics/TopicQuery.cs +++ b/backend/webapi/Features/Admin/Kafka/Topics/TopicQuery.cs @@ -1,9 +1,8 @@ namespace Pidp.Features.Admin.Kafka.Topics; -using AutoMapper; -using Pidp.Features.Admin.Kafka.Models; using Confluent.Kafka; using Confluent.Kafka.Admin; +using Pidp.Features.Admin.Kafka.Models; public record TopicQuery(string? topicName) : IQuery>; @@ -35,7 +34,7 @@ public async Task> HandleAsync(TopicQuery query) SslCertificateLocation = this.configuration.KafkaCluster.SslCertificateLocation, SslCaLocation = this.configuration.KafkaCluster.SslCaLocation, SaslOauthbearerScope = this.configuration.KafkaCluster.Scope, - SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https, + SslEndpointIdentificationAlgorithm = (this.configuration.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None, SslKeyLocation = this.configuration.KafkaCluster.SslKeyLocation, SaslMechanism = SaslMechanism.OAuthBearer, SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc, diff --git a/backend/webapi/Infrastructure/HttpClients/HttpClientSetup.cs b/backend/webapi/Infrastructure/HttpClients/HttpClientSetup.cs index 4735e45b..8d72eeab 100644 --- a/backend/webapi/Infrastructure/HttpClients/HttpClientSetup.cs +++ b/backend/webapi/Infrastructure/HttpClients/HttpClientSetup.cs @@ -76,7 +76,7 @@ public static IServiceCollection AddHttpClients(this IServiceCollection services SaslOauthbearerTokenEndpointUrl = config.KafkaCluster.SaslOauthbearerTokenEndpointUrl, SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc, SaslOauthbearerScope = config.KafkaCluster.Scope, - SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https, + SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None, SslCaLocation = config.KafkaCluster.SslCaLocation, SslCertificateLocation = config.KafkaCluster.SslCertificateLocation, SslKeyLocation = config.KafkaCluster.SslKeyLocation, @@ -93,7 +93,7 @@ public static IServiceCollection AddHttpClients(this IServiceCollection services SaslOauthbearerMethod = SaslOauthbearerMethod.Oidc, SaslOauthbearerScope = config.KafkaCluster.Scope, ClientId = Dns.GetHostName(), - SslEndpointIdentificationAlgorithm = SslEndpointIdentificationAlgorithm.Https, + SslEndpointIdentificationAlgorithm = (config.KafkaCluster.HostnameVerification == SslEndpointIdentificationAlgorithm.Https.ToString()) ? SslEndpointIdentificationAlgorithm.Https : SslEndpointIdentificationAlgorithm.None, SslCaLocation = config.KafkaCluster.SslCaLocation, SaslOauthbearerClientId = config.KafkaCluster.SaslOauthbearerProducerClientId, SaslOauthbearerClientSecret = config.KafkaCluster.SaslOauthbearerProducerClientSecret, diff --git a/backend/webapi/PidpConfiguration.cs b/backend/webapi/PidpConfiguration.cs index 2d61dfba..f0db269f 100644 --- a/backend/webapi/PidpConfiguration.cs +++ b/backend/webapi/PidpConfiguration.cs @@ -135,6 +135,7 @@ public class KafkaClusterConfiguration public string ConsumerGroupId { get; set; } = "dems-notification-ack"; public string KafkaAdminClientId { get; set; } = string.Empty; public string KafkaAdminClientSecret { get; set; } = string.Empty; + public string HostnameVerification { get; set; } = "Https"; } public class JumClientConfiguration