From 76073b5cea8445f86a1b4a87071fb563ca36b037 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marko=20Ivan=C4=8Di=C4=87?= <marko.ivancic@srce.hr>
Date: Tue, 19 Nov 2024 15:57:52 +0100
Subject: [PATCH] WIP move to SSP UI

---
 public/assets/css/src/default.css             |  29 ++-
 routing/routes/routes.php                     |   2 +
 src/Admin/Authorization.php                   |  36 ++-
 src/Codebooks/RoutesEnum.php                  |   1 +
 src/Controllers/Admin/ClientController.php    |  60 ++++-
 src/Controllers/Admin/ConfigController.php    |  15 +-
 .../Federation/EntityStatementController.php  |   4 +-
 src/Factories/FederationFactory.php           |   2 +-
 src/Factories/JwksFactory.php                 |   2 +-
 src/Factories/TemplateFactory.php             |   2 +-
 src/ModuleConfig.php                          |   4 +-
 src/Utils/Routes.php                          |   9 +-
 templates/clients.twig                        | 104 ++++++++-
 templates/clients/show-ssp.twig               |  99 +++++++++
 templates/config/federation.twig              | 184 +++++++++-------
 templates/config/protocol.twig                | 205 +++++++++---------
 16 files changed, 555 insertions(+), 203 deletions(-)
 create mode 100644 templates/clients/show-ssp.twig

diff --git a/public/assets/css/src/default.css b/public/assets/css/src/default.css
index 60e5b651..612e4f20 100644
--- a/public/assets/css/src/default.css
+++ b/public/assets/css/src/default.css
@@ -70,10 +70,14 @@ h4 {
     background-color: #fff;
 }
 
-ul.config {
+ul.disc {
     list-style: disc outside none;
 }
 
+em {
+    font-style: italic;
+}
+
 /* Text colors */
 .black-text { color: black; }
 .red-text { color: red; }
@@ -85,3 +89,26 @@ ul.config {
 .cyan-text { color: cyan; }
 .lightcyan-text { color: lightcyan; }
 .white-text { color: white; }
+
+/* Button sizes */
+.button-small {
+    font-size: 75%;
+}
+
+/* Client Table */
+table.client-table {
+    width: 100%;
+}
+
+.client-col.col-info {
+    width: 79%;
+}
+
+.client-col.col-actions {
+    width: 21%;
+}
+
+.client-col.col-property {
+    width: 25%;
+    font-weight: bolder;
+}
diff --git a/routing/routes/routes.php b/routing/routes/routes.php
index 057f9faa..3bf3469a 100644
--- a/routing/routes/routes.php
+++ b/routing/routes/routes.php
@@ -41,6 +41,8 @@
 
     $routes->add(RoutesEnum::AdminClients->name, RoutesEnum::AdminClients->value)
         ->controller([ClientController::class, 'index']);
+    $routes->add(RoutesEnum::AdminClientsShow->name, RoutesEnum::AdminClientsShow->value)
+        ->controller([ClientController::class, 'show']);
 
     /*****************************************************************************************************************
      * OpenID Connect
diff --git a/src/Admin/Authorization.php b/src/Admin/Authorization.php
index dea36248..4a6c80d1 100644
--- a/src/Admin/Authorization.php
+++ b/src/Admin/Authorization.php
@@ -8,18 +8,25 @@
 use SimpleSAML\Locale\Translate;
 use SimpleSAML\Module\oidc\Bridges\SspBridge;
 use SimpleSAML\Module\oidc\Exceptions\AuthorizationException;
+use SimpleSAML\Module\oidc\Services\AuthContextService;
 
 class Authorization
 {
     public function __construct(
         protected readonly SspBridge $sspBridge,
+        protected readonly AuthContextService $authContextService,
     ) {
     }
 
+    public function isAdmin(): bool
+    {
+        return $this->sspBridge->utils()->auth()->isAdmin();
+    }
+
     /**
      * @throws \SimpleSAML\Module\oidc\Exceptions\AuthorizationException
      */
-    public function requireSspAdmin(bool $forceAdminAuthentication = false): void
+    public function requireAdmin(bool $forceAdminAuthentication = false): void
     {
         if ($forceAdminAuthentication) {
             try {
@@ -33,8 +40,33 @@ public function requireSspAdmin(bool $forceAdminAuthentication = false): void
             }
         }
 
-        if (! $this->sspBridge->utils()->auth()->isAdmin()) {
+        if (! $this->isAdmin()) {
             throw new AuthorizationException(Translate::noop('SimpleSAMLphp admin access required.'));
         }
     }
+
+    /**
+     * @throws \SimpleSAML\Module\oidc\Exceptions\AuthorizationException
+     */
+    public function requireAdminOrUserWithPermission(string $permission): void
+    {
+        if ($this->isAdmin()) {
+            return;
+        }
+
+        try {
+            $this->authContextService->requirePermission($permission);
+        } catch (Exception $exception) {
+            throw new AuthorizationException(
+                Translate::noop('User not authorized.'),
+                $exception->getCode(),
+                $exception,
+            );
+        }
+    }
+
+    public function getUserId(): string
+    {
+        return $this->authContextService->getAuthUserId();
+    }
 }
diff --git a/src/Codebooks/RoutesEnum.php b/src/Codebooks/RoutesEnum.php
index 46230586..76286aa0 100644
--- a/src/Codebooks/RoutesEnum.php
+++ b/src/Codebooks/RoutesEnum.php
@@ -18,6 +18,7 @@ enum RoutesEnum: string
     // Client management
 
     case AdminClients = 'admin/clients';
+    case AdminClientsShow = 'admin/clients/show';
 
     /*****************************************************************************************************************
      * OpenID Connect
diff --git a/src/Controllers/Admin/ClientController.php b/src/Controllers/Admin/ClientController.php
index 46c333b7..9b5d22e6 100644
--- a/src/Controllers/Admin/ClientController.php
+++ b/src/Controllers/Admin/ClientController.php
@@ -6,7 +6,13 @@
 
 use SimpleSAML\Module\oidc\Admin\Authorization;
 use SimpleSAML\Module\oidc\Codebooks\RoutesEnum;
+use SimpleSAML\Module\oidc\Entities\Interfaces\ClientEntityInterface;
+use SimpleSAML\Module\oidc\Exceptions\OidcException;
 use SimpleSAML\Module\oidc\Factories\TemplateFactory;
+use SimpleSAML\Module\oidc\Repositories\AllowedOriginRepository;
+use SimpleSAML\Module\oidc\Repositories\ClientRepository;
+use SimpleSAML\Module\oidc\Services\AuthContextService;
+use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 
 class ClientController
@@ -14,15 +20,63 @@ class ClientController
     public function __construct(
         protected readonly TemplateFactory $templateFactory,
         protected readonly Authorization $authorization,
+        protected readonly ClientRepository $clientRepository,
+        protected readonly AllowedOriginRepository $allowedOriginRepository,
     ) {
-        $this->authorization->requireSspAdmin(true);
+        $this->authorization->requireAdminOrUserWithPermission(AuthContextService::PERM_CLIENT);
     }
-    public function index(): Response
+
+    /**
+     * @throws \SimpleSAML\Module\oidc\Server\Exceptions\OidcServerException
+     * @throws \JsonException
+     * @throws \SimpleSAML\Module\oidc\Exceptions\OidcException
+     */
+    protected function getClientFromRequest(Request $request): ClientEntityInterface
     {
+        ($clientId = $request->query->getString('client_id'))
+        || throw new OidcException('Client ID not provided.');
+
+        $authedUserId = $this->authorization->isAdmin() ? null : $this->authorization->getUserId();
+
+        return $this->clientRepository->findById($clientId, $authedUserId) ??
+        throw new OidcException('Client not found.');
+    }
+
+    public function index(Request $request): Response
+    {
+        $page = $request->query->getInt('page', 1);
+        $query = $request->query->getString('q', '');
+        $authedUserId = $this->authorization->isAdmin() ? null : $this->authorization->getUserId();
+
+        $pagination = $this->clientRepository->findPaginated($page, $query, $authedUserId);
+
+
         return $this->templateFactory->build(
             'oidc:clients.twig',
             [
-                //
+                'clients' => $pagination['items'],
+                'numPages' => $pagination['numPages'],
+                'currentPage' => $pagination['currentPage'],
+                'query' => $query,
+            ],
+            RoutesEnum::AdminClients->value,
+        );
+    }
+
+    /**
+     * @throws \SimpleSAML\Module\oidc\Exceptions\OidcException
+     */
+    public function show(Request $request): Response
+    {
+        $client = $this->getClientFromRequest($request);
+        $allowedOrigins = $this->allowedOriginRepository->get($client->getIdentifier());
+
+        // TODO mivanci rename *-ssp.twig templates after removing old ones.
+        return $this->templateFactory->build(
+            'oidc:clients/show-ssp.twig',
+            [
+                'client' => $client,
+                'allowedOrigins' => $allowedOrigins,
             ],
             RoutesEnum::AdminClients->value,
         );
diff --git a/src/Controllers/Admin/ConfigController.php b/src/Controllers/Admin/ConfigController.php
index e8af2722..f87fde1c 100644
--- a/src/Controllers/Admin/ConfigController.php
+++ b/src/Controllers/Admin/ConfigController.php
@@ -11,6 +11,7 @@
 use SimpleSAML\Module\oidc\ModuleConfig;
 use SimpleSAML\Module\oidc\Services\DatabaseMigration;
 use SimpleSAML\Module\oidc\Services\SessionMessagesService;
+use SimpleSAML\OpenID\Federation;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\Response;
 
@@ -22,8 +23,9 @@ public function __construct(
         protected readonly Authorization $authorization,
         protected readonly DatabaseMigration $databaseMigration,
         protected readonly SessionMessagesService $sessionMessagesService,
+        protected readonly Federation $federation,
     ) {
-        $this->authorization->requireSspAdmin(true);
+        $this->authorization->requireAdmin(true);
     }
 
     public function migrations(): Response
@@ -65,10 +67,21 @@ public function protocolSettings(): Response
 
     public function federationSettings(): Response
     {
+        $trustMarks = null;
+        if (is_array($trustMarkTokens = $this->moduleConfig->getFederationTrustMarkTokens())) {
+            $trustMarks = array_map(
+                function (string $token): Federation\TrustMark {
+                    return $this->federation->trustMarkFactory()->fromToken($token);
+                },
+                $trustMarkTokens,
+            );
+        }
+
         return $this->templateFactory->build(
             'oidc:config/federation.twig',
             [
                 'moduleConfig' => $this->moduleConfig,
+                'trustMarks' => $trustMarks,
             ],
             RoutesEnum::AdminConfigFederation->value,
         );
diff --git a/src/Controllers/Federation/EntityStatementController.php b/src/Controllers/Federation/EntityStatementController.php
index 26470c54..5b2211ff 100644
--- a/src/Controllers/Federation/EntityStatementController.php
+++ b/src/Controllers/Federation/EntityStatementController.php
@@ -158,7 +158,7 @@ public function configuration(): Response
 
         $this->federationCache?->set(
             $entityConfigurationToken,
-            $this->moduleConfig->getFederationEntityStatementCacheDuration(),
+            $this->moduleConfig->getFederationEntityStatementCacheDurationForProduced(),
             self::KEY_OP_ENTITY_CONFIGURATION_STATEMENT,
             $this->moduleConfig->getIssuer(),
         );
@@ -253,7 +253,7 @@ public function fetch(Request $request): Response
 
         $this->federationCache?->set(
             $subordinateStatementToken,
-            $this->moduleConfig->getFederationEntityStatementCacheDuration(),
+            $this->moduleConfig->getFederationEntityStatementCacheDurationForProduced(),
             self::KEY_RP_SUBORDINATE_ENTITY_STATEMENT,
             $subject,
         );
diff --git a/src/Factories/FederationFactory.php b/src/Factories/FederationFactory.php
index 57d93562..96503899 100644
--- a/src/Factories/FederationFactory.php
+++ b/src/Factories/FederationFactory.php
@@ -40,7 +40,7 @@ public function build(): Federation
 
         return new Federation(
             supportedAlgorithms: $supportedAlgorithms,
-            maxCacheDuration: $this->moduleConfig->getFederationCacheMaxDuration(),
+            maxCacheDuration: $this->moduleConfig->getFederationCacheMaxDurationForFetched(),
             cache: $this->federationCache?->cache,
             logger: $this->loggerService,
         );
diff --git a/src/Factories/JwksFactory.php b/src/Factories/JwksFactory.php
index 42ecd6ec..5991e17e 100644
--- a/src/Factories/JwksFactory.php
+++ b/src/Factories/JwksFactory.php
@@ -35,7 +35,7 @@ public function build(): Jwks
 
         return new Jwks(
             supportedAlgorithms: $supportedAlgorithms,
-            maxCacheDuration: $this->moduleConfig->getFederationCacheMaxDuration(),
+            maxCacheDuration: $this->moduleConfig->getFederationCacheMaxDurationForFetched(),
             cache: $this->federationCache?->cache,
             logger: $this->loggerService,
         );
diff --git a/src/Factories/TemplateFactory.php b/src/Factories/TemplateFactory.php
index f2398afe..3213a771 100644
--- a/src/Factories/TemplateFactory.php
+++ b/src/Factories/TemplateFactory.php
@@ -111,7 +111,7 @@ protected function includeDefaultMenuItems(): void
         $this->oidcMenu->addItem(
             $this->oidcMenu->buildItem(
                 $this->moduleConfig->getModuleUrl(RoutesEnum::AdminClients->value),
-                Translate::noop('Clients'),
+                Translate::noop('Client Registry'),
             ),
         );
     }
diff --git a/src/ModuleConfig.php b/src/ModuleConfig.php
index 36a9a9bf..6196ddb2 100644
--- a/src/ModuleConfig.php
+++ b/src/ModuleConfig.php
@@ -534,7 +534,7 @@ public function getFederationEntityStatementDuration(): DateInterval
     /**
      * @throws \Exception
      */
-    public function getFederationEntityStatementCacheDuration(): DateInterval
+    public function getFederationEntityStatementCacheDurationForProduced(): DateInterval
     {
         return new DateInterval(
             $this->config()->getOptionalString(
@@ -614,7 +614,7 @@ public function getFederationCacheAdapterArguments(): array
         return $this->config()->getOptionalArray(self::OPTION_FEDERATION_CACHE_ADAPTER_ARGUMENTS, []);
     }
 
-    public function getFederationCacheMaxDuration(): DateInterval
+    public function getFederationCacheMaxDurationForFetched(): DateInterval
     {
         return new DateInterval(
             $this->config()->getOptionalString(self::OPTION_FEDERATION_CACHE_MAX_DURATION_FOR_FETCHED, 'PT6H'),
diff --git a/src/Utils/Routes.php b/src/Utils/Routes.php
index e49c19bb..a75d2f80 100644
--- a/src/Utils/Routes.php
+++ b/src/Utils/Routes.php
@@ -23,7 +23,6 @@ public function getModuleUrl(string $resource = '', array $parameters = []): str
         return $this->sspBridge->module()->getModuleUrl($resource, $parameters);
     }
 
-
     /*****************************************************************************************************************
      * Admin area
      ****************************************************************************************************************/
@@ -52,7 +51,13 @@ public function urlAdminMigrationsRun(array $parameters = []): string
 
     public function urlAdminClients(array $parameters = []): string
     {
-        return $this->getModuleUrl(RoutesEnum::AdminMigrationsRun->value, $parameters);
+        return $this->getModuleUrl(RoutesEnum::AdminClients->value, $parameters);
+    }
+
+    public function urlAdminClientsShow(string $clientId, array $parameters = []): string
+    {
+        $parameters['client_id'] = $clientId;
+        return $this->getModuleUrl(RoutesEnum::AdminClientsShow->value, $parameters);
     }
 
     /*****************************************************************************************************************
diff --git a/templates/clients.twig b/templates/clients.twig
index 20c5957a..c071e7a2 100644
--- a/templates/clients.twig
+++ b/templates/clients.twig
@@ -1,9 +1,109 @@
-{% set subPageTitle = 'Clients'|trans %}
+{% set subPageTitle = 'Client Registry'|trans %}
 
 {% extends "@oidc/base.twig" %}
 
 {% block oidcContent %}
 
-// TODO mivanci
+    <div class="pure-g">
+        <div class="pure-u-1-2">
+            <div class="">
+                <form class="pure-form" method="get" action="{{ routes.urlAdminClients }}">
+                    <label>
+                        <input type="text"
+                               class="pure-input"
+                               name="q"
+                               placeholder="Search"
+                               value="{{ query|default }}"
+                        />
+                    </label>
+                    <a class="pure-button" href="{{ routes.urlAdminClients }}">Reset</a>
+                </form>
+            </div>
+        </div>
+        <div class="pure-u-1-2">
+            <div class="right">
+                <a class="pure-button " href="{{ routes.urlAdminClients }}">
+                    <i class="fa fa-plus green-text"></i>
+                    {{ 'Add Client'|trans }}
+                </a>
+            </div>
+        </div>
+    </div>
+
+    <br>
+    {% if clients is empty %}
+        <p>
+            {{ 'No clients registered.'|trans }}
+        </p>
+    {% else %}
+    <div class="">
+        <table class="pure-table pure-table-striped client-table">
+            <colgroup>
+                <col class="client-col col-info">
+                <col class="client-col col-actions">
+            </colgroup>
+            <tbody>
+            {% for client in clients %}
+            <tr class="">
+                <td>
+                    <i class="fa {{ client.enabled ? 'fa-check green-text' : 'fa-ban red-text'}}"
+                       title="{{ client.enabled ? 'enabled'|trans : 'disabled'|trans }}"></i>
+                    {{ client.name }}
+                    <br>
+                    <small>{{ client.description }}</small>
+                    <br>
+                    <small>
+                        {{ 'Registration:'|trans }} {{ client.registrationType.description }} |
+                        {{ 'Created at:'|trans }} {{ client.createdAt ? client.createdAt|date() : 'n/a' }} |
+                        {{ 'Updated at:'|trans }} {{ client.updatedAt ? client.updatedAt|date() : 'n/a' }} |
+                        {{ 'Expires at:'|trans }} {{ client.expiresAt ? client.expiresAt|date() : 'never' }}
+                    </small>
+                </td>
+                <td>
+                    <div class="pure-button-group button-small" role="group" aria-label="Actions">
+                        <a class="pure-button" href="{{ routes.urlAdminClientsShow(client.getIdentifier) }}">
+                            <i class="fa fa-eye"></i>
+                        </a>
+                        <a class="pure-button" href="#">
+                            <i class="fa fa-pen-to-square"></i>
+                        </a>
+                        <a class="pure-button" href="#">
+                            <i class="fa fa-trash-can"></i>
+                        </a>
+                    </div>
+                </td>
+            </tr>
+            {% endfor %}
+            </tbody>
+        </table>
+
+        <br>
+        <div class="">
+            <div class="pure-button-group" role="group" aria-label="Actions">
+                <a class="pure-button"
+                   href="{{ routes.urlAdminClients }}?{{ {page: currentPage - 1, q: query} | url_encode }}"
+                   {{ currentPage == 1 ? 'disabled' }}
+                >
+                    <i class="fa fa-chevron-left"></i>
+                </a>
+                {% for i in range(1, numPages) %}
+                    <a class="pure-button {{ currentPage == i ? 'pure-button-active' }}"
+                       {{ currentPage == i ? 'disabled' }}
+                       href="{{ routes.urlAdminClients }}?{{ {page: i, q: query} | url_encode }}">
+                        {{ i }}
+                    </a>
+                {% endfor %}
+                <a class="pure-button"
+                   {{ currentPage == numPages ? 'disabled' }}
+                   href="{{ routes.urlAdminClients }}?{{ {page: currentPage + 1, q: query} | url_encode }}">
+                    <i class="fa fa-chevron-right"></i>
+                </a>
+            </div>
+
+
+
+        </div>
+    </div>
+    {% endif %}
 
 {% endblock oidcContent -%}
diff --git a/templates/clients/show-ssp.twig b/templates/clients/show-ssp.twig
new file mode 100644
index 00000000..9673b222
--- /dev/null
+++ b/templates/clients/show-ssp.twig
@@ -0,0 +1,99 @@
+{% set subPageTitle = 'Client '|trans ~ client.getIdentifier %}
+
+{% extends "@oidc/base.twig" %}
+
+{% block oidcContent %}
+
+    <div class="pure-g">
+        <div class="pure-u-1-2">
+            <span class="{{ client.enabled ? 'green-text' : 'red-text'}}">
+            <i class="fa {{ client.enabled ? 'fa-check' : 'fa-ban'}}"></i>
+                {{ client.enabled ? 'enabled'|trans : 'disabled'|trans }}
+            </span>
+        </div>
+        <div class="pure-u-1-2">
+            <div class="right">
+                <a class="pure-button " href="{{ routes.urlAdminClients }}">
+                    <i class="fa fa-chevron-left"></i>
+                    {{ 'Back'|trans }}
+                </a>
+            </div>
+        </div>
+    </div>
+
+    <div class="">
+        {{ 'Registration:'|trans }} {{ client.registrationType.description }} |
+        {{ 'Created at:'|trans }} {{ client.createdAt ? client.createdAt|date() : 'n/a' }} |
+        {{ 'Updated at:'|trans }} {{ client.updatedAt ? client.updatedAt|date() : 'n/a' }} |
+        {{ 'Expires at:'|trans }} {{ client.expiresAt ? client.expiresAt|date() : 'never' }}
+    </div>
+
+    <br>
+    <div class="">
+        <table class="pure-table pure-table-striped client-table">
+            <colgroup>
+                <col class="">
+                <col class="">
+            </colgroup>
+            <tbody>
+            <tr>
+                <td class="client-col col-property">
+                    {{ 'Name and description'|trans }}
+                </td>
+                <td>
+                    {{ client.name }} <br>
+                    <small>{{ client.description }}</small>
+                </td>
+            </tr>
+            <tr>
+                <td class="client-col col-property">
+
+                </td>
+                <td>
+
+                </td>
+            </tr>
+            <tr>
+                <td class="client-col col-property">
+
+                </td>
+                <td>
+
+                </td>
+            </tr>
+            <tr>
+                <td class="client-col col-property">
+
+                </td>
+                <td>
+
+                </td>
+            </tr>
+            <tr>
+                <td class="client-col col-property">
+
+                </td>
+                <td>
+
+                </td>
+            </tr>
+            <tr>
+                <td class="client-col col-property">
+
+                </td>
+                <td>
+
+                </td>
+            </tr>
+            <tr>
+                <td class="client-col col-property">
+
+                </td>
+                <td>
+
+                </td>
+            </tr>
+            </tbody>
+        </table>
+    </div>
+{% endblock oidcContent -%}
diff --git a/templates/config/federation.twig b/templates/config/federation.twig
index 0ad2a67a..51a0d116 100644
--- a/templates/config/federation.twig
+++ b/templates/config/federation.twig
@@ -3,87 +3,117 @@
 {% extends "@oidc/base.twig" %}
 
 {% block oidcContent %}
+    <p>
+        {{ 'Federation Enabled'|trans }}:
+        {{ moduleConfig.getFederationEnabled ? 'Yes'|trans : 'No'|trans }}
+    </p>
+
+    <h4>{{ 'Entity'|trans }}</h4>
+    <p>
+        {{ 'Configuration URL'|trans }}:
+        <a href="{{ routes.urlFederationConfiguration }}" target="_blank">{{ routes.urlFederationConfiguration }}</a>
+    </p>
+    <p>
+        {{ 'Issuer'|trans }}: {{ moduleConfig.getIssuer }}
+        <br>
+        {{ 'Organization Name'|trans }}: {{ moduleConfig.getOrganizationName }}
+        <br>
+        {{ 'Logo URI'|trans }}:
+        <a href="{{ moduleConfig.getLogoUri }}" target="_blank">{{ moduleConfig.getLogoUri }}</a>
+        <br>
+        {{ 'Policy URI'|trans }}:
+        <a href="{{ moduleConfig.getPolicyUri }}" target="_blank">{{ moduleConfig.getPolicyUri }}</a>
+        <br>
+        {{ 'Homepage URI'|trans }}:
+        <a href="{{ moduleConfig.getHomepageUri }}" target="_blank">{{ moduleConfig.getHomepageUri }}</a>
+        <br>
+        {{ 'Contacts'|trans }}:
+        {% if moduleConfig.getContacts is not empty %}
+            {% for contact in moduleConfig.getContacts %}
+                <br>
+                - {{ contact }}
+            {% endfor %}
+        {% else %}
+            {{ 'N/A'|trans }}
+        {% endif %}
+    </p>
+    <p>
+        {{ 'Entity Statement Duration'|trans }}:
+        {{ moduleConfig.getFederationEntityStatementDuration|date("%mm %dd %hh %i' %s''") }}
+    </p>
 
-    <table class="table pure-table pure-table-bordered ">
-        <thead>
-        <tr>
-            <th>{{ 'Setting'|trans }}</th>
-            <th>{{ 'Value'|trans }}</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr>
-            <td>{{ 'Federation Enabled'|trans }}</td>
-            <td> {{ moduleConfig.getFederationEnabled ? 'Yes'|trans : 'No'|trans }}</td>
-        </tr>
-        <tr>
-            <td>{{ 'Trust Anchors'|trans }}</td>
-            <td>
-                // TODO mivanci
-            </td>
-        </tr>
-        <tr>
-            <td>{{ 'Authority Hints'|trans }}</td>
-            <td>
-                // TODO mivanci
-            </td>
-        </tr>
-        <tr>
-            <td>{{ 'Trust Marks'|trans }}</td>
-            <td>
-                // TODO mivanci
-            </td>
-        </tr>
-        <tr>
-            <td>{{ 'Signing Algorithm'|trans }}</td>
-            <td>
-                // TODO mivanci
-            </td>
-        </tr>
-        <tr>
-            <td>{{ 'PKI'|trans }}</td>
-            <td>
-                // TODO mivanci
-            </td>
-        </tr>
-        <tr>
-            <td>{{ 'Entity Statement Duration'|trans }}</td>
-            <td>
-                // TODO mivanci
-            </td>
-        </tr>
-        <tr>
-            <td>{{ 'Cache Adapter'|trans }}</td>
-            <td>
-                // TODO mivanci
-            </td>
-        </tr>
-        <tr>
-            <td>{{ 'Maximum Cache Duration For Fetched Artifacts'|trans }}</td>
-            <td>
-                // TODO mivanci
-            </td>
-        </tr>
-        <tr>
-            <td>{{ 'Cache Duration For Produced Artifacts'|trans }}</td>
-            <td>
-                // TODO mivanci
-            </td>
-        </tr>
-        <tr>
-            <td>{{ 'Common Federation Entity Parameters'|trans }}</td>
-            <td>
-                // TODO mivanci
-            </td>
-        </tr>
+    <h4>{{ 'PKI'|trans }}</h4>
+    <p>
+        {{ 'Private Key'|trans }}: {{ moduleConfig.getFederationPrivateKeyPath }}
+        <br>
+        {{ 'Private Key Password Set'|trans }}:
+        {{ moduleConfig.getFederationPrivateKeyPassPhrase ? 'Yes'|trans : 'No'|trans }}
+        <br>
+        {{ 'Public Key'|trans }}: {{ moduleConfig.getFederationCertPath }}
+    </p>
+    <p>
+        {{ 'Signing Algorithm'|trans }}: {{ moduleConfig.getFederationSigner.algorithmId }}
+    </p>
 
-        </tbody>
-    </table>
+    <h4>{{ 'Trust Anchors'|trans }}</h4>
+    {% if moduleConfig.getFederationTrustAnchors is not empty %}
+        {% for trustAnchorId, jwks in moduleConfig.getFederationTrustAnchors %}
+            <p>
+                - {{ trustAnchorId }}
+                <br>
+                {{ 'JWKS'|trans }}:
+                {% if jwks|default is not empty %}
+                    <code class="code-box code-box-content">
+                        {{- jwks|json_encode(constant('JSON_PRETTY_PRINT')) -}}
+                    </code>
+                {% else %}
+                    {{ 'N/A'|trans }}
+                {% endif %}
+            </p>
+        {% endfor %}
+    {% else %}
+        <p>{{ 'N/A'|trans }}</p>
+    {% endif %}
 
-    <br>
-    <h4>{{ 'Entity Configuration URL'|trans }}</h4>
+    <h4>{{ 'Authority Hints'|trans }}</h4>
     <p>
-        <a href="{{ routes.urlFederationConfiguration }}" target="_blank">{{ routes.urlFederationConfiguration }}</a>
+    {% if moduleConfig.getFederationAuthorityHints|default is not empty %}
+            {% for authorityHint in moduleConfig.getFederationAuthorityHints %}
+                {% if not loop.first %}
+                <br>
+                {% endif %}
+                - {{ authorityHint }}
+            {% endfor %}
+    {% else %}
+        {{ 'N/A'|trans }}
+    {% endif %}
+    </p>
+
+    <h4>{{ 'Trust Marks'|trans }}</h4>
+    {% if trustMarks|default is not empty %}
+        {% for trustMark in trustMarks %}
+            <p>
+                - {{ trustMark.getPayload.id }}
+                <code class="code-box code-box-content">
+                    {{- trustMark.getPayload|json_encode(constant('JSON_PRETTY_PRINT') b-or constant('JSON_UNESCAPED_SLASHES')) -}}
+                </code>
+            </p>
+        {% endfor %}
+    {% else %}
+        <p>{{ 'N/A'|trans }}</p>
+    {% endif %}
+
+    <h4>{{ 'Cache'|trans }}</h4>
+    <p>
+        {{ 'Cache Adapter'|trans }}:
+        {{ moduleConfig.getFederationCacheAdapterClass|default('N/A'|trans) }}
+        <br>
+        {{ 'Maximum Cache Duration For Fetched Artifacts'|trans }}:
+        {{ moduleConfig.getFederationCacheMaxDurationForFetched|date("%mm %dd %hh %i' %s''") }}
+        <br>
+        {{ 'Cache Duration For Produced Artifacts'|trans }}:
+        {{ moduleConfig.getFederationEntityStatementCacheDurationForProduced|date("%mm %dd %hh %i' %s''") }}
+
     </p>
 
 {% endblock oidcContent -%}
diff --git a/templates/config/protocol.twig b/templates/config/protocol.twig
index d550af2f..1c5c1a1c 100644
--- a/templates/config/protocol.twig
+++ b/templates/config/protocol.twig
@@ -4,118 +4,107 @@
 
 {% block oidcContent %}
 
-    <table class="table pure-table pure-table-bordered ">
-        <thead>
-        <tr>
-            <th>{{ 'Setting'|trans }}</th>
-            <th>{{ 'Value'|trans }}</th>
-        </tr>
-        </thead>
-        <tbody>
-            <tr>
-                <td>{{ 'Issuer'|trans }}</td>
-                <td> {{ moduleConfig.getIssuer }}</td>
-            </tr>
-            <tr>
-                <td>{{ 'Tokens Time-To-Live'|trans }}</td>
-                <td>
-                    <ul class="config">
-                        <li>
-                            {{ 'Authorization Code:'|trans }}
-                            {{ moduleConfig.getAuthCodeDuration|date("%mm %dd %hh %i' %s''") }}
-                        </li>
-                        <li>
-                            {{ 'Access Token:'|trans }}
-                            {{ moduleConfig.getAccessTokenDuration|date("%mm %dd %hh %i' %s''") }}
-                        </li>
-                        <li>
-                            {{ 'Refresh Token:'|trans }}
-                            {{ moduleConfig.getRefreshTokenDuration|date("%mm %dd %hh %i' %s''") }}
-                        </li>
-                    </ul>
+    <h4>{{ 'Entity'|trans }}</h4>
+    <p>
+        {{ 'Discovery URL'|trans }}:
+        <a href="{{ routes.urlConfiguration }}" target="_blank">{{ routes.urlConfiguration }}</a>
+    </p>
+    <p>
+        {{ 'Issuer'|trans }}: {{ moduleConfig.getIssuer }}
+    </p>
 
-                </td>
-            </tr>
-            <tr>
-                <td>{{ 'Default Authentication Source'|trans }}</td>
-                <td> {{ moduleConfig.getDefaultAuthSourceId }}</td>
-            </tr>
-            <tr>
-                <td>{{ 'User Identifier Attribute'|trans }}</td>
-                <td> {{ moduleConfig.getUserIdentifierAttribute }}</td>
-            </tr>
-            <tr>
-                <td>{{ 'Signing Algorithm'|trans }}</td>
-                <td> {{ moduleConfig.getProtocolSigner.algorithmId }}</td>
-            </tr>
-            <tr>
-                <td>{{ 'PKI'|trans }}</td>
-                <td>
-                    <ul class="config">
-                        <li>Private Key: {{ moduleConfig.getProtocolPrivateKeyPath }}</li>
-                        <li>
-                            Private Key Password Set:
-                            {{ moduleConfig.getProtocolPrivateKeyPassPhrase ? 'Yes'|trans : 'No'|trans }}
-                        </li>
-                        <li>
-                            {{ 'Public Key:'|trans }}
-                            {{ moduleConfig.getProtocolCertPath }}
-                        </li>
-                    </ul>
+    <h4>{{ 'Tokens Time-To-Live (TTL)'|trans }}</h4>
+    <p>
+        {{ 'Authorization Code'|trans }}:
+        {{ moduleConfig.getAuthCodeDuration|date("%mm %dd %hh %i' %s''") }}
+        <br>
+        {{ 'Access Token'|trans }}:
+        {{ moduleConfig.getAccessTokenDuration|date("%mm %dd %hh %i' %s''") }}
+        <br>
+        {{ 'Refresh Token'|trans }}:
+        {{ moduleConfig.getRefreshTokenDuration|date("%mm %dd %hh %i' %s''") }}
+    </p>
 
-                </td>
-            </tr>
-            <tr>
-                <td>{{ 'Supported ACRs'|trans }}</td>
-                <td>
-                    {% if moduleConfig.getAcrValuesSupported is not empty %}
-                        <ul class="config">
-                        {% for acr in moduleConfig.getAcrValuesSupported %}
-                            <li>{{ acr }}</li>
-                        {% endfor %}
-                        </ul>
-                    {% else %}
-                        {{ 'None defined'|trans }}
-                    {% endif %}
-                </td>
-            </tr>
-            <tr>
-                <td>{{ 'Authentication Sources to ACRs Map'|trans }}</td>
-                <td>
-                    // TODO mivanci
-                </td>
-            </tr>
-            <tr>
-                <td>{{ 'Scopes'|trans }}</td>
-                <td>
-                    // TODO mivanci
-                </td>
-            </tr>
-            <tr>
-                <td>{{ 'Authentication Processing Filters'|trans }}</td>
-                <td>
-                    // TODO mivanci
-                </td>
-            </tr>
-            <tr>
-                <td>{{ 'Protocol Cache Adapter'|trans }}</td>
-                <td>
-                    // TODO mivanci
-                </td>
-            </tr>
-            <tr>
-                <td>{{ 'User Entity Cache Duration'|trans }}</td>
-                <td>
-                    // TODO mivanci
-                </td>
-            </tr>
-        </tbody>
-    </table>
+    <h4>{{ 'PKI'|trans }}</h4>
+    <p>
+        {{ 'Private Key'|trans }}: {{ moduleConfig.getProtocolPrivateKeyPath }}
+        <br>
+        {{ 'Private Key Password Set'|trans }}:
+        {{ moduleConfig.getProtocolPrivateKeyPassPhrase ? 'Yes'|trans : 'No'|trans }}
+        <br>
+        {{ 'Public Key'|trans }}: {{ moduleConfig.getProtocolCertPath }}
+    </p>
+    <p>
+        {{ 'Signing Algorithm'|trans }}: {{ moduleConfig.getProtocolSigner.algorithmId }}
+    </p>
 
-    <br>
-    <h4>{{ 'Discovery URL'|trans }}</h4>
+    <h4>{{ 'Authentication'|trans }}</h4>
     <p>
-        <a href="{{ routes.urlConfiguration }}" target="_blank">{{ routes.urlConfiguration }}</a>
+        {{ 'Default Authentication Source'|trans }}: {{ moduleConfig.getDefaultAuthSourceId }}
+        <br>
+        {{ 'User Identifier Attribute'|trans }}: {{ moduleConfig.getUserIdentifierAttribute }}
+    </p>
+    <p>
+        {{ 'Authentication Processing Filters'|trans }}:
+        {% if moduleConfig.getAuthProcFilters is not empty %}
+            {% for authproc in moduleConfig.getAuthProcFilters %}
+                <br>
+                - {{ authproc.class|default('[class-not-set]') }}
+            {% endfor %}
+        {% else %}
+            {{ 'N/A'|trans }}
+        {% endif %}
+    </p>
+
+    <h4>{{ 'Authentication Context Class References (ACRs)'|trans }}</h4>
+    <p>
+        {{ 'Supported ACRs'|trans }}:
+        {% if moduleConfig.getAcrValuesSupported is not empty %}
+            {% for acr in moduleConfig.getAcrValuesSupported %}
+                <br>
+                - {{ acr }}
+            {% endfor %}
+        {% else %}
+            {{ 'N/A'|trans }}
+        {% endif %}
+
+    </p>
+    <p>
+        {{ 'Authentication Sources to ACRs Map'|trans }}:
+        {% if moduleConfig.getAuthSourcesToAcrValuesMap is not empty %}
+            {% for authsource, acrs in moduleConfig.getAuthSourcesToAcrValuesMap %}
+                <br>
+                - {{ authsource }}:
+                {% for acr in acrs %}
+                    {{ acr }}{{ loop.last ? '' : ',' }}
+                {% endfor %}
+            {% endfor %}
+        {% else %}
+            {{ 'N/A'|trans }}
+        {% endif %}
+    </p>
+    <p>
+        {{ 'Forced ACR For Cookie Authentication'|trans }}:
+        {{ moduleConfig.getForcedAcrValueForCookieAuthentication|default('N/A'|trans) }}
     </p>
 
+
+    <h4>{{ 'Scopes'|trans }}</h4>
+    <p>
+        {% for scope, claims in moduleConfig.getScopes %}
+            {{ scope }}{{ loop.last ? '' : ', ' }}
+            {# TODO mivanci Add claims or extract scopes to sepparate page. #}
+        {% endfor %}
+    </p>
+
+    <h4>{{ 'Cache'|trans }}</h4>
+    <p>
+        {{ 'Cache Adapter'|trans }}:
+        {{ moduleConfig.getProtocolCacheAdapterClass|default('N/A'|trans) }}
+        <br>
+        {{ 'User Entity Cache Duration'|trans }}:
+        {{ moduleConfig.getProtocolUserEntityCacheDuration|date("%mm %dd %hh %i' %s''") }}
+    </p>
+
+
 {% endblock oidcContent -%}