diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
index b75074958..0727daf12 100644
--- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
+++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
@@ -144,7 +144,7 @@
create-session="stateless"
authentication-manager-ref="clientAuthenticationManager">
-
+
@@ -157,7 +157,7 @@
create-session="stateless"
authentication-manager-ref="clientAuthenticationManager">
-
+
@@ -170,6 +170,10 @@
+
+
+
+
diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/endpoint-config.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/endpoint-config.xml
new file mode 100644
index 000000000..6f3e96f07
--- /dev/null
+++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/endpoint-config.xml
@@ -0,0 +1,35 @@
+
+
+
+
+
+
+
+
diff --git a/uma-server-webapp/src/main/resources/db/hsql/scopes.sql b/uma-server-webapp/src/main/resources/db/hsql/scopes.sql
index 9b0446af5..c3ea0b113 100755
--- a/uma-server-webapp/src/main/resources/db/hsql/scopes.sql
+++ b/uma-server-webapp/src/main/resources/db/hsql/scopes.sql
@@ -10,25 +10,25 @@ START TRANSACTION;
-- Insert scope information into the temporary tables.
--
-INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
- ('openid', 'log in using your identity', 'user', false, true, false, null),
- ('profile', 'basic profile information', 'list-alt', false, true, false, null),
- ('email', 'email address', 'envelope', false, true, false, null),
- ('address', 'physical address', 'home', false, true, false, null),
- ('phone', 'telephone number', 'bell', false, true, false, null),
- ('offline_access', 'offline access', 'time', false, false, false, null),
- ('uma_protection', 'manage protected resources', 'briefcase', false, false, false, null),
- ('uma_authorization', 'request access to protected resources', 'share', false, false, false, null);
+INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
+ ('openid', 'log in using your identity', 'user', false, true),
+ ('profile', 'basic profile information', 'list-alt', false, true),
+ ('email', 'email address', 'envelope', false, true),
+ ('address', 'physical address', 'home', false, true),
+ ('phone', 'telephone number', 'bell', false, true),
+ ('offline_access', 'offline access', 'time', false, false),
+ ('uma_protection', 'manage protected resources', 'briefcase', false, false),
+ ('uma_authorization', 'request access to protected resources', 'share', false, false);
--
-- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
--
MERGE INTO system_scope
- USING (SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP) AS vals(scope, description, icon, restricted, default_scope, structured, structured_param_description)
+ USING (SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP) AS vals(scope, description, icon, restricted, default_scope)
ON vals.scope = system_scope.scope
WHEN NOT MATCHED THEN
- INSERT (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES(vals.scope, vals.description, vals.icon, vals.restricted, vals.default_scope, vals.structured, vals.structured_param_description);
+ INSERT (scope, description, icon, restricted, default_scope) VALUES(vals.scope, vals.description, vals.icon, vals.restricted, vals.default_scope);
COMMIT;
diff --git a/uma-server-webapp/src/main/webapp/WEB-INF/application-context.xml b/uma-server-webapp/src/main/webapp/WEB-INF/application-context.xml
deleted file mode 100644
index fe2f28a3d..000000000
--- a/uma-server-webapp/src/main/webapp/WEB-INF/application-context.xml
+++ /dev/null
@@ -1,282 +0,0 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- /introspect
- /revoke
- /token
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
diff --git a/uma-server-webapp/src/main/webapp/WEB-INF/endpoint-config.xml b/uma-server-webapp/src/main/webapp/WEB-INF/endpoint-config.xml
new file mode 100644
index 000000000..dc4cb15cf
--- /dev/null
+++ b/uma-server-webapp/src/main/webapp/WEB-INF/endpoint-config.xml
@@ -0,0 +1,54 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/uma-server-webapp/src/main/webapp/WEB-INF/server-config.xml b/uma-server-webapp/src/main/webapp/WEB-INF/server-config.xml
index afaadc309..f4ea0603b 100644
--- a/uma-server-webapp/src/main/webapp/WEB-INF/server-config.xml
+++ b/uma-server-webapp/src/main/webapp/WEB-INF/server-config.xml
@@ -43,7 +43,7 @@
-
+
@@ -56,6 +56,14 @@
messages
+
+
+
+
+
+
+
diff --git a/uma-server-webapp/src/main/webapp/resources/js/admin.js b/uma-server-webapp/src/main/webapp/resources/js/admin.js
index 0020d3dc6..c21e3a143 100644
--- a/uma-server-webapp/src/main/webapp/resources/js/admin.js
+++ b/uma-server-webapp/src/main/webapp/resources/js/admin.js
@@ -94,22 +94,7 @@ var ListWidgetChildView = Backbone.View.extend({
this.model.destroy({
dataType: false, processData: false,
- error:function (error, response) {
- console.log("An error occurred when deleting from a list widget");
-
- //Pull out the response text.
- var responseJson = JSON.parse(response.responseText);
-
- //Display an alert with an error message
- $('#modalAlert div.modal-header').html(responseJson.error);
- $('#modalAlert div.modal-body').html(responseJson.error_description);
-
- $("#modalAlert").modal({ // wire up the actual modal functionality and show the dialog
- "backdrop" : "static",
- "keyboard" : true,
- "show" : true // ensure the modal is shown immediately
- });
- }
+ error:app.errorHandlerView.handleError()
});
},
@@ -390,14 +375,14 @@ var ErrorHandlerView = Backbone.View.extend({
message = {};
}
- if (message.log) {
- console.log(message.log);
- }
-
var _self = this;
return function(model, response, options) {
-
+
+ if (message.log) {
+ console.log(message.log);
+ }
+
_self.showErrorMessage(
_self.headerTemplate({message: message, model: model, response: response, options: options}),
_self.template({message: message, model: model, response: response, options: options})
@@ -406,8 +391,8 @@ var ErrorHandlerView = Backbone.View.extend({
$('#modalAlert .modal-body .page-reload').on('click', _self.reloadPage);
}
- },
-
+ },
+
showErrorMessage:function(header, message) {
// hide the sheet if it's visible
$('#loadingbox').sheet('hide');
@@ -554,21 +539,42 @@ var AppRouter = Backbone.Router.extend({
contacts.push(userInfo.email);
}
- client.set({
- tokenEndpointAuthMethod: "SECRET_BASIC",
- generateClientSecret:true,
- displayClientSecret:false,
- requireAuthTime:true,
- defaultMaxAge:60000,
- scope: _.uniq(_.flatten(app.systemScopeList.defaultScopes().pluck("value"))),
- accessTokenValiditySeconds:3600,
- idTokenValiditySeconds:600,
- grantTypes: ["authorization_code"],
- responseTypes: ["code"],
- subjectType: "PUBLIC",
- jwksType: "URI",
- contacts: contacts
- }, { silent: true });
+ // use a different set of defaults based on heart mode flag
+ if (heartMode) {
+ client.set({
+ tokenEndpointAuthMethod: "PRIVATE_KEY",
+ generateClientSecret:false,
+ displayClientSecret:false,
+ requireAuthTime:true,
+ defaultMaxAge:60000,
+ scope: _.uniq(_.flatten(app.systemScopeList.defaultScopes().pluck("value"))),
+ accessTokenValiditySeconds:3600,
+ refreshTokenValiditySeconds:24*3600,
+ idTokenValiditySeconds:300,
+ grantTypes: ["authorization_code"],
+ responseTypes: ["code"],
+ subjectType: "PUBLIC",
+ jwksType: "URI",
+ contacts: contacts
+ }, { silent: true });
+ } else {
+ // set up this new client to require a secret and have us autogenerate one
+ client.set({
+ tokenEndpointAuthMethod: "SECRET_BASIC",
+ generateClientSecret:true,
+ displayClientSecret:false,
+ requireAuthTime:true,
+ defaultMaxAge:60000,
+ scope: _.uniq(_.flatten(app.systemScopeList.defaultScopes().pluck("value"))),
+ accessTokenValiditySeconds:3600,
+ idTokenValiditySeconds:600,
+ grantTypes: ["authorization_code"],
+ responseTypes: ["code"],
+ subjectType: "PUBLIC",
+ jwksType: "URI",
+ contacts: contacts
+ }, { silent: true });
+ }
$('#content').html(view.render().el);
@@ -921,17 +927,30 @@ var AppRouter = Backbone.Router.extend({
contacts.push(userInfo.email);
}
- client.set({
- require_auth_time:true,
- default_max_age:60000,
- scope: _.uniq(_.flatten(app.systemScopeList.defaultUnrestrictedScopes().pluck("value"))).join(" "),
- token_endpoint_auth_method: 'client_secret_basic',
- grant_types: ["authorization_code"],
- response_types: ["code"],
- subject_type: "public",
- contacts: contacts
- }, { silent: true });
-
+ if (heartMode) {
+ client.set({
+ require_auth_time:true,
+ default_max_age:60000,
+ scope: _.uniq(_.flatten(app.systemScopeList.defaultUnrestrictedScopes().pluck("value"))).join(" "),
+ token_endpoint_auth_method: 'private_key_jwt',
+ grant_types: ["authorization_code"],
+ response_types: ["code"],
+ subject_type: "public",
+ contacts: contacts
+ }, { silent: true });
+ } else {
+ client.set({
+ require_auth_time:true,
+ default_max_age:60000,
+ scope: _.uniq(_.flatten(app.systemScopeList.defaultUnrestrictedScopes().pluck("value"))).join(" "),
+ token_endpoint_auth_method: 'client_secret_basic',
+ grant_types: ["authorization_code"],
+ response_types: ["code"],
+ subject_type: "public",
+ contacts: contacts
+ }, { silent: true });
+ }
+
$('#content').html(view.render().el);
view.delegateEvents();
setPageTitle($.t('dynreg.new-client'));