Commit Graph

25 Commits (09f3a691c610da81d870fd43214023496ef7b152)

Author SHA1 Message Date
Dominik František Bučík faa726087d
Merge pull request #70 from dBucik/bbmri_ga4gh_passports
Bbmri ga4gh passports
2021-12-06 14:17:28 +01:00
Dominik Frantisek Bucik e2f801e419
refactor: Further deps and fixes 2021-12-06 13:09:54 +01:00
Dominik Frantisek Bucik f646fe02e5
refactor: 💡 Further deps updates 2021-12-06 11:30:21 +01:00
Dominik Frantisek Bucik b9f5c4de3c
refactor: 💡 Refactor GA4GH even more 2021-12-06 11:27:48 +01:00
Dominik Frantisek Bucik 141e6c8653
feat: 🎸 Implemented BBMRI-ERIC Ga4gh Passports and Visas
Implemented claim source for releasing GA4GH Passports and Visas in
BBMRI-ERIC version.
2021-12-06 11:27:48 +01:00
Dominik Frantisek Bucik a94fd992dd
refactor: 💡 Refactored GA4GH Passports and visas
Refactored the GA4GH claim source and related things to be extensible
for other implementations.
Configuration changes:
Elixir GA4GH claim source class needs to be updated to:`custom.claim.[claimName].source.class=cz.muni.ics.oidc.server.ga4gh.ElixirGa4ghClaimSource`
Elixir Access token modifier has been moved and has to be configured as: `accessTokenClaimsModifier=cz.muni.ics.oidc.server.ga4gh.Ga4ghAccessTokenModifier`

BREAKING CHANGE: 🧨 Ga4gh Claim source class for ELIXIR has been changed. Also, the
ElixirAccessTokenModifier class has been moved and renamed.
2021-12-06 11:27:48 +01:00
Dominik Frantisek Bucik ceb01c78e7
fix: 🐛 Fix fallbacking of locale to the code to prevent errors 2021-12-02 16:22:03 +01:00
Dominik Frantisek Bucik 665b45fb41
refactor: 💡 Refactored how translations are loaded and used
Refactor how translations are used and loaded. Property `web.langs.customfiles.path` must point to the
RersourceBundle, without the `_lang.properties" extensions. An examle
location, if we have files `/etc/props_en.properties` and
`/etc/props_cs.properties`, the correct value for the configuration
option is `web.langs.customfiles.path=/etc/props`.

BREAKING CHANGE: Property `web.langs.customfiles.path` must point to the
RersourceBundle.
2021-11-30 13:38:11 +01:00
Dominik Frantisek Bucik e721d7abe9
refactor: 💡 Removed UMA package (not used)
Several tables have been dropped from the database. Also, access_token
does not contain permissions anymore. To update the DB accordingly, run
following:

```sql
DROP TABLE access_token_permissions;
DROP TABLE resource_set;
DROP TABLE resource_set_scope;
DROP TABLE permission_ticket;
DROP TABLE permission;
DROP TABLE permission_scope;
DROP TABLE claim;
DROP TABLE claim_to_policy;
DROP TABLE claim_to_permission_ticket;
DROP TABLE policy;
DROP TABLE policy_scope;
DROP TABLE claim_token_format;
DROP TABLE claim_issuer;
DROP TABLE saved_registered_client;
```
2021-11-24 12:35:21 +01:00
Dominik Frantisek Bucik a44556577c
refactor: 💡 Refactored all models 2021-11-24 11:42:55 +01:00
Dominik Frantisek Bucik f85cd5c1c5
refactor: 💡 Removed PerunACR and PerunDeviceACR
Removed models and repositories, removed scheduled tasks tied to these
classes. Acr is now instead stored together with the User authentication
2021-11-23 18:12:05 +01:00
Dominik Frantisek Bucik b2599cef5a
refactor: 💡 Updated some DB entities, added missing cascades
Updated AuthenticationHolder, AuthorizationCode, DeviceCode,
AccessToken, RefreshToken, UserAuthN representations of DB entries.
Added missing cascades for some elements, to prevent leaving orphaned
records in the DB (i.e. for UserAuthN entries).
2021-11-23 12:18:54 +01:00
Dominik Frantisek Bucik 4d3b07225c
fix: 🐛 Fixed missing ACRs code and device_code flows 2021-11-19 18:16:53 +01:00
Dominik Frantisek Bucik 39bc00a3b0
fix: 🐛 Fix ACR for implicit and authorization_code flows
BREAKING CHANGE: 🧨 Database needs to be updated: `ALTER TABLE saved_user_auth DROP
source_class; ALTER TABLE saved_user_auth ADD COLUMN acr VARCHAR(1024);`
2021-11-19 16:14:21 +01:00
Dominik Frantisek Bucik b4cd6a4642
refactor: 💡 Got rid of PerunPrincipal class 2021-11-19 13:36:14 +01:00
Dominik Frantisek Bucik ebd1459ba3
feat: 🎸 AARC_IDP_HINTING implemented 2021-11-16 07:22:38 +01:00
Dominik Frantisek Bucik 2b94aff58e
refactor: 💡 Code inspection by IDEA 2021-11-15 11:20:39 +01:00
Dominik Frantisek Bucik 1056d6acdc
refactor: 💡 removed unneeded imports 2021-11-15 11:20:39 +01:00
Dominik Frantisek Bucik 26b5a99817
refactor: 💡 Loggers via Lombok 2021-11-15 11:20:39 +01:00
Dominik Frantisek Bucik 6a6d1e3ad9
feat: 🎸 Forward client_id in AuthenticationContextClass
Forward client_id in the AuthenticationContextClass element. This can be
used by the proxy to i.e. display name of the service on WAYF.
2021-11-12 13:28:38 +01:00
Dominik Frantisek Bucik 9aa16ffe5c
feat: 🎸 Extended list of internal referrers for sess. invalider
Via property _saml.internalReferrers_ it can be configured which
referrers are considered as internal and in such a cases session will
not be invalidated. The property has to be list of URLs, separated by a
comma, and the matching is done as a prefix of the current referrer
2021-11-11 10:23:20 +01:00
Dominik Frantisek Bucik 39498573c3
feat: 🎸 Make SAML identifier attribute configurable
Attribute is configured via property _saml.user.attrIdentifier_ and has
to be one of values eppn|epuid|eptid|uid|uniqueIdentifier
2021-11-11 10:22:56 +01:00
Dominik Frantisek Bucik 0b68a720fb
refactor: 💡 Disable metadata signature check 2021-11-09 11:13:36 +01:00
Dominik Frantisek Bucik 23a6354fc7
feat: 🎸 Sign refresh tokens
Add signature to the refresh_token JWT. Previously it has been missing
it.
2021-11-08 07:46:23 +01:00
Dominik Frantisek Bucik 11fdf85d5f
feat: 🎸 Merge with perun-mitreid overlay, add SAML auth
Merge with overlay repository into one big repo. Added SAML
authentication

BREAKING CHANGE: 🧨 Merge and auth
2021-11-03 08:23:34 +01:00