32ce21b5cd
automated code formatting and cleanup
2017-03-21 14:07:20 -04:00
dd0f69ba6d
[maven-release-plugin] prepare for next development iteration
2017-03-20 11:58:58 -04:00
80358566a5
[maven-release-plugin] prepare release mitreid-connect-1.3.0-RC2
2017-03-20 11:58:52 -04:00
2a75535dce
fix unit tests and downstream calls
2017-03-16 18:00:05 -04:00
a926a8f0ab
cleaned up server-side stats service, UI now uses per-client calls
2017-03-16 17:31:26 -04:00
256b79ae51
lazy load client stats in UI
2017-03-16 17:20:04 -04:00
02928b048f
added software ID and version to data API
2017-03-15 17:38:46 -04:00
8406a89fd1
added device flow expiration
2017-03-14 17:40:30 -04:00
f54d44cd9d
added device code to discovery, moved device endpoints
2017-03-14 17:40:30 -04:00
f915196c2e
fix approval display
2017-03-14 17:40:29 -04:00
cbf5bf742b
added messages for display pages, better error handling in user-facing pages
2017-03-14 17:40:29 -04:00
153776ecb5
Don’t catch OAuth2 errors, let the framework handle them here
2017-03-14 17:40:28 -04:00
44b24af466
database storage for device flow
2017-03-14 17:40:28 -04:00
548dad4e29
added expiration to device codes
2017-03-14 17:40:27 -04:00
9cb5377ce8
added device code validity seconds to client model
2017-03-14 17:40:27 -04:00
a5b4115169
functioning device code flow
2017-03-14 17:40:26 -04:00
3326eee934
shell for device flow
2017-03-14 17:40:26 -04:00
c42fe57367
changed task operations to print out name of operation on run
2017-03-14 17:40:26 -04:00
72fd3c2b99
added ID Token Validity Seconds to data import/export API
2017-03-11 15:36:45 -05:00
3e5e7a0f0b
[maven-release-plugin] prepare for next development iteration
2017-03-03 18:03:26 -05:00
0d84db49af
[maven-release-plugin] prepare release mitreid-connect-1.3.0-RC1
2017-03-03 18:03:20 -05:00
98a4d56cdd
made extraction function less side-effect-ful
2017-03-03 17:20:15 -05:00
00ecd3dd22
Fix NPE if no claims are requested for the userinfo object
...
This happens if clients only requests id_token claims, or just send an empty claims parameter.
Change-Id: I8bd176ad271bda8a1e2f26b6221bd8e2d0a3ebfb
2017-03-03 16:09:51 -05:00
141f4da7f1
added PKCE editing capabilities to UI
2017-02-20 15:40:16 -05:00
c79b6da9d9
Javascript files for UI functionality loaded from configuration bean
2017-02-17 17:34:03 -05:00
b176d4d77e
cleaned up old endpoints
2017-02-16 18:24:21 -05:00
8178af87f0
further modularized data import/export service
2017-02-16 18:24:05 -05:00
52d2298f99
begin modularization of data import/export API
2017-02-15 11:51:32 -05:00
db50a88fe5
Happy New Year 2017
2017-01-17 17:09:14 -05:00
b17a7f43ae
removed structured scopes
2017-01-17 17:06:04 -05:00
46046b574a
Implemented paged operations and used for database cleanup tasks.
2017-01-17 15:36:57 -05:00
099211593c
Fix high load performance issue in token expiration task
2017-01-17 15:36:57 -05:00
0e703ef9f9
update a few dependency versions, closes #1145
2016-12-21 15:50:24 -05:00
91da3935f5
Made ID tokens ephemeral, made access token’s “additional information” extensible
2016-12-21 13:01:15 -05:00
4f4c8de1c8
Fix JPA issues to allow using Hibernate
2016-12-09 15:15:50 -05:00
22fa3605ef
Patched unit tests, still needs updates for checking approved site to token mapping on data import/export
2016-12-09 12:56:06 -05:00
55b1b00b73
Updated relationship between approved sites and access tokens, closes #874
2016-12-09 12:55:42 -05:00
d875d52be7
updated data import/export services for 1.3
2016-12-08 17:01:55 -05:00
7725fcfa2b
createAuthorizationCode should be @Transactional
...
An Authentication should not exist without its matching AuthorizationCode, but typically an AuthorizationCode will have a foreign key on an Authentication, meaning it can't be saved first. This block should be wrapped in a transaction so that other DB clients (say, for example, clearExpiredAuthorizationCodes) don't see an inconsistent snapshot and then misbehave.
2016-12-02 16:29:48 -05:00
c3d0c18af5
make HttpClient configurable, closes #1071
2016-12-02 16:23:55 -05:00
bb6bb81dbc
Add new tests which asserts that `user_id` should not be present in the introspection response if there's no user authentication available
2016-12-02 16:08:32 -05:00
52da5e769a
Fix test by returning a new OAuth2Authentication instead of mocking it
2016-12-02 16:08:32 -05:00
b2fab9642e
Fix such that `user_id` is only added if user authentication is available
...
OAuth2Authentication#getPrincipal() used by OAuth2Authentication#getName() defaults to the client id if user authentication is not available.
Prior to this fix, an introspection of a client-only access token would result to the user_id also being the client_id. This causes problems when this
introspection result is converted into an OAuth2Authentication by a resource server's IntrospectingTokenService -- the user_id is populated with
the client_id and so OAuth2Authentication's userAuthentication is populated falsely.
2016-12-02 16:08:32 -05:00
dea6044e77
Set the encoding of the UserInfo response body to UTF-8
...
See http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
2016-12-02 14:44:55 -05:00
af7c1f7d45
added PKCE support to discovery endpoint
2016-07-27 20:31:27 -04:00
ba0d0aab0b
use parameter constants for extensions maps in token service
2016-07-24 17:46:04 -04:00
ac0cafe7b3
parse and process PKCE requests
2016-07-24 17:45:43 -04:00
57208ac35d
added software statements to client API
2016-07-24 16:12:56 -04:00
d89257380f
make client assertion auth work again
2016-07-24 15:28:51 -04:00
f9e4d75a4a
use JWT bearer assertion token for assertion processing
2016-07-24 14:55:45 -04:00
bd9932d56f
added assertion processor to token endpoint
2016-07-22 15:31:00 -04:00
a5a12b2f1f
added assertion validation engine
2016-07-22 13:47:20 -04:00
fa63993896
added software statement to client model, added processor to dynamic registration parser
2016-07-21 16:55:46 -04:00
a951a22bf8
explicitly use language and country codes for locale resolution
2016-07-14 18:29:37 -04:00
b8cc0a82b3
fix issue #1061 : auto-detect locale country code
2016-07-14 18:29:37 -04:00
7177854416
inverted boolean for #1033
2016-07-08 13:00:26 -04:00
39bae3a160
make the client auth URL matcher use an existing matcher instead of custom code
2016-07-08 11:42:35 -04:00
01892b6f47
use a request matcher on authorization request filter, closes #1033
2016-07-08 11:00:01 -04:00
ca6e867df6
manage dependency versions in parent
2016-07-07 16:46:38 -04:00
ecb4a9ed53
Check that the underlying cause of the PersistenceException is caused by a duplicate entry.
2016-07-07 16:45:36 -04:00
6fb26856a7
Make apiAddClient in the client api return a HttpStatus.Conflict if you try to create a client with a used client id.
...
This fixes a bug where if you try to create a client with a client id that is already in use, you get an empty error message. Instead, now you get a message that tells you that the client couldn't be created because the client id is already in use.
2016-07-07 16:45:36 -04:00
8e71107f9b
Fix NPE when checking claim extension, Simplify always true expressions
2016-07-07 16:35:50 -04:00
8f81278332
We really should specify an encoding here and not depend on the
...
servers default encoding, shouldn't we? It becomes ISO-8859-1
otherwise in Tomcat as per the Servlet specification.
2016-07-07 16:33:24 -04:00
c31f42c3f3
updated versions to 1.3
2016-07-05 14:39:22 -04:00
58724aa6dc
[maven-release-plugin] prepare for next development iteration
2016-04-06 16:33:45 -04:00
29c9ee2c46
[maven-release-plugin] prepare release mitreid-connect-1.2.6
2016-04-06 16:33:42 -04:00
89316cbab1
fixed default token lifetimes for heart mode
2016-03-18 22:02:28 -04:00
9691f02772
added audience parameter to parser, fixed token generator to match HEART spec
2016-03-11 17:12:36 -05:00
49a8848648
count really weird URIs as "custom scheme"
2016-03-10 12:50:47 -05:00
d75bba218d
forbid password grant type in HEART mode
2016-03-10 12:30:48 -05:00
699e9bff39
testing for multiple classes of redirect URIs
2016-02-24 16:34:58 -05:00
38710bd3d2
unit tests for HEART mode
2016-02-24 15:33:52 -05:00
74ea42851b
added check for HEART mode consistency
2016-02-24 13:09:58 -05:00
028265faa6
pulled scope values to externalized strings
2016-02-24 13:09:39 -05:00
5bccb602d8
always perform strict redirect URI matches in HEART mode
2016-02-24 13:09:00 -05:00
51e3513307
disallow client secret JWT authentication in HEART mode
2016-02-24 13:07:14 -05:00
d0d6ae2ad8
[maven-release-plugin] prepare for next development iteration
2016-02-23 19:02:05 -05:00
7f5b70e9e1
[maven-release-plugin] prepare release mitreid-connect-1.2.5
2016-02-23 19:02:02 -05:00
183a599126
fixed OIDC discovery relation URL
2016-01-29 17:17:35 -05:00
61433cc23a
deepen webfinger, endpoint is looser
...
closes #1008
2016-01-29 15:38:17 -05:00
82a1e49e79
[maven-release-plugin] prepare for next development iteration
2016-01-21 15:55:56 -05:00
e6684fb7a8
[maven-release-plugin] prepare release mitreid-connect-1.2.4
2016-01-21 15:55:53 -05:00
3d14b0d128
rename zone_info claim to zoneinfo
2016-01-21 15:52:59 -05:00
7badfe1d17
Happy new year 2016!
2016-01-21 15:50:37 -05:00
d1033b693f
added privacy-preserving client logo cache
2015-12-21 15:51:39 -05:00
e828f3f18d
[maven-release-plugin] prepare for next development iteration
2015-12-21 10:31:49 -05:00
01ca5ef8e2
[maven-release-plugin] prepare release mitreid-connect-1.2.3
2015-12-21 10:31:47 -05:00
aa878cc3cf
pulled checks for expired tokens into utility functions
2015-12-18 11:22:50 -05:00
698feb49cd
check access token expiration on read. closes #983
2015-12-16 22:46:42 -05:00
7f464c496b
changed copyright to new consortium name
2015-12-16 14:51:12 -05:00
ea77bf2a19
quieted approved site cleanup
2015-12-02 16:51:55 -05:00
1ed3e2c47a
quieted logging on database cleanup tasks when no expired elements are found
2015-11-25 15:55:16 -05:00
fcfc620d51
updated client API with more useful errors, removed unused service reference
2015-11-25 15:42:09 -05:00
2496dc114c
allow language system to be loaded from multiple files. closes #817 closes #876
2015-11-24 20:33:55 -05:00
e255fc1a10
change default behavior of message source, closes #964
2015-11-24 20:33:54 -05:00
7b34a666d9
Make the dual client support configurable
2015-11-24 12:10:27 -05:00
a80953a2d4
Allow both flows authorization code and client credentials. This scenario might be found when the same client supports user authentication as well as service to service authentication. Such a client is trusted (whitelisted).
2015-11-24 12:10:27 -05:00
dce80d488b
Clean up ScopeClaimTranslationService
...
`getFieldNameForClaim` method is never used.
2015-11-23 21:35:16 -05:00
2deec98b58
[maven-release-plugin] prepare for next development iteration
2015-10-13 18:56:47 -04:00
d96b2dc130
[maven-release-plugin] prepare release mitreid-connect-1.2.2
2015-10-13 18:56:44 -04:00
Justin Richer