dae674af67
Add possibility to disable verification_uri_complete per client
2018-05-01 13:46:23 +02:00
67c87d56a6
Add support for verification_uri_complete
2018-05-01 10:45:49 +02:00
2eb5d1b3e2
Set device code validity in seconds for dynreg clients
2018-04-27 19:35:03 +02:00
fe000d91cb
undid autoformatting again
2018-04-23 14:30:43 -04:00
011bf8adb8
addressed review feedback
2018-04-23 14:29:38 -04:00
0ee4ee2f58
undid some autoformatting changes
2018-04-21 13:22:17 -04:00
0b531a0fd3
fixed an issue where missing locales would generate a lot of ERROR level log messages
2018-04-21 13:19:44 -04:00
92c47c5449
Bumped version to 1.3.3.cnaf.rc0
2018-04-12 15:30:26 +02:00
f09efec031
dynreg: filter requested grant types
...
This commit introduces filtering on requested grant types for
dynamically registered clients.
Since extension on the library could support additional grant types,
here we want to be strict about known grant types that cannot be
requested at dynamic client registration (or update) time, but at the
same time we want to preserve grant types that could have been granted
to a client by an administrator.
So at client registration time the list of requested grant types is
filtered to only allow grant types currently enabled for dynamically
registered clients.
OTOH, at client update time the same filtering is implemented while at
the same time preserving grant types assigned the client in other ways.
2018-04-12 15:24:52 +02:00
e6a8e0c17d
Integration tests for new repository methods
2018-04-11 13:16:28 +03:00
a070f61edf
Clean up code in modified classes, remove line breaks, add static imports
2018-04-06 09:12:47 +03:00
51b580aa18
Use 'userName' instead of 'sub' in naming
2018-04-06 08:55:06 +03:00
3f277047e3
Use query by user sub to get all tokens for user
2018-04-06 08:47:37 +03:00
417a6b7c74
Removed some line breaks and auto generated comments for consistency
2018-04-05 19:29:54 +03:00
bf8149605a
Create queries for getting access and refresh tokens by user sub
2018-04-05 19:25:23 +03:00
3c2549faf2
Cosmetic fix on DefaultIdTokenClaimsEnhancer
2018-02-26 16:45:27 +01:00
a69c3c5235
bumped version to 1.3.3.cnaf-SNAPSHOT
2018-02-26 12:14:34 +01:00
f6e6954450
Include additional claims in ID token
...
Read https://github.com/indigo-iam/iam/issues/202
2018-02-26 10:35:43 +01:00
e2d94f422a
new year 2018
2018-02-12 10:39:04 -05:00
b804f22bc8
[maven-release-plugin] prepare for next development iteration
2018-02-07 09:14:16 -05:00
f72e6b3e08
[maven-release-plugin] prepare release mitreid-connect-1.3.2
2018-02-07 09:14:10 -05:00
37fba622b9
Throwing exception on all other JWT types than SignedJWT
2018-02-07 11:00:28 +01:00
c38b9d7a42
added PlainJWT and EncryptedJWT support + tests
2018-02-07 11:00:15 +01:00
fcb119ff6a
Merge pull request #1270 from bodewig/custom_claim_friendly_token_enhancer
...
add hook for custom JWT claims to ConnectTokenEnhancer
2018-02-05 16:01:09 -05:00
01eb1401a3
add hook for custom JWT claims to DefaultOIDCTokenService
2018-01-12 15:22:37 +01:00
18517484a3
Bumped version to 1.3.2.cnaf.rc0
...
Now for real...
2017-09-26 16:37:16 +02:00
880f2c1b2c
Bumped version to 1.3.2.cnaf.rc0
2017-09-26 16:25:06 +02:00
5bb5254743
Organized imports
2017-09-26 15:45:18 +02:00
a2856b4645
Removed unused import
2017-09-26 15:40:55 +02:00
7d10337205
Merged 1.3.1 (build & test green)
2017-09-21 15:49:50 +02:00
2b1df25aad
Merge remote-tracking branch 'mitre/master' into devel-1.3.1
...
* mitre/master: (153 commits)
removed old document PDFs from repo
check for missing refresh token value on refresh, closes #1242
removed unused field from UI config bean
fixed client readme file
Updated copyrights
Corrected typo
fixed unit test for new default redirect behavior
set redirect URI matching to strict by default
escaped output values on approval page, closes #1111
added changelog file
[maven-release-plugin] prepare for next development iteration
[maven-release-plugin] prepare release mitreid-connect-1.3.1
downgrade mysql dependency to GA version
Removed double 'sure'
fixed discovery endpoint, closes #1230
Completed end session endpoint
end session endpoint
skeleton of end session endpoint, maybe need a change to user info lookup
Fix psql_database script, replace SERIAL with BIGSERIAL and fix ...
[maven-release-plugin] prepare for next development iteration
...
2017-09-21 14:25:06 +02:00
514dcc3851
add hook for custom JWT claims to ConnectTokenEnhancer
2017-07-18 16:10:58 +02:00
8b4e461748
Adjustment to generate longer codes
...
RandomValueStringGenerator default constructor creates a code of length six only. The RFC 6819 (OAuth 2.0 Threat Model and Security Considerations) suggests (5.1.4.2.2. Use High Entropy for Secrets) that secrets that aren't used by humans (e.g. client secrets or token handles) have a reasonable level of enthropy. They propose a token lengths of at least 128 bits. Since the RandomValueStringGenerator only uses case sensitive alpha numeric symbols, 22 symbols are needed to achieve an enthropy >=128 bits.
2017-06-28 14:20:11 +02:00
0b1f9000db
check for missing refresh token value on refresh, closes #1242
2017-05-26 20:30:09 -04:00
661c242a9f
Updated copyrights
2017-05-26 20:17:17 -04:00
c11e47a75b
fixed unit test for new default redirect behavior
2017-05-11 11:27:41 -04:00
2f31ceddf8
set redirect URI matching to strict by default
2017-05-10 17:39:59 -04:00
7b06d91700
[maven-release-plugin] prepare for next development iteration
2017-05-09 14:29:53 -04:00
8301f35e17
[maven-release-plugin] prepare release mitreid-connect-1.3.1
2017-05-09 14:29:49 -04:00
713e872b8a
fixed discovery endpoint, closes #1230
2017-04-29 15:01:15 -04:00
9baacc0eaf
Completed end session endpoint
...
Addresses #1129 , addresses #972 , addresses #891 , addresses #1223
2017-04-29 14:58:37 -04:00
2aa12fc0e3
end session endpoint
2017-04-28 19:05:30 -04:00
0c46e7cb7a
skeleton of end session endpoint, maybe need a change to user info lookup
2017-04-27 14:29:05 -04:00
0efa77b580
[maven-release-plugin] prepare for next development iteration
2017-04-15 13:20:13 -04:00
b9b7bf53c3
[maven-release-plugin] prepare release mitreid-connect-1.3.0
2017-04-15 13:20:05 -04:00
0d564d9714
made token service transactional, closes #1222
2017-04-14 15:27:16 -04:00
11f3cccab9
fix JWKS parsing in software statements, closes #1220
2017-04-14 14:42:49 -04:00
702a775881
handle creation time stamp in clients, closes #1210
2017-04-13 11:50:57 -04:00
45ea899de8
made user codes case insensitive
2017-04-12 16:00:23 -04:00
d317cf5024
added exception handling to device code creation step
2017-04-12 15:59:17 -04:00
cc0622edd0
internalized random string generation for device codes
2017-04-12 14:59:18 -04:00
903168a949
Decrease log level of trailing slash warning
...
Having an issuer without trailing slash configured is just fine, so
there is no reason to log a warning for this every time the discovery
endpoint is called.
2017-04-07 14:59:58 -04:00
835a326627
allow polling of device codes, fixed UI for device code input
2017-03-27 14:39:40 -05:00
32ce21b5cd
automated code formatting and cleanup
2017-03-21 14:07:20 -04:00
dd0f69ba6d
[maven-release-plugin] prepare for next development iteration
2017-03-20 11:58:58 -04:00
80358566a5
[maven-release-plugin] prepare release mitreid-connect-1.3.0-RC2
2017-03-20 11:58:52 -04:00
2a75535dce
fix unit tests and downstream calls
2017-03-16 18:00:05 -04:00
a926a8f0ab
cleaned up server-side stats service, UI now uses per-client calls
2017-03-16 17:31:26 -04:00
256b79ae51
lazy load client stats in UI
2017-03-16 17:20:04 -04:00
02928b048f
added software ID and version to data API
2017-03-15 17:38:46 -04:00
8406a89fd1
added device flow expiration
2017-03-14 17:40:30 -04:00
f54d44cd9d
added device code to discovery, moved device endpoints
2017-03-14 17:40:30 -04:00
f915196c2e
fix approval display
2017-03-14 17:40:29 -04:00
cbf5bf742b
added messages for display pages, better error handling in user-facing pages
2017-03-14 17:40:29 -04:00
153776ecb5
Don’t catch OAuth2 errors, let the framework handle them here
2017-03-14 17:40:28 -04:00
44b24af466
database storage for device flow
2017-03-14 17:40:28 -04:00
548dad4e29
added expiration to device codes
2017-03-14 17:40:27 -04:00
9cb5377ce8
added device code validity seconds to client model
2017-03-14 17:40:27 -04:00
a5b4115169
functioning device code flow
2017-03-14 17:40:26 -04:00
3326eee934
shell for device flow
2017-03-14 17:40:26 -04:00
c42fe57367
changed task operations to print out name of operation on run
2017-03-14 17:40:26 -04:00
72fd3c2b99
added ID Token Validity Seconds to data import/export API
2017-03-11 15:36:45 -05:00
3e5e7a0f0b
[maven-release-plugin] prepare for next development iteration
2017-03-03 18:03:26 -05:00
0d84db49af
[maven-release-plugin] prepare release mitreid-connect-1.3.0-RC1
2017-03-03 18:03:20 -05:00
98a4d56cdd
made extraction function less side-effect-ful
2017-03-03 17:20:15 -05:00
00ecd3dd22
Fix NPE if no claims are requested for the userinfo object
...
This happens if clients only requests id_token claims, or just send an empty claims parameter.
Change-Id: I8bd176ad271bda8a1e2f26b6221bd8e2d0a3ebfb
2017-03-03 16:09:51 -05:00
ebdce87f5f
Avoid NPEs for incorrect client logo URLs
2017-02-24 14:55:01 +01:00
141f4da7f1
added PKCE editing capabilities to UI
2017-02-20 15:40:16 -05:00
c79b6da9d9
Javascript files for UI functionality loaded from configuration bean
2017-02-17 17:34:03 -05:00
b176d4d77e
cleaned up old endpoints
2017-02-16 18:24:21 -05:00
8178af87f0
further modularized data import/export service
2017-02-16 18:24:05 -05:00
52d2298f99
begin modularization of data import/export API
2017-02-15 11:51:32 -05:00
db50a88fe5
Happy New Year 2017
2017-01-17 17:09:14 -05:00
b17a7f43ae
removed structured scopes
2017-01-17 17:06:04 -05:00
46046b574a
Implemented paged operations and used for database cleanup tasks.
2017-01-17 15:36:57 -05:00
099211593c
Fix high load performance issue in token expiration task
2017-01-17 15:36:57 -05:00
0e703ef9f9
update a few dependency versions, closes #1145
2016-12-21 15:50:24 -05:00
91da3935f5
Made ID tokens ephemeral, made access token’s “additional information” extensible
2016-12-21 13:01:15 -05:00
4f4c8de1c8
Fix JPA issues to allow using Hibernate
2016-12-09 15:15:50 -05:00
22fa3605ef
Patched unit tests, still needs updates for checking approved site to token mapping on data import/export
2016-12-09 12:56:06 -05:00
55b1b00b73
Updated relationship between approved sites and access tokens, closes #874
2016-12-09 12:55:42 -05:00
d875d52be7
updated data import/export services for 1.3
2016-12-08 17:01:55 -05:00
7725fcfa2b
createAuthorizationCode should be @Transactional
...
An Authentication should not exist without its matching AuthorizationCode, but typically an AuthorizationCode will have a foreign key on an Authentication, meaning it can't be saved first. This block should be wrapped in a transaction so that other DB clients (say, for example, clearExpiredAuthorizationCodes) don't see an inconsistent snapshot and then misbehave.
2016-12-02 16:29:48 -05:00
c3d0c18af5
make HttpClient configurable, closes #1071
2016-12-02 16:23:55 -05:00
bb6bb81dbc
Add new tests which asserts that `user_id` should not be present in the introspection response if there's no user authentication available
2016-12-02 16:08:32 -05:00
52da5e769a
Fix test by returning a new OAuth2Authentication instead of mocking it
2016-12-02 16:08:32 -05:00
b2fab9642e
Fix such that `user_id` is only added if user authentication is available
...
OAuth2Authentication#getPrincipal() used by OAuth2Authentication#getName() defaults to the client id if user authentication is not available.
Prior to this fix, an introspection of a client-only access token would result to the user_id also being the client_id. This causes problems when this
introspection result is converted into an OAuth2Authentication by a resource server's IntrospectingTokenService -- the user_id is populated with
the client_id and so OAuth2Authentication's userAuthentication is populated falsely.
2016-12-02 16:08:32 -05:00
dea6044e77
Set the encoding of the UserInfo response body to UTF-8
...
See http://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
2016-12-02 14:44:55 -05:00
ec28327605
A new service for AuthenticationHolder management
...
- The logic to create and query AuthenticationHolder entities have been
moved to a service, and other services that depended on
AuthenticationHolderRepository now depend on
AuthenticationHolderEntityService
- An additionalInfo map collection has been added to
SavedUserAuthentication. This map can be used to store other
information related to user authentication (like authn type,
attributes etc.)
2016-09-03 07:26:46 +02:00
8c5f34a979
Merge remote-tracking branch 'upstream/master' into devel
2016-07-28 10:23:24 +02:00
ondrejvelisek