Added LS AAI design, dropped ELIXIR design. Extended client with
jurisdiction and accepted TOS
BREAKING CHANGE: requires database update (see migraiton script),
dropped ELIXIR theme
Refactored userinfo to fetch attributes only when needed and requested.
Also added the possibility to extract attributes from the actual SAML
session
BREAKING CHANGE: 🧨 requires database update
Refactored the GA4GH claim source and related things to be extensible
for other implementations.
Configuration changes:
Elixir GA4GH claim source class needs to be updated to:`custom.claim.[claimName].source.class=cz.muni.ics.oidc.server.ga4gh.ElixirGa4ghClaimSource`
Elixir Access token modifier has been moved and has to be configured as: `accessTokenClaimsModifier=cz.muni.ics.oidc.server.ga4gh.Ga4ghAccessTokenModifier`
BREAKING CHANGE: 🧨 Ga4gh Claim source class for ELIXIR has been changed. Also, the
ElixirAccessTokenModifier class has been moved and renamed.
Refactor how translations are used and loaded. Property `web.langs.customfiles.path` must point to the
RersourceBundle, without the `_lang.properties" extensions. An examle
location, if we have files `/etc/props_en.properties` and
`/etc/props_cs.properties`, the correct value for the configuration
option is `web.langs.customfiles.path=/etc/props`.
BREAKING CHANGE: Property `web.langs.customfiles.path` must point to the
RersourceBundle.
Several tables have been dropped from the database. Also, access_token
does not contain permissions anymore. To update the DB accordingly, run
following:
```sql
DROP TABLE access_token_permissions;
DROP TABLE resource_set;
DROP TABLE resource_set_scope;
DROP TABLE permission_ticket;
DROP TABLE permission;
DROP TABLE permission_scope;
DROP TABLE claim;
DROP TABLE claim_to_policy;
DROP TABLE claim_to_permission_ticket;
DROP TABLE policy;
DROP TABLE policy_scope;
DROP TABLE claim_token_format;
DROP TABLE claim_issuer;
DROP TABLE saved_registered_client;
```
BREAKING CHANGE: 🧨 Database needs to be updated: `ALTER TABLE saved_user_auth DROP
source_class; ALTER TABLE saved_user_auth ADD COLUMN acr VARCHAR(1024);`
Via property _saml.internalReferrers_ it can be configured which
referrers are considered as internal and in such a cases session will
not be invalidated. The property has to be list of URLs, separated by a
comma, and the matching is done as a prefix of the current referrer
Pavel Břoušek