github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
2,680 Commits
17 Branches
69 Tags
78 MiB
Commit Graph

1462 Commits (5abebb7c3692dda14ba249365046b92cc8e8e1a4)

Author SHA1 Message Date
Justin Richer d75bba218d forbid password grant type in HEART mode 2016-03-10 12:30:48 -05:00
Justin Richer 699e9bff39 testing for multiple classes of redirect URIs 2016-02-24 16:34:58 -05:00
Justin Richer 38710bd3d2 unit tests for HEART mode 2016-02-24 15:33:52 -05:00
Justin Richer 74ea42851b added check for HEART mode consistency 2016-02-24 13:09:58 -05:00
Justin Richer 028265faa6 pulled scope values to externalized strings 2016-02-24 13:09:39 -05:00
Justin Richer 5bccb602d8 always perform strict redirect URI matches in HEART mode 2016-02-24 13:09:00 -05:00
Justin Richer 51e3513307 disallow client secret JWT authentication in HEART mode 2016-02-24 13:07:14 -05:00
Justin Richer d0d6ae2ad8 [maven-release-plugin] prepare for next development iteration 2016-02-23 19:02:05 -05:00
Justin Richer 7f5b70e9e1 [maven-release-plugin] prepare release mitreid-connect-1.2.5 2016-02-23 19:02:02 -05:00
Justin Richer 183a599126 fixed OIDC discovery relation URL 2016-01-29 17:17:35 -05:00
Justin Richer 61433cc23a deepen webfinger, endpoint is looser 
closes #1008
 2016-01-29 15:38:17 -05:00
Justin Richer 82a1e49e79 [maven-release-plugin] prepare for next development iteration 2016-01-21 15:55:56 -05:00
Justin Richer e6684fb7a8 [maven-release-plugin] prepare release mitreid-connect-1.2.4 2016-01-21 15:55:53 -05:00
Misagh Moayyed 3d14b0d128 rename zone_info claim to zoneinfo 2016-01-21 15:52:59 -05:00
Justin Richer 7badfe1d17 Happy new year 2016! 2016-01-21 15:50:37 -05:00
Justin Richer d1033b693f added privacy-preserving client logo cache 2015-12-21 15:51:39 -05:00
Justin Richer e828f3f18d [maven-release-plugin] prepare for next development iteration 2015-12-21 10:31:49 -05:00
Justin Richer 01ca5ef8e2 [maven-release-plugin] prepare release mitreid-connect-1.2.3 2015-12-21 10:31:47 -05:00
Justin Richer aa878cc3cf pulled checks for expired tokens into utility functions 2015-12-18 11:22:50 -05:00
Justin Richer 698feb49cd check access token expiration on read. closes #983 2015-12-16 22:46:42 -05:00
Justin Richer 7f464c496b changed copyright to new consortium name 2015-12-16 14:51:12 -05:00
Justin Richer ea77bf2a19 quieted approved site cleanup 2015-12-02 16:51:55 -05:00
Justin Richer 1ed3e2c47a quieted logging on database cleanup tasks when no expired elements are found 2015-11-25 15:55:16 -05:00
Justin Richer fcfc620d51 updated client API with more useful errors, removed unused service reference 2015-11-25 15:42:09 -05:00
Justin Richer 2496dc114c allow language system to be loaded from multiple files. closes #817 closes #876 2015-11-24 20:33:55 -05:00
Justin Richer e255fc1a10 change default behavior of message source, closes #964 2015-11-24 20:33:54 -05:00
Cosmin Cojocar 7b34a666d9 Make the dual client support configurable 2015-11-24 12:10:27 -05:00
Cosmin Cojocar a80953a2d4 Allow both flows authorization code and client credentials. This scenario might be found when the same client supports user authentication as well as service to service authentication. Such a client is trusted (whitelisted). 2015-11-24 12:10:27 -05:00
Mark Janssen dce80d488b Clean up ScopeClaimTranslationService 
`getFieldNameForClaim` method is never used.
 2015-11-23 21:35:16 -05:00
Justin Richer 2deec98b58 [maven-release-plugin] prepare for next development iteration 2015-10-13 18:56:47 -04:00
Justin Richer d96b2dc130 [maven-release-plugin] prepare release mitreid-connect-1.2.2 2015-10-13 18:56:44 -04:00
Justin Richer 96f4d5e8a8 fixed use of wrong constant, closes #940 2015-10-13 18:08:56 -04:00
Justin Richer c9358f348a added transactional annotations, finally closes #926 addresses #862 2015-10-13 16:59:11 -04:00
Justin Richer e1e892377f added cleaner for duplicate refresh tokens 2015-10-13 15:38:07 -04:00
Justin Richer 542afca459 cleans duplicate access tokens from DB before other cleanup happens 2015-10-13 15:33:23 -04:00
Justin Richer ebb4f2c3d4 Upgraded to nimbus 4.2, closes #934 2015-10-13 04:40:01 -04:00
Justin Richer c67611e975 added qualifier name to persistence unit and transaction manager, closes #883 2015-10-12 21:15:30 -04:00
Justin Richer d280ca40a4 login hints now handled in a slightly smarter (and more pluggable) manner, closes #851 2015-10-12 20:04:02 -04:00
Mark Janssen b5c298e0ca Remove legacy CSRF protection for approve page 
Instead, we rely on the Spring Security CSRF protection, like we already do for the login page. Additionally, we remove the authentication check in`isApproved`, because this is already done by Spring Security (and if not, we have bigger problems to worry about).
 2015-10-09 17:09:46 +02:00
Justin Richer 8b362f23f3 [maven-release-plugin] prepare for next development iteration 2015-10-02 18:53:48 -04:00
Justin Richer e384a6257b [maven-release-plugin] prepare release mitreid-connect-1.2.1 2015-10-02 18:53:45 -04:00
Justin Richer 4063f7f94f user info endpoint response uses correct client algorithms, addresses #921 2015-10-02 18:48:11 -04:00
Justin Richer acb3d03052 added 'kid' to all signed tokens, closes #899 2015-10-01 18:54:38 -04:00
Justin Richer d3f8ff2855 added JTI to ID tokens, closes #900 2015-10-01 17:24:47 -04:00
Justin Richer 9822748209 grabbed additional places that mention updated_time/updated_at 2015-10-01 15:53:21 -04:00
Sarah Squire 31ea96ce27 Update DefaultOIDCTokenService.java 
fixed typo
 2015-10-01 15:34:01 -04:00
Justin Richer 22c05ec51b [maven-release-plugin] prepare for next development iteration 2015-08-05 12:07:47 -04:00
Justin Richer e6b64cd9cd [maven-release-plugin] prepare release mitreid-connect-1.2.0 2015-08-05 12:07:44 -04:00
Justin Richer 489450b1c2 automated code format cleanup 2015-08-05 12:04:14 -04:00
Justin Richer 15c2b57730 [maven-release-plugin] prepare for next development iteration 2015-07-30 14:00:20 -04:00
Justin Richer 8317c759f1 [maven-release-plugin] prepare release mitreid-connect-1.2.0-RC2 2015-07-30 14:00:18 -04:00
Justin Richer 0740443768 added claims redirect uri set to client model for UMA usage 2015-07-30 13:56:14 -04:00
Justin Richer a4e75ed733 [maven-release-plugin] prepare for next development iteration 2015-07-09 18:29:14 -04:00
Justin Richer 58a47d0e46 [maven-release-plugin] prepare release mitreid-connect-1.2.0-RC1 2015-07-09 18:29:12 -04:00
Justin Richer 0714ed514e fixed errant unit test 
why do they always get away like that??
 2015-07-09 18:16:42 -04:00
Justin Richer 064f36ef6c clean up resource sets when clients are deleted 2015-07-09 18:07:19 -04:00
Justin Richer d1c069ad1e clean up permissions and access tokens when a resource set is revoked 2015-07-09 16:40:07 -04:00
Justin Richer 7345a03aaa added UMA import, closes #811 even harder 2015-07-09 11:48:52 -04:00
Justin Richer bcd8a96b5d UMA data export, closes #811 2015-07-08 21:27:15 -04:00
Justin Richer a3360e9561 externalized strings in data API (1.2) 2015-07-08 18:05:17 -04:00
Justin Richer 4a382f2b1c updated unit tests to new structure 2015-07-08 17:32:15 -04:00
Justin Richer 8c822c0f54 detached whitelist from approved sites, closes #781 2015-07-08 17:22:55 -04:00
Justin Richer c4aaa29ffc updated unit tests for new refresh token mode 2015-06-25 12:44:52 -04:00
Justin Richer d9efeb3b67 added clear access tokens to export/import 2015-06-25 12:40:28 -04:00
Justin Richer 2f4d9ce54b clearing out refresh tokens is now configurable, closes #409 2015-06-25 12:07:38 -04:00
Justin Richer 8359ac2813 fixed refresh token lookup 2015-06-25 11:55:58 -04:00
Justin Richer d2a393f7f9 converted error handlers to a single @ControllerAdvice class, closes #788 2015-06-24 17:26:10 -04:00
Justin Richer f4a1b27e2e better handling of HTTP and JSON errors on network fetches, added http-forcing behavior for webfinger client and sector URL service 2015-06-23 22:21:18 -04:00
Justin Richer f7a082d4b8 wrapped timestamp injection in a null-safe block, with warning; closes #849 2015-06-23 20:57:24 -04:00
Mark Janssen 9e74e40453 Use diamond syntax instead of explicit types 2015-06-03 10:24:48 -04:00
Mark Janssen 6dc2b2cb5e Various small improvements/bugfixes 2015-06-03 10:24:41 -04:00
Justin Richer d1e8529a7b expose ID Token and UserInfo to the AuthoritiesProvider and AuthoritiesMapper, both extensible 
closes #699
closes #761
 2015-06-01 21:11:19 -04:00
Justin Richer 4655650a68 added OAuth error display page, closes #559 2015-06-01 19:21:32 -04:00
Justin Richer dfc8df42f5 moved server configuration injection to pre-request 2015-06-01 19:09:42 -04:00
Justin Richer 79317d5b70 JWK Set by value added to admin UI, addresses #826 2015-06-01 15:35:21 -04:00
Justin Richer e43600494a minor automated code cleanup 2015-06-01 15:35:20 -04:00
Justin Richer 642942b5cf Generalized client key handling into a single cache service 2015-06-01 15:35:20 -04:00
Justin Richer 032d41e5ed added JWKs-by-value support to client data model and API, closes #826 2015-06-01 15:35:20 -04:00
Justin Richer 8d3a8471aa updated refresh token to use converter instead of dummy field 2015-05-29 12:58:00 -04:00
Justin Richer 9662f3e8b3 switched access token to using converter instead of dummy field 2015-05-29 12:40:50 -04:00
Justin Richer 9ba1a78d09 removed binary objects from data API importers, removed binary object JSON utility entirely 2015-05-27 19:33:05 -04:00
Justin Richer c974267cde return prompt=none error to client, closes #667 2015-05-27 12:11:41 -04:00
Justin Richer cbf6316050 cleaned up logic on user info interceptor to fix detection of redirects 2015-05-27 12:06:58 -04:00
Justin Richer fe6d2f8a6e updated and expanded unit tests to account for new data layer 2015-05-26 22:00:21 -04:00
Justin Richer d5a08d4996 cleaned up vestigial service component, to be fixed (maybe) in #825 2015-05-26 22:00:21 -04:00
Justin Richer d9e03b769b fixed auth holder reference handling, import/export works now 2015-05-26 22:00:21 -04:00
Justin Richer 3d1aee77b4 updated 1.2 import to reflect new objects 2015-05-26 22:00:21 -04:00
Justin Richer 441b19f0c5 fixed data export to comply with new auth holder 2015-05-26 22:00:21 -04:00
Justin Richer a7905c9f82 only save strings in the Extensions map 2015-05-26 22:00:20 -04:00
Justin Richer cb8abca0f6 removed embedded JOSE classes in favor of converters 2015-05-22 13:04:21 -04:00
Justin Richer 6be2b4f65e added ES* and PS* support for signed objects 2015-05-22 13:04:21 -04:00
Justin Richer 04dc037f9e fixed unit tests to account for refresh token rotation 2015-05-14 11:17:10 -04:00
Justin Richer aeed2fa003 issue new refresh tokens for clients who are configured for it, closes #408 2015-05-13 18:01:49 -04:00
Justin Richer 31d5e3ad0e echo back requested scopes in error thrown by validator, closes #708 2015-05-13 16:55:28 -04:00
Justin Richer 52b1bda8d8 version match and cleanup 2015-05-12 21:00:44 -04:00
Justin Richer 24a464e142 put in a dummy resource set service so that introspection can pass through 2015-05-12 20:30:05 -04:00
Justin Richer a2edb31753 moved UMA server to its own module 2015-05-12 15:59:03 -04:00
Justin Richer 7188a06488 added deletion functionality to UI 2015-05-12 11:16:51 -04:00
Justin Richer 43a432eb9a removed extraneous TODO 2015-05-12 10:31:22 -04:00
Justin Richer ed7799b54a make RPTs optionally expire, closes #794 2015-05-11 19:00:26 -04:00
Justin Richer e0cdeb3571 inject uma token service 2015-05-11 18:20:57 -04:00
Justin Richer fc64dcc9b9 discovery endpoint cleanup 2015-05-11 15:34:50 -04:00
Justin Richer f4f08d9449 RPT endpoint cleanup 2015-05-11 15:28:09 -04:00
Justin Richer 1f083c7acb extracted RPT generation component to new token service class, closes #797 2015-05-11 15:20:26 -04:00
Justin Richer 0ea06f01b8 moved claims processor to the right package 2015-05-11 15:07:56 -04:00
Justin Richer 53d4f15923 shuffle authz endpoint 2015-05-11 14:56:55 -04:00
Justin Richer 7951ff5086 separated claims processing out into its own service, closes #796 2015-05-11 14:44:21 -04:00
Justin Richer 8d5c7d6226 fixed some rogue documentation 2015-05-11 13:03:17 -04:00
Justin Richer afad3a720b Merge branch 'master' into uma 
* master:
  added strict URI matching option to redirect resolver (off by default)
 2015-05-11 12:33:05 -04:00
Justin Richer e155cdc282 added strict URI matching option to redirect resolver (off by default) 2015-05-09 16:37:11 -04:00
Justin Richer 06f7dc984d switched to view constants 2015-04-12 21:20:10 -05:00
Justin Richer d6dfa89533 check client information on delete of resource set 2015-04-12 21:15:03 -05:00
Justin Richer 7273b0a5b7 fixed discovery endpoint information, closes #805 2015-04-12 17:00:46 -05:00
Justin Richer eb49d9624c inject claims from OIDC auth token into permission ticket 2015-03-31 18:21:34 -04:00
Justin Richer 98cd5ba27d added save to permission ticket system 2015-03-31 18:21:14 -04:00
Justin Richer 08413302eb configured OIDC client on claims collection endpoint 2015-03-31 15:35:20 -04:00
Justin Richer f48049be4d deny tickets with no claims required (closes a race condition) 2015-03-31 10:26:06 -04:00
Justin Richer dc10779abb removed extraneous issuer in discovery endpoint, closes #793 2015-03-31 10:10:14 -04:00
Justin Richer a38a0b6f75 removed extraneous bob 2015-03-30 18:19:13 -04:00
Justin Richer 6e095e3266 can now add and remove email address claims from the UI 2015-03-30 17:54:16 -04:00
Justin Richer 687517d7f4 Merge branch 'master' into claims-editing-ui 2015-03-30 12:21:59 -04:00
Justin Richer d015d17fad search for local users first (by email), then check remote users 2015-03-30 12:20:19 -04:00
Justin Richer 348ff7ee17 made webfinger endpoint search by email address, then by username 2015-03-30 12:18:50 -04:00
Justin Richer 5aa5cc1a10 added search by email to user info data stack 2015-03-30 12:18:50 -04:00
Justin Richer e89d8cd985 added webfinger lookup helper service 2015-03-30 11:49:49 -04:00
Justin Richer 394785b9c4 don't give resource sets default client scopes 2015-03-30 09:57:10 -04:00
Justin Richer 7af19dbd61 added copyright text 2015-03-30 08:44:51 -04:00
Justin Richer 3e931c68b4 added policy editing overview page 2015-03-20 17:27:10 -04:00
Justin Richer 5698393d31 created claims API 2015-03-19 16:44:34 -04:00
Justin Richer bde03411f1 Merge branch 'master' into uma 2015-03-18 21:42:26 -04:00
Justin Richer 006a4d1ec6 fixed import function of 1.2 data service 2015-03-18 21:42:18 -04:00
Justin Richer 6f149cba69 Merge branch 'master' into uma 2015-03-18 20:10:19 -04:00
Justin Richer 30e894a64a put 'kid' into JWS header, closes #784 2015-03-18 20:09:06 -04:00
Justin Richer 866186f611 pointed data API at the correct service version 2015-03-18 19:54:42 -04:00
Justin Richer 6daeeefb33 augmented introspection unit tests with one for new permissions mode 2015-03-18 08:45:05 -04:00
Justin Richer 9f913244a0 fixed unit tests for introspection results 2015-03-18 08:00:18 -04:00
Justin Richer 7df31f1e87 completed rudimentary UMA authorization API. 
Working: resource set registration, permission ticket creation, RPT creation from ticket

Still missing: adding required claims to resource set, adding provided claims to permission ticket
 2015-03-17 22:26:12 -04:00
Justin Richer 1be9da52c6 separated ticket object from permission object to facilitate re-use of permission object with tokens 2015-03-17 21:16:29 -04:00
Justin Richer f123366069 added scope filtering to protection api 2015-03-17 19:43:02 -04:00
Justin Richer ff958e20b6 basic authorization support 2015-03-17 19:21:20 -04:00
Justin Richer 098519da5e added OAuth2 error reporting to permission and resource set endpoints 2015-03-17 19:01:44 -04:00
Justin Richer 2aadb09f49 started claims service, added expiration to permissions 2015-03-16 22:52:21 -04:00
Justin Richer c234f78dbd Merge branch 'master' into authorization-api 2015-03-13 19:08:14 -04:00
Justin Richer 5873b336f2 fixed erroneous import 2015-03-13 19:07:27 -04:00
Justin Richer 8352145d82 Merge branch 'master' into authorization-api 
Conflicts:
	openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
	openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
	openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
	openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
	openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
	openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java
 2015-03-13 18:39:26 -04:00
Justin Richer ba51df0c37 consolidated client credential filter beans 
(note: imports magic from secoauth)
 2015-03-13 18:30:09 -04:00
Justin Richer 4f12fab56b made unused auth codes expired (they're still single-use), refactored auth code service layer 2015-03-13 13:45:49 -04:00
Justin Richer 2abcd96bbe set fallback locale to English, ultimate fall through is to return the code string itself 2015-03-12 17:28:27 -04:00
Justin Richer 285ad71874 made input reader use UTF8, imported the first set of Swedish text to the JSON format 2015-03-12 17:07:08 -04:00
Justin Richer 80605becf1 rudimentary json-based message source 2015-03-12 15:26:23 -04:00