e56161e223
extracted http "code" view parameter
2015-03-11 13:39:07 -04:00
1735dbca11
extracted controller URLs to constants, closes #769
2015-03-11 13:20:59 -04:00
617d485478
updated all references to media types to use constants instead of literals, closes #767
2015-03-11 12:06:38 -04:00
c777ebfac9
added universal OAuth exception handling
2015-03-11 11:41:28 -04:00
76b7324d88
fixed execution order of introspection endpoint
2015-03-10 18:29:48 -04:00
8c8f912880
fixed endpoint processing to account for client id
2015-03-10 15:37:07 -04:00
ee522100b9
Merge branch 'master' into uma-introspection
...
* master:
fixed logger variable name
made logger declarations consistent across project, closes #780
Fixed logger
null safe
removed DateUtil
added icons to scope editing panel
2015-03-10 15:03:26 -04:00
5d35f2c1a6
toned down errors on introspection endpoint
2015-03-10 14:58:22 -04:00
65d7b00f4d
added uma-processing of scopes to introspection results
2015-03-10 12:38:37 -04:00
627bcaee43
added client_id to resource sets
2015-03-10 12:38:13 -04:00
e5e4c15058
removed introspection authorizer hook
2015-03-10 11:12:37 -04:00
2a6a17486a
added initial uma discovery endpoint
2015-03-09 16:15:30 -04:00
621399545e
cleaned up introspection endpoint processing
2015-03-09 16:15:09 -04:00
764df71758
refactored introspection to allow for UMA style token access
2015-03-09 12:43:05 -04:00
1da5c2cd84
fixed imports
2015-03-09 11:51:41 -04:00
c7f6811961
refactored scope enforcement utilities to a separate authentication class
2015-03-09 11:51:24 -04:00
48b857eb85
fixed logger variable name
2015-03-09 07:37:09 -04:00
c09b63c69f
made logger declarations consistent across project, closes #780
2015-03-08 21:56:33 -04:00
849a2b3271
Fixed logger
2015-03-08 16:02:53 +01:00
020b410ffe
null safe
2015-03-08 15:47:58 +01:00
db2574ab53
removed DateUtil
2015-03-08 15:41:47 +01:00
f266d3b151
added unit test for resource set service to make sure it catches error conditions
2015-03-06 16:56:30 -05:00
35f2a03b4e
added unit test for permission service
2015-03-06 15:50:24 -05:00
e59e988809
made permission service enforce scoping
2015-03-06 15:50:14 -05:00
5ff9cd1bbb
implemented permission registration API
2015-02-28 17:59:37 -05:00
eed8fb0b28
created skeleton of permission registration API
2015-02-28 08:33:09 -05:00
c41488b103
moved an uma package to common, extracted OAuth scope enforcement utility
2015-02-28 08:32:47 -05:00
5be7d64c7d
moved all uma files to their own package
2015-02-28 07:24:53 -05:00
0d96b6a28a
changed name of scope to match uma spec
2015-02-27 20:46:48 -05:00
7a1480bb07
moved and consolidated json utilities
2015-02-26 16:20:01 -05:00
40fc70894e
fixed oauth scope check
2015-02-24 18:01:03 -05:00
4878e88d4f
added list all by owner
2015-02-24 17:41:05 -05:00
8d22ad03e2
implemented remove verb
2015-02-24 17:15:18 -05:00
89114dcf74
implemented update
2015-02-24 16:05:18 -05:00
ad228e8953
send the _id as a string
2015-02-24 15:52:29 -05:00
3b6412219b
added abbreviated view, updated OAuth error handling, fixed URL mapping
2015-02-24 15:10:48 -05:00
0b480bac10
implemented get
2015-02-24 15:09:52 -05:00
3076da1ed8
functioning resource set repository layer
2015-02-24 12:10:54 -05:00
efeead52b6
fixed typos in data layer, added blank service layer to resource set
2015-02-24 12:00:58 -05:00
e7bf75e9a4
moved and consolidated json utilities
2015-02-23 13:43:08 -05:00
90a7304b4e
resource set registration endpoint and service shells
2015-02-23 11:43:05 -05:00
b670f44138
added UMA to version number
2015-02-19 17:55:25 -05:00
720b73939f
fixed token service logic, added verification to unit tests
2015-02-18 13:57:28 -05:00
97ae456099
fixed unit tests affected by scope service changes
2015-02-18 13:48:16 -05:00
6885713eed
added warning suppression for data layer -- non-templated generic types have to be used here
2015-02-18 10:19:36 -05:00
f4813fccee
fixed log messages on data services
2015-02-18 09:33:13 -05:00
4ae981f484
updated data layer and unit tests
2015-02-18 09:23:09 -05:00
593fac83cf
scopes can now be set as "restricted" instead of needing to be set "allowDynReg", closes #747
2015-02-17 18:25:52 -05:00
1caf5ef8bc
removed call to deprecated http components constructor
2015-02-17 17:06:34 -05:00
b376bc6059
removed some vestigial service/repository calls, closes #513
2015-02-17 16:22:40 -05:00
ecfb72bc50
additional JOSE class naming
2015-02-17 15:32:20 -05:00
522edda074
additional JOSE class renaming
2015-02-17 14:57:29 -05:00
cef6cf17b6
externalized a number of strings, closes #385
2015-02-17 14:39:15 -05:00
05f03f7c90
yet more year updates
2015-02-17 13:09:45 -05:00
994ce6c743
consistently named JOSE-based classes, closes #529
2015-02-17 12:11:58 -05:00
335d05bb5c
renamed data service abstract class
2015-02-17 11:56:50 -05:00
685960358c
formatting cleanup
2015-02-17 11:08:46 -05:00
e2349984b8
happy new year 2015!
2015-02-17 10:24:08 -05:00
d56aec5652
removed extraneous version tag for managed dependency
2015-02-17 10:00:18 -05:00
d88cc2ec8e
fixed pluralization of post logout URIs in data API services
2015-02-17 09:59:50 -05:00
cc02f8fbe8
pluralized post-logout redirect URI on client, closes #654
2015-02-16 16:43:34 -05:00
587d4b2db6
further pom file cleanup
2015-02-16 14:24:48 -05:00
377d8cb884
moved dependency version management to parent pom, closes #666
2015-02-16 13:51:25 -05:00
ef3a696972
removed getBySubject and getAll from user info repository and service layers, closes #760
2015-02-16 11:08:07 -05:00
63dd7c0b25
removed deprecated DefaultUserInfoUserDetailsService and corresponding test, closes #413
2015-02-16 11:07:17 -05:00
166c53cd6a
fixed comparison of client IDs in refresh token, closes #752
...
Also addresses #735 (again)
2015-01-24 07:47:50 -05:00
6c88d7c54b
removed old owner_id field, closes #636
2015-01-17 08:18:36 -05:00
ba97fcb88a
changed name of clientAuthorization to authorizationRequest (which is more accurate), closes #697
2014-12-19 00:55:06 -05:00
a1228d19b5
Changed lastWeek logic back to correct form, removed logic used for
...
testing.
2014-12-19 00:39:07 -05:00
e9d764e53e
added support for login_hint, closes #250
2014-11-26 09:55:39 -05:00
3e7ade9a67
fixed unit tests
2014-11-22 23:46:25 -05:00
1a2ca25359
relaxed scope constraints on protected resources registered through self-service page
2014-11-22 23:46:25 -05:00
e371ad345f
fixed checking of refresh token permissions in client service, clients can now request either refresh_token grant type or offline_access scope and it will work. added checkbox to dynreg page for ease-of-use
...
closes #734
2014-11-22 23:46:25 -05:00
56344fa12b
make sure that client presenting refresh token is the same client the refresh token was issued to
...
closes #735
2014-11-22 23:46:25 -05:00
0e776762c2
set up data API for 1.2 format (currently the same as 1.1 format)
2014-11-15 19:59:47 -10:00
b14dfa6458
approval page defaults to "ask again" when prompt=consent is passed, closes #669
2014-11-13 11:23:54 -10:00
775b77b367
updated date format of token introspection response, closes #719
2014-11-13 11:08:20 -10:00
c600787f1c
added key id to id token, closes #725
2014-11-12 16:22:10 -10:00
d87bdb2120
added ROLE_CLIENT to assertion client authentication, cleaned up roles on client secret authentication, closes #728 , closes #401
2014-11-12 16:03:06 -10:00
e6d10b67a4
update to Spring 4 and other related libraries
2014-11-10 18:29:54 -10:00
9dfac35912
Introduce introspection result assembler to allow for customized introspection results
2014-10-14 21:06:09 -04:00
d557b1e2c2
RefreshToken to AuthHolder linkage test now using AuthHolder ID to verify
2014-10-14 20:30:50 -04:00
ff436a6738
Added tests for ensuring the references between a refresh token and its authentication holder are preserved over import. Minor cleanup of other tests.
2014-10-14 20:30:50 -04:00
d18d325c0c
Better method of creating test AuthenticationHolderEntity, added some more testing to testImport/ExportGrants
...
Conflicts:
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java
2014-10-14 20:30:50 -04:00
ff28e1a383
Added new data service tests, separated date parsing/formatting utilities into DateUtil class
...
Conflicts:
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_X.java
openid-connect-server/src/main/java/org/mitre/openid/connect/util/DateUtil.java
2014-10-14 20:30:50 -04:00
188818dc0d
added null check to confirmation controller, closes #684
2014-10-07 21:58:15 -04:00
db052f11ca
Moved development branch to 1.2
2014-10-07 21:02:07 -04:00
134909a82f
import cleanup
2014-10-07 19:40:38 -04:00
1e71749c23
added more generic rotation capability
2014-10-07 19:40:38 -04:00
0b8dbc4f68
added registration token API
2014-10-07 19:40:38 -04:00
13cee6bf06
Ported date format changes from 1.0.x
2014-10-06 23:41:33 -04:00
98ace5c9fb
Separated date formatting and parsing functions to DateUtil class. Modified how timezone is printed to workaround Java date formatting issue.
...
Conflicts:
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
2014-10-06 23:28:20 -04:00
1fbdd240f1
made binary encode/decode null safe
2014-10-06 23:25:48 -04:00
a8377513a6
Fixed reading/writing of approved access tokens
2014-10-06 22:59:27 -04:00
0320bae15c
Fixed netbeans copyright weirdness
2014-10-06 22:59:27 -04:00
dcf66fadc4
Added support for 1.1 config import/export, and separated common functions into 1_X abstract class
2014-10-06 22:59:27 -04:00
ad841a03df
Added support for whitelisted and blacklisted site export
2014-10-06 22:59:27 -04:00
8495617aed
Added support for whitelisted and blacklisted site import from a 1.0 config
2014-10-06 22:59:27 -04:00
16f15cc3c8
NPE fix
2014-10-06 22:59:27 -04:00
6333b1e4b1
Re-enabled reading of system scopes. Added 1.1 data export functionality
2014-10-06 22:59:27 -04:00
d5551e9692
Added services for data import/export and modified JpaAuthenticationHolderEntity and Repository to allow getting all objects
2014-10-06 22:58:26 -04:00
c683131f12
externalized view name strings and tied them to view beans
2014-09-28 22:25:39 -04:00
9e88a62479
moved the API endpoints, made resource tokens accessible too
2014-09-22 23:38:12 -04:00
6d80a00d65
import cleanup
2014-09-22 23:04:23 -04:00
81634e6165
added API for getting tokens by clientid
2014-09-22 22:55:13 -04:00
dee78c130c
fixed missing null check in request object parser
2014-08-25 22:48:42 -04:00
e0b84069d4
Update to latest spring-security-oauth2 module
2014-08-06 11:12:40 -04:00
6f2f807b0b
[maven-release-plugin] prepare for next development iteration
2014-08-05 21:54:51 -04:00
93ae1516a5
[maven-release-plugin] prepare release mitreid-connect-1.1.9
2014-08-05 21:54:47 -04:00
39c50b76f4
added null checks to endpoint auth method switches, closes #652
2014-07-31 23:05:17 -04:00
8768188133
makes the grant types checker softer, closes #640
2014-07-19 23:54:02 -07:00
9666404d54
added "none" to discovery endpoint
2014-07-16 23:48:18 -04:00
7476edb310
added unsigned ID token support to server
2014-07-16 22:29:13 -04:00
538c4031bb
added in better default checks for content negotiation
2014-07-02 16:01:26 -04:00
078bf5e464
combine HTTP content negotiation with client preferences for user info endpoint
2014-06-28 23:44:37 -04:00
1de2a61176
made accept header optional for user info request
2014-06-28 22:20:05 -04:00
04acc21eea
removed injection of admin email address from client API, will happen browser-side now
2014-06-26 13:00:36 -04:00
adf477c64e
[maven-release-plugin] prepare for next development iteration
2014-06-18 18:27:27 -04:00
8d97ed61ec
[maven-release-plugin] prepare release mitreid-connect-1.1.8
2014-06-18 18:27:25 -04:00
5773fe195b
set proper content type on user info JWT response
2014-06-18 18:05:11 -04:00
5f97ce0ca1
fixed error code string
2014-06-18 14:50:17 -04:00
6589cd717d
disallow fragments in redirect uris for dynamic clients, closes #622
2014-06-18 14:49:29 -04:00
4e52543091
more properly respond to some client registration errors
2014-06-18 14:45:55 -04:00
c493f438e7
applied token rotation to protected resources
2014-06-12 19:37:50 -04:00
f4edd3164f
made timeout field optional, tokens don't expire in the default case
2014-06-12 19:37:32 -04:00
4e09ec687b
Registration Token regeneration - when they are beyond their lifetime
...
(in read/update calls)
2014-06-12 19:12:32 -04:00
ed3e6a2814
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/431 :
...
Generating a new registration access token on read/update call and
revoking the token issued earlier.
2014-06-12 19:12:32 -04:00
a106121af3
created blacklist aware redirect resolver and wired it in, closes #549
2014-06-10 16:29:45 -04:00
a97f3e2d65
don't throw away creation time on protected resource update (oops)
2014-06-09 20:22:58 -04:00
e0fe22e4ba
don't regenerate client secrets every single time
2014-06-09 20:20:36 -04:00
53148f2c87
better auth method checking in dynamic registration and resource registration
2014-06-09 17:41:27 -04:00
f15b4a0f74
resource registration returned the wrong URL
2014-06-09 17:41:01 -04:00
47cc005fe5
more sanity checking for client secrets
2014-06-09 16:06:57 -04:00
cac645484f
client API now generates client secret only for clients that require a client secret
2014-06-09 16:00:55 -04:00
52e53ba219
extracted validation exception, refactored protected resource registration endpoint to use this format
2014-06-06 11:13:41 -04:00
b7a8bbdddc
cleanup, error wrappers on protected resource registration
2014-06-06 10:58:40 -04:00
deaccf437e
refactored dynamic registration endpoint's checks for client consistency
2014-06-06 10:18:40 -04:00
04f7a698ea
added response type consistency checking, closes #430
2014-06-05 19:41:06 -04:00
32101ff7b2
added parsing checks, fixed inverted logic, cleaned up redundant settings, closes #597
2014-06-05 19:06:03 -04:00
ab083c0963
added checks to dynamic registration endpoint that disallow registration of multiple incompatible grant types
2014-06-05 17:16:35 -04:00
cdd23df7ee
token introspection now returns user "sub" when available in addition to "user_id", closes #507 (might cause incompatibility problems)
2014-06-04 17:27:38 -04:00
85acfa90db
[maven-release-plugin] prepare for next development iteration
2014-06-04 14:51:32 -04:00
d5e4cb45a2
[maven-release-plugin] prepare release mitreid-connect-1.1.7
2014-06-04 14:51:29 -04:00
8861220632
stats on home page are now loaded in the background (makes main site load much faster)
2014-06-04 14:39:30 -04:00
3e4aae6c8a
hash tests now pass on Java8
2014-05-29 17:41:56 -04:00
dfdc4ed52d
fixed information leaks from approved site API
2014-05-28 18:21:46 -04:00
a84c10fc1c
Change copyright from Netcetera to MITRE/MIT-KIT.
2014-05-28 08:52:31 +02:00
2797731597
fixed unit test to account for cascading tokens
2014-05-27 20:39:19 -04:00
d2c83104fb
cascade token saves
2014-05-27 19:28:38 -04:00
7f8cbcea39
Use return value from TokenEnhancer.enhance
2014-05-27 19:23:44 -04:00
be98b9cd0b
[maven-release-plugin] prepare for next development iteration
2014-05-27 14:00:40 -04:00
8320f0eefe
[maven-release-plugin] prepare release mitreid-connect-1.1.6
2014-05-27 14:00:37 -04:00
0c8cacd59a
added missing copyright headers
2014-05-27 13:46:47 -04:00
525f3aa2a8
Cleaned up indentation, whitespace, and imports.
2014-05-27 13:02:49 -04:00
8185171119
minor clean up
2014-05-27 11:54:45 -04:00
5ab516de48
prevent clients from registering with special resource scope
2014-05-26 17:39:20 -04:00
c34357a433
added resource registration endpoint with basic functionality and specialized tokens
2014-05-26 16:30:24 -04:00
960319b796
improved logging configuration, removed transactional from service
2014-05-25 15:38:44 -04:00
85fd4e71ce
typo in error message
2014-05-25 15:37:58 -04:00
2af51dc77a
better URI check for prompt filter short circuit
2014-05-25 14:24:25 -04:00
f4a1a2acff
fixed prompt filter coding error
2014-05-24 23:16:29 -04:00
89d55e3d33
added support for default max auth age and require auth time, made prompt filter only work on authorization endpoint
2014-05-24 22:12:41 -04:00
5c6e75bd53
cleaned up UI for client editing
2014-05-24 20:56:54 -04:00
05e9624ae3
added support for encrypted and symmetrically signed id tokens and user info responses
2014-05-23 21:15:50 -04:00
ffe1b29906
Added Signed JWT support to UserInfo endpoint response, closes #593
2014-05-23 19:15:03 -04:00
e4d5f4a540
added system wide cache for all symmetric validators, closes # 557
2014-05-23 16:16:06 -04:00
ca333d256b
Appropriately catch runtime exceptions in all guava caches, closes #603
2014-05-23 15:00:40 -04:00
df9c9747ce
more reasonable check for whether or not a user auth is present, addresses #602
2014-05-23 11:49:51 -04:00
4e890a4d7d
enforce clients using a redirect flow have at least one redirect uri registered when using dynamic registration, made error handling more consistent across all APIs
...
closes #596
2014-05-21 18:29:51 -04:00
a225b00920
added null check and permissions check to ID token generation, closes #602
2014-05-21 17:45:25 -04:00
880014176f
[maven-release-plugin] prepare for next development iteration
2014-05-13 18:23:11 -04:00
ca8a003e3d
[maven-release-plugin] prepare release mitreid-connect-1.1.5
2014-05-13 18:23:08 -04:00
dcf36234c4
moved CSRF generator to request parser instead of confirmation controller
2014-05-13 09:48:34 -04:00
a253ebc908
added CSRF protection to approval page
2014-05-13 09:27:02 -04:00
fcfbf1080f
renamed auth request variable
2014-05-13 09:26:27 -04:00
7cd36b471f
Make introspection endpoint access authorization pluggable.
2014-05-07 16:44:56 +02:00
4b697ba909
webfinger checks host on acct: URIs, closes #404
2014-04-25 21:21:00 -04:00
b8129bf60d
[maven-release-plugin] prepare for next development iteration
2014-04-21 19:19:10 -04:00
a9e34ac9bd
[maven-release-plugin] prepare release mitreid-connect-1.1.4
2014-04-21 19:19:07 -04:00
376403fa4a
account for registration time in approval page, closes #550
2014-04-19 07:28:20 -04:00
1d2f968bd1
configuration cleanup, closes #568
2014-04-18 22:11:58 -04:00
318a28ddf8
added stats mock to unit tests
2014-04-16 22:05:03 -04:00
521017c5c2
updated stats service to have a resettable cache triggered by other service events
2014-04-16 21:39:37 -04:00
7f310400b1
simple cache for stats
2014-04-16 21:18:12 -04:00
39509bfdc4
Performance improvement of token cleanup:
...
an alternative token cleanup mechanism designed to maintain a very compact memory footprint while performing cleanup in consecutive runs of the cleanup thread. This serves to address OutOfMemoryException issues of the original token cleanup mechanism when process is under load. Also, added cleanup of the authentication_holder table.
2014-04-10 23:38:37 -04:00
265624b285
a fix for a NullPointerException whenever a client requests a client scope to be granted.
2014-04-10 22:41:20 -04:00
97cd00e06c
[maven-release-plugin] prepare for next development iteration
2014-03-19 21:40:21 -04:00
23c7cf6996
[maven-release-plugin] prepare release mitreid-connect-1.1.3
2014-03-19 21:40:18 -04:00
ad5ffb64e8
[maven-release-plugin] prepare for next development iteration
2014-03-08 11:17:40 +00:00
1635cf957d
[maven-release-plugin] prepare release mitreid-connect-1.1.2
2014-03-08 11:17:35 +00:00
53cc7ef447
Fixed audience claim on client auth assertion
2014-03-06 19:45:05 +00:00
1fcef858c6
updated server discovery document to reflect new capabilities
2014-03-06 16:48:27 +00:00
b67121f0cd
added client_secret_jwt auth method support, closes #174
2014-03-04 23:45:36 +00:00
15b017992c
added DELETE to token api because revocation endpoint doesn't work for this kind of management, closes #191
2014-03-01 11:05:46 +00:00
89f015cf1c
Updated Token API to be less leaky
2014-02-28 21:14:27 +00:00
dd391ebf3c
Display contacts, popup for image, cleanup of more info
2014-02-16 21:58:16 -05:00
dab52ca8a0
enhancements to approval page
2014-02-16 18:25:05 -05:00
ec6a78c1ba
made prompt pluralizable to comply with spec, closes #519
2014-02-16 01:41:08 -05:00
9395c3802d
[maven-release-plugin] prepare for next development iteration
2014-02-10 15:28:14 -05:00
4f8311962a
[maven-release-plugin] prepare release mitreid-connect-1.1.1
2014-02-10 15:28:11 -05:00
Justin Richer