c23b176567
Database backed authorization-code-service now works.
2012-08-23 10:46:08 -04:00
4b76cc514b
Added a database-backed authorization-code system. Untested; needs to be injected into configuration in the place of the in-memory one and tested
2012-08-22 16:54:00 -04:00
dc61068702
Split approved site and whitelisted site scope tables.
2012-08-22 15:21:42 -04:00
e5b62e8935
fixed patterns and expressions on http blocks
2012-08-21 14:02:35 -04:00
9eb328831f
changed to proper prefix
2012-08-21 13:55:47 -04:00
af01e26e10
Split up permitAll on enpoints
2012-08-21 12:54:55 -04:00
d2f7e8edf9
Moved SPEL to app-context, and added enpoint permitAlls
2012-08-21 12:53:48 -04:00
bdfdbbadbc
stats summary, addresses #62
2012-08-21 12:20:05 -04:00
6cb7e74046
updated default handling to user proper backbone model handling
2012-08-20 16:49:39 -04:00
74b4fab58c
Client secret processing
2012-08-20 16:06:12 -04:00
05fa7b148c
added checks for generated client secret
2012-08-20 12:23:02 -04:00
9e60da2675
added controls for client secret processing
2012-08-20 12:22:38 -04:00
a02f37cec3
added generators to client service API
2012-08-20 12:22:18 -04:00
8520fcbf72
removed deprecated granted authority reference
2012-08-17 14:40:13 -04:00
a65504c0cb
added new exception for userinfo, addresses #133
2012-08-15 16:02:06 -04:00
209fc2d249
refactored request object endpoint to avoid urlspace conflict with SECOAUTH
2012-08-15 12:06:37 -04:00
d1218efb2a
cleaned up imports
2012-08-14 10:55:08 -04:00
55e7a4d707
moved request object auth endpoint in project setup
2012-08-14 10:55:08 -04:00
ec286b9644
removed auth bean from application-context. Added extra parameter checks in request object auth endpoint
2012-08-14 10:55:08 -04:00
04d8faa90a
updated autowired annotation
2012-08-14 10:55:08 -04:00
20a7ebc576
autowired all member variables in request object auth endpoint
2012-08-14 10:55:08 -04:00
694074ee58
moved endpoint, added param processing
2012-08-14 10:55:08 -04:00
36b9c805d9
added reference to abstract endpoint class to get token granter
2012-08-14 10:55:08 -04:00
2bdbb283b7
removed dependency on abstract endpoint class. added methods needed to authRequestObjectEndpoint (afterPropertiesSet())
2012-08-14 10:55:08 -04:00
51ec529861
readded implementation of initializingBean
2012-08-14 10:55:08 -04:00
638ebf2010
cleaned up AuthRequestObjectEndpoint class
2012-08-14 10:55:08 -04:00
d93f5f18e5
added state value to jwt that gets passed as request object. certain methods from SECOAUTH use this
2012-08-14 10:55:08 -04:00
3486ea28f1
updated mimicked methods to not use jwt, but rather a jwt in an auth request
2012-08-14 10:55:08 -04:00
1a20dcbc6e
added methods that mimic behavior of private SECOATH methods
2012-08-14 10:55:08 -04:00
d5caa0b543
changed server endpoint to act like an endpoint. WIP to accept request objects, validate, and redirect
2012-08-14 10:55:08 -04:00
7d6211afd7
cleaned up some imports, added serverEndpointRequest class
2012-08-14 10:55:08 -04:00
28344a3c91
auth endpoint got into client code. removed
2012-08-14 10:55:08 -04:00
2888c08083
changed cookie claim to include the response
2012-08-14 10:55:07 -04:00
c0a61fe47a
moved jquery to page header instead of footer, added focus call on login form
2012-08-14 10:48:38 -04:00
484abc4915
fixed client delete
2012-08-10 17:24:21 -04:00
5e898a7b0b
Id toke timeout binding for UI
2012-08-10 17:20:23 -04:00
aaa38a761d
Mis-type for client secret
2012-08-10 17:18:43 -04:00
b99d2ed9dc
Client Id null fix
2012-08-10 17:15:35 -04:00
935b5ed43a
Client Id is now editable
2012-08-10 17:11:13 -04:00
0f9d4ef255
Id refactor UI
2012-08-10 17:05:28 -04:00
155974d8e3
moved services and api over to using new client Id field (instead of client_id)
2012-08-10 16:53:31 -04:00
eb5a24690f
added method to get client by its (new) Long id
2012-08-10 16:29:16 -04:00
480fb8e593
Id refactor UI
2012-08-10 16:26:54 -04:00
ae5e1ca859
Merge remote branch 'origin/master'
2012-08-10 16:12:54 -04:00
3f9e2cfa52
Horizontal UI refactor
2012-08-10 15:29:11 -04:00
74a40fc973
changed auth holder reference, moved dates to timestamps
2012-08-10 14:26:47 -04:00
bb7d6b2e94
split scopes table
2012-08-10 14:26:47 -04:00
ed99bd36cf
changed clientdetails entity to use @Enumerated, cleaned up .sql file foreign keys
2012-08-10 14:26:47 -04:00
66e5cf3f04
Client table button UI tweaks
2012-08-10 14:23:54 -04:00
8d57e0e9ef
Issue # 81 Client UI - Creating new client creates duplicate
2012-08-10 14:19:33 -04:00
a5a102bbe4
Github Issue #116
2012-08-10 11:25:50 -04:00
97d7bc9c13
added field to indicate whether the client has been dynamically registered
2012-08-09 15:55:07 -04:00
170036e0b8
Added expiration to id tokens
2012-08-09 12:44:22 -04:00
6bb9f67f5e
Removed individual .sql files. All table definitions are now concatenated in database_tables.sql.
2012-08-09 12:44:22 -04:00
f724d3a9fe
updated userinfo table definitions
2012-08-09 12:44:22 -04:00
617e9568d8
Fixed bugs; I can get tokens now. User approval handler seems to be working corrrectly.
2012-08-09 12:44:22 -04:00
49cb8bd0cb
fixing bugs; needed to make all ids BIGINT AUTO-INCREMENT PRIMARY KEY in sql files
2012-08-09 12:44:21 -04:00
0757642e67
removed "s" from allowed_scopes
2012-08-09 12:44:21 -04:00
9c32e92da5
Cleaned up sql tables some more; sticking to _ naming convention
2012-08-09 12:44:21 -04:00
d7deda1699
Propogated AuthenticationHolder effects; this is untested but compiles and I think it is mostly correct
2012-08-09 12:44:21 -04:00
90df91c351
Added AuthenticationHolder object, got references squared away for AccessToken side. Compiles.
2012-08-09 12:44:21 -04:00
cf348590b0
Removed unused ClientGeneratorFactory
2012-08-09 12:44:21 -04:00
d6d80c3e60
Gave OAuth2RefreshTokenEntity a Long Id
2012-08-09 12:44:21 -04:00
6b1dad7215
Gave OAuth2AccessTokenEntity a Long Id
2012-08-09 12:44:21 -04:00
780839dbf9
Made things compile after ClientDetailsEntity refactoring
2012-08-09 12:44:21 -04:00
a68a4f9796
Organized ClientDetailsEntity, updated JPA annotations. Updated sql files to match. Naming conventions: table and column names with multiple words should be seperated by underscores; table and column names should be singular.
2012-08-09 12:44:21 -04:00
15428a875e
Added additional fields to ClientDetailsEntity and did some reorganization, still some more to do. Added "id" field to the sql file, but the sql still needs all of the other additional fields.
2012-08-09 12:44:21 -04:00
09e528e113
added discovery info for x509 and client auth
2012-08-07 17:30:36 -04:00
dc7aac12f9
added custom login form, changed footer to only optionally load app
2012-08-07 12:09:32 -04:00
8d4e046408
All logging is now org.slf4j. We had a mix of org.slf4j and apache commons-logging. Added error logging to all view which throw errors.
2012-08-07 10:04:38 -04:00
a061e64abf
Merge branch 'user-approval-handler-updated-rebase'
2012-08-06 16:30:03 -04:00
32dc92119f
Cleanup completed, this works for the most part. TODO: need to make an upstream change in order to inject a new set of scopes into the AuthorizationRequest.
2012-08-06 16:29:22 -04:00
5fb67ab7bb
Did a lot of cleanup; untested but compiles
2012-08-06 14:33:16 -04:00
ae44bd5e0c
Works; about to do some cleanup
2012-08-06 13:40:27 -04:00
2f28cf33e7
Changed UserInfo refs in WhitelistedSite to String ids; updated the user approval handler to check if "remember this decision" is checked and only make a new AP if so, and to pull in the scopes selected on the approval page as the saved allowed scopes for that AP.
2012-08-03 16:43:37 -04:00
b87d54b06e
Changed UserInfo references to String "userId" references
2012-08-03 13:32:17 -04:00
845976b8ac
First stages of getting the graylist portion to work. Currently no mechanism for telling the system NOT to remember your decision; that will come later. All approvals will be automatically stored with this code.
2012-08-03 12:49:40 -04:00
51b8dbe065
Revert "updated jwtHeader typ to use an enum" -- set things back to using a string
...
This reverts commit 3b2268c622
2012-08-02 14:16:55 -04:00
9a7e40fee7
moved all bean definitions to annotations, removed orphaned CheckID view
2012-08-02 12:46:35 -04:00
1508369548
now with Walsh-flavored certificate generation
2012-08-01 18:04:26 -04:00
61a8d4a787
x509 take -- bouncycastley version
2012-08-01 17:19:33 -04:00
db415bfa2b
Working on user approval handler
2012-07-31 14:50:24 -04:00
a223565364
updating user approval handler
2012-07-31 14:50:24 -04:00
676808bdac
got things to deploy - could not reference UserInfo directly in ApprovedSite and WhitelistedSite; needed to reference DefaultUserInfo instead.
2012-07-31 14:50:24 -04:00
4e10fce7ef
Implementing user approval handler; made some modifications to ApprovedSite and WhitelistedSite models, repositories, and service layers.
2012-07-31 14:50:24 -04:00
7c33e19950
Changed authorization endpoint to /authorize rather than /auth; updated SWD entry. Also removed checkid entry from SWD.
2012-07-31 14:39:27 -04:00
863693cf59
Merge pull request #128 from mtderryberry/jwe-and-jwt-fixes
...
Jwe and jwt fixes
2012-07-31 10:52:04 -07:00
3982561a5b
Removing "throws exception" from views. Addresses issue #70
2012-07-31 12:28:46 -04:00
5cf6359f7d
Merge branch 'master' of github.com:mitreid-connect/OpenID-Connect-Java-Spring-Server
2012-07-31 12:14:19 -04:00
686412757f
shortened urls
2012-07-31 12:02:21 -04:00
3b2268c622
updated jwtHeader typ to use an enum
2012-07-31 11:29:48 -04:00
1b5f99efec
added .json mapping to SWD
2012-07-31 10:42:42 -04:00
02da9fceed
fixed imports
2012-07-31 09:16:05 -04:00
d07667576e
cleaned up old code
2012-07-30 16:50:44 -04:00
40f39a18e0
cleaning up introspection endpoint
2012-07-30 16:50:44 -04:00
e7449901a6
Removed IdTokenGeneratorService. Addresses issue #75
2012-07-30 16:46:20 -04:00
ee9288a72a
turned down cache in default
2012-07-30 16:16:02 -04:00
c80f7f1fcd
removed keystore dependency where it is not needed
2012-07-30 14:58:29 -04:00
319568d971
refactored JWA algorithm markers to use enum instead of string as stored class
2012-07-23 20:21:31 -04:00
165f3ea292
fixed some unit tests, broke others
2012-07-23 18:44:47 -04:00
1f68c835c0
updated openid connect image
2012-07-16 15:12:35 -06:00
7a3ae5a757
Merge remote branch 'origin/master'
2012-07-10 17:00:30 -04:00
30addb5439
Redirect URI now displayed on approval page.
2012-07-10 16:54:55 -04:00
9f16f309bd
updated userinfouserdetailsservice to use username instead of userid -- this should actually be a wrapper class though
2012-07-10 16:44:29 -04:00
b0a7ebd9b1
fixed JWK algorithm display
2012-07-10 14:57:12 -04:00
84aa451095
Added comment for spring-servlet.xml
2012-07-10 13:29:53 -04:00
5657bc8f28
updated configuration, confirmed works pending SECOAUTH-299
2012-07-09 11:25:45 -04:00
e5eb2e03d8
added implicit beans
2012-07-09 11:25:45 -04:00
01793ec57f
added preferred_username claim to userinfo endpoint
2012-07-06 16:02:11 -04:00
8abbce3a2d
fixed broken unit tests - they were pointing to the wrong spring context file;
2012-07-06 14:22:06 -04:00
50241e4da1
changed UserInfo.verified to UserInfo.emailVerified.
2012-07-06 14:11:43 -04:00
8fe132cb53
formatting
2012-07-05 18:32:31 -04:00
830e07c35c
moved whole configuration from servlet context into application context
2012-07-05 18:26:12 -04:00
dbd563f3f2
attempting to allow make use of SPEL
2012-07-05 18:21:52 -04:00
f0c949fd09
added scope-based filter for userinfo
2012-07-05 17:14:51 -04:00
c619e736f9
removed eclipse files from repository
2012-06-29 15:13:52 -04:00
5c1b07ae65
don't overwrite an existing JWT nonce
2012-06-28 17:04:21 -04:00
29731d52f6
Merge branch 'refreshtokens' of file:///home/jricher/Projects/workspace-sts/OpenIDConnect-MITRE/OpenID-Connect-Java-Spring-Server into refreshtokens
2012-06-28 17:00:17 -04:00
de1597b214
refresh token handling fixed, removed token factory references
2012-06-28 16:55:11 -04:00
0dc568e5d0
Fixed more information link on approval page
2012-06-28 14:54:59 -04:00
a022f4d713
Authorized grant types now supported client-side
2012-06-28 14:40:37 -04:00
bff34f647c
Allowing a null value for redirectURIs
2012-06-28 12:07:02 -04:00
8fbea2516a
Updated client side variable names to reflect name changes to access token and refresh token timeout
2012-06-28 11:37:34 -04:00
4e3c99abe4
Merge branch 'validityIntegers'
2012-06-26 13:55:26 -04:00
81d1af40bd
Updated our ClientDetailsEntity *TokenTimeout fields to be *ValiditySeconds, which are now typed as proper Integers in the SECOAUTH ClientDetails interface
2012-06-26 13:54:01 -04:00
b6e00b9884
Base white-list functionality and template
2012-06-26 12:50:13 -04:00
1127a7cfbc
refactored JWKs, updated signing servier to use them
2012-06-25 17:19:25 -04:00
adb8499bee
merged derryberry code, plus tweaks, still WIP
2012-06-25 16:42:41 -04:00
baa7ce5e7b
Merge branch 'master' of github.com:mitreid-connect/OpenID-Connect-Java-Spring-Server
2012-06-20 15:10:58 -04:00
2930719700
Added architecture diagram
2012-06-20 15:07:37 -04:00
b94fbd7439
updated -common and -client code by removing throws exception, changing to rest templates, and updating test cases to use annotations
2012-06-20 09:36:55 -04:00
94256d95a1
added crypto configuration file
2012-06-19 16:25:13 -04:00
a38dc0ce29
added crypto configuration file
2012-06-19 16:24:50 -04:00
fe3bbfb3d5
Further cleanups. Still missing:
...
- All tests extend TestCase, should use annotations instead
- Several elements throw Exception
- Key Fetchers should use RESTTemplates and be in a separate utility set
2012-06-15 17:11:58 -04:00
b86abdd761
merge from pull request, plus cleanup
2012-06-15 15:36:14 -04:00
731ad2e2e2
updated SECOAUTH reference, fixed some SQL files, temporarily closed token timeout issue
2012-06-15 12:05:08 -04:00
f9558f0955
stripped out check id endpoint interaction as it deprecated, refactored nonce checking based on spec change, pull user_id as id_token token claim
2012-06-13 18:31:13 -04:00
ace5dd1f1e
imported userinfouserdetails filter from MITRE codebase
2012-06-13 16:33:55 -04:00
65dc3daaf8
smart client
2012-06-12 16:09:01 -04:00
2a05ff995d
Added support for additional field in ClientDetailsEntity.java.
2012-06-11 16:27:35 -04:00
bbf9591c92
Merge branch 'master' into issue52
...
Conflicts:
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml
openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp
2012-06-11 15:04:01 -04:00
c3cffe1eac
cleaned up bad config file
2012-06-05 16:42:26 -04:00
195810fc63
Merge branch 'architecturedocs'
2012-06-05 16:38:07 -04:00
7a207dc162
Merge branch 'discoveryupdate'
2012-06-05 16:37:04 -04:00
250e0c730e
Merge branch 'jwtupdate'
2012-06-05 16:36:32 -04:00
7df2663e00
added final slashification of configuration URLs
2012-06-05 16:36:11 -04:00
fbdccdb78e
added Xrd support ( fixes #63 ), updated configuration locations ( fixes #47 )
2012-06-05 16:32:49 -04:00
e44697cef9
updated JWK display to latest, closes #58
2012-06-05 16:07:19 -04:00
3b4e95ac10
Approval page updates
2012-06-05 15:52:09 -04:00
d424f44b8c
Removing some whitespace
2012-06-05 13:08:55 -04:00
46cd08071d
cleaned up sql table references to redirect uris, see #48
2012-06-05 11:45:06 -04:00
8e33a17307
moved DB schema files up a few levels, fixed test context to point to new locations
2012-06-05 11:32:51 -04:00
5c72d8b95f
revocation endpoint cleanup, still needs views
2012-06-05 11:24:11 -04:00
27219c066d
refactored our service to reflect upstream
2012-06-05 10:18:26 -04:00
e95528a08d
added implementation to stub to read an access token by value
2012-06-05 10:11:24 -04:00
c89b1814d6
Fixed approve.jsp checkboxes (both had the same name).
2012-06-01 17:12:33 -04:00
8684bb969f
Updated approve.jsp with Jett's new code to display some checkboxes. This has been tested, and the additional parameters are persisted correctly and are available to the TokenGranter.
2012-05-31 13:39:24 -04:00
68483536a6
Approval page updates. Approval and denial buttons are now in one form. Generic checkboxes are in place.
2012-05-31 12:12:56 -04:00
424f8bb737
Refactored to use TokenEnhancer rather than a custom TokenGranter.
2012-05-30 16:14:00 -04:00
998fc7f98b
cleaned up beans layout
2012-05-30 15:17:33 -04:00
8917e75010
see issue #19
2012-05-30 15:14:15 -04:00
16aa0c59b5
Added token enhancer. Now to plug it in.
2012-05-30 12:31:12 -04:00
d4e107caf1
updating
2012-05-30 12:08:44 -04:00
2070d2e413
Updated to use AuthorizationRequestFactory rather than ClientCredentialsChecker.
2012-05-30 12:08:08 -04:00
ce847dd4f7
updated poco user view to contain name
2012-05-24 15:57:34 -04:00
c418ccabb1
Merge branch 'master' into userInfoEndpoint
2012-05-24 13:06:29 -04:00
1bff5ef19f
Added POCO view, Added UnknownUserInfoScheamException runtime exception
2012-05-24 11:00:49 -04:00
b838ddb786
Client ID display fix
2012-05-23 14:24:53 -04:00
a1d85e281e
Client ID now showing on display and edit page
2012-05-23 14:21:08 -04:00
48ff2d3d77
Merge remote branch 'origin/master'
2012-05-23 14:01:40 -04:00
f8af7bf884
Adding help text for time-out options
2012-05-23 14:01:31 -04:00
5c544dfe7c
Merge branch 'master' into userInfoEndpoint
2012-05-23 13:43:32 -04:00
7d4d65c359
Merge branch 'userinfo_integration'
2012-05-23 13:39:03 -04:00
a8e9f1d2cd
fixed rendering issues with user info view
2012-05-23 13:36:53 -04:00
9612fde10e
Check for null address, and added email
2012-05-23 13:35:05 -04:00
08958d4137
Merge remote-tracking branch 'remotes/steve/userInfoEndpoint' into userinfo_integration
2012-05-23 13:11:40 -04:00
06fadb5f2b
oauth provider configuration started
2012-05-23 12:55:21 -04:00
9b03831d4e
Filled in the UserInfoEndpoint, and added the JSON view for userInfo (openIdSchema)
2012-05-22 16:56:22 -04:00
668952ec09
Fixing typo
2012-05-22 16:12:21 -04:00
b59baa09a9
Cleaning up placeholder fields
2012-05-22 16:07:51 -04:00
c85248c40c
Editing bug fix for validation
2012-05-22 15:19:47 -04:00
a44dee1fd6
Fixing IE compatibility with saving and editing clients
2012-05-22 15:06:06 -04:00
e5312b4c99
Client secret now editable and dynamically generated if not present
2012-05-22 14:36:40 -04:00
bd054bfd58
Client delete now requires confirmation
2012-05-22 12:28:48 -04:00
6c8aeba041
Default scope is "openid"
2012-05-22 12:25:29 -04:00
e4f2446569
- no restraints on client name and description (neither of them required)
...
- URI regex updated
2012-05-22 12:23:05 -04:00
51fe98b383
ClientAPI now sets owner for clients
2012-05-18 14:23:19 -04:00
f7a0b8de32
Client scope now supported
2012-05-18 14:09:23 -04:00
a1234a4fcd
Timeout form fields now supported. Backbone.JS Validation error handling updates.
2012-05-17 17:15:37 -04:00
2d980a4d8f
Refactoring of routing. Client updates
2012-05-17 16:33:22 -04:00
6f43040587
slight sequence diagrams tweaks, mods to account-chooser and openid-connect-client
2012-05-16 21:12:58 -04:00
b06640c921
First stages of client-side validation worked into application
2012-05-16 17:22:25 -04:00
c45991b561
Adding backbone.js validations framework
2012-05-16 16:04:30 -04:00
3402a3e463
ClientAPI now fully supports RESTful DELETE
2012-05-16 14:32:40 -04:00
7f5b9e2c82
ClientAPI now supports DELETE method
2012-05-16 14:03:49 -04:00
abf3f0ec33
Merge remote branch 'origin/master'
2012-05-16 13:28:24 -04:00
af6e043239
Client Entity now initialized with non-null values so JPA won't flip. Added unified method for saving. Sync'd class member names to allow proper binding.
2012-05-16 13:27:53 -04:00
7e3ce2d583
mods to reflect client <-> account chooser protocol, and refactoring...
2012-05-15 18:43:45 -04:00
0c7ea88323
Client updates.
2012-05-15 17:03:17 -04:00
0f9b828066
ClientAPI admin requirement now global
2012-05-15 14:10:12 -04:00
Amanda Anganes