Justin Richer
b8f701d9d8
switched id tokens to entities, they're now access tokens also
...
still needs some work to get the auth object right, for now we're just copying from the access token
2012-12-06 10:19:21 -05:00
Justin Richer
4698552c2d
made email_verified nullable, addresses #237
2012-12-05 16:54:15 -05:00
Justin Richer
413c477879
utility method for approved sites to check expiration
2012-11-26 14:25:38 -05:00
Justin Richer
45ca4e565e
updated to SECOAUTH-1.0.1-BUILD-SNAPSHOT
2012-11-26 11:53:19 -05:00
Amanda Anganes
f50726ab31
Issue 209 - typo
2012-11-21 14:51:30 -05:00
Justin Richer
9c08944a02
Changed arity on approved sites (now can have many per user/site combo)
2012-11-20 14:07:55 -05:00
Justin Richer
e9d1ed270d
service layer cleanups
2012-11-19 13:46:09 -05:00
Justin Richer
757e21a722
added blacklist API
2012-11-16 11:57:46 -05:00
Amanda Anganes
2a0602863e
Conveted Booleans to booleans
2012-09-20 11:32:59 -04:00
Amanda Anganes
51073a7f8d
Refactor part 3
2012-09-18 15:01:05 -04:00
Amanda Anganes
dd2abd94d1
Refactoring part 2
2012-09-18 14:36:27 -04:00
Amanda Anganes
c40efda6b5
Refactor part 1
2012-09-18 14:24:34 -04:00
Justin Richer
920b2a59ba
Fixed error logging
2012-09-10 17:17:03 -04:00
Justin Richer
2d24435365
Created custom resolver, handler mapper
...
moved endpoint back to server
2012-09-10 17:17:03 -04:00
Justin Richer
be1046f9b6
bean-based configuration
2012-09-10 17:17:03 -04:00
Justin Richer
7eb0a6f3d2
Moved JWK to commons
2012-09-10 17:17:03 -04:00
Justin Richer
42389286e4
removed non-RSA algorithms from JWE encrypter/decrypter functions
2012-09-06 17:28:17 -04:00
Justin Richer
558a6286e2
switched to Guava for parsing ints into bytes, addresses #154
2012-09-06 17:26:20 -04:00
Justin Richer
2b62042696
unshadowed Jwe header, unshadowed IdTokenClaims, added smart copy constructor to ClaimSet
2012-09-06 17:20:22 -04:00
Justin Richer
11b35267b4
Refactored stats processor into a service, made home page into a smart page.
2012-08-28 17:42:43 -04:00
Justin Richer
d041ddb0e1
Added approvedSite API and support structure
2012-08-28 15:28:55 -04:00
Justin Richer
8ae1b376fe
updated whitelist service and repository
2012-08-28 15:28:55 -04:00
Justin Richer
140de779fd
converted userid type to enum
2012-08-27 16:00:27 -04:00
Justin Richer
1c34f83297
Fixed JWS algorithm parsing
2012-08-27 15:58:23 -04:00
Justin Richer
29ac1a3a70
reverse lookup for clientdetails utiltiy classes
2012-08-27 14:45:14 -04:00
Justin Richer
21ff134383
JWS coment/format cleanup
2012-08-27 14:45:02 -04:00
Justin Richer
b5ce8d5e8b
added getByUsername to userinfo repositories and supporting classes, updated calling classes to use this
...
fixed namedquery
2012-08-23 18:23:47 -04:00
Justin Richer
ba24ca1f60
removed unused utility method
2012-08-23 18:22:29 -04:00
Amanda Anganes
ba5572b28a
Tidied up a bit, added javadoc comments to new classes
2012-08-23 11:05:10 -04:00
Amanda Anganes
c23b176567
Database backed authorization-code-service now works.
2012-08-23 10:46:08 -04:00
Amanda Anganes
4b76cc514b
Added a database-backed authorization-code system. Untested; needs to be injected into configuration in the place of the in-memory one and tested
2012-08-22 16:54:00 -04:00
Amanda Anganes
dc61068702
Split approved site and whitelisted site scope tables.
2012-08-22 15:21:42 -04:00
Justin Richer
a02f37cec3
added generators to client service API
2012-08-20 12:22:18 -04:00
Justin Richer
26d5a846e0
Updated validator structure and id token checking.
2012-08-17 16:18:08 -04:00
Justin Richer
012bb4afd7
Changed casing on "URI" to "Url" to match other parameters.
2012-08-17 15:32:04 -04:00
Justin Richer
d14f55004c
added parser to userinfo object, userinfo url in filter, fixed bug in user_id check
2012-08-17 14:40:13 -04:00
Justin Richer
fbd6e67af8
Refactored auth provider to call the userinfo endpoint and provide info inside the auth token.
2012-08-17 14:40:13 -04:00
Mike Derryberry
1efe7a1fc3
updated check of algorithm in signing method"
2012-08-14 10:55:07 -04:00
Justin Richer
155974d8e3
moved services and api over to using new client Id field (instead of client_id)
2012-08-10 16:53:31 -04:00
Justin Richer
eb5a24690f
added method to get client by its (new) Long id
2012-08-10 16:29:16 -04:00
Justin Richer
47ff885032
removed unnecessary cached token values
2012-08-10 14:26:47 -04:00
Justin Richer
74a40fc973
changed auth holder reference, moved dates to timestamps
2012-08-10 14:26:47 -04:00
Justin Richer
bb7d6b2e94
split scopes table
2012-08-10 14:26:47 -04:00
Justin Richer
ed99bd36cf
changed clientdetails entity to use @Enumerated, cleaned up .sql file foreign keys
2012-08-10 14:26:47 -04:00
Justin Richer
2d8a5763a3
javafied auth holder class
2012-08-10 14:26:47 -04:00
Amanda Anganes
97d7bc9c13
added field to indicate whether the client has been dynamically registered
2012-08-09 15:55:07 -04:00
Amanda Anganes
f724d3a9fe
updated userinfo table definitions
2012-08-09 12:44:22 -04:00
Amanda Anganes
617e9568d8
Fixed bugs; I can get tokens now. User approval handler seems to be working corrrectly.
2012-08-09 12:44:22 -04:00
Amanda Anganes
49cb8bd0cb
fixing bugs; needed to make all ids BIGINT AUTO-INCREMENT PRIMARY KEY in sql files
2012-08-09 12:44:21 -04:00
Amanda Anganes
0757642e67
removed "s" from allowed_scopes
2012-08-09 12:44:21 -04:00
Amanda Anganes
9c32e92da5
Cleaned up sql tables some more; sticking to _ naming convention
2012-08-09 12:44:21 -04:00
Amanda Anganes
d7deda1699
Propogated AuthenticationHolder effects; this is untested but compiles and I think it is mostly correct
2012-08-09 12:44:21 -04:00
Amanda Anganes
90df91c351
Added AuthenticationHolder object, got references squared away for AccessToken side. Compiles.
2012-08-09 12:44:21 -04:00
Amanda Anganes
cf348590b0
Removed unused ClientGeneratorFactory
2012-08-09 12:44:21 -04:00
Amanda Anganes
d6d80c3e60
Gave OAuth2RefreshTokenEntity a Long Id
2012-08-09 12:44:21 -04:00
Amanda Anganes
6b1dad7215
Gave OAuth2AccessTokenEntity a Long Id
2012-08-09 12:44:21 -04:00
Amanda Anganes
780839dbf9
Made things compile after ClientDetailsEntity refactoring
2012-08-09 12:44:21 -04:00
Amanda Anganes
a68a4f9796
Organized ClientDetailsEntity, updated JPA annotations. Updated sql files to match. Naming conventions: table and column names with multiple words should be seperated by underscores; table and column names should be singular.
2012-08-09 12:44:21 -04:00
Amanda Anganes
15428a875e
Added additional fields to ClientDetailsEntity and did some reorganization, still some more to do. Added "id" field to the sql file, but the sql still needs all of the other additional fields.
2012-08-09 12:44:21 -04:00
Amanda Anganes
8d4e046408
All logging is now org.slf4j. We had a mix of org.slf4j and apache commons-logging. Added error logging to all view which throw errors.
2012-08-07 10:04:38 -04:00
Amanda Anganes
a061e64abf
Merge branch 'user-approval-handler-updated-rebase'
2012-08-06 16:30:03 -04:00
Amanda Anganes
5fb67ab7bb
Did a lot of cleanup; untested but compiles
2012-08-06 14:33:16 -04:00
Amanda Anganes
2f28cf33e7
Changed UserInfo refs in WhitelistedSite to String ids; updated the user approval handler to check if "remember this decision" is checked and only make a new AP if so, and to pull in the scopes selected on the approval page as the saved allowed scopes for that AP.
2012-08-03 16:43:37 -04:00
Amanda Anganes
b87d54b06e
Changed UserInfo references to String "userId" references
2012-08-03 13:32:17 -04:00
Amanda Anganes
845976b8ac
First stages of getting the graylist portion to work. Currently no mechanism for telling the system NOT to remember your decision; that will come later. All approvals will be automatically stored with this code.
2012-08-03 12:49:40 -04:00
Justin Richer
51b8dbe065
Revert "updated jwtHeader typ to use an enum" -- set things back to using a string
...
This reverts commit 3b2268c622
.
2012-08-02 14:16:55 -04:00
Justin Richer
164090e9d5
added jwt string stability to several places, fixed jwe parser
2012-07-31 15:29:33 -04:00
Amanda Anganes
676808bdac
got things to deploy - could not reference UserInfo directly in ApprovedSite and WhitelistedSite; needed to reference DefaultUserInfo instead.
2012-07-31 14:50:24 -04:00
Amanda Anganes
4e10fce7ef
Implementing user approval handler; made some modifications to ApprovedSite and WhitelistedSite models, repositories, and service layers.
2012-07-31 14:50:24 -04:00
Mike Derryberry
3b2268c622
updated jwtHeader typ to use an enum
2012-07-31 11:29:48 -04:00
Mike Derryberry
95dcb10472
updated encrypter/decrypter to store keys as member variables rather than to pass them in
2012-07-31 11:29:32 -04:00
Mike Derryberry
61c7231d9a
updated encrypter and decrypter to use enum class rather than fragile parsing
2012-07-31 11:28:46 -04:00
Mike Derryberry
5f80ebc89a
changing encryption/decryption code to use enum classes rather than shady parsing techniques
2012-07-31 11:28:23 -04:00
Justin Richer
789f41bdbe
fixed client details regression
2012-07-31 10:44:25 -04:00
Justin Richer
3e6f66e2dc
Merge branch 'master' of https://github.com/ssayer/OpenID-Connect-Java-Spring-Server into ssayer-pullreq-124
2012-07-31 10:43:33 -04:00
Justin Richer
d07667576e
cleaned up old code
2012-07-30 16:50:44 -04:00
Justin Richer
40f39a18e0
cleaning up introspection endpoint
2012-07-30 16:50:44 -04:00
Justin Richer
f9dd9df7cd
added skip to test for encryption if not running unlimited strength java
2012-07-30 14:47:02 -04:00
Justin Richer
92e779257d
testing key sizes, still failing outside of bouncycastle
2012-07-30 13:40:20 -04:00
Samuel Sayer
1dd2aaf8a1
add JsonObject export for JWK keys
2012-07-30 09:27:03 -04:00
Justin Richer
319568d971
refactored JWA algorithm markers to use enum instead of string as stored class
2012-07-23 20:21:31 -04:00
Justin Richer
165f3ea292
fixed some unit tests, broke others
2012-07-23 18:44:47 -04:00
Mike Derryberry
e4bc66ba33
small TODO statements cleared up
2012-07-23 18:31:27 -04:00
Mike Derryberry
4deaffd686
updated hmac and rsa signer to use afterPropertiesSet(), abstract oidc auth filter now adds multiple signers to map and then picks the one it needs, and key fetcher now gets jwk
2012-07-23 18:31:27 -04:00
Justin Richer
8b848af0fb
cleaned up signer initialization calls and algorithm-setting code, cleaned up algorithm names, renamed encrypter/decrypter classes
2012-07-23 18:17:31 -04:00
Mike Derryberry
d204ff1e69
removed constructor for RsaDecrypter and RsaEncrypter
2012-07-17 14:07:58 -04:00
Mike Derryberry
4f78c3db80
removed verification of signature in decryption
2012-07-17 13:40:14 -04:00
Mike Derryberry
1dbf2808c1
changed imports
2012-07-17 10:57:36 -04:00
Mike Derryberry
e380d85ad7
updated encryption/decryption to dynamically get mode for cipher. also made the keyDataLen come from the kdf parameter rather than enc
2012-07-17 10:57:10 -04:00
Mike Derryberry
5d3d888c3f
finished testing. fixed MessageDigest problems in generating cek and cik
2012-07-17 10:56:43 -04:00
Mike Derryberry
13e0a7c4bb
tests for encryption/decryption done
2012-07-17 10:56:09 -04:00
Mike Derryberry
88a052019a
added testing for encryption and decryption. slight bug where [ ] gets appended to clearText. working on that
2012-07-17 10:55:46 -04:00
Mike Derryberry
5152fa1c69
added tests for encryption and decryption. WIP
2012-07-17 10:55:10 -04:00
Mike Derryberry
26792d2fba
updated decryption to generate cik and cek based off of key derivation
2012-07-17 10:54:36 -04:00
Mike Derryberry
d86ee2329b
updated encryption to generate cek and cik through key derivation. also fixed signers to use afterPropertiesSet()
2012-07-17 10:54:09 -04:00
Mike Derryberry
7e7cd4f480
update to encryption/decryption. added cmk, cek, and cik use
2012-07-17 10:53:36 -04:00
Mike Derryberry
bc1ff0d964
updated jwe, jwt, and jwk models to have new parameters that were released in latest JOSE update
2012-07-17 10:53:04 -04:00
Mike Derryberry
70e90bc4c1
updated decryption
2012-07-17 10:52:38 -04:00
Mike Derryberry
025f7f3d66
updated encryption to sign using int value rather than alg
2012-07-17 10:52:16 -04:00
Justin Richer
cd222ad66e
got rid of ghost dependency in pom.xml for common
2012-07-17 10:51:49 -04:00
Mike Derryberry
754e8406bb
removed web app from this git repository
2012-07-17 10:51:20 -04:00
Mike Derryberry
99a574d303
encryption completed, decryption WIP
2012-07-17 10:50:35 -04:00
Mike Derryberry
cee44de3d1
updated encryption class to include AbstractJwtEncrypter
2012-07-17 10:50:06 -04:00
Mike Derryberry
caf2a7b494
updated encryption service to encrypt key and claims and then sign the jwe. decryption updated to decrypt encrypted key and ciphertext
2012-07-17 10:49:29 -04:00
Mike Derryberry
cf0ce7b1fb
updated encryption and decryption for claims. WIP
2012-07-17 10:48:47 -04:00
Mike Derryberry
e252951612
added encrypter/decrypter for claims to get ciphertext
2012-07-17 10:48:07 -04:00
Mike Derryberry
33cc3fa899
Added spring simple web app for testing, encryption and decryption classes for rsa and hmac, still WIP
2012-07-17 10:47:41 -04:00
Amanda Anganes
01793ec57f
added preferred_username claim to userinfo endpoint
2012-07-06 16:02:11 -04:00
Amanda Anganes
50241e4da1
changed UserInfo.verified to UserInfo.emailVerified.
2012-07-06 14:11:43 -04:00
Justin Richer
f0c949fd09
added scope-based filter for userinfo
2012-07-05 17:14:51 -04:00
Justin Richer
c24a2206e9
updated jwtheader parser
2012-07-03 16:43:00 -04:00
Justin Richer
ac7a53b234
bugfix: call setNonce instead of setType
2012-07-03 16:38:53 -04:00
Justin Richer
a03129f70a
added documentation updates
2012-07-02 14:18:25 -04:00
Justin Richer
c619e736f9
removed eclipse files from repository
2012-06-29 15:13:52 -04:00
Justin Richer
de1597b214
refresh token handling fixed, removed token factory references
2012-06-28 16:55:11 -04:00
Amanda Anganes
4e3c99abe4
Merge branch 'validityIntegers'
2012-06-26 13:55:26 -04:00
Amanda Anganes
81d1af40bd
Updated our ClientDetailsEntity *TokenTimeout fields to be *ValiditySeconds, which are now typed as proper Integers in the SECOAUTH ClientDetails interface
2012-06-26 13:54:01 -04:00
Justin Richer
1127a7cfbc
refactored JWKs, updated signing servier to use them
2012-06-25 17:19:25 -04:00
Justin Richer
adb8499bee
merged derryberry code, plus tweaks, still WIP
2012-06-25 16:42:41 -04:00
Mike Derryberry
b1fc07bcb8
updated -common code to get a validation service from a server configuration
2012-06-21 14:37:30 -04:00
Amanda Anganes
2930719700
Added architecture diagram
2012-06-20 15:07:37 -04:00
Mike Derryberry
b94fbd7439
updated -common and -client code by removing throws exception, changing to rest templates, and updating test cases to use annotations
2012-06-20 09:36:55 -04:00
Justin Richer
fe3bbfb3d5
Further cleanups. Still missing:
...
- All tests extend TestCase, should use annotations instead
- Several elements throw Exception
- Key Fetchers should use RESTTemplates and be in a separate utility set
2012-06-15 17:11:58 -04:00
Justin Richer
b86abdd761
merge from pull request, plus cleanup
2012-06-15 15:36:14 -04:00
Justin Richer
731ad2e2e2
updated SECOAUTH reference, fixed some SQL files, temporarily closed token timeout issue
2012-06-15 12:05:08 -04:00
Justin Richer
ace5dd1f1e
imported userinfouserdetails filter from MITRE codebase
2012-06-13 16:33:55 -04:00
Mike Derryberry
65dc3daaf8
smart client
2012-06-12 16:09:01 -04:00
Amanda Anganes
2a05ff995d
Added support for additional field in ClientDetailsEntity.java.
2012-06-11 16:27:35 -04:00
Mike Derryberry
3e810cb5dc
Merge remote-tracking branch 'mitre/master'
2012-06-07 14:29:13 -04:00
Mike Derryberry
fad6caa968
Added testing for signers for Hmac, Rsa, and Plaintext
2012-06-07 14:28:09 -04:00
Justin Richer
e44697cef9
updated JWK display to latest, closes #58
2012-06-05 16:07:19 -04:00
Justin Richer
5c72d8b95f
revocation endpoint cleanup, still needs views
2012-06-05 11:24:11 -04:00
Justin Richer
27219c066d
refactored our service to reflect upstream
2012-06-05 10:18:26 -04:00
Mike Derryberry
ee28d56031
initial implementation of x509 and JWK key retrieval
2012-06-01 10:51:28 -04:00
nemonik
8917e75010
see issue #19
2012-05-30 15:14:15 -04:00
Michael Joseph Walsh
6f43040587
slight sequence diagrams tweaks, mods to account-chooser and openid-connect-client
2012-05-16 21:12:58 -04:00
Michael Jett
3402a3e463
ClientAPI now fully supports RESTful DELETE
2012-05-16 14:32:40 -04:00
Michael Jett
af6e043239
Client Entity now initialized with non-null values so JPA won't flip. Added unified method for saving. Sync'd class member names to allow proper binding.
2012-05-16 13:27:53 -04:00
Michael Jett
0c7ea88323
Client updates.
2012-05-15 17:03:17 -04:00
Stephen Moore
49e96778b8
Missed a file
2012-05-10 17:46:09 -04:00
Stephen Moore
fd91c884bb
Made interfaces... deleted a thing.
2012-05-10 17:45:10 -04:00
Justin Richer
ffe31e6049
merged config from bean config config bean bean
2012-05-09 15:32:13 -04:00
Justin Richer
e158ef6fc2
added config bean
2012-05-09 15:20:15 -04:00
Amanda Anganes
e33f277bbe
Updated classes to track newest version of SECOAUTH. This update closes issues #3 , #4 , #8 , and #36 (infinite redirects). This revision changes the authorization and token endpoints to be /openidconnect/auth and /openidconnect/token, respectively.
2012-05-09 15:16:56 -04:00
Stephen Moore
2cf12d4078
Made getAll use ? extends UserInfo
2012-05-08 16:23:36 -04:00
Justin Richer
97dffb6414
added copyright to all java files. closes #11
2012-04-27 17:55:58 -04:00
Justin Richer
6724866099
moved jwt components, utilities, and various interfaces to -common from -server
2012-04-27 15:20:49 -04:00
Justin Richer
59ecb03548
added getter/setter for userinforepository, closes #40
2012-04-27 15:11:25 -04:00
nemonik
6eb8284695
version needed to be modified to 0.1-SNAPSHOT in order to deploy snapshot to nexus
2012-04-13 13:43:39 -04:00
Amanda Anganes
269a354f8c
Added tables.sql, which is just a concatenation of all the other sql files. Added redirect_uris.sql, which is a NEW table needed to support clients registering multiple redirect uris.
...
This updates us to the HEAD revision of SECOAUTH, where the redirect uri field on ClientDetails has been updated to be a Set<String> instead of a single string. I updated the UI code so that it will still work, but it will need to be updated to allow users to register multiple uris.
This also closes issue #2 from the issue tracker.
2012-04-10 13:44:10 -04:00
Stephen Moore
1a1ae4c5b5
Removed Replacer plugin
2012-03-23 15:55:30 -04:00
Amanda Anganes
8b10b83516
Added setNonce to JwtClaims.
2012-03-23 11:08:49 -04:00
U-MITRE\mjwalsh
b4836a0302
mods to auth filter including config comments, http socket time out...
2012-03-22 17:49:30 -04:00
Justin Richer
c51bb72fe5
merged keystore changes
2012-03-22 13:50:47 -04:00
nemonik
3f2631367f
added comments on configuration of client
2012-03-22 12:16:24 -04:00
Justin Richer
664dd1df46
JWT claims can now have nulls in them without barfing
2012-03-22 11:46:48 -04:00
Justin Richer
c59d3fe963
it spits out JWTs! and id tokens! JWT still needs to handle nulls
2012-03-21 17:59:48 -04:00
Amanda Anganes
ebe72412fe
Authorization Grant flow works up to serializing the returned Access Token. Justin is investigating serialization problems.
2012-03-21 16:44:16 -04:00
Justin Richer
b463cabc69
fixed configuration, moved sql file
2012-03-16 16:46:46 -04:00
Justin Richer
2f29cc52b2
Merge branch 'client_refactor'
2012-03-16 16:28:51 -04:00
Justin Richer
baf7c1c166
fixed dependencies and project configurations
2012-03-16 16:18:33 -04:00
Justin Richer
e6e7504213
added files and shuffled things to new packages
2012-03-16 15:46:23 -04:00