Refactored userinfo to fetch attributes only when needed and requested.
Also added the possibility to extract attributes from the actual SAML
session
BREAKING CHANGE: 🧨 requires database update
Refactored the GA4GH claim source and related things to be extensible
for other implementations.
Configuration changes:
Elixir GA4GH claim source class needs to be updated to:`custom.claim.[claimName].source.class=cz.muni.ics.oidc.server.ga4gh.ElixirGa4ghClaimSource`
Elixir Access token modifier has been moved and has to be configured as: `accessTokenClaimsModifier=cz.muni.ics.oidc.server.ga4gh.Ga4ghAccessTokenModifier`
BREAKING CHANGE: 🧨 Ga4gh Claim source class for ELIXIR has been changed. Also, the
ElixirAccessTokenModifier class has been moved and renamed.
Refactor how translations are used and loaded. Property `web.langs.customfiles.path` must point to the
RersourceBundle, without the `_lang.properties" extensions. An examle
location, if we have files `/etc/props_en.properties` and
`/etc/props_cs.properties`, the correct value for the configuration
option is `web.langs.customfiles.path=/etc/props`.
BREAKING CHANGE: Property `web.langs.customfiles.path` must point to the
RersourceBundle.
Several tables have been dropped from the database. Also, access_token
does not contain permissions anymore. To update the DB accordingly, run
following:
```sql
DROP TABLE access_token_permissions;
DROP TABLE resource_set;
DROP TABLE resource_set_scope;
DROP TABLE permission_ticket;
DROP TABLE permission;
DROP TABLE permission_scope;
DROP TABLE claim;
DROP TABLE claim_to_policy;
DROP TABLE claim_to_permission_ticket;
DROP TABLE policy;
DROP TABLE policy_scope;
DROP TABLE claim_token_format;
DROP TABLE claim_issuer;
DROP TABLE saved_registered_client;
```
BREAKING CHANGE: 🧨 Database needs to be updated: `ALTER TABLE saved_user_auth DROP
source_class; ALTER TABLE saved_user_auth ADD COLUMN acr VARCHAR(1024);`
Via property _saml.internalReferrers_ it can be configured which
referrers are considered as internal and in such a cases session will
not be invalidated. The property has to be list of URLs, separated by a
comma, and the matching is done as a prefix of the current referrer
Dominik Frantisek Bucik