Justin Richer
d89257380f
make client assertion auth work again
8 years ago
Justin Richer
f9e4d75a4a
use JWT bearer assertion token for assertion processing
8 years ago
Justin Richer
bd9932d56f
added assertion processor to token endpoint
8 years ago
Justin Richer
a5a12b2f1f
added assertion validation engine
8 years ago
Justin Richer
fa63993896
added software statement to client model, added processor to dynamic registration parser
8 years ago
Justin Richer
a951a22bf8
explicitly use language and country codes for locale resolution
8 years ago
XIAO XI LIU
b8cc0a82b3
fix issue #1061 : auto-detect locale country code
8 years ago
Justin Richer
7177854416
inverted boolean for #1033
9 years ago
Justin Richer
39bae3a160
make the client auth URL matcher use an existing matcher instead of custom code
9 years ago
Justin Richer
01892b6f47
use a request matcher on authorization request filter, closes #1033
9 years ago
Justin Richer
ca6e867df6
manage dependency versions in parent
9 years ago
Trung Nguyen
ecb4a9ed53
Check that the underlying cause of the PersistenceException is caused by a duplicate entry.
9 years ago
Trung Nguyen
6fb26856a7
Make apiAddClient in the client api return a HttpStatus.Conflict if you try to create a client with a used client id.
...
This fixes a bug where if you try to create a client with a client id that is already in use, you get an empty error message. Instead, now you get a message that tells you that the client couldn't be created because the client id is already in use.
9 years ago
Leonard Brünings
8e71107f9b
Fix NPE when checking claim extension, Simplify always true expressions
9 years ago
Fredrik Jönsson
8f81278332
We really should specify an encoding here and not depend on the
...
servers default encoding, shouldn't we? It becomes ISO-8859-1
otherwise in Tomcat as per the Servlet specification.
9 years ago
Justin Richer
c31f42c3f3
updated versions to 1.3
9 years ago
Justin Richer
58724aa6dc
[maven-release-plugin] prepare for next development iteration
9 years ago
Justin Richer
29c9ee2c46
[maven-release-plugin] prepare release mitreid-connect-1.2.6
9 years ago
Justin Richer
89316cbab1
fixed default token lifetimes for heart mode
9 years ago
Justin Richer
9691f02772
added audience parameter to parser, fixed token generator to match HEART spec
9 years ago
Justin Richer
49a8848648
count really weird URIs as "custom scheme"
9 years ago
Justin Richer
d75bba218d
forbid password grant type in HEART mode
9 years ago
Justin Richer
699e9bff39
testing for multiple classes of redirect URIs
9 years ago
Justin Richer
38710bd3d2
unit tests for HEART mode
9 years ago
Justin Richer
74ea42851b
added check for HEART mode consistency
9 years ago
Justin Richer
028265faa6
pulled scope values to externalized strings
9 years ago
Justin Richer
5bccb602d8
always perform strict redirect URI matches in HEART mode
9 years ago
Justin Richer
51e3513307
disallow client secret JWT authentication in HEART mode
9 years ago
Justin Richer
d0d6ae2ad8
[maven-release-plugin] prepare for next development iteration
9 years ago
Justin Richer
7f5b70e9e1
[maven-release-plugin] prepare release mitreid-connect-1.2.5
9 years ago
Justin Richer
183a599126
fixed OIDC discovery relation URL
9 years ago
Justin Richer
61433cc23a
deepen webfinger, endpoint is looser
...
closes #1008
9 years ago
Justin Richer
82a1e49e79
[maven-release-plugin] prepare for next development iteration
9 years ago
Justin Richer
e6684fb7a8
[maven-release-plugin] prepare release mitreid-connect-1.2.4
9 years ago
Misagh Moayyed
3d14b0d128
rename zone_info claim to zoneinfo
9 years ago
Justin Richer
7badfe1d17
Happy new year 2016!
9 years ago
Justin Richer
d1033b693f
added privacy-preserving client logo cache
9 years ago
Justin Richer
e828f3f18d
[maven-release-plugin] prepare for next development iteration
9 years ago
Justin Richer
01ca5ef8e2
[maven-release-plugin] prepare release mitreid-connect-1.2.3
9 years ago
Justin Richer
aa878cc3cf
pulled checks for expired tokens into utility functions
9 years ago
Justin Richer
698feb49cd
check access token expiration on read. closes #983
9 years ago
Justin Richer
7f464c496b
changed copyright to new consortium name
9 years ago
Justin Richer
ea77bf2a19
quieted approved site cleanup
9 years ago
Justin Richer
1ed3e2c47a
quieted logging on database cleanup tasks when no expired elements are found
9 years ago
Justin Richer
fcfc620d51
updated client API with more useful errors, removed unused service reference
9 years ago
Justin Richer
2496dc114c
allow language system to be loaded from multiple files. closes #817 closes #876
9 years ago
Justin Richer
e255fc1a10
change default behavior of message source, closes #964
9 years ago
Cosmin Cojocar
7b34a666d9
Make the dual client support configurable
9 years ago
Cosmin Cojocar
a80953a2d4
Allow both flows authorization code and client credentials. This scenario might be found when the same client supports user authentication as well as service to service authentication. Such a client is trusted (whitelisted).
9 years ago
Mark Janssen
dce80d488b
Clean up ScopeClaimTranslationService
...
`getFieldNameForClaim` method is never used.
9 years ago
Justin Richer
2deec98b58
[maven-release-plugin] prepare for next development iteration
9 years ago
Justin Richer
d96b2dc130
[maven-release-plugin] prepare release mitreid-connect-1.2.2
9 years ago
Justin Richer
96f4d5e8a8
fixed use of wrong constant, closes #940
9 years ago
Justin Richer
c9358f348a
added transactional annotations, finally closes #926 addresses #862
9 years ago
Justin Richer
e1e892377f
added cleaner for duplicate refresh tokens
9 years ago
Justin Richer
542afca459
cleans duplicate access tokens from DB before other cleanup happens
9 years ago
Justin Richer
ebb4f2c3d4
Upgraded to nimbus 4.2, closes #934
9 years ago
Justin Richer
c67611e975
added qualifier name to persistence unit and transaction manager, closes #883
9 years ago
Justin Richer
d280ca40a4
login hints now handled in a slightly smarter (and more pluggable) manner, closes #851
9 years ago
Mark Janssen
b5c298e0ca
Remove legacy CSRF protection for approve page
...
Instead, we rely on the Spring Security CSRF protection, like we already do for the login page. Additionally, we remove the authentication check in`isApproved`, because this is already done by Spring Security (and if not, we have bigger problems to worry about).
9 years ago
Justin Richer
8b362f23f3
[maven-release-plugin] prepare for next development iteration
9 years ago
Justin Richer
e384a6257b
[maven-release-plugin] prepare release mitreid-connect-1.2.1
9 years ago
Justin Richer
4063f7f94f
user info endpoint response uses correct client algorithms, addresses #921
9 years ago
Justin Richer
acb3d03052
added 'kid' to all signed tokens, closes #899
9 years ago
Justin Richer
d3f8ff2855
added JTI to ID tokens, closes #900
9 years ago
Justin Richer
9822748209
grabbed additional places that mention updated_time/updated_at
9 years ago
Sarah Squire
31ea96ce27
Update DefaultOIDCTokenService.java
...
fixed typo
9 years ago
Justin Richer
22c05ec51b
[maven-release-plugin] prepare for next development iteration
9 years ago
Justin Richer
e6b64cd9cd
[maven-release-plugin] prepare release mitreid-connect-1.2.0
9 years ago
Justin Richer
489450b1c2
automated code format cleanup
9 years ago
Justin Richer
15c2b57730
[maven-release-plugin] prepare for next development iteration
9 years ago
Justin Richer
8317c759f1
[maven-release-plugin] prepare release mitreid-connect-1.2.0-RC2
9 years ago
Justin Richer
0740443768
added claims redirect uri set to client model for UMA usage
9 years ago
Justin Richer
a4e75ed733
[maven-release-plugin] prepare for next development iteration
10 years ago
Justin Richer
58a47d0e46
[maven-release-plugin] prepare release mitreid-connect-1.2.0-RC1
10 years ago
Justin Richer
0714ed514e
fixed errant unit test
...
why do they always get away like that??
10 years ago
Justin Richer
064f36ef6c
clean up resource sets when clients are deleted
10 years ago
Justin Richer
d1c069ad1e
clean up permissions and access tokens when a resource set is revoked
10 years ago
Justin Richer
7345a03aaa
added UMA import, closes #811 even harder
10 years ago
Justin Richer
bcd8a96b5d
UMA data export, closes #811
10 years ago
Justin Richer
a3360e9561
externalized strings in data API (1.2)
10 years ago
Justin Richer
4a382f2b1c
updated unit tests to new structure
10 years ago
Justin Richer
8c822c0f54
detached whitelist from approved sites, closes #781
10 years ago
Justin Richer
c4aaa29ffc
updated unit tests for new refresh token mode
10 years ago
Justin Richer
d9efeb3b67
added clear access tokens to export/import
10 years ago
Justin Richer
2f4d9ce54b
clearing out refresh tokens is now configurable, closes #409
10 years ago
Justin Richer
8359ac2813
fixed refresh token lookup
10 years ago
Justin Richer
d2a393f7f9
converted error handlers to a single @ControllerAdvice class, closes #788
10 years ago
Justin Richer
f4a1b27e2e
better handling of HTTP and JSON errors on network fetches, added http-forcing behavior for webfinger client and sector URL service
10 years ago
Justin Richer
f7a082d4b8
wrapped timestamp injection in a null-safe block, with warning; closes #849
10 years ago
Mark Janssen
9e74e40453
Use diamond syntax instead of explicit types
10 years ago
Mark Janssen
6dc2b2cb5e
Various small improvements/bugfixes
10 years ago
Justin Richer
d1e8529a7b
expose ID Token and UserInfo to the AuthoritiesProvider and AuthoritiesMapper, both extensible
...
closes #699
closes #761
10 years ago
Justin Richer
4655650a68
added OAuth error display page, closes #559
10 years ago
Justin Richer
dfc8df42f5
moved server configuration injection to pre-request
10 years ago
Justin Richer
79317d5b70
JWK Set by value added to admin UI, addresses #826
10 years ago
Justin Richer
e43600494a
minor automated code cleanup
10 years ago
Justin Richer
642942b5cf
Generalized client key handling into a single cache service
10 years ago
Justin Richer
032d41e5ed
added JWKs-by-value support to client data model and API, closes #826
10 years ago
Justin Richer
8d3a8471aa
updated refresh token to use converter instead of dummy field
10 years ago
Justin Richer
9662f3e8b3
switched access token to using converter instead of dummy field
10 years ago
Justin Richer
9ba1a78d09
removed binary objects from data API importers, removed binary object JSON utility entirely
10 years ago
Justin Richer
c974267cde
return prompt=none error to client, closes #667
10 years ago
Justin Richer
cbf6316050
cleaned up logic on user info interceptor to fix detection of redirects
10 years ago
Justin Richer
fe6d2f8a6e
updated and expanded unit tests to account for new data layer
10 years ago
Justin Richer
d5a08d4996
cleaned up vestigial service component, to be fixed (maybe) in #825
10 years ago
Justin Richer
d9e03b769b
fixed auth holder reference handling, import/export works now
10 years ago
Justin Richer
3d1aee77b4
updated 1.2 import to reflect new objects
10 years ago
Justin Richer
441b19f0c5
fixed data export to comply with new auth holder
10 years ago
Justin Richer
a7905c9f82
only save strings in the Extensions map
10 years ago
Justin Richer
cb8abca0f6
removed embedded JOSE classes in favor of converters
10 years ago
Justin Richer
6be2b4f65e
added ES* and PS* support for signed objects
10 years ago
Justin Richer
04dc037f9e
fixed unit tests to account for refresh token rotation
10 years ago
Justin Richer
aeed2fa003
issue new refresh tokens for clients who are configured for it, closes #408
10 years ago
Justin Richer
31d5e3ad0e
echo back requested scopes in error thrown by validator, closes #708
10 years ago
Justin Richer
52b1bda8d8
version match and cleanup
10 years ago
Justin Richer
24a464e142
put in a dummy resource set service so that introspection can pass through
10 years ago
Justin Richer
a2edb31753
moved UMA server to its own module
10 years ago
Justin Richer
7188a06488
added deletion functionality to UI
10 years ago
Justin Richer
43a432eb9a
removed extraneous TODO
10 years ago
Justin Richer
ed7799b54a
make RPTs optionally expire, closes #794
10 years ago
Justin Richer
e0cdeb3571
inject uma token service
10 years ago
Justin Richer
fc64dcc9b9
discovery endpoint cleanup
10 years ago
Justin Richer
f4f08d9449
RPT endpoint cleanup
10 years ago
Justin Richer
1f083c7acb
extracted RPT generation component to new token service class, closes #797
10 years ago
Justin Richer
0ea06f01b8
moved claims processor to the right package
10 years ago
Justin Richer
53d4f15923
shuffle authz endpoint
10 years ago
Justin Richer
7951ff5086
separated claims processing out into its own service, closes #796
10 years ago
Justin Richer
8d5c7d6226
fixed some rogue documentation
10 years ago
Justin Richer
afad3a720b
Merge branch 'master' into uma
...
* master:
added strict URI matching option to redirect resolver (off by default)
10 years ago
Justin Richer
e155cdc282
added strict URI matching option to redirect resolver (off by default)
10 years ago
Justin Richer
06f7dc984d
switched to view constants
10 years ago
Justin Richer
d6dfa89533
check client information on delete of resource set
10 years ago
Justin Richer
7273b0a5b7
fixed discovery endpoint information, closes #805
10 years ago
Justin Richer
eb49d9624c
inject claims from OIDC auth token into permission ticket
10 years ago
Justin Richer
98cd5ba27d
added save to permission ticket system
10 years ago
Justin Richer
08413302eb
configured OIDC client on claims collection endpoint
10 years ago
Justin Richer
f48049be4d
deny tickets with no claims required (closes a race condition)
10 years ago
Justin Richer
dc10779abb
removed extraneous issuer in discovery endpoint, closes #793
10 years ago
Justin Richer
a38a0b6f75
removed extraneous bob
10 years ago
Justin Richer
6e095e3266
can now add and remove email address claims from the UI
10 years ago
Justin Richer
687517d7f4
Merge branch 'master' into claims-editing-ui
10 years ago
Justin Richer
d015d17fad
search for local users first (by email), then check remote users
10 years ago
Justin Richer
348ff7ee17
made webfinger endpoint search by email address, then by username
10 years ago
Justin Richer
5aa5cc1a10
added search by email to user info data stack
10 years ago
Justin Richer
e89d8cd985
added webfinger lookup helper service
10 years ago
Justin Richer
394785b9c4
don't give resource sets default client scopes
10 years ago
Justin Richer
7af19dbd61
added copyright text
10 years ago
Justin Richer
3e931c68b4
added policy editing overview page
10 years ago
Justin Richer
5698393d31
created claims API
10 years ago