Commit Graph

700 Commits (aa2dc781480a5634787bbaf17caf6b6a98608b09)

Author SHA1 Message Date
Justin Richer 8b362f23f3 [maven-release-plugin] prepare for next development iteration 2015-10-02 18:53:48 -04:00
Justin Richer e384a6257b [maven-release-plugin] prepare release mitreid-connect-1.2.1 2015-10-02 18:53:45 -04:00
Justin Richer ca23521c3b fixed entity relationship for address 2015-10-01 20:52:01 -04:00
Justin Richer e1af979995 don't load user info for anonymous authentications, closes #895 2015-10-01 19:12:50 -04:00
Tony Fendall f43c94314c Change Address model to be an interface. Will allow consuming projects
to override this funcitonality more easily.
2015-10-01 15:57:34 -04:00
John Brooks 719a714735 Addresses issue 910 by replacing update_time with update_at for JSON
objects.
2015-10-01 15:43:31 -04:00
Justin Richer 22c05ec51b [maven-release-plugin] prepare for next development iteration 2015-08-05 12:07:47 -04:00
Justin Richer e6b64cd9cd [maven-release-plugin] prepare release mitreid-connect-1.2.0 2015-08-05 12:07:44 -04:00
Justin Richer 489450b1c2 automated code format cleanup 2015-08-05 12:04:14 -04:00
Justin Richer edda0218e1 added missing copyright statement. 2015-08-05 09:58:41 -04:00
Justin Richer 8a4fb5f839 cleaned up imports 2015-08-05 09:46:36 -04:00
Justin Richer 15c2b57730 [maven-release-plugin] prepare for next development iteration 2015-07-30 14:00:20 -04:00
Justin Richer 8317c759f1 [maven-release-plugin] prepare release mitreid-connect-1.2.0-RC2 2015-07-30 14:00:18 -04:00
Justin Richer 0740443768 added claims redirect uri set to client model for UMA usage 2015-07-30 13:56:14 -04:00
Justin Richer a4e75ed733 [maven-release-plugin] prepare for next development iteration 2015-07-09 18:29:14 -04:00
Justin Richer 58a47d0e46 [maven-release-plugin] prepare release mitreid-connect-1.2.0-RC1 2015-07-09 18:29:12 -04:00
Justin Richer 064f36ef6c clean up resource sets when clients are deleted 2015-07-09 18:07:19 -04:00
Justin Richer f6c20ad314 changed to using merge() in JPA instead of persist() 2015-07-09 18:06:25 -04:00
Justin Richer d1c069ad1e clean up permissions and access tokens when a resource set is revoked 2015-07-09 16:40:07 -04:00
Justin Richer 7345a03aaa added UMA import, closes #811 even harder 2015-07-09 11:48:52 -04:00
Justin Richer bcd8a96b5d UMA data export, closes #811 2015-07-08 21:27:15 -04:00
Justin Richer 8c822c0f54 detached whitelist from approved sites, closes #781 2015-07-08 17:22:55 -04:00
Justin Richer e96eda0990 save dynamically registered clients to the server's database, closes #799 2015-07-08 14:35:20 -04:00
Justin Richer 42b93be492 added uri-encoded client service, closes #857 2015-07-07 17:55:56 -04:00
Justin Richer aa96b1f1ed made things a little null safer
closes #813 (really)
2015-07-03 20:16:37 -04:00
Justin Richer 6703db234d added equals/hashCode/toString on UMA model objects 2015-07-03 20:16:34 -04:00
Justin Richer a8a6e7bf31 downscope resulting token based on policy 2015-07-03 20:16:33 -04:00
Justin Richer af798705b4 made claim values any JSON type, closes #853 2015-07-03 20:16:33 -04:00
Justin Richer b0935086c2 made claims processor take in policy set and ticket directly 2015-07-03 20:16:33 -04:00
Justin Richer de9f69e461 introduced a claims processor result data shuttle 2015-07-03 20:16:33 -04:00
Justin Richer 2cfaa1c1d7 renamed RequiredClaimSet to Policy 2015-07-03 20:16:32 -04:00
Justin Richer b8a5486995 made required claims sets stick in the database 2015-07-03 20:16:32 -04:00
Justin Richer cd47d32e2d split required claim sets out as separate indirection structure, closes #813 2015-07-03 20:16:32 -04:00
Justin Richer 2f4d9ce54b clearing out refresh tokens is now configurable, closes #409 2015-06-25 12:07:38 -04:00
Justin Richer 7df3597757 split client's auth token into pending and authorized classes 2015-06-24 16:00:40 -04:00
Justin Richer b4520c170e ID Token carried through as parsed JWT instead of string, closes #832 2015-06-24 16:00:40 -04:00
Justin Richer f4a1b27e2e better handling of HTTP and JSON errors on network fetches, added http-forcing behavior for webfinger client and sector URL service 2015-06-23 22:21:18 -04:00
Justin Richer 286d433da6 save json object inside registered client if it's available, closes #800 2015-06-03 11:07:45 -04:00
Mark Janssen 9e74e40453 Use diamond syntax instead of explicit types 2015-06-03 10:24:48 -04:00
Mark Janssen 13f5e4f8a6 Collapse identical catch branches 2015-06-03 10:24:48 -04:00
Justin Richer d1e8529a7b expose ID Token and UserInfo to the AuthoritiesProvider and AuthoritiesMapper, both extensible
closes #699
closes #761
2015-06-01 21:11:19 -04:00
Justin Richer f7b5228109 UserInfo carries original JSON object along if available 2015-06-01 20:10:07 -04:00
Justin Richer 118237ab05 moved user info interceptor to pre-handle 2015-06-01 19:15:54 -04:00
Justin Richer 8b81b36e22 property editor to allow JWK Set to be represented as a string in the XML configuration 2015-06-01 15:35:20 -04:00
Justin Richer e43600494a minor automated code cleanup 2015-06-01 15:35:20 -04:00
Justin Richer 642942b5cf Generalized client key handling into a single cache service 2015-06-01 15:35:20 -04:00
Justin Richer 032d41e5ed added JWKs-by-value support to client data model and API, closes #826 2015-06-01 15:35:20 -04:00
Justin Richer 30162f6baa added direct JWK set to data model 2015-05-29 13:00:13 -04:00
Justin Richer 8d3a8471aa updated refresh token to use converter instead of dummy field 2015-05-29 12:58:00 -04:00
Justin Richer 9662f3e8b3 switched access token to using converter instead of dummy field 2015-05-29 12:40:50 -04:00
Justin Richer caf85b990d Revert "added option to send skip sending nonce if desired, closes #704, closes #683,"
This reverts commit bbeaeb06e3.

Conflicts:
	openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
	openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java
2015-05-28 16:44:26 -04:00
Justin Richer 9ba1a78d09 removed binary objects from data API importers, removed binary object JSON utility entirely 2015-05-27 19:33:05 -04:00
Justin Richer cbf6316050 cleaned up logic on user info interceptor to fix detection of redirects 2015-05-27 12:06:58 -04:00
Justin Richer d5a08d4996 cleaned up vestigial service component, to be fixed (maybe) in #825 2015-05-26 22:00:21 -04:00
Justin Richer 441b19f0c5 fixed data export to comply with new auth holder 2015-05-26 22:00:21 -04:00
Justin Richer 84167396da made saved user auth remember original class if it gets re-used 2015-05-26 22:00:20 -04:00
Justin Richer 93a91c8f84 fixed oauth2request constructor 2015-05-26 22:00:20 -04:00
Justin Richer bedda2959d set table on entity class, added null-safe copies to all collection fields 2015-05-26 22:00:20 -04:00
Justin Richer 5e3d08ef4d temporarily commented out query by authentication in both token types 2015-05-26 22:00:20 -04:00
Justin Richer 98e414b6df broke out authentication holder class into parts, no more serializable pieces in the database, closes #696 2015-05-26 22:00:20 -04:00
Justin Richer cb8abca0f6 removed embedded JOSE classes in favor of converters 2015-05-22 13:04:21 -04:00
Justin Richer cf1cb34a5f cleaned up error reporting for multiple verifiers 2015-05-22 13:04:21 -04:00
Justin Richer 6be2b4f65e added ES* and PS* support for signed objects 2015-05-22 13:04:21 -04:00
Justin Richer 7f44132abc made address object serializable, closes #792 2015-05-13 15:29:38 -04:00
Justin Richer a44335198e made HTTPS warning stand out a little better in the logs 2015-05-13 14:22:50 -04:00
Justin Richer 52b1bda8d8 version match and cleanup 2015-05-12 21:00:44 -04:00
Justin Richer ed7799b54a make RPTs optionally expire, closes #794 2015-05-11 19:00:26 -04:00
Justin Richer 1f083c7acb extracted RPT generation component to new token service class, closes #797 2015-05-11 15:20:26 -04:00
Justin Richer 7951ff5086 separated claims processing out into its own service, closes #796 2015-05-11 14:44:21 -04:00
Justin Richer 8d5c7d6226 fixed some rogue documentation 2015-05-11 13:03:17 -04:00
Justin Richer 98cd5ba27d added save to permission ticket system 2015-03-31 18:21:14 -04:00
Justin Richer 687517d7f4 Merge branch 'master' into claims-editing-ui 2015-03-30 12:21:59 -04:00
Justin Richer 5aa5cc1a10 added search by email to user info data stack 2015-03-30 12:18:50 -04:00
Justin Richer 06ae8545ae Merge branch 'master' into uma 2015-03-20 18:15:27 -04:00
Justin Richer ba0c679e60 made "en" the default locale explicitly 2015-03-20 10:20:37 -04:00
Justin Richer e1769d1545 added (optional) permissions sets to access tokens 2015-03-17 21:42:36 -04:00
Justin Richer 1be9da52c6 separated ticket object from permission object to facilitate re-use of permission object with tokens 2015-03-17 21:16:29 -04:00
Justin Richer b635a2bc88 fixed DB mapping 2015-03-17 19:21:30 -04:00
Justin Richer 1393251da9 added value to claim 2015-03-17 18:57:35 -04:00
Justin Richer 2aadb09f49 started claims service, added expiration to permissions 2015-03-16 22:52:21 -04:00
Justin Richer a57c336e11 added uma_authorization to default scope set 2015-03-16 12:29:17 -04:00
Justin Richer 8352145d82 Merge branch 'master' into authorization-api
Conflicts:
	openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
	openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
	openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
	openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
	openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
	openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java
2015-03-13 18:39:26 -04:00
Justin Richer 4f12fab56b made unused auth codes expired (they're still single-use), refactored auth code service layer 2015-03-13 13:45:49 -04:00
Justin Richer ad9b49733f externalized queries for scopes, blacklists, user info, pairwise identifiers, and whitelists, closes #771 even harder 2015-03-11 16:13:28 -04:00
Justin Richer 15b97b1dcb Externalized strings for named queries on auth holders, auth codes, clients, and tokens, closes #771 2015-03-11 15:51:51 -04:00
Justin Richer 1735dbca11 extracted controller URLs to constants, closes #769 2015-03-11 13:20:59 -04:00
Justin Richer 617d485478 updated all references to media types to use constants instead of literals, closes #767 2015-03-11 12:06:38 -04:00
Justin Richer ee522100b9 Merge branch 'master' into uma-introspection
* master:
  fixed logger variable name
  made logger declarations consistent across project, closes #780
  Fixed logger
  null safe
  removed DateUtil
  added icons to scope editing panel
2015-03-10 15:03:26 -04:00
Justin Richer 65d7b00f4d added uma-processing of scopes to introspection results 2015-03-10 12:38:37 -04:00
Justin Richer 627bcaee43 added client_id to resource sets 2015-03-10 12:38:13 -04:00
Justin Richer e5e4c15058 removed introspection authorizer hook 2015-03-10 11:12:37 -04:00
Justin Richer c09b63c69f made logger declarations consistent across project, closes #780 2015-03-08 21:56:33 -04:00
Justin Richer e59e988809 made permission service enforce scoping 2015-03-06 15:50:14 -05:00
Justin Richer 5ff9cd1bbb implemented permission registration API 2015-02-28 17:59:37 -05:00
Justin Richer eed8fb0b28 created skeleton of permission registration API 2015-02-28 08:33:09 -05:00
Justin Richer c41488b103 moved an uma package to common, extracted OAuth scope enforcement utility 2015-02-28 08:32:47 -05:00
Justin Richer 5be7d64c7d moved all uma files to their own package 2015-02-28 07:24:53 -05:00
Justin Richer 0d96b6a28a changed name of scope to match uma spec 2015-02-27 20:46:48 -05:00
Justin Richer 7a1480bb07 moved and consolidated json utilities 2015-02-26 16:20:01 -05:00
Justin Richer 4d88e04e59 added resource set registration scope to built in set 2015-02-24 17:45:34 -05:00
Justin Richer 4878e88d4f added list all by owner 2015-02-24 17:41:05 -05:00
Justin Richer 8d22ad03e2 implemented remove verb 2015-02-24 17:15:18 -05:00
Justin Richer 89114dcf74 implemented update 2015-02-24 16:05:18 -05:00
Justin Richer 0b480bac10 implemented get 2015-02-24 15:09:52 -05:00
Justin Richer 3076da1ed8 functioning resource set repository layer 2015-02-24 12:10:54 -05:00
Justin Richer efeead52b6 fixed typos in data layer, added blank service layer to resource set 2015-02-24 12:00:58 -05:00
Justin Richer 99bf19e21b removed policy uri from data model 2015-02-23 13:51:52 -05:00
Justin Richer e7bf75e9a4 moved and consolidated json utilities 2015-02-23 13:43:08 -05:00
Justin Richer 90a7304b4e resource set registration endpoint and service shells 2015-02-23 11:43:05 -05:00
Justin Richer 8992841ffa added missing copyright 2015-02-23 11:33:20 -05:00
Justin Richer 071ea579a3 added resource set class 2015-02-23 11:28:21 -05:00
Justin Richer b670f44138 added UMA to version number 2015-02-19 17:55:25 -05:00
Justin Richer 593fac83cf scopes can now be set as "restricted" instead of needing to be set "allowDynReg", closes #747 2015-02-17 18:25:52 -05:00
Justin Richer b376bc6059 removed some vestigial service/repository calls, closes #513 2015-02-17 16:22:40 -05:00
Justin Richer cef6cf17b6 externalized a number of strings, closes #385 2015-02-17 14:39:15 -05:00
Justin Richer 05f03f7c90 yet more year updates 2015-02-17 13:09:45 -05:00
Justin Richer 994ce6c743 consistently named JOSE-based classes, closes #529 2015-02-17 12:11:58 -05:00
Justin Richer 685960358c formatting cleanup 2015-02-17 11:08:46 -05:00
Justin Richer e2349984b8 happy new year 2015! 2015-02-17 10:24:08 -05:00
Justin Richer cc02f8fbe8 pluralized post-logout redirect URI on client, closes #654 2015-02-16 16:43:34 -05:00
Justin Richer bedc101637 import cleanup 2015-02-16 15:02:34 -05:00
Justin Richer 587d4b2db6 further pom file cleanup 2015-02-16 14:24:48 -05:00
Justin Richer 377d8cb884 moved dependency version management to parent pom, closes #666 2015-02-16 13:51:25 -05:00
Justin Richer ef3a696972 removed getBySubject and getAll from user info repository and service layers, closes #760 2015-02-16 11:08:07 -05:00
Justin Richer d25602fbe7 created a locale resolved tied in with the existing server configuration bean, removed locale interceptor (it doesn't work with fixed resolvers), cleaned up comments and files 2015-02-16 10:12:27 -05:00
Justin Richer 6c88d7c54b removed old owner_id field, closes #636 2015-01-17 08:18:36 -05:00
Charif Belhaffef e8015051d2 add @Transient to function getAuthorizedGrantTypes() so it does not persist 2015-01-14 07:09:34 -05:00
Justin Richer c6c09b9c6c made default user info parser more robust against null values 2015-01-07 18:23:20 -05:00
Justin Richer bbeaeb06e3 added option to send skip sending nonce if desired, closes #704, closes #683, 2014-12-18 23:22:59 -05:00
Justin Richer 0e776762c2 set up data API for 1.2 format (currently the same as 1.1 format) 2014-11-15 19:59:47 -10:00
Justin Richer c600787f1c added key id to id token, closes #725 2014-11-12 16:22:10 -10:00
Justin Richer d87bdb2120 added ROLE_CLIENT to assertion client authentication, cleaned up roles on client secret authentication, closes #728, closes #401 2014-11-12 16:03:06 -10:00
Justin Richer b50facd4c2 explicitly added Jackson2 to support secoauth serialization, added string converter to work with our API 2014-11-11 00:17:03 -10:00
Justin Richer e6d10b67a4 update to Spring 4 and other related libraries 2014-11-10 18:29:54 -10:00
Justin Richer f0e2fc6700 make user info classes serializable, closes #714 2014-10-23 23:30:34 -04:00
Justin Richer a59fe0604e generate random fake password for private key clients and shared secret crypto clients to avoid accidentally using client secret authentication and bypassing authentication, closes #715 2014-10-23 21:53:32 -04:00
Alexander Imfeld 9dfac35912 Introduce introspection result assembler to allow for customized introspection results 2014-10-14 21:06:09 -04:00
Pascal Bruckert bf00c1f5e0 update spring-security-oauth2 2.0.3 , closes #663 2014-10-14 20:48:34 -04:00
Justin Richer db052f11ca Moved development branch to 1.2 2014-10-07 21:02:07 -04:00
Justin Richer 134909a82f import cleanup 2014-10-07 19:40:38 -04:00
Justin Richer 1e71749c23 added more generic rotation capability 2014-10-07 19:40:38 -04:00
arielak 8495617aed Added support for whitelisted and blacklisted site import from a 1.0 config 2014-10-06 22:59:27 -04:00
arielak 03f2d8f8a0 Added service interface for data import/export service and modified AuthenticationHolderEntity and Repository to allow getting all objects 2014-10-06 22:58:26 -04:00
Justin Richer ec8f708472 swapped exception class for existing BeanCreationException, added example flag in config file (commented out)
closes #528
closes #689
2014-10-04 14:59:36 -04:00
John Brooks 3e3613f471 Corrected bean setup for checkForHttps case tests. 2014-10-04 11:21:01 -04:00
John Brooks acc4cf16bd Separated checkForHttps cases into separate test methods. 2014-10-04 11:21:01 -04:00
John Brooks cf2837f678 Initialized forceHttps to false. 2014-10-04 11:21:00 -04:00
John Brooks 0461e51ddc Changed parent class from Exception to RuntimeException; added copyright
language.
2014-10-04 11:21:00 -04:00
John Brooks e1015e1194 Create flag to force HTTPS of value of issuer on server startup, addresses #528 2014-10-04 11:21:00 -04:00
Justin Richer c683131f12 externalized view name strings and tied them to view beans 2014-09-28 22:25:39 -04:00