a59fe0604e
generate random fake password for private key clients and shared secret crypto clients to avoid accidentally using client secret authentication and bypassing authentication, closes #715
2014-10-23 21:53:32 -04:00
9dfac35912
Introduce introspection result assembler to allow for customized introspection results
2014-10-14 21:06:09 -04:00
bf00c1f5e0
update spring-security-oauth2 2.0.3 , closes #663
2014-10-14 20:48:34 -04:00
db052f11ca
Moved development branch to 1.2
2014-10-07 21:02:07 -04:00
134909a82f
import cleanup
2014-10-07 19:40:38 -04:00
1e71749c23
added more generic rotation capability
2014-10-07 19:40:38 -04:00
8495617aed
Added support for whitelisted and blacklisted site import from a 1.0 config
2014-10-06 22:59:27 -04:00
03f2d8f8a0
Added service interface for data import/export service and modified AuthenticationHolderEntity and Repository to allow getting all objects
2014-10-06 22:58:26 -04:00
ec8f708472
swapped exception class for existing BeanCreationException, added example flag in config file (commented out)
...
closes #528
closes #689
2014-10-04 14:59:36 -04:00
3e3613f471
Corrected bean setup for checkForHttps case tests.
2014-10-04 11:21:01 -04:00
acc4cf16bd
Separated checkForHttps cases into separate test methods.
2014-10-04 11:21:01 -04:00
cf2837f678
Initialized forceHttps to false.
2014-10-04 11:21:00 -04:00
0461e51ddc
Changed parent class from Exception to RuntimeException; added copyright
...
language.
2014-10-04 11:21:00 -04:00
e1015e1194
Create flag to force HTTPS of value of issuer on server startup, addresses #528
2014-10-04 11:21:00 -04:00
c683131f12
externalized view name strings and tied them to view beans
2014-09-28 22:25:39 -04:00
a704277652
Removed exceptions from @PostConstruct methods, closes #663
2014-09-28 21:12:46 -04:00
81634e6165
added API for getting tokens by clientid
2014-09-22 22:55:13 -04:00
1a79949d51
made user info less transient
2014-09-14 22:03:19 -04:00
e0b84069d4
Update to latest spring-security-oauth2 module
2014-08-06 11:12:40 -04:00
6f2f807b0b
[maven-release-plugin] prepare for next development iteration
2014-08-05 21:54:51 -04:00
93ae1516a5
[maven-release-plugin] prepare release mitreid-connect-1.1.9
2014-08-05 21:54:47 -04:00
b0cce924a2
JsonFileRegisteredClientService now writes out entire client registration to disk, closes #651
2014-08-01 00:01:56 -04:00
78f3e68e8b
update unit test for Windows environment, closes #647
2014-07-31 23:22:06 -04:00
4ca9a593f5
update nimbus-jose-jwt to 2.26.1 due to base64 encoding issue
2014-07-31 22:08:18 -04:00
62a43165f0
added json member type checking for json utils, won't die if a string is found where an array was expected
...
closes #637
2014-07-20 09:42:57 -07:00
325a200f16
added configurable support for different token presentation methods in user info fetcher, closes #632
2014-07-20 09:27:02 -07:00
1db4227ce5
reformat / reorder
2014-07-20 09:02:42 -07:00
f997049eff
key service can now deal with missing 'kid' fields in JWKs
...
closes #639
2014-07-20 08:40:04 -07:00
5c2cb75407
Better test coverage for JWS/EAlgorithmEmbed, JWEEncryptionMethodEmbed
2014-07-16 21:39:13 -04:00
3412c1877e
removed unnecessary unit test
2014-07-02 15:05:37 -04:00
e1b4df74f0
Added tests for DefaultJwtEncryptionAndDecryptionService
2014-07-02 14:57:56 -04:00
5223d88e0a
updated unit test to fit new nimbus version
2014-07-02 11:41:38 -04:00
7bf8e2ad08
change the OctetSequenceKey constructor in SymmetricCacheService
2014-07-02 11:37:42 -04:00
306c8cff17
update nimbus-jose-jwt dependency to 2.26 and fix the affected files
2014-07-02 11:37:42 -04:00
48431fd5c7
Unit test for JWKSetKeyStore class
2014-06-30 13:21:07 -04:00
adf477c64e
[maven-release-plugin] prepare for next development iteration
2014-06-18 18:27:27 -04:00
8d97ed61ec
[maven-release-plugin] prepare release mitreid-connect-1.1.8
2014-06-18 18:27:25 -04:00
acf039a1f7
wrapped auth method check, added SECRET_JWT, closes #621
2014-06-18 18:24:05 -04:00
a465559ac5
Revert incorrect key-encoding change in SymmetricCacheService
2014-06-18 18:10:33 -04:00
1dc204f975
Validate HMAC-signed ID tokens
2014-06-18 18:10:33 -04:00
276d846f4c
Configuration Property Bean to load the OP wide registration token life
...
time
2014-06-12 19:12:32 -04:00
71fa796b42
Allow public clients to use token endpoint, closes #611 , closes #613
2014-06-09 15:55:06 -04:00
85acfa90db
[maven-release-plugin] prepare for next development iteration
2014-06-04 14:51:32 -04:00
d5e4cb45a2
[maven-release-plugin] prepare release mitreid-connect-1.1.7
2014-06-04 14:51:29 -04:00
257312d5da
made user info interceptor more null safe for client side
2014-05-29 22:15:30 -04:00
943fae25a1
make user info interceptor more compatible with standalone OIDC client software (with no user info service)
2014-05-29 12:13:38 -04:00
be98b9cd0b
[maven-release-plugin] prepare for next development iteration
2014-05-27 14:00:40 -04:00
8320f0eefe
[maven-release-plugin] prepare release mitreid-connect-1.1.6
2014-05-27 14:00:37 -04:00
0c8cacd59a
added missing copyright headers
2014-05-27 13:46:47 -04:00
525f3aa2a8
Cleaned up indentation, whitespace, and imports.
2014-05-27 13:02:49 -04:00
c34357a433
added resource registration endpoint with basic functionality and specialized tokens
2014-05-26 16:30:24 -04:00
05e9624ae3
added support for encrypted and symmetrically signed id tokens and user info responses
2014-05-23 21:15:50 -04:00
e4d5f4a540
added system wide cache for all symmetric validators, closes # 557
2014-05-23 16:16:06 -04:00
ca333d256b
Appropriately catch runtime exceptions in all guava caches, closes #603
2014-05-23 15:00:40 -04:00
880014176f
[maven-release-plugin] prepare for next development iteration
2014-05-13 18:23:11 -04:00
ca8a003e3d
[maven-release-plugin] prepare release mitreid-connect-1.1.5
2014-05-13 18:23:08 -04:00
7cd36b471f
Make introspection endpoint access authorization pluggable.
2014-05-07 16:44:56 +02:00
b8129bf60d
[maven-release-plugin] prepare for next development iteration
2014-04-21 19:19:10 -04:00
a9e34ac9bd
[maven-release-plugin] prepare release mitreid-connect-1.1.4
2014-04-21 19:19:07 -04:00
521017c5c2
updated stats service to have a resettable cache triggered by other service events
2014-04-16 21:39:37 -04:00
26c464e440
fixed bad JPQL in auth holder cleanup class
2014-04-16 21:17:56 -04:00
39509bfdc4
Performance improvement of token cleanup:
...
an alternative token cleanup mechanism designed to maintain a very compact memory footprint while performing cleanup in consecutive runs of the cleanup thread. This serves to address OutOfMemoryException issues of the original token cleanup mechanism when process is under load. Also, added cleanup of the authentication_holder table.
2014-04-10 23:38:37 -04:00
aa9a25a2d7
updated to even newer versions of eclipselink and JPA, closes #580 even harder
2014-04-10 21:37:19 -04:00
8f13410e42
updated JPA and eclipselink to remove eclipselink repository dependency, closes #580
2014-04-10 21:11:54 -04:00
97cd00e06c
[maven-release-plugin] prepare for next development iteration
2014-03-19 21:40:21 -04:00
23c7cf6996
[maven-release-plugin] prepare release mitreid-connect-1.1.3
2014-03-19 21:40:18 -04:00
ad5ffb64e8
[maven-release-plugin] prepare for next development iteration
2014-03-08 11:17:40 +00:00
1635cf957d
[maven-release-plugin] prepare release mitreid-connect-1.1.2
2014-03-08 11:17:35 +00:00
b67121f0cd
added client_secret_jwt auth method support, closes #174
2014-03-04 23:45:36 +00:00
9395c3802d
[maven-release-plugin] prepare for next development iteration
2014-02-10 15:28:14 -05:00
4f8311962a
[maven-release-plugin] prepare release mitreid-connect-1.1.1
2014-02-10 15:28:11 -05:00
1289d4737a
Changed references of DefaultHttpClient to SystemDefaultHttpClient to inherit system proxy settings, should address #548
2014-02-04 10:51:14 -05:00
e9d4acfd03
upgraded nimbus jose jwt library
2014-01-21 20:43:24 -05:00
11064b540a
upgrade guava to 16
2014-01-20 20:53:13 -05:00
3b52ce8201
happy new year!
2014-01-20 12:38:42 -05:00
ebbc7209aa
automated code formatting and cleanup
2013-12-03 14:19:34 -05:00
e1e7f7a579
[maven-release-plugin] prepare for next development iteration
2013-12-02 12:18:11 -05:00
42fe973f7b
[maven-release-plugin] prepare release mitreid-connect-1.1.0
2013-12-02 12:18:08 -05:00
d330bd1c9b
cleanup, added revocation uri to server config
2013-11-27 12:23:04 -05:00
a24eadeb11
cleaned up responseType calls, addresses #451
2013-11-27 11:03:15 -05:00
d3dbb00e77
ensure clients and tokens don't get special system scopes, addresses #320
2013-11-27 10:35:56 -05:00
ef01de168d
Moved special token scopes to scope service interface
2013-11-27 10:21:52 -05:00
4f986d6a38
clean up some auto generated functions
2013-11-27 09:57:56 -05:00
27f391ef01
Fixed compilation errors for SECOAUTH milestone updates
2013-11-25 09:31:50 -05:00
61f0db20f6
updated to secoauth 2.0.0.M2
2013-11-19 09:46:27 -05:00
190caee9a1
refactored userinfo serializer
2013-11-18 09:49:23 -05:00
7a4366c083
collapsed two serialization functions into one
2013-09-26 16:15:30 -04:00
d919e2e330
change from lists to sets
2013-09-26 16:15:11 -04:00
65a7e1d724
Added UserInfo.toJson method; added ScopeClaimTranslationService; rewrote UserInfoSerializer to use both
2013-09-26 12:03:39 -04:00
952acccbf3
Removed address fields
2013-09-26 12:03:39 -04:00
78fa5f9b1d
Started to write ScopeClaimTranslationService
2013-09-26 12:03:39 -04:00
cb449c25b1
Made a UserInfoSerializer class, attempted to switch UserInfoInterceptor over to use it, but it requires a bad hack. I might be missing something.
2013-09-26 12:03:39 -04:00
59da1960eb
added token_endpoint_auth_signing_alg, addresses #511
...
affects #455
2013-09-26 11:11:09 -04:00
f227724caa
dependency juggling
2013-09-24 15:39:25 -04:00
998b00fd38
moved repo references to parent, added dependencies for webapp
2013-09-24 14:14:42 -04:00
d9ad6d20e8
added spring core, moved servlet and test dependencies up to parent
2013-09-24 14:07:34 -04:00
38f20afe04
added necessary dependencies to common
2013-09-24 13:50:36 -04:00
8a5a16f374
refactored project into four modules:
...
Common
Client
Server Library
Server Webapp
addresses #367
2013-09-23 17:19:09 -04:00
47d304851d
Created token service for OIDC special tokens; removed creation of id tokens and registration_access_tokens to the new service.
2013-09-17 16:56:46 -04:00
26a7d0b8a8
Fixed typo
2013-09-17 11:03:09 -04:00
c98f77c405
Remove @PostConstruct from JWKSetKeyStore
2013-09-17 10:54:19 -04:00
b75d77495a
if there's only one key, return it as the default
2013-09-16 17:27:05 -04:00
fb2f2f9792
spelling, property access, and cleanup
2013-09-16 17:27:04 -04:00
1d0560edbc
refactored some json utils to their own static class
2013-09-16 17:27:04 -04:00
aeab1ac3cb
added encryption method list to encryption/decryption service
2013-09-16 17:27:04 -04:00
6605877a1b
added encryption/decryption to cached JWK-URI service
2013-09-16 17:27:04 -04:00
2b0d02dc72
added additional discoverable fields to ServerConfig object
2013-09-16 17:27:04 -04:00
85d9e07a94
Removed @PostConstruct; placed buildSignersAndVerifiers() calls inside both constructors.
2013-09-13 14:44:38 -04:00
c22cd62977
Added null check;
2013-09-13 14:44:38 -04:00
aecf4958ed
Testing removing extra method calls
2013-09-13 14:44:38 -04:00
e67a41c556
added transient passthroughs to JOSE algorithms for client
2013-09-12 14:08:37 -04:00
f9ca15139d
added phone-number verified, addresses #505
...
affects #455
2013-09-12 10:19:14 -04:00
0281cf02fe
calculate pairwise based on redirect uri rather than client id
2013-09-11 14:37:17 -04:00
b1a6127d06
added equality checks to data model objects
2013-09-11 11:59:40 -04:00
dbdc2e777d
added pairwise identifier service and repository
2013-09-10 17:15:58 -04:00
914f2e4d93
added new call to get the UserInfo in context with the requesting client to allow for pairwise identifiers.
...
temporary implementation of pairwise identifiers in place
2013-09-10 16:01:17 -04:00
596b385d2a
interceptor shouldn't ever overwrite stuff from the base model
2013-09-10 15:27:04 -04:00
b9da10d176
look up by username instead of subject
2013-09-10 11:39:00 -04:00
61544ed774
cleanup
2013-09-06 16:07:24 -04:00
72f0ab631d
added transient structured value to system scope, added scope matcher function to scope service
2013-09-06 16:07:24 -04:00
1ef18a3a93
missed a service definition
2013-09-06 16:07:24 -04:00
b416888b07
Structured Scopes from BB+
2013-09-06 16:07:24 -04:00
0a962e17fa
stopgap to prevent some leaks due to #492
2013-08-30 16:38:11 -04:00
235029ba0e
inject user's authorities into javascript context
2013-08-29 16:58:36 -04:00
be6179d1ac
inject the current user into the javascript context
2013-08-29 16:44:01 -04:00
6276ec8e66
Revert "PlainSigner and PlainVerifier created for alg:none JWS support."
...
This reverts commit 30d7aaa66a
2013-08-26 15:33:14 -04:00
2108311d65
Revert "refactored code to use the more generic JWT declaration."
...
This reverts commit e0b56bc72a
2013-08-26 15:33:08 -04:00
1514b2d2e0
Revert "placeholder"
...
This reverts commit d763a954da
2013-08-26 15:33:00 -04:00
dd35dc60df
Revert "implemented alg:none at the signing service."
...
This reverts commit 02078ebccb
2013-08-26 15:32:55 -04:00
78559b625a
Revert "removed the plain verifer. validating a no-signature is simply handled as a special case in validateSignature(). Also, doing some type safety checks."
...
This reverts commit c957d59f7c
2013-08-26 15:32:50 -04:00
15ec027505
Revert "junit test added for signing service."
...
This reverts commit 9f89f84da1
2013-08-26 15:32:43 -04:00
9f89f84da1
junit test added for signing service.
2013-08-26 14:57:26 -04:00
c957d59f7c
removed the plain verifer. validating a no-signature is simply handled as a special case in validateSignature(). Also, doing some type safety checks.
2013-08-26 14:55:52 -04:00
02078ebccb
implemented alg:none at the signing service.
2013-08-26 14:21:09 -04:00
d763a954da
placeholder
2013-08-26 11:48:23 -04:00
e0b56bc72a
refactored code to use the more generic JWT declaration.
2013-08-26 11:32:46 -04:00
30d7aaa66a
PlainSigner and PlainVerifier created for alg:none JWS support.
2013-08-23 14:07:19 -04:00
da915d8b35
explicitly try to initialize the JWK set if it's null by the time the getter is called
2013-08-22 14:08:54 -04:00
0059c7b4cc
Use clients preferred algorithm, if any, to sign
2013-08-19 16:33:18 -04:00
a80c19384f
added 'use server default' to JOSE options, addresses #462
2013-08-19 15:52:00 -04:00
ba0c3c5d78
id tokens always expire, addresses #416
2013-08-19 12:42:37 -04:00
21068f57e6
cached jwk services expire after an hour
2013-08-16 12:06:49 -04:00
6e2baa3ec4
updated comments for jwe service.
2013-08-08 09:13:54 -04:00
e1b072c991
Updated nimbusds library version to 2.17.2 and made relevant changes in enc./dec. service and test
2013-08-07 18:07:58 -04:00
372675fd2a
changed encrypt/decrypt parameter to use JWEObject instead of EncryptedJWT
2013-08-07 18:07:58 -04:00
f0b77f8614
RSA encryption service tested.
2013-08-07 18:07:58 -04:00
3a1c551ff7
implemented symmetric key encryption.
2013-08-07 18:07:58 -04:00
dfbefe0780
encrypt/decrypt implemented. initial commit for unit testing of jwe service.
2013-08-07 18:07:58 -04:00
ae6721dd10
jwe service accessor methods and private initializing method done.
2013-08-07 18:07:58 -04:00
887338b2d9
jwe service init commit.
2013-08-07 18:07:57 -04:00
Justin Richer