2af51dc77a
better URI check for prompt filter short circuit
2014-05-25 14:24:25 -04:00
f4a1a2acff
fixed prompt filter coding error
2014-05-24 23:16:29 -04:00
89d55e3d33
added support for default max auth age and require auth time, made prompt filter only work on authorization endpoint
2014-05-24 22:12:41 -04:00
5c6e75bd53
cleaned up UI for client editing
2014-05-24 20:56:54 -04:00
05e9624ae3
added support for encrypted and symmetrically signed id tokens and user info responses
2014-05-23 21:15:50 -04:00
ffe1b29906
Added Signed JWT support to UserInfo endpoint response, closes #593
2014-05-23 19:15:03 -04:00
e4d5f4a540
added system wide cache for all symmetric validators, closes # 557
2014-05-23 16:16:06 -04:00
ca333d256b
Appropriately catch runtime exceptions in all guava caches, closes #603
2014-05-23 15:00:40 -04:00
df9c9747ce
more reasonable check for whether or not a user auth is present, addresses #602
2014-05-23 11:49:51 -04:00
4e890a4d7d
enforce clients using a redirect flow have at least one redirect uri registered when using dynamic registration, made error handling more consistent across all APIs
...
closes #596
2014-05-21 18:29:51 -04:00
a225b00920
added null check and permissions check to ID token generation, closes #602
2014-05-21 17:45:25 -04:00
880014176f
[maven-release-plugin] prepare for next development iteration
2014-05-13 18:23:11 -04:00
ca8a003e3d
[maven-release-plugin] prepare release mitreid-connect-1.1.5
2014-05-13 18:23:08 -04:00
dcf36234c4
moved CSRF generator to request parser instead of confirmation controller
2014-05-13 09:48:34 -04:00
a253ebc908
added CSRF protection to approval page
2014-05-13 09:27:02 -04:00
fcfbf1080f
renamed auth request variable
2014-05-13 09:26:27 -04:00
7cd36b471f
Make introspection endpoint access authorization pluggable.
2014-05-07 16:44:56 +02:00
4b697ba909
webfinger checks host on acct: URIs, closes #404
2014-04-25 21:21:00 -04:00
b8129bf60d
[maven-release-plugin] prepare for next development iteration
2014-04-21 19:19:10 -04:00
a9e34ac9bd
[maven-release-plugin] prepare release mitreid-connect-1.1.4
2014-04-21 19:19:07 -04:00
376403fa4a
account for registration time in approval page, closes #550
2014-04-19 07:28:20 -04:00
1d2f968bd1
configuration cleanup, closes #568
2014-04-18 22:11:58 -04:00
318a28ddf8
added stats mock to unit tests
2014-04-16 22:05:03 -04:00
521017c5c2
updated stats service to have a resettable cache triggered by other service events
2014-04-16 21:39:37 -04:00
7f310400b1
simple cache for stats
2014-04-16 21:18:12 -04:00
39509bfdc4
Performance improvement of token cleanup:
...
an alternative token cleanup mechanism designed to maintain a very compact memory footprint while performing cleanup in consecutive runs of the cleanup thread. This serves to address OutOfMemoryException issues of the original token cleanup mechanism when process is under load. Also, added cleanup of the authentication_holder table.
2014-04-10 23:38:37 -04:00
265624b285
a fix for a NullPointerException whenever a client requests a client scope to be granted.
2014-04-10 22:41:20 -04:00
97cd00e06c
[maven-release-plugin] prepare for next development iteration
2014-03-19 21:40:21 -04:00
23c7cf6996
[maven-release-plugin] prepare release mitreid-connect-1.1.3
2014-03-19 21:40:18 -04:00
ad5ffb64e8
[maven-release-plugin] prepare for next development iteration
2014-03-08 11:17:40 +00:00
1635cf957d
[maven-release-plugin] prepare release mitreid-connect-1.1.2
2014-03-08 11:17:35 +00:00
53cc7ef447
Fixed audience claim on client auth assertion
2014-03-06 19:45:05 +00:00
1fcef858c6
updated server discovery document to reflect new capabilities
2014-03-06 16:48:27 +00:00
b67121f0cd
added client_secret_jwt auth method support, closes #174
2014-03-04 23:45:36 +00:00
15b017992c
added DELETE to token api because revocation endpoint doesn't work for this kind of management, closes #191
2014-03-01 11:05:46 +00:00
89f015cf1c
Updated Token API to be less leaky
2014-02-28 21:14:27 +00:00
dd391ebf3c
Display contacts, popup for image, cleanup of more info
2014-02-16 21:58:16 -05:00
dab52ca8a0
enhancements to approval page
2014-02-16 18:25:05 -05:00
ec6a78c1ba
made prompt pluralizable to comply with spec, closes #519
2014-02-16 01:41:08 -05:00
9395c3802d
[maven-release-plugin] prepare for next development iteration
2014-02-10 15:28:14 -05:00
4f8311962a
[maven-release-plugin] prepare release mitreid-connect-1.1.1
2014-02-10 15:28:11 -05:00
19dbe92d4e
initial support for displaying claim values for requested scopes
2014-01-20 20:56:04 -05:00
3b52ce8201
happy new year!
2014-01-20 12:38:42 -05:00
ebbc7209aa
automated code formatting and cleanup
2013-12-03 14:19:34 -05:00
e1e7f7a579
[maven-release-plugin] prepare for next development iteration
2013-12-02 12:18:11 -05:00
42fe973f7b
[maven-release-plugin] prepare release mitreid-connect-1.1.0
2013-12-02 12:18:08 -05:00
4a8d693746
fixed prompt filter map mismatch (I hate type erasure)
2013-12-02 11:55:09 -05:00
ce1f3f2f94
updated mockito, fixed some unit tests
2013-11-27 12:37:05 -05:00
d330bd1c9b
cleanup, added revocation uri to server config
2013-11-27 12:23:04 -05:00
ed06b14406
publish revocation endpoint, addresses #520
2013-11-27 12:13:42 -05:00
b7011f508e
urlencode client IDs in client registration URIs, addresses #422
2013-11-27 12:12:10 -05:00
8c1bfb7e0c
set current user's email address to owner when using admin UI
2013-11-27 12:11:36 -05:00
6c4d2a8e8d
vestigial comment cleanup
2013-11-27 12:06:53 -05:00
db5532e9bf
comment cleanup
2013-11-27 11:34:41 -05:00
39fb96a802
pull request from extensions map
2013-11-27 11:20:38 -05:00
86e0f0c7ee
cleaned up old comments
2013-11-27 11:20:01 -05:00
a24eadeb11
cleaned up responseType calls, addresses #451
2013-11-27 11:03:15 -05:00
df511a81cc
override from #465 no longer needed
2013-11-27 10:53:16 -05:00
d3dbb00e77
ensure clients and tokens don't get special system scopes, addresses #320
2013-11-27 10:35:56 -05:00
ef01de168d
Moved special token scopes to scope service interface
2013-11-27 10:21:52 -05:00
4f986d6a38
clean up some auto generated functions
2013-11-27 09:57:56 -05:00
f56135810c
Fixed request object precedence order
2013-11-27 09:52:26 -05:00
447df56947
removed unused nonce exception
2013-11-27 09:10:35 -05:00
27f391ef01
Fixed compilation errors for SECOAUTH milestone updates
2013-11-25 09:31:50 -05:00
190caee9a1
refactored userinfo serializer
2013-11-18 09:49:23 -05:00
46be502ed1
Enforces minimum Java version 1.6 on the openid-connect-server project.
2013-10-22 18:08:02 -07:00
2a34994383
cleanup view
2013-09-26 17:07:38 -04:00
7a4366c083
collapsed two serialization functions into one
2013-09-26 16:15:30 -04:00
65a7e1d724
Added UserInfo.toJson method; added ScopeClaimTranslationService; rewrote UserInfoSerializer to use both
2013-09-26 12:03:39 -04:00
cb449c25b1
Made a UserInfoSerializer class, attempted to switch UserInfoInterceptor over to use it, but it requires a bad hack. I might be missing something.
2013-09-26 12:03:39 -04:00
73863302e9
added spring-tx dependency to server
2013-09-24 14:08:53 -04:00
8a5a16f374
refactored project into four modules:
...
Common
Client
Server Library
Server Webapp
addresses #367
2013-09-23 17:19:09 -04:00
bf3e0033fe
initial refactor of userinfoview for new model components
2013-09-19 12:36:22 -04:00
9debf1486d
pass authorized and requested claims as strings to view
2013-09-19 12:36:22 -04:00
b396610f35
refactor processing of request object
2013-09-19 12:36:22 -04:00
47d304851d
Created token service for OIDC special tokens; removed creation of id tokens and registration_access_tokens to the new service.
2013-09-17 16:56:46 -04:00
66e837f650
Move extension parameters into OAuth2Request.extensions map; remove all calls to OAuth2Request.getRequestParameters.
2013-09-17 10:54:19 -04:00
e1ed53a229
added missing parts to discovery
2013-09-16 17:27:04 -04:00
6605877a1b
added encryption/decryption to cached JWK-URI service
2013-09-16 17:27:04 -04:00
9f13dc8f77
wrap errors in saving the client in an HTTP 400 (instead of HTTP 500) error
2013-09-13 14:22:42 -04:00
9b72c6b1f3
check sector identifier URI's contents and match against redirect URIs, addresses #504
2013-09-13 14:22:24 -04:00
1aa5fe25c6
re-decrypt request object at userinfo endpoint (this shouldn't need to happen)
2013-09-12 17:05:34 -04:00
09cd752c86
added basic support for encrypted request objects, addresses #475
2013-09-12 17:05:12 -04:00
a52f86db49
removed NYI tags from request object algorithm fields
2013-09-12 16:46:22 -04:00
d09b3b50d6
call encode() instead of new() on Base64URL utility
2013-09-12 15:19:14 -04:00
35bd9c8eda
throw appropriate errors from request factory
2013-09-12 14:48:54 -04:00
e67a41c556
added transient passthroughs to JOSE algorithms for client
2013-09-12 14:08:37 -04:00
c9aa42dbef
better processing for signed request objects
2013-09-12 13:56:10 -04:00
f9ca15139d
added phone-number verified, addresses #505
...
affects #455
2013-09-12 10:19:14 -04:00
6cbed133b2
let user know that the client is using a pairwise identifier on approval
2013-09-11 17:39:55 -04:00
a9f639a718
moved subject type and sector identifier controls to the 'access' tab
2013-09-11 17:14:35 -04:00
6b66139ead
added unit test for uuid service
2013-09-11 15:28:00 -04:00
0281cf02fe
calculate pairwise based on redirect uri rather than client id
2013-09-11 14:37:17 -04:00
f6a8ac4529
added unit test for default userinfo service (with pairwise checks)
2013-09-11 11:59:40 -04:00
77c0473438
fixed comparison order to be null safe
...
cleaned up type check
2013-09-11 11:59:34 -04:00
dbdc2e777d
added pairwise identifier service and repository
2013-09-10 17:15:58 -04:00
bdf62eaa36
need to check the sector identifier at some point
2013-09-10 16:35:51 -04:00
914f2e4d93
added new call to get the UserInfo in context with the requesting client to allow for pairwise identifiers.
...
temporary implementation of pairwise identifiers in place
2013-09-10 16:01:17 -04:00
149fb1bac1
services shouldn't be transactional
2013-09-10 15:26:09 -04:00
29d1c7d54a
userinfo endpoint now uses OAuth2Authentication exclusively
...
(which is all it was really doing before)
2013-09-10 14:16:34 -04:00
Justin Richer