5b9422ffdf
cleaned up old unit tests
2013-03-04 11:37:49 -05:00
f8f925c08f
removed exploded war (no longer needed), addresses #260
2013-03-04 10:59:04 -05:00
bd877dde82
added signature checking to request objects
2013-03-01 17:44:44 -05:00
6c1e6b2d74
refactored signing and validation, added jwk-based cache, removed keyfetcher, refactored client side class structure
2013-03-01 17:44:44 -05:00
385853fa1f
refactored signing and validation, added jwk-based cache, removed keyfetcher, refactored client side class structure
2013-03-01 17:44:44 -05:00
7e64c4bffc
deleted duplicate login button, addresses #276
2013-03-01 17:42:48 -05:00
13a3e97113
updated request object forwarding hack
2013-03-01 17:42:48 -05:00
0712d8c340
updated spring version
2013-03-01 17:42:48 -05:00
42ea2468c9
Split up about, contact, stats tags into two each and removed logic from the *Content tag files
2013-02-28 13:56:09 -05:00
8677f6516d
Template-ized most of the home page UI
2013-02-28 11:25:37 -05:00
987a05302d
Added configured logo url
2013-02-25 13:01:26 -05:00
60b679e942
First steps towards adding display variables to config bean
2013-02-22 17:10:14 -05:00
4d725b88dd
more updates to track nimbus-jose-jwt classes and use them properly
2013-02-22 12:08:01 -05:00
9a98d241e8
updates to track Nimbus JOSE API changes to audience and date fields
2013-02-22 12:08:01 -05:00
cc727cee3e
patched unit test to new format
2013-02-22 12:08:01 -05:00
03e7337b9f
client registration endpoint needs general rewrite to fit new spec.
...
Most of the problematic references will change with the rewrite, so this is a slapdash patch to make things compile for now.
2013-02-22 12:08:01 -05:00
25b9940a68
request object endpoint is a placeholder, cleaning out for now
2013-02-22 12:08:01 -05:00
e5732da857
added system default signing algorithm, converted token provider and enhancer to use nimbus-jose
2013-02-22 12:08:01 -05:00
c01e873019
request object processor moved to nimbus-jose
2013-02-22 12:08:01 -05:00
0f99e0e06d
assertion token granter moved to nimbus-jose
2013-02-22 12:08:01 -05:00
10ab55a7e2
moved jwk/x509 publishing over to nimbus-jose (mostly)
2013-02-22 12:08:01 -05:00
fca30cd13f
added provisions to bootstrap signing and validation service from config files
2013-02-22 12:08:01 -05:00
a078f7d202
patched userinfo view to use nimbus
2013-02-22 12:08:01 -05:00
c7d1b47b38
converted bearer assertion framework to nimbus-jose
2013-02-22 12:08:01 -05:00
910a6cf1a0
remvoed idtoken repository that was never used
2013-02-22 12:08:01 -05:00
46a3e70377
removed idtoken class, removed all jwe/jwt tests
2013-02-22 12:08:01 -05:00
46f0e6f3cb
restyled login page
2013-02-20 16:39:46 -05:00
b840b31c74
added cleaner login/logout failure handling and processing
2013-02-20 16:11:08 -05:00
1398575061
Added additional joda time dependency
2013-02-20 15:44:53 -05:00
58ea01f0f8
added hints to login form to discourage mobile browsers from trying to do something clever like autocorrect
2013-02-13 13:27:31 -05:00
991f37a1e6
refactored javascript and template files into components
2013-02-13 10:12:31 -05:00
137e5e5ca1
added placeholder blocks in place of empty tables, addresses #244
2013-02-06 17:42:10 -05:00
62b931ee0d
scope icons now show up everywhere
2013-02-05 17:39:38 -05:00
d0fdf8140e
sorting on approval page
2013-02-05 15:47:32 -05:00
328fa221bd
scope bootstrapping
2013-02-05 15:08:49 -05:00
02846c0a8d
typo fix, DB constraints
2013-02-05 14:40:06 -05:00
88f2ea3e7e
icon selector
2013-02-05 14:33:58 -05:00
e622202e9e
display scopes based on request, pull scope information dynamically, addresses #208
2013-02-05 11:36:59 -05:00
eb4773ce46
beginning dynamic scopes on auth page
2013-02-05 11:28:39 -05:00
c2b9fd4db1
system scope ordering consistency
2013-02-05 11:11:41 -05:00
173281f039
DB consistency fix
2013-02-05 11:11:15 -05:00
801a45cc49
several bugfixes to scopes UI, works now
2013-02-03 22:04:56 -05:00
e5171a196a
minor bugfixes
2013-02-03 22:04:55 -05:00
d1968f624a
scope ui bugfixes
2013-02-03 22:04:55 -05:00
fbfc977f3b
system scope ui updates
2013-02-03 22:04:55 -05:00
9dc603a759
scope management UI
2013-02-03 22:04:55 -05:00
1ceee853f9
scope management UI
2013-02-03 22:04:55 -05:00
a3037a18a7
system scope service applied to client creation UI
2013-02-03 22:04:55 -05:00
cab36a2b80
added appropriate filterered and transformative actions to scope service
2013-02-03 22:04:55 -05:00
ab35186696
added scope service, repository, and API
2013-02-03 22:02:24 -05:00
19e7b62a42
removed persistence.xml and moved to pure spring-based config, addresses #194
2013-02-03 22:02:23 -05:00
a3619240e6
added site scope
2013-02-03 22:02:23 -05:00
a2e548c261
fixed claims processor for request object from user info endpoint
2013-02-03 22:02:23 -05:00
899150d636
tweak display on auth revoke page
2013-02-03 22:02:23 -05:00
3c190e044a
inject parsed parameters to make SECOAUTH happy
2013-02-03 22:02:23 -05:00
1144d511af
inject scopes
2013-02-03 22:02:23 -05:00
f9d50db1f1
don't treat openid scope special here -- by default client gets access to *all* scopes it's registered for
2013-02-03 22:02:23 -05:00
078342715b
moved request object to request manager
2013-02-03 22:02:22 -05:00
3399eed45a
Added about, contact, and stats pages. Still largely placeholders, but the topbar works correctly now at least.
2013-01-31 11:34:07 -05:00
0be254c99a
updated token introspection output to match spec and client filter
2013-01-30 15:31:32 -05:00
e02e08563c
changed order or custom filters to make assertions work, added client credentials token granter to default
2013-01-30 14:34:16 -05:00
c1d33bb55b
bugfix in assertion processor
2013-01-30 14:34:16 -05:00
2e2c0e8e6c
Fixed bug in nonce processing
2013-01-29 13:07:41 -05:00
3db74100a4
working on bug
2013-01-29 13:07:41 -05:00
dd8b48e863
Reset ConnectAuthorizationRequestManager to version from master
2013-01-29 13:07:41 -05:00
06f970e61b
Trying to fix nonce service
2013-01-29 13:07:41 -05:00
86bf51f0a7
Added java reflection code for request object handling, needs to be tested
2013-01-29 13:07:41 -05:00
677f0f2d4c
Stubbed out required functionality for request object filtering
2013-01-29 13:07:41 -05:00
67e8714671
Working on request object userinfo parsing
2013-01-29 13:07:41 -05:00
779001a8c8
updated copyright year
2013-01-28 13:39:25 -05:00
7269700dc6
switched injector from repository to service
2013-01-24 19:32:55 -05:00
f0ee36dad2
auth_type -> auth_method (addresses #258 )
2013-01-18 18:26:55 -05:00
fd2253303e
changed pointer on tabs, addresses #252
2013-01-18 18:17:39 -05:00
899e306683
fixed JS crash on "new client" operation
2013-01-18 18:15:19 -05:00
8831bc64a2
offline -> offline_access (addresses #248 )
2013-01-18 18:03:39 -05:00
27a26e0a35
(user_id/prn) -> sub
2013-01-18 16:40:05 -05:00
1ab29882b4
fixed user prepoulation table
2013-01-18 15:38:53 -05:00
0ab4ad4bbe
added "birthdate", addresses #253
2013-01-18 15:38:41 -05:00
6ef4dc817e
genericized nimbus code, added caching
2013-01-18 15:10:48 -05:00
2d21a72e7e
switched to nimbus to check JWT signature
2013-01-18 15:10:48 -05:00
60bda31c54
updated custom filter
2013-01-18 15:10:48 -05:00
c17bc05b0e
wiring configuration
2013-01-18 15:10:48 -05:00
4262be1fd3
added jwt processing to client auth provider
2013-01-18 15:06:00 -05:00
abd64eccd6
added framework for processing assertions for client auth
2013-01-18 15:06:00 -05:00
ad5e77f7ff
Made nonce storage duration configurable in application-context.xml;
2013-01-10 10:34:40 -05:00
59f1b1f05e
Testing, nonce handling seems to be working now
2013-01-07 13:28:30 -05:00
a1a117cfde
Added default constructor to ConnectAuthorizationRequestManager
2013-01-07 10:54:33 -05:00
af81e371fb
Updated application-context to use new authorization request manager
2013-01-07 10:46:55 -05:00
77b932f5a7
Added implementation of AuthorizationRequestManager. Nonce checking will go in here
2013-01-04 15:30:24 -05:00
1af6513499
Removed nonce checking from token service impl
2013-01-04 15:30:24 -05:00
7e7b2527db
Added nonce to persistence.xml
2013-01-04 15:30:24 -05:00
246ed962bb
Added stub of repository test
2013-01-04 15:30:24 -05:00
e1dffb959c
Added NonceReuseException
2013-01-04 15:30:24 -05:00
8f8a3754db
Added database tables for Nonce
2013-01-04 15:30:24 -05:00
a4637ec395
Fleshed out nonce service classes, added code to token service impl to check for and store nonces. Added JodaTime library for working with dates.
2013-01-04 15:30:24 -05:00
c7ae315e98
Added initial files for nonce service. Repository and service impls are stubs
2013-01-04 15:30:24 -05:00
cbcfe55bb9
added introspection flag to client bootstrap
2013-01-02 14:16:31 -05:00
4068952a81
fixed well size, added comment
2013-01-02 10:19:55 -05:00
655092a12b
added introspection checkbox, added access tab
...
Signed-off-by: Justin Richer <jricher@mitre.org>
2012-12-21 16:38:52 -05:00
9a1b2d7fac
made client edit page tabbable (that was seriously easy)
2012-12-21 16:26:34 -05:00
48866c15f2
button display cleanup
2012-12-21 16:07:59 -05:00
a85b1f5d74
split approved sites into two tables
2012-12-21 15:35:33 -05:00
198a45369a
buttonsize tweak
2012-12-21 15:03:45 -05:00
f12efc1b80
added dynreg caution block
2012-12-21 14:48:15 -05:00
231e81a426
updated icons
2012-12-21 14:28:07 -05:00
797d521691
cleaned up logged-in button
2012-12-21 13:04:33 -05:00
7ebbe3acc4
removed mockups
2012-12-21 11:01:22 -05:00
7459767646
fixed validation problem with new backbone
2012-12-20 17:46:34 -05:00
37bca0d5fb
cleaned out backbone validation plugin
2012-12-20 17:31:22 -05:00
9dd54d47bb
updated versions of backbone and underscore
2012-12-20 17:31:08 -05:00
e0672757bf
update to bootstrap 2.2.2
2012-12-20 12:44:02 -05:00
8ad28b41aa
fixing CSS and collapsing headerbar
2012-12-20 12:35:30 -05:00
67a682d53a
added default router to backbone app
2012-12-18 13:56:57 -05:00
87788f0710
let users visit home page without logging in
2012-12-18 13:56:46 -05:00
f265347311
tweaked error messages
2012-12-18 12:08:36 -05:00
18ddd8333f
added flag to allow introspection, relaxed same-client restrictions on introspection and chained tokens
2012-12-18 11:07:24 -05:00
6eabc895b9
moved database file to a reasonable name
2012-12-17 13:45:39 -05:00
1f53f41648
generic entity view now takes optional HttpStatus argument
2012-12-14 17:35:21 -05:00
a3790f943e
cleaned up introspection endpoint to use exceptions
2012-12-14 17:35:20 -05:00
e5206f2b92
implemented jwt assertions for id tokens
2012-12-14 17:35:20 -05:00
51b67ebc03
added queries to get access token from id token
2012-12-14 17:35:20 -05:00
1853bd7117
added assertion token granter
2012-12-14 17:35:20 -05:00
0d6c96f410
moved JPA adapter to data-context, addresses #242
2012-12-14 09:43:42 -05:00
2a74be5baf
bringing mysql tables up to date
2012-12-13 16:54:21 -05:00
2c104a71e2
cleaned up mysql table
2012-12-13 16:04:45 -05:00
cda6163d0d
null and blank handling
2012-12-12 12:29:14 -05:00
06fad3a41c
moved view for client API
2012-12-11 15:19:11 -05:00
6344a72519
missed a few applicationName references, fixed API JSON rendering
2012-12-11 15:16:18 -05:00
dfd8e9c7c7
removed unused view
2012-12-11 15:15:52 -05:00
dd04df6a22
fixed javascript bugs
2012-12-11 14:08:10 -05:00
f12d3c7d30
fixed variable reference
2012-12-11 13:37:14 -05:00
920777128d
switched to uncompressed jquery
2012-12-11 13:29:19 -05:00
829c8ae5f4
tweaked functionality of grant types and scopes
2012-12-11 13:16:33 -05:00
cc36851bdd
propagated field name change to UI
2012-12-11 12:38:55 -05:00
179903b074
propagated client changes to service
2012-12-11 12:31:01 -05:00
2f7891d02c
updated mysql table to new schema
2012-12-11 12:27:24 -05:00
bcfa37040e
missed one
2012-12-11 12:18:51 -05:00
33ceedb283
added scope and grant_type, switched to timeunit
2012-12-11 12:11:09 -05:00
e2bc15c2b2
beginning of client registration refactor to track IETF dynreg spec
2012-12-10 17:36:33 -05:00
94c37f5815
added redelegate scope to client list, fixed inconsistency with refresh token issuance (addresses #239 )
2012-12-10 16:53:05 -05:00
510ddb48b7
override the correct part of the token granter class
2012-12-10 15:54:37 -05:00
bdcc6af096
temporary sanity check for client ID's
2012-12-10 11:40:03 -05:00
cab0839430
added workarounds for quirks in SECOAUTH
2012-12-10 11:27:28 -05:00
edc96d646c
added chained token grant
2012-12-10 10:48:38 -05:00
54708fb0ac
fixed id token scopes (shouldn't inherit from parent token)
2012-12-10 10:11:02 -05:00
2a206654b6
added client credential protection to revocation endpoint
2012-12-07 17:17:19 -05:00
e38b2b0ba5
shortened revocation endpoint url
2012-12-07 17:16:03 -05:00
fbc3c46128
Introspection now draft spec compliant, requires client auth
...
Currently this is the client that originally sent the token, we want to have a way to bind other "clients" to this token as well, like resource services. Also want to let open calls, sometimes.
2012-12-07 17:12:13 -05:00
544e3d7b43
added copy constructors because Dave likes to use unmodifiable sets for no apparent reason
2012-12-07 10:06:10 -05:00
64ef752f08
added refresh token granter for testing
2012-12-07 09:56:43 -05:00
7561ac9e8c
client dynamic registration now protected by access token, addresses #199
2012-12-06 17:48:23 -05:00
7342da6a51
completed making id tokens into access tokens
2012-12-06 16:24:04 -05:00
e4f9fa2bbf
labeled introspection endpoint
2012-12-06 16:19:25 -05:00
17374a57e0
added ISO date format to generic entity view, addresses #232
2012-12-06 16:15:14 -05:00
3378cd5c4c
cleaned table
2012-12-06 14:24:38 -05:00
b8f701d9d8
switched id tokens to entities, they're now access tokens also
...
still needs some work to get the auth object right, for now we're just copying from the access token
2012-12-06 10:19:21 -05:00
2ef8d16e9c
typo, formatting
2012-12-05 15:49:50 -05:00
ba7ddf17f9
added bootstrapping for clients, cleaned up sql files
2012-12-05 15:04:14 -05:00
cf7ceb74f3
betterer logout button
2012-12-04 16:40:28 -05:00
2f1a6864b8
made a better logout button
2012-12-04 16:37:57 -05:00
838e029db1
added logout button
2012-12-04 16:18:58 -05:00
d7d9e84e70
fixed user_id mapping
2012-12-04 16:18:37 -05:00
f091343d84
moved back to in-memory database by default
2012-12-04 15:56:03 -05:00
49e216412e
Added bootstrapped users set.
2012-12-04 15:51:10 -05:00
dcc56ec9dd
temporary tables to prevent casts from leaking
2012-12-04 14:38:08 -05:00
8b37011244
added casts to varchar to avoid extraneous spaces
2012-12-04 13:35:40 -05:00
e305d3b16b
Making stable in-memory and in-file database with HSQL
2012-12-03 17:53:25 -05:00
061c0f0814
minor cleanup
2012-12-03 16:10:07 -05:00
250432ce7f
Added information into the user_info table
2012-12-03 14:56:40 -05:00
1bcaa68cb4
Added user_info stuff... and changed serverconfig for issuer...
2012-12-03 14:56:40 -05:00
47b34d2b1b
Added blacklist table to HSQLDB sql script
2012-12-03 14:56:40 -05:00
4fdb0816eb
Moved DB to use in memory HSQLDB. Made authentication-provider use a jdbc-user-service in that in-memory hsqldb.
2012-12-03 14:56:40 -05:00
fce47c239a
added slashes to patterns what needed them, removed vestigial intercept from user-context
2012-11-26 16:23:46 -05:00
122a2de074
First attempt at making API not redirect to /login, failed
2012-11-26 16:05:46 -05:00
d07f67bd76
let user select when grants time out
2012-11-26 14:26:07 -05:00
84401531ae
tie refresh token generation to "offline" scope tag
2012-11-26 13:16:19 -05:00
50040a8ef4
fixed checkbox labels
2012-11-26 12:57:49 -05:00
667c3abc8a
dynamic scope display/selection on approval page
2012-11-26 11:53:19 -05:00
1281d75aa9
stopped re-parsing scopes
2012-11-26 11:53:19 -05:00
9c3a40779b
updated to SECOAUTH's horrible new object-breaking authorization request paradigm.
...
Bonus: it works!
2012-11-26 11:53:19 -05:00
3e327b9df6
reverted to original controller behavior
2012-11-26 11:53:19 -05:00
cf4581a5eb
updated configuration to reflect secoauth changes
2012-11-26 11:53:19 -05:00
45ca4e565e
updated to SECOAUTH-1.0.1-BUILD-SNAPSHOT
2012-11-26 11:53:19 -05:00
cf1ddf0457
Determined that init binder was not needed to fix default for Boolean require_auth_time; instead use defaultValue=\"true\" in the RequestParam declaration. Also fixed bug in ClientDetails service so that it will not blow up if the client has no redirect uris registered
2012-11-21 15:39:07 -05:00
2084639828
Working on init binder for ClientDynamicRegistrationEndpoint
2012-11-21 14:54:24 -05:00
8b0c520534
Issue 213, writing init binder to convert null Boolean values to false before calling setters
2012-11-21 14:53:41 -05:00
a2a29e7b76
trying out new confirmation controller
2012-11-21 10:00:35 -05:00
d9b6918bc2
softened error from scope checker -- returns false now, allows things to pass through
2012-11-20 14:08:18 -05:00
9c08944a02
Changed arity on approved sites (now can have many per user/site combo)
2012-11-20 14:07:55 -05:00
58b97f7371
stupid javascript
2012-11-20 13:16:08 -05:00
fda86e23e9
moved everything to use the consumes/produces framework of Spring 3.1
2012-11-20 13:12:21 -05:00
51920ee381
switched to using "uneditable-input" classes instead of disabled input fields
2012-11-19 16:32:04 -05:00
e303319701
got rid of postrender
2012-11-19 16:13:49 -05:00
5b0c17c5de
added in checks to blacklist service upon client registration and update
2012-11-19 14:10:55 -05:00
7a6c96a759
fixed links
2012-11-19 14:10:37 -05:00
e9d1ed270d
service layer cleanups
2012-11-19 13:46:09 -05:00
4e18fb4525
blacklist management UI
2012-11-19 13:01:16 -05:00
d576df4b31
fixed render length limits on list widget
2012-11-19 11:52:30 -05:00
757e21a722
added blacklist API
2012-11-16 11:57:46 -05:00
1f4b97bc7e
fixed icon and variable reference
2012-11-16 10:14:28 -05:00
Justin Richer