- Added Claim source for producing values based on attribute value
set on the groups, where user is active member and the groups are
assigned to the resource in Perun
- Added Claim source for producing MinIO policies
Added LS AAI design, dropped ELIXIR design. Extended client with
jurisdiction and accepted TOS
BREAKING CHANGE: requires database update (see migraiton script),
dropped ELIXIR theme
bug caused some claims to not generate correctly (i.e. GA4GH passports
could not call the remote APIs due to missing user identifier extracted
from "sub" claim)
Refactored userinfo to fetch attributes only when needed and requested.
Also added the possibility to extract attributes from the actual SAML
session
BREAKING CHANGE: 🧨 requires database update
Fixed possible SQLExceptions by using the correct IDP_IDP and SP_ID
column names where it was missing. Also, removed usages of ResultSet
scrolling functionality, to prevent the SQL exceptions raised when
scrolling is not available.
Refactored the GA4GH claim source and related things to be extensible
for other implementations.
Configuration changes:
Elixir GA4GH claim source class needs to be updated to:`custom.claim.[claimName].source.class=cz.muni.ics.oidc.server.ga4gh.ElixirGa4ghClaimSource`
Elixir Access token modifier has been moved and has to be configured as: `accessTokenClaimsModifier=cz.muni.ics.oidc.server.ga4gh.Ga4ghAccessTokenModifier`
BREAKING CHANGE: 🧨 Ga4gh Claim source class for ELIXIR has been changed. Also, the
ElixirAccessTokenModifier class has been moved and renamed.
Refactor how translations are used and loaded. Property `web.langs.customfiles.path` must point to the
RersourceBundle, without the `_lang.properties" extensions. An examle
location, if we have files `/etc/props_en.properties` and
`/etc/props_cs.properties`, the correct value for the configuration
option is `web.langs.customfiles.path=/etc/props`.
BREAKING CHANGE: Property `web.langs.customfiles.path` must point to the
RersourceBundle.
Several tables have been dropped from the database. Also, access_token
does not contain permissions anymore. To update the DB accordingly, run
following:
```sql
DROP TABLE access_token_permissions;
DROP TABLE resource_set;
DROP TABLE resource_set_scope;
DROP TABLE permission_ticket;
DROP TABLE permission;
DROP TABLE permission_scope;
DROP TABLE claim;
DROP TABLE claim_to_policy;
DROP TABLE claim_to_permission_ticket;
DROP TABLE policy;
DROP TABLE policy_scope;
DROP TABLE claim_token_format;
DROP TABLE claim_issuer;
DROP TABLE saved_registered_client;
```
Updated AuthenticationHolder, AuthorizationCode, DeviceCode,
AccessToken, RefreshToken, UserAuthN representations of DB entries.
Added missing cascades for some elements, to prevent leaving orphaned
records in the DB (i.e. for UserAuthN entries).
Dominik František Bučík