d6109fd1ae
explicitly mapped missing JPA columns in common->openid.connect.model #317
2013-06-18 15:19:17 -04:00
46641a2fa1
explicitly mapped missing JPA columns in common-oauth2.model #317
2013-06-18 15:19:17 -04:00
c577b691c7
moved OIDC auth token and userinfo interception filter to common package, addresses #353
2013-06-12 14:45:03 -04:00
6ed7477bc0
added stats to admin UI page, restyled scopes and dynamically registered flags
2013-06-07 18:05:07 -04:00
567a3314d6
[maven-release-plugin] prepare for next development iteration
2013-06-06 16:05:59 -04:00
1286726188
[maven-release-plugin] prepare release mitreid-connect-1.0.2
2013-06-06 16:05:52 -04:00
de77f2c75a
commentary!
2013-05-31 15:48:56 -04:00
d0eb98b8ff
tests for embedded JOSE objects
2013-05-31 15:46:27 -04:00
8ee299aab3
added tests for ClientDetailsEntity and RegisteredClient data objects
2013-05-31 15:46:27 -04:00
c760ebf4a4
changed expires_at -> client_secret_expires_at, issued_at -> client_id_issued_at
2013-05-31 15:46:27 -04:00
317526b1ad
unit tests for basic data classes
2013-05-29 17:47:04 -04:00
cc1da67639
fixed expires_at property, hid helper functions
2013-05-29 17:46:54 -04:00
3c5025c52b
Updated version number for secoauth
2013-05-28 15:38:36 -04:00
25d75a1b30
[maven-release-plugin] prepare for next development iteration
2013-05-20 17:38:01 -04:00
5418bdef5a
[maven-release-plugin] prepare release mitreid-connect-1.0.1
2013-05-20 17:37:52 -04:00
81cd13f6d3
added RegisteredClient class to facilitate client configuration and dynamic registration, addresses #335
2013-05-20 17:19:28 -04:00
defa5b8fbc
[maven-release-plugin] prepare for next development iteration
2013-05-02 15:01:59 -04:00
dbdc99361e
[maven-release-plugin] prepare release mitreid-connect-1.0.0
2013-05-02 15:01:53 -04:00
1e870703f8
added licence/copyright header
2013-05-02 11:45:20 -04:00
8afab04544
whitespace, import, brace, annotation, and format cleanups
2013-05-02 10:47:15 -04:00
b8c385e5c9
pom file cleanups
2013-04-29 11:47:15 -04:00
9b03801f9d
[maven-release-plugin] prepare for next development iteration
2013-04-26 13:21:36 -04:00
d76304b9a6
[maven-release-plugin] prepare release mitreid-connect-0.9.3
2013-04-26 13:21:31 -04:00
c80b1081cc
Cleaning up approvedsite => token linkage
2013-04-24 11:52:03 -04:00
939a801048
Redid approved site -> token mapping so it is unidirectional from ApprovedSite side. Fixed some error logging, added a new view for ApprovedSite which will only show the IDs of the tokens in the approvedTokens list
2013-04-23 17:40:22 -04:00
a79aca906e
Fixed error logging; added ApprovedSite tracking to tokens
2013-04-22 15:49:06 -04:00
94aa279290
[maven-release-plugin] prepare for next development iteration
2013-04-19 16:17:53 -04:00
cc92743888
[maven-release-plugin] prepare release mitreid-connect-0.9.2
2013-04-19 16:17:45 -04:00
7307b4b19d
added tostring to system scope to help with debugging
2013-04-19 16:11:42 -04:00
fb859fc39a
added client dynamic registration service, extracted clientdetails<->json processing into its own static class
2013-04-19 14:23:11 -04:00
cf39b49657
added registration uri to server config, changed index of client config service to be server config not just issuer
2013-04-19 14:21:53 -04:00
f76f44b999
added dynamic discovery to client
2013-04-16 15:01:08 -04:00
33af3b1ad6
updated discovery endpoint to latest spec, removed surplus specialized view
2013-04-16 15:00:57 -04:00
ac2993c402
[maven-release-plugin] prepare for next development iteration
2013-04-10 16:12:04 -04:00
f0d75f9144
[maven-release-plugin] prepare release mitreid-connect-0.9.1
2013-04-10 16:11:38 -04:00
23c318f6c2
Updating guava to 14.0.1
2013-04-10 15:31:32 -04:00
86a42ce294
fixed typo for older versions of java/maven
2013-04-09 21:48:23 -04:00
5f54777109
[maven-release-plugin] prepare for next development iteration
2013-04-03 10:01:58 -04:00
620a60ddc2
[maven-release-plugin] prepare release mitreid-connect-0.9.0
2013-04-03 10:01:52 -04:00
54f1ae972b
Added properties and updated poms for sync to central
2013-04-02 12:42:40 -04:00
f101dcc512
moved to released version of SECOAUTH
2013-04-01 11:59:40 -04:00
72e2c7cb6c
Updated build references
2013-04-01 10:59:25 -04:00
4538d8fb14
made signing and verification service construction safe for public-only keys
2013-03-28 17:03:18 -04:00
6cc50e7cd5
switched signing & validation service to use JWK natively for keys
2013-03-28 16:43:26 -04:00
5a04198eac
moved to JPSK based key store
2013-03-28 15:06:30 -04:00
e2ad4d2e8f
cleaned up spurious nosuchalgorithm exceptions, addresses #285
2013-03-28 15:06:30 -04:00
5f7c46aecd
updated to nimbus 2.13
2013-03-28 15:06:30 -04:00
fcc95f8a0a
Moved nonce processing stuff into nonce service and out of ConnectAuthorizationRequestManager
2013-03-22 14:38:37 -04:00
08eaaa0a12
updated repository to use proper concrete class
2013-03-21 15:20:36 -04:00
8fccbf3483
added Id field to DefaultUserInfo object, switched "userId" terminology to "subject"
2013-03-20 14:29:00 -04:00
b8d2adcf31
added fixme note to hardcoded JWS algorithm, cleaned up x509 view
2013-03-15 15:01:30 -04:00
f44c704472
major refactor of client filter
...
Collapsed filter into single class
pulled server config and client config management into service classes
created service for issuer (will handle account chooser)
created auth request services (handle signed and unsigned requests)
2013-03-14 18:05:50 -04:00
6320fce9fd
url -> uri in approval page
2013-03-07 10:39:33 -05:00
ad3a22e5d4
changed client defaults for JOSE bits
2013-03-06 15:24:46 -05:00
87c8672948
nullsafe check for refresh
2013-03-06 11:32:36 -05:00
217916603f
cleaned out broken unit tests -- now we can start fresh
2013-03-06 09:48:04 -05:00
70b2342864
fixed split client views, fixed typos in various places
2013-03-05 17:26:25 -05:00
51a7ccc397
entity -> embed
2013-03-05 16:33:13 -05:00
0d25d4cb17
null-preserving static parsers instead of constructors
2013-03-05 12:10:33 -05:00
26f03ec070
timestamp for creation date
2013-03-04 16:11:20 -05:00
fc978ac994
made require_auth_time nullable again
2013-03-04 15:44:49 -05:00
bbde2d3b90
todo
2013-03-04 15:06:31 -05:00
db24c203ec
added parser to client registration endpoint
2013-03-04 15:01:02 -05:00
5c044b9eff
added extra client fields to DB model, moved services to use new client model object
2013-03-04 14:22:42 -05:00
3f8d7d70e5
updated client model to match OAuth Dyn Reg and OIDC Reg
2013-03-04 12:48:05 -05:00
5b9422ffdf
cleaned up old unit tests
2013-03-04 11:37:49 -05:00
d7c857b09f
switched jwk view to use nimubs
2013-03-01 17:44:44 -05:00
6c1e6b2d74
refactored signing and validation, added jwk-based cache, removed keyfetcher, refactored client side class structure
2013-03-01 17:44:44 -05:00
385853fa1f
refactored signing and validation, added jwk-based cache, removed keyfetcher, refactored client side class structure
2013-03-01 17:44:44 -05:00
0712d8c340
updated spring version
2013-03-01 17:42:48 -05:00
60b679e942
First steps towards adding display variables to config bean
2013-02-22 17:10:14 -05:00
a184b79b06
store tokens with .serialize() not .toString()
2013-02-22 12:08:01 -05:00
970e3f2f79
not entities after all
2013-02-22 12:08:01 -05:00
3d9ec51eb3
converted client filters to nimbus-jose
2013-02-22 12:08:01 -05:00
8d8010d90f
missed a little bit there
2013-02-22 12:08:01 -05:00
87fc92f97d
extra constructors for algorithm wrappers
2013-02-22 12:08:01 -05:00
e5732da857
added system default signing algorithm, converted token provider and enhancer to use nimbus-jose
2013-02-22 12:08:01 -05:00
10ab55a7e2
moved jwk/x509 publishing over to nimbus-jose (mostly)
2013-02-22 12:08:01 -05:00
fca30cd13f
added provisions to bootstrap signing and validation service from config files
2013-02-22 12:08:01 -05:00
520f55f960
reinstated signing and validation service
2013-02-22 12:08:01 -05:00
46a3e70377
removed idtoken class, removed all jwe/jwt tests
2013-02-22 12:08:01 -05:00
d00b351f32
moved token classes to use Nimbus-JOSE
2013-02-22 12:08:01 -05:00
1f50945831
added wrapper classes for JWE/JWS algorithms, switched client entity model to use and store them.
2013-02-22 12:08:01 -05:00
6dc9020a31
deleted local JOSE implementation classes
2013-02-22 12:08:01 -05:00
d0fdf8140e
sorting on approval page
2013-02-05 15:47:32 -05:00
eb4773ce46
beginning dynamic scopes on auth page
2013-02-05 11:28:39 -05:00
c2b9fd4db1
system scope ordering consistency
2013-02-05 11:11:41 -05:00
cab36a2b80
added appropriate filterered and transformative actions to scope service
2013-02-03 22:04:55 -05:00
ab35186696
added scope service, repository, and API
2013-02-03 22:02:24 -05:00
19e7b62a42
removed persistence.xml and moved to pure spring-based config, addresses #194
2013-02-03 22:02:23 -05:00
a3619240e6
added site scope
2013-02-03 22:02:23 -05:00
f0ee36dad2
auth_type -> auth_method (addresses #258 )
2013-01-18 18:26:55 -05:00
e4284353e8
added azp, addresses #247
2013-01-18 18:09:32 -05:00
da43ba4d55
audience field is now plural
2013-01-18 17:59:46 -05:00
27a26e0a35
(user_id/prn) -> sub
2013-01-18 16:40:05 -05:00
0ab4ad4bbe
added "birthdate", addresses #253
2013-01-18 15:38:41 -05:00
a6806255b8
use sign-magnatude not twos-complement in key parsing
2013-01-18 15:10:48 -05:00
e8095bab26
principal and audience are different (I thought I fixed this??)
2013-01-18 15:10:48 -05:00
c946a84b09
adapted keyfetcher to be more general
2013-01-18 15:06:00 -05:00
a4637ec395
Fleshed out nonce service classes, added code to token service impl to check for and store nonces. Added JodaTime library for working with dates.
2013-01-04 15:30:24 -05:00
c7ae315e98
Added initial files for nonce service. Repository and service impls are stubs
2013-01-04 15:30:24 -05:00
18ddd8333f
added flag to allow introspection, relaxed same-client restrictions on introspection and chained tokens
2012-12-18 11:07:24 -05:00
51b67ebc03
added queries to get access token from id token
2012-12-14 17:35:20 -05:00
b49c6571e8
fixed empty constructor of id token, fixed bug in copy constructor of claimset
2012-12-14 17:35:20 -05:00
6344a72519
missed a few applicationName references, fixed API JSON rendering
2012-12-11 15:16:18 -05:00
33ceedb283
added scope and grant_type, switched to timeunit
2012-12-11 12:11:09 -05:00
e2bc15c2b2
beginning of client registration refactor to track IETF dynreg spec
2012-12-10 17:36:33 -05:00
0659432561
removed builder
2012-12-10 17:16:57 -05:00
7586c6d661
added "NONE" type auth
2012-12-10 17:16:35 -05:00
4bd289c18c
shadowed null id token from serializer
2012-12-10 11:30:16 -05:00
f072aba3f5
moved client details service, fixed authorities mapper
2012-12-10 09:49:07 -05:00
7342da6a51
completed making id tokens into access tokens
2012-12-06 16:24:04 -05:00
b8f701d9d8
switched id tokens to entities, they're now access tokens also
...
still needs some work to get the auth object right, for now we're just copying from the access token
2012-12-06 10:19:21 -05:00
4698552c2d
made email_verified nullable, addresses #237
2012-12-05 16:54:15 -05:00
413c477879
utility method for approved sites to check expiration
2012-11-26 14:25:38 -05:00
45ca4e565e
updated to SECOAUTH-1.0.1-BUILD-SNAPSHOT
2012-11-26 11:53:19 -05:00
f50726ab31
Issue 209 - typo
2012-11-21 14:51:30 -05:00
9c08944a02
Changed arity on approved sites (now can have many per user/site combo)
2012-11-20 14:07:55 -05:00
e9d1ed270d
service layer cleanups
2012-11-19 13:46:09 -05:00
757e21a722
added blacklist API
2012-11-16 11:57:46 -05:00
2a0602863e
Conveted Booleans to booleans
2012-09-20 11:32:59 -04:00
51073a7f8d
Refactor part 3
2012-09-18 15:01:05 -04:00
dd2abd94d1
Refactoring part 2
2012-09-18 14:36:27 -04:00
c40efda6b5
Refactor part 1
2012-09-18 14:24:34 -04:00
920b2a59ba
Fixed error logging
2012-09-10 17:17:03 -04:00
2d24435365
Created custom resolver, handler mapper
...
moved endpoint back to server
2012-09-10 17:17:03 -04:00
be1046f9b6
bean-based configuration
2012-09-10 17:17:03 -04:00
7eb0a6f3d2
Moved JWK to commons
2012-09-10 17:17:03 -04:00
42389286e4
removed non-RSA algorithms from JWE encrypter/decrypter functions
2012-09-06 17:28:17 -04:00
558a6286e2
switched to Guava for parsing ints into bytes, addresses #154
2012-09-06 17:26:20 -04:00
2b62042696
unshadowed Jwe header, unshadowed IdTokenClaims, added smart copy constructor to ClaimSet
2012-09-06 17:20:22 -04:00
11b35267b4
Refactored stats processor into a service, made home page into a smart page.
2012-08-28 17:42:43 -04:00
d041ddb0e1
Added approvedSite API and support structure
2012-08-28 15:28:55 -04:00
8ae1b376fe
updated whitelist service and repository
2012-08-28 15:28:55 -04:00
140de779fd
converted userid type to enum
2012-08-27 16:00:27 -04:00
1c34f83297
Fixed JWS algorithm parsing
2012-08-27 15:58:23 -04:00
29ac1a3a70
reverse lookup for clientdetails utiltiy classes
2012-08-27 14:45:14 -04:00
21ff134383
JWS coment/format cleanup
2012-08-27 14:45:02 -04:00
b5ce8d5e8b
added getByUsername to userinfo repositories and supporting classes, updated calling classes to use this
...
fixed namedquery
2012-08-23 18:23:47 -04:00
ba24ca1f60
removed unused utility method
2012-08-23 18:22:29 -04:00
ba5572b28a
Tidied up a bit, added javadoc comments to new classes
2012-08-23 11:05:10 -04:00
c23b176567
Database backed authorization-code-service now works.
2012-08-23 10:46:08 -04:00
4b76cc514b
Added a database-backed authorization-code system. Untested; needs to be injected into configuration in the place of the in-memory one and tested
2012-08-22 16:54:00 -04:00
dc61068702
Split approved site and whitelisted site scope tables.
2012-08-22 15:21:42 -04:00
a02f37cec3
added generators to client service API
2012-08-20 12:22:18 -04:00
26d5a846e0
Updated validator structure and id token checking.
2012-08-17 16:18:08 -04:00
012bb4afd7
Changed casing on "URI" to "Url" to match other parameters.
2012-08-17 15:32:04 -04:00
d14f55004c
added parser to userinfo object, userinfo url in filter, fixed bug in user_id check
2012-08-17 14:40:13 -04:00
fbd6e67af8
Refactored auth provider to call the userinfo endpoint and provide info inside the auth token.
2012-08-17 14:40:13 -04:00
1efe7a1fc3
updated check of algorithm in signing method"
2012-08-14 10:55:07 -04:00
155974d8e3
moved services and api over to using new client Id field (instead of client_id)
2012-08-10 16:53:31 -04:00
eb5a24690f
added method to get client by its (new) Long id
2012-08-10 16:29:16 -04:00
47ff885032
removed unnecessary cached token values
2012-08-10 14:26:47 -04:00
74a40fc973
changed auth holder reference, moved dates to timestamps
2012-08-10 14:26:47 -04:00
bb7d6b2e94
split scopes table
2012-08-10 14:26:47 -04:00
ed99bd36cf
changed clientdetails entity to use @Enumerated, cleaned up .sql file foreign keys
2012-08-10 14:26:47 -04:00
2d8a5763a3
javafied auth holder class
2012-08-10 14:26:47 -04:00
97d7bc9c13
added field to indicate whether the client has been dynamically registered
2012-08-09 15:55:07 -04:00
f724d3a9fe
updated userinfo table definitions
2012-08-09 12:44:22 -04:00
617e9568d8
Fixed bugs; I can get tokens now. User approval handler seems to be working corrrectly.
2012-08-09 12:44:22 -04:00
49cb8bd0cb
fixing bugs; needed to make all ids BIGINT AUTO-INCREMENT PRIMARY KEY in sql files
2012-08-09 12:44:21 -04:00
0757642e67
removed "s" from allowed_scopes
2012-08-09 12:44:21 -04:00
9c32e92da5
Cleaned up sql tables some more; sticking to _ naming convention
2012-08-09 12:44:21 -04:00
d7deda1699
Propogated AuthenticationHolder effects; this is untested but compiles and I think it is mostly correct
2012-08-09 12:44:21 -04:00
90df91c351
Added AuthenticationHolder object, got references squared away for AccessToken side. Compiles.
2012-08-09 12:44:21 -04:00
cf348590b0
Removed unused ClientGeneratorFactory
2012-08-09 12:44:21 -04:00
d6d80c3e60
Gave OAuth2RefreshTokenEntity a Long Id
2012-08-09 12:44:21 -04:00
6b1dad7215
Gave OAuth2AccessTokenEntity a Long Id
2012-08-09 12:44:21 -04:00
780839dbf9
Made things compile after ClientDetailsEntity refactoring
2012-08-09 12:44:21 -04:00
a68a4f9796
Organized ClientDetailsEntity, updated JPA annotations. Updated sql files to match. Naming conventions: table and column names with multiple words should be seperated by underscores; table and column names should be singular.
2012-08-09 12:44:21 -04:00
15428a875e
Added additional fields to ClientDetailsEntity and did some reorganization, still some more to do. Added "id" field to the sql file, but the sql still needs all of the other additional fields.
2012-08-09 12:44:21 -04:00
8d4e046408
All logging is now org.slf4j. We had a mix of org.slf4j and apache commons-logging. Added error logging to all view which throw errors.
2012-08-07 10:04:38 -04:00
a061e64abf
Merge branch 'user-approval-handler-updated-rebase'
2012-08-06 16:30:03 -04:00
5fb67ab7bb
Did a lot of cleanup; untested but compiles
2012-08-06 14:33:16 -04:00
2f28cf33e7
Changed UserInfo refs in WhitelistedSite to String ids; updated the user approval handler to check if "remember this decision" is checked and only make a new AP if so, and to pull in the scopes selected on the approval page as the saved allowed scopes for that AP.
2012-08-03 16:43:37 -04:00
b87d54b06e
Changed UserInfo references to String "userId" references
2012-08-03 13:32:17 -04:00
845976b8ac
First stages of getting the graylist portion to work. Currently no mechanism for telling the system NOT to remember your decision; that will come later. All approvals will be automatically stored with this code.
2012-08-03 12:49:40 -04:00
51b8dbe065
Revert "updated jwtHeader typ to use an enum" -- set things back to using a string
...
This reverts commit 3b2268c622
2012-08-02 14:16:55 -04:00
164090e9d5
added jwt string stability to several places, fixed jwe parser
2012-07-31 15:29:33 -04:00
676808bdac
got things to deploy - could not reference UserInfo directly in ApprovedSite and WhitelistedSite; needed to reference DefaultUserInfo instead.
2012-07-31 14:50:24 -04:00
4e10fce7ef
Implementing user approval handler; made some modifications to ApprovedSite and WhitelistedSite models, repositories, and service layers.
2012-07-31 14:50:24 -04:00
3b2268c622
updated jwtHeader typ to use an enum
2012-07-31 11:29:48 -04:00
95dcb10472
updated encrypter/decrypter to store keys as member variables rather than to pass them in
2012-07-31 11:29:32 -04:00
61c7231d9a
updated encrypter and decrypter to use enum class rather than fragile parsing
2012-07-31 11:28:46 -04:00
5f80ebc89a
changing encryption/decryption code to use enum classes rather than shady parsing techniques
2012-07-31 11:28:23 -04:00
789f41bdbe
fixed client details regression
2012-07-31 10:44:25 -04:00
3e6f66e2dc
Merge branch 'master' of https://github.com/ssayer/OpenID-Connect-Java-Spring-Server into ssayer-pullreq-124
2012-07-31 10:43:33 -04:00
d07667576e
cleaned up old code
2012-07-30 16:50:44 -04:00
40f39a18e0
cleaning up introspection endpoint
2012-07-30 16:50:44 -04:00
f9dd9df7cd
added skip to test for encryption if not running unlimited strength java
2012-07-30 14:47:02 -04:00
92e779257d
testing key sizes, still failing outside of bouncycastle
2012-07-30 13:40:20 -04:00
1dd2aaf8a1
add JsonObject export for JWK keys
2012-07-30 09:27:03 -04:00
319568d971
refactored JWA algorithm markers to use enum instead of string as stored class
2012-07-23 20:21:31 -04:00
165f3ea292
fixed some unit tests, broke others
2012-07-23 18:44:47 -04:00
e4bc66ba33
small TODO statements cleared up
2012-07-23 18:31:27 -04:00
4deaffd686
updated hmac and rsa signer to use afterPropertiesSet(), abstract oidc auth filter now adds multiple signers to map and then picks the one it needs, and key fetcher now gets jwk
2012-07-23 18:31:27 -04:00
8b848af0fb
cleaned up signer initialization calls and algorithm-setting code, cleaned up algorithm names, renamed encrypter/decrypter classes
2012-07-23 18:17:31 -04:00
d204ff1e69
removed constructor for RsaDecrypter and RsaEncrypter
2012-07-17 14:07:58 -04:00
4f78c3db80
removed verification of signature in decryption
2012-07-17 13:40:14 -04:00
1dbf2808c1
changed imports
2012-07-17 10:57:36 -04:00
William Kim