01892b6f47
use a request matcher on authorization request filter, closes #1033
2016-07-08 11:00:01 -04:00
ca6e867df6
manage dependency versions in parent
2016-07-07 16:46:38 -04:00
ecb4a9ed53
Check that the underlying cause of the PersistenceException is caused by a duplicate entry.
2016-07-07 16:45:36 -04:00
6fb26856a7
Make apiAddClient in the client api return a HttpStatus.Conflict if you try to create a client with a used client id.
...
This fixes a bug where if you try to create a client with a client id that is already in use, you get an empty error message. Instead, now you get a message that tells you that the client couldn't be created because the client id is already in use.
2016-07-07 16:45:36 -04:00
8e71107f9b
Fix NPE when checking claim extension, Simplify always true expressions
2016-07-07 16:35:50 -04:00
8f81278332
We really should specify an encoding here and not depend on the
...
servers default encoding, shouldn't we? It becomes ISO-8859-1
otherwise in Tomcat as per the Servlet specification.
2016-07-07 16:33:24 -04:00
c31f42c3f3
updated versions to 1.3
2016-07-05 14:39:22 -04:00
58724aa6dc
[maven-release-plugin] prepare for next development iteration
2016-04-06 16:33:45 -04:00
29c9ee2c46
[maven-release-plugin] prepare release mitreid-connect-1.2.6
2016-04-06 16:33:42 -04:00
89316cbab1
fixed default token lifetimes for heart mode
2016-03-18 22:02:28 -04:00
9691f02772
added audience parameter to parser, fixed token generator to match HEART spec
2016-03-11 17:12:36 -05:00
49a8848648
count really weird URIs as "custom scheme"
2016-03-10 12:50:47 -05:00
d75bba218d
forbid password grant type in HEART mode
2016-03-10 12:30:48 -05:00
699e9bff39
testing for multiple classes of redirect URIs
2016-02-24 16:34:58 -05:00
38710bd3d2
unit tests for HEART mode
2016-02-24 15:33:52 -05:00
74ea42851b
added check for HEART mode consistency
2016-02-24 13:09:58 -05:00
028265faa6
pulled scope values to externalized strings
2016-02-24 13:09:39 -05:00
5bccb602d8
always perform strict redirect URI matches in HEART mode
2016-02-24 13:09:00 -05:00
51e3513307
disallow client secret JWT authentication in HEART mode
2016-02-24 13:07:14 -05:00
d0d6ae2ad8
[maven-release-plugin] prepare for next development iteration
2016-02-23 19:02:05 -05:00
7f5b70e9e1
[maven-release-plugin] prepare release mitreid-connect-1.2.5
2016-02-23 19:02:02 -05:00
183a599126
fixed OIDC discovery relation URL
2016-01-29 17:17:35 -05:00
61433cc23a
deepen webfinger, endpoint is looser
...
closes #1008
2016-01-29 15:38:17 -05:00
82a1e49e79
[maven-release-plugin] prepare for next development iteration
2016-01-21 15:55:56 -05:00
e6684fb7a8
[maven-release-plugin] prepare release mitreid-connect-1.2.4
2016-01-21 15:55:53 -05:00
3d14b0d128
rename zone_info claim to zoneinfo
2016-01-21 15:52:59 -05:00
7badfe1d17
Happy new year 2016!
2016-01-21 15:50:37 -05:00
d1033b693f
added privacy-preserving client logo cache
2015-12-21 15:51:39 -05:00
e828f3f18d
[maven-release-plugin] prepare for next development iteration
2015-12-21 10:31:49 -05:00
01ca5ef8e2
[maven-release-plugin] prepare release mitreid-connect-1.2.3
2015-12-21 10:31:47 -05:00
aa878cc3cf
pulled checks for expired tokens into utility functions
2015-12-18 11:22:50 -05:00
698feb49cd
check access token expiration on read. closes #983
2015-12-16 22:46:42 -05:00
7f464c496b
changed copyright to new consortium name
2015-12-16 14:51:12 -05:00
ea77bf2a19
quieted approved site cleanup
2015-12-02 16:51:55 -05:00
1ed3e2c47a
quieted logging on database cleanup tasks when no expired elements are found
2015-11-25 15:55:16 -05:00
fcfc620d51
updated client API with more useful errors, removed unused service reference
2015-11-25 15:42:09 -05:00
2496dc114c
allow language system to be loaded from multiple files. closes #817 closes #876
2015-11-24 20:33:55 -05:00
e255fc1a10
change default behavior of message source, closes #964
2015-11-24 20:33:54 -05:00
7b34a666d9
Make the dual client support configurable
2015-11-24 12:10:27 -05:00
a80953a2d4
Allow both flows authorization code and client credentials. This scenario might be found when the same client supports user authentication as well as service to service authentication. Such a client is trusted (whitelisted).
2015-11-24 12:10:27 -05:00
dce80d488b
Clean up ScopeClaimTranslationService
...
`getFieldNameForClaim` method is never used.
2015-11-23 21:35:16 -05:00
2deec98b58
[maven-release-plugin] prepare for next development iteration
2015-10-13 18:56:47 -04:00
d96b2dc130
[maven-release-plugin] prepare release mitreid-connect-1.2.2
2015-10-13 18:56:44 -04:00
96f4d5e8a8
fixed use of wrong constant, closes #940
2015-10-13 18:08:56 -04:00
c9358f348a
added transactional annotations, finally closes #926 addresses #862
2015-10-13 16:59:11 -04:00
e1e892377f
added cleaner for duplicate refresh tokens
2015-10-13 15:38:07 -04:00
542afca459
cleans duplicate access tokens from DB before other cleanup happens
2015-10-13 15:33:23 -04:00
ebb4f2c3d4
Upgraded to nimbus 4.2, closes #934
2015-10-13 04:40:01 -04:00
c67611e975
added qualifier name to persistence unit and transaction manager, closes #883
2015-10-12 21:15:30 -04:00
d280ca40a4
login hints now handled in a slightly smarter (and more pluggable) manner, closes #851
2015-10-12 20:04:02 -04:00
b5c298e0ca
Remove legacy CSRF protection for approve page
...
Instead, we rely on the Spring Security CSRF protection, like we already do for the login page. Additionally, we remove the authentication check in`isApproved`, because this is already done by Spring Security (and if not, we have bigger problems to worry about).
2015-10-09 17:09:46 +02:00
8b362f23f3
[maven-release-plugin] prepare for next development iteration
2015-10-02 18:53:48 -04:00
e384a6257b
[maven-release-plugin] prepare release mitreid-connect-1.2.1
2015-10-02 18:53:45 -04:00
4063f7f94f
user info endpoint response uses correct client algorithms, addresses #921
2015-10-02 18:48:11 -04:00
acb3d03052
added 'kid' to all signed tokens, closes #899
2015-10-01 18:54:38 -04:00
d3f8ff2855
added JTI to ID tokens, closes #900
2015-10-01 17:24:47 -04:00
9822748209
grabbed additional places that mention updated_time/updated_at
2015-10-01 15:53:21 -04:00
31ea96ce27
Update DefaultOIDCTokenService.java
...
fixed typo
2015-10-01 15:34:01 -04:00
22c05ec51b
[maven-release-plugin] prepare for next development iteration
2015-08-05 12:07:47 -04:00
e6b64cd9cd
[maven-release-plugin] prepare release mitreid-connect-1.2.0
2015-08-05 12:07:44 -04:00
489450b1c2
automated code format cleanup
2015-08-05 12:04:14 -04:00
15c2b57730
[maven-release-plugin] prepare for next development iteration
2015-07-30 14:00:20 -04:00
8317c759f1
[maven-release-plugin] prepare release mitreid-connect-1.2.0-RC2
2015-07-30 14:00:18 -04:00
0740443768
added claims redirect uri set to client model for UMA usage
2015-07-30 13:56:14 -04:00
a4e75ed733
[maven-release-plugin] prepare for next development iteration
2015-07-09 18:29:14 -04:00
58a47d0e46
[maven-release-plugin] prepare release mitreid-connect-1.2.0-RC1
2015-07-09 18:29:12 -04:00
0714ed514e
fixed errant unit test
...
why do they always get away like that??
2015-07-09 18:16:42 -04:00
064f36ef6c
clean up resource sets when clients are deleted
2015-07-09 18:07:19 -04:00
d1c069ad1e
clean up permissions and access tokens when a resource set is revoked
2015-07-09 16:40:07 -04:00
7345a03aaa
added UMA import, closes #811 even harder
2015-07-09 11:48:52 -04:00
bcd8a96b5d
UMA data export, closes #811
2015-07-08 21:27:15 -04:00
a3360e9561
externalized strings in data API (1.2)
2015-07-08 18:05:17 -04:00
4a382f2b1c
updated unit tests to new structure
2015-07-08 17:32:15 -04:00
8c822c0f54
detached whitelist from approved sites, closes #781
2015-07-08 17:22:55 -04:00
c4aaa29ffc
updated unit tests for new refresh token mode
2015-06-25 12:44:52 -04:00
d9efeb3b67
added clear access tokens to export/import
2015-06-25 12:40:28 -04:00
2f4d9ce54b
clearing out refresh tokens is now configurable, closes #409
2015-06-25 12:07:38 -04:00
8359ac2813
fixed refresh token lookup
2015-06-25 11:55:58 -04:00
d2a393f7f9
converted error handlers to a single @ControllerAdvice class, closes #788
2015-06-24 17:26:10 -04:00
f4a1b27e2e
better handling of HTTP and JSON errors on network fetches, added http-forcing behavior for webfinger client and sector URL service
2015-06-23 22:21:18 -04:00
f7a082d4b8
wrapped timestamp injection in a null-safe block, with warning; closes #849
2015-06-23 20:57:24 -04:00
9e74e40453
Use diamond syntax instead of explicit types
2015-06-03 10:24:48 -04:00
6dc2b2cb5e
Various small improvements/bugfixes
2015-06-03 10:24:41 -04:00
d1e8529a7b
expose ID Token and UserInfo to the AuthoritiesProvider and AuthoritiesMapper, both extensible
...
closes #699
closes #761
2015-06-01 21:11:19 -04:00
4655650a68
added OAuth error display page, closes #559
2015-06-01 19:21:32 -04:00
dfc8df42f5
moved server configuration injection to pre-request
2015-06-01 19:09:42 -04:00
79317d5b70
JWK Set by value added to admin UI, addresses #826
2015-06-01 15:35:21 -04:00
e43600494a
minor automated code cleanup
2015-06-01 15:35:20 -04:00
642942b5cf
Generalized client key handling into a single cache service
2015-06-01 15:35:20 -04:00
032d41e5ed
added JWKs-by-value support to client data model and API, closes #826
2015-06-01 15:35:20 -04:00
8d3a8471aa
updated refresh token to use converter instead of dummy field
2015-05-29 12:58:00 -04:00
9662f3e8b3
switched access token to using converter instead of dummy field
2015-05-29 12:40:50 -04:00
9ba1a78d09
removed binary objects from data API importers, removed binary object JSON utility entirely
2015-05-27 19:33:05 -04:00
c974267cde
return prompt=none error to client, closes #667
2015-05-27 12:11:41 -04:00
cbf6316050
cleaned up logic on user info interceptor to fix detection of redirects
2015-05-27 12:06:58 -04:00
fe6d2f8a6e
updated and expanded unit tests to account for new data layer
2015-05-26 22:00:21 -04:00
d5a08d4996
cleaned up vestigial service component, to be fixed (maybe) in #825
2015-05-26 22:00:21 -04:00
d9e03b769b
fixed auth holder reference handling, import/export works now
2015-05-26 22:00:21 -04:00
3d1aee77b4
updated 1.2 import to reflect new objects
2015-05-26 22:00:21 -04:00
441b19f0c5
fixed data export to comply with new auth holder
2015-05-26 22:00:21 -04:00
Justin Richer