e2349984b8
happy new year 2015!
2015-02-17 10:24:08 -05:00
d56aec5652
removed extraneous version tag for managed dependency
2015-02-17 10:00:18 -05:00
d88cc2ec8e
fixed pluralization of post logout URIs in data API services
2015-02-17 09:59:50 -05:00
cc02f8fbe8
pluralized post-logout redirect URI on client, closes #654
2015-02-16 16:43:34 -05:00
587d4b2db6
further pom file cleanup
2015-02-16 14:24:48 -05:00
377d8cb884
moved dependency version management to parent pom, closes #666
2015-02-16 13:51:25 -05:00
ef3a696972
removed getBySubject and getAll from user info repository and service layers, closes #760
2015-02-16 11:08:07 -05:00
63dd7c0b25
removed deprecated DefaultUserInfoUserDetailsService and corresponding test, closes #413
2015-02-16 11:07:17 -05:00
166c53cd6a
fixed comparison of client IDs in refresh token, closes #752
...
Also addresses #735 (again)
2015-01-24 07:47:50 -05:00
6c88d7c54b
removed old owner_id field, closes #636
2015-01-17 08:18:36 -05:00
ba97fcb88a
changed name of clientAuthorization to authorizationRequest (which is more accurate), closes #697
2014-12-19 00:55:06 -05:00
a1228d19b5
Changed lastWeek logic back to correct form, removed logic used for
...
testing.
2014-12-19 00:39:07 -05:00
e9d764e53e
added support for login_hint, closes #250
2014-11-26 09:55:39 -05:00
3e7ade9a67
fixed unit tests
2014-11-22 23:46:25 -05:00
1a2ca25359
relaxed scope constraints on protected resources registered through self-service page
2014-11-22 23:46:25 -05:00
e371ad345f
fixed checking of refresh token permissions in client service, clients can now request either refresh_token grant type or offline_access scope and it will work. added checkbox to dynreg page for ease-of-use
...
closes #734
2014-11-22 23:46:25 -05:00
56344fa12b
make sure that client presenting refresh token is the same client the refresh token was issued to
...
closes #735
2014-11-22 23:46:25 -05:00
0e776762c2
set up data API for 1.2 format (currently the same as 1.1 format)
2014-11-15 19:59:47 -10:00
b14dfa6458
approval page defaults to "ask again" when prompt=consent is passed, closes #669
2014-11-13 11:23:54 -10:00
775b77b367
updated date format of token introspection response, closes #719
2014-11-13 11:08:20 -10:00
c600787f1c
added key id to id token, closes #725
2014-11-12 16:22:10 -10:00
d87bdb2120
added ROLE_CLIENT to assertion client authentication, cleaned up roles on client secret authentication, closes #728 , closes #401
2014-11-12 16:03:06 -10:00
e6d10b67a4
update to Spring 4 and other related libraries
2014-11-10 18:29:54 -10:00
9dfac35912
Introduce introspection result assembler to allow for customized introspection results
2014-10-14 21:06:09 -04:00
d557b1e2c2
RefreshToken to AuthHolder linkage test now using AuthHolder ID to verify
2014-10-14 20:30:50 -04:00
ff436a6738
Added tests for ensuring the references between a refresh token and its authentication holder are preserved over import. Minor cleanup of other tests.
2014-10-14 20:30:50 -04:00
d18d325c0c
Better method of creating test AuthenticationHolderEntity, added some more testing to testImport/ExportGrants
...
Conflicts:
openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java
2014-10-14 20:30:50 -04:00
ff28e1a383
Added new data service tests, separated date parsing/formatting utilities into DateUtil class
...
Conflicts:
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_X.java
openid-connect-server/src/main/java/org/mitre/openid/connect/util/DateUtil.java
2014-10-14 20:30:50 -04:00
188818dc0d
added null check to confirmation controller, closes #684
2014-10-07 21:58:15 -04:00
db052f11ca
Moved development branch to 1.2
2014-10-07 21:02:07 -04:00
134909a82f
import cleanup
2014-10-07 19:40:38 -04:00
1e71749c23
added more generic rotation capability
2014-10-07 19:40:38 -04:00
0b8dbc4f68
added registration token API
2014-10-07 19:40:38 -04:00
13cee6bf06
Ported date format changes from 1.0.x
2014-10-06 23:41:33 -04:00
98ace5c9fb
Separated date formatting and parsing functions to DateUtil class. Modified how timezone is printed to workaround Java date formatting issue.
...
Conflicts:
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java
2014-10-06 23:28:20 -04:00
1fbdd240f1
made binary encode/decode null safe
2014-10-06 23:25:48 -04:00
a8377513a6
Fixed reading/writing of approved access tokens
2014-10-06 22:59:27 -04:00
0320bae15c
Fixed netbeans copyright weirdness
2014-10-06 22:59:27 -04:00
dcf66fadc4
Added support for 1.1 config import/export, and separated common functions into 1_X abstract class
2014-10-06 22:59:27 -04:00
ad841a03df
Added support for whitelisted and blacklisted site export
2014-10-06 22:59:27 -04:00
8495617aed
Added support for whitelisted and blacklisted site import from a 1.0 config
2014-10-06 22:59:27 -04:00
16f15cc3c8
NPE fix
2014-10-06 22:59:27 -04:00
6333b1e4b1
Re-enabled reading of system scopes. Added 1.1 data export functionality
2014-10-06 22:59:27 -04:00
d5551e9692
Added services for data import/export and modified JpaAuthenticationHolderEntity and Repository to allow getting all objects
2014-10-06 22:58:26 -04:00
c683131f12
externalized view name strings and tied them to view beans
2014-09-28 22:25:39 -04:00
9e88a62479
moved the API endpoints, made resource tokens accessible too
2014-09-22 23:38:12 -04:00
6d80a00d65
import cleanup
2014-09-22 23:04:23 -04:00
81634e6165
added API for getting tokens by clientid
2014-09-22 22:55:13 -04:00
dee78c130c
fixed missing null check in request object parser
2014-08-25 22:48:42 -04:00
e0b84069d4
Update to latest spring-security-oauth2 module
2014-08-06 11:12:40 -04:00
6f2f807b0b
[maven-release-plugin] prepare for next development iteration
2014-08-05 21:54:51 -04:00
93ae1516a5
[maven-release-plugin] prepare release mitreid-connect-1.1.9
2014-08-05 21:54:47 -04:00
39c50b76f4
added null checks to endpoint auth method switches, closes #652
2014-07-31 23:05:17 -04:00
8768188133
makes the grant types checker softer, closes #640
2014-07-19 23:54:02 -07:00
9666404d54
added "none" to discovery endpoint
2014-07-16 23:48:18 -04:00
7476edb310
added unsigned ID token support to server
2014-07-16 22:29:13 -04:00
538c4031bb
added in better default checks for content negotiation
2014-07-02 16:01:26 -04:00
078bf5e464
combine HTTP content negotiation with client preferences for user info endpoint
2014-06-28 23:44:37 -04:00
1de2a61176
made accept header optional for user info request
2014-06-28 22:20:05 -04:00
04acc21eea
removed injection of admin email address from client API, will happen browser-side now
2014-06-26 13:00:36 -04:00
adf477c64e
[maven-release-plugin] prepare for next development iteration
2014-06-18 18:27:27 -04:00
8d97ed61ec
[maven-release-plugin] prepare release mitreid-connect-1.1.8
2014-06-18 18:27:25 -04:00
5773fe195b
set proper content type on user info JWT response
2014-06-18 18:05:11 -04:00
5f97ce0ca1
fixed error code string
2014-06-18 14:50:17 -04:00
6589cd717d
disallow fragments in redirect uris for dynamic clients, closes #622
2014-06-18 14:49:29 -04:00
4e52543091
more properly respond to some client registration errors
2014-06-18 14:45:55 -04:00
c493f438e7
applied token rotation to protected resources
2014-06-12 19:37:50 -04:00
f4edd3164f
made timeout field optional, tokens don't expire in the default case
2014-06-12 19:37:32 -04:00
4e09ec687b
Registration Token regeneration - when they are beyond their lifetime
...
(in read/update calls)
2014-06-12 19:12:32 -04:00
ed3e6a2814
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues/431 :
...
Generating a new registration access token on read/update call and
revoking the token issued earlier.
2014-06-12 19:12:32 -04:00
a106121af3
created blacklist aware redirect resolver and wired it in, closes #549
2014-06-10 16:29:45 -04:00
a97f3e2d65
don't throw away creation time on protected resource update (oops)
2014-06-09 20:22:58 -04:00
e0fe22e4ba
don't regenerate client secrets every single time
2014-06-09 20:20:36 -04:00
53148f2c87
better auth method checking in dynamic registration and resource registration
2014-06-09 17:41:27 -04:00
f15b4a0f74
resource registration returned the wrong URL
2014-06-09 17:41:01 -04:00
47cc005fe5
more sanity checking for client secrets
2014-06-09 16:06:57 -04:00
cac645484f
client API now generates client secret only for clients that require a client secret
2014-06-09 16:00:55 -04:00
52e53ba219
extracted validation exception, refactored protected resource registration endpoint to use this format
2014-06-06 11:13:41 -04:00
b7a8bbdddc
cleanup, error wrappers on protected resource registration
2014-06-06 10:58:40 -04:00
deaccf437e
refactored dynamic registration endpoint's checks for client consistency
2014-06-06 10:18:40 -04:00
04f7a698ea
added response type consistency checking, closes #430
2014-06-05 19:41:06 -04:00
32101ff7b2
added parsing checks, fixed inverted logic, cleaned up redundant settings, closes #597
2014-06-05 19:06:03 -04:00
ab083c0963
added checks to dynamic registration endpoint that disallow registration of multiple incompatible grant types
2014-06-05 17:16:35 -04:00
cdd23df7ee
token introspection now returns user "sub" when available in addition to "user_id", closes #507 (might cause incompatibility problems)
2014-06-04 17:27:38 -04:00
85acfa90db
[maven-release-plugin] prepare for next development iteration
2014-06-04 14:51:32 -04:00
d5e4cb45a2
[maven-release-plugin] prepare release mitreid-connect-1.1.7
2014-06-04 14:51:29 -04:00
8861220632
stats on home page are now loaded in the background (makes main site load much faster)
2014-06-04 14:39:30 -04:00
3e4aae6c8a
hash tests now pass on Java8
2014-05-29 17:41:56 -04:00
dfdc4ed52d
fixed information leaks from approved site API
2014-05-28 18:21:46 -04:00
a84c10fc1c
Change copyright from Netcetera to MITRE/MIT-KIT.
2014-05-28 08:52:31 +02:00
2797731597
fixed unit test to account for cascading tokens
2014-05-27 20:39:19 -04:00
d2c83104fb
cascade token saves
2014-05-27 19:28:38 -04:00
7f8cbcea39
Use return value from TokenEnhancer.enhance
2014-05-27 19:23:44 -04:00
be98b9cd0b
[maven-release-plugin] prepare for next development iteration
2014-05-27 14:00:40 -04:00
8320f0eefe
[maven-release-plugin] prepare release mitreid-connect-1.1.6
2014-05-27 14:00:37 -04:00
0c8cacd59a
added missing copyright headers
2014-05-27 13:46:47 -04:00
525f3aa2a8
Cleaned up indentation, whitespace, and imports.
2014-05-27 13:02:49 -04:00
8185171119
minor clean up
2014-05-27 11:54:45 -04:00
5ab516de48
prevent clients from registering with special resource scope
2014-05-26 17:39:20 -04:00
c34357a433
added resource registration endpoint with basic functionality and specialized tokens
2014-05-26 16:30:24 -04:00
960319b796
improved logging configuration, removed transactional from service
2014-05-25 15:38:44 -04:00
85fd4e71ce
typo in error message
2014-05-25 15:37:58 -04:00
2af51dc77a
better URI check for prompt filter short circuit
2014-05-25 14:24:25 -04:00
f4a1a2acff
fixed prompt filter coding error
2014-05-24 23:16:29 -04:00
89d55e3d33
added support for default max auth age and require auth time, made prompt filter only work on authorization endpoint
2014-05-24 22:12:41 -04:00
5c6e75bd53
cleaned up UI for client editing
2014-05-24 20:56:54 -04:00
05e9624ae3
added support for encrypted and symmetrically signed id tokens and user info responses
2014-05-23 21:15:50 -04:00
ffe1b29906
Added Signed JWT support to UserInfo endpoint response, closes #593
2014-05-23 19:15:03 -04:00
e4d5f4a540
added system wide cache for all symmetric validators, closes # 557
2014-05-23 16:16:06 -04:00
ca333d256b
Appropriately catch runtime exceptions in all guava caches, closes #603
2014-05-23 15:00:40 -04:00
df9c9747ce
more reasonable check for whether or not a user auth is present, addresses #602
2014-05-23 11:49:51 -04:00
4e890a4d7d
enforce clients using a redirect flow have at least one redirect uri registered when using dynamic registration, made error handling more consistent across all APIs
...
closes #596
2014-05-21 18:29:51 -04:00
a225b00920
added null check and permissions check to ID token generation, closes #602
2014-05-21 17:45:25 -04:00
880014176f
[maven-release-plugin] prepare for next development iteration
2014-05-13 18:23:11 -04:00
ca8a003e3d
[maven-release-plugin] prepare release mitreid-connect-1.1.5
2014-05-13 18:23:08 -04:00
dcf36234c4
moved CSRF generator to request parser instead of confirmation controller
2014-05-13 09:48:34 -04:00
a253ebc908
added CSRF protection to approval page
2014-05-13 09:27:02 -04:00
fcfbf1080f
renamed auth request variable
2014-05-13 09:26:27 -04:00
7cd36b471f
Make introspection endpoint access authorization pluggable.
2014-05-07 16:44:56 +02:00
4b697ba909
webfinger checks host on acct: URIs, closes #404
2014-04-25 21:21:00 -04:00
b8129bf60d
[maven-release-plugin] prepare for next development iteration
2014-04-21 19:19:10 -04:00
a9e34ac9bd
[maven-release-plugin] prepare release mitreid-connect-1.1.4
2014-04-21 19:19:07 -04:00
376403fa4a
account for registration time in approval page, closes #550
2014-04-19 07:28:20 -04:00
1d2f968bd1
configuration cleanup, closes #568
2014-04-18 22:11:58 -04:00
318a28ddf8
added stats mock to unit tests
2014-04-16 22:05:03 -04:00
521017c5c2
updated stats service to have a resettable cache triggered by other service events
2014-04-16 21:39:37 -04:00
7f310400b1
simple cache for stats
2014-04-16 21:18:12 -04:00
39509bfdc4
Performance improvement of token cleanup:
...
an alternative token cleanup mechanism designed to maintain a very compact memory footprint while performing cleanup in consecutive runs of the cleanup thread. This serves to address OutOfMemoryException issues of the original token cleanup mechanism when process is under load. Also, added cleanup of the authentication_holder table.
2014-04-10 23:38:37 -04:00
265624b285
a fix for a NullPointerException whenever a client requests a client scope to be granted.
2014-04-10 22:41:20 -04:00
97cd00e06c
[maven-release-plugin] prepare for next development iteration
2014-03-19 21:40:21 -04:00
23c7cf6996
[maven-release-plugin] prepare release mitreid-connect-1.1.3
2014-03-19 21:40:18 -04:00
ad5ffb64e8
[maven-release-plugin] prepare for next development iteration
2014-03-08 11:17:40 +00:00
1635cf957d
[maven-release-plugin] prepare release mitreid-connect-1.1.2
2014-03-08 11:17:35 +00:00
53cc7ef447
Fixed audience claim on client auth assertion
2014-03-06 19:45:05 +00:00
1fcef858c6
updated server discovery document to reflect new capabilities
2014-03-06 16:48:27 +00:00
b67121f0cd
added client_secret_jwt auth method support, closes #174
2014-03-04 23:45:36 +00:00
15b017992c
added DELETE to token api because revocation endpoint doesn't work for this kind of management, closes #191
2014-03-01 11:05:46 +00:00
89f015cf1c
Updated Token API to be less leaky
2014-02-28 21:14:27 +00:00
dd391ebf3c
Display contacts, popup for image, cleanup of more info
2014-02-16 21:58:16 -05:00
dab52ca8a0
enhancements to approval page
2014-02-16 18:25:05 -05:00
ec6a78c1ba
made prompt pluralizable to comply with spec, closes #519
2014-02-16 01:41:08 -05:00
9395c3802d
[maven-release-plugin] prepare for next development iteration
2014-02-10 15:28:14 -05:00
4f8311962a
[maven-release-plugin] prepare release mitreid-connect-1.1.1
2014-02-10 15:28:11 -05:00
19dbe92d4e
initial support for displaying claim values for requested scopes
2014-01-20 20:56:04 -05:00
3b52ce8201
happy new year!
2014-01-20 12:38:42 -05:00
ebbc7209aa
automated code formatting and cleanup
2013-12-03 14:19:34 -05:00
e1e7f7a579
[maven-release-plugin] prepare for next development iteration
2013-12-02 12:18:11 -05:00
42fe973f7b
[maven-release-plugin] prepare release mitreid-connect-1.1.0
2013-12-02 12:18:08 -05:00
4a8d693746
fixed prompt filter map mismatch (I hate type erasure)
2013-12-02 11:55:09 -05:00
ce1f3f2f94
updated mockito, fixed some unit tests
2013-11-27 12:37:05 -05:00
d330bd1c9b
cleanup, added revocation uri to server config
2013-11-27 12:23:04 -05:00
ed06b14406
publish revocation endpoint, addresses #520
2013-11-27 12:13:42 -05:00
b7011f508e
urlencode client IDs in client registration URIs, addresses #422
2013-11-27 12:12:10 -05:00
8c1bfb7e0c
set current user's email address to owner when using admin UI
2013-11-27 12:11:36 -05:00
6c4d2a8e8d
vestigial comment cleanup
2013-11-27 12:06:53 -05:00
db5532e9bf
comment cleanup
2013-11-27 11:34:41 -05:00
39fb96a802
pull request from extensions map
2013-11-27 11:20:38 -05:00
86e0f0c7ee
cleaned up old comments
2013-11-27 11:20:01 -05:00
a24eadeb11
cleaned up responseType calls, addresses #451
2013-11-27 11:03:15 -05:00
df511a81cc
override from #465 no longer needed
2013-11-27 10:53:16 -05:00
d3dbb00e77
ensure clients and tokens don't get special system scopes, addresses #320
2013-11-27 10:35:56 -05:00
ef01de168d
Moved special token scopes to scope service interface
2013-11-27 10:21:52 -05:00
4f986d6a38
clean up some auto generated functions
2013-11-27 09:57:56 -05:00
f56135810c
Fixed request object precedence order
2013-11-27 09:52:26 -05:00
447df56947
removed unused nonce exception
2013-11-27 09:10:35 -05:00
27f391ef01
Fixed compilation errors for SECOAUTH milestone updates
2013-11-25 09:31:50 -05:00
190caee9a1
refactored userinfo serializer
2013-11-18 09:49:23 -05:00
46be502ed1
Enforces minimum Java version 1.6 on the openid-connect-server project.
2013-10-22 18:08:02 -07:00
2a34994383
cleanup view
2013-09-26 17:07:38 -04:00
7a4366c083
collapsed two serialization functions into one
2013-09-26 16:15:30 -04:00
65a7e1d724
Added UserInfo.toJson method; added ScopeClaimTranslationService; rewrote UserInfoSerializer to use both
2013-09-26 12:03:39 -04:00
cb449c25b1
Made a UserInfoSerializer class, attempted to switch UserInfoInterceptor over to use it, but it requires a bad hack. I might be missing something.
2013-09-26 12:03:39 -04:00
73863302e9
added spring-tx dependency to server
2013-09-24 14:08:53 -04:00
8a5a16f374
refactored project into four modules:
...
Common
Client
Server Library
Server Webapp
addresses #367
2013-09-23 17:19:09 -04:00
bf3e0033fe
initial refactor of userinfoview for new model components
2013-09-19 12:36:22 -04:00
9debf1486d
pass authorized and requested claims as strings to view
2013-09-19 12:36:22 -04:00
b396610f35
refactor processing of request object
2013-09-19 12:36:22 -04:00
47d304851d
Created token service for OIDC special tokens; removed creation of id tokens and registration_access_tokens to the new service.
2013-09-17 16:56:46 -04:00
66e837f650
Move extension parameters into OAuth2Request.extensions map; remove all calls to OAuth2Request.getRequestParameters.
2013-09-17 10:54:19 -04:00
e1ed53a229
added missing parts to discovery
2013-09-16 17:27:04 -04:00
6605877a1b
added encryption/decryption to cached JWK-URI service
2013-09-16 17:27:04 -04:00
9f13dc8f77
wrap errors in saving the client in an HTTP 400 (instead of HTTP 500) error
2013-09-13 14:22:42 -04:00
9b72c6b1f3
check sector identifier URI's contents and match against redirect URIs, addresses #504
2013-09-13 14:22:24 -04:00
1aa5fe25c6
re-decrypt request object at userinfo endpoint (this shouldn't need to happen)
2013-09-12 17:05:34 -04:00
09cd752c86
added basic support for encrypted request objects, addresses #475
2013-09-12 17:05:12 -04:00
a52f86db49
removed NYI tags from request object algorithm fields
2013-09-12 16:46:22 -04:00
d09b3b50d6
call encode() instead of new() on Base64URL utility
2013-09-12 15:19:14 -04:00
35bd9c8eda
throw appropriate errors from request factory
2013-09-12 14:48:54 -04:00
e67a41c556
added transient passthroughs to JOSE algorithms for client
2013-09-12 14:08:37 -04:00
c9aa42dbef
better processing for signed request objects
2013-09-12 13:56:10 -04:00
f9ca15139d
added phone-number verified, addresses #505
...
affects #455
2013-09-12 10:19:14 -04:00
6cbed133b2
let user know that the client is using a pairwise identifier on approval
2013-09-11 17:39:55 -04:00
a9f639a718
moved subject type and sector identifier controls to the 'access' tab
2013-09-11 17:14:35 -04:00
6b66139ead
added unit test for uuid service
2013-09-11 15:28:00 -04:00
0281cf02fe
calculate pairwise based on redirect uri rather than client id
2013-09-11 14:37:17 -04:00
f6a8ac4529
added unit test for default userinfo service (with pairwise checks)
2013-09-11 11:59:40 -04:00
77c0473438
fixed comparison order to be null safe
...
cleaned up type check
2013-09-11 11:59:34 -04:00
dbdc2e777d
added pairwise identifier service and repository
2013-09-10 17:15:58 -04:00
bdf62eaa36
need to check the sector identifier at some point
2013-09-10 16:35:51 -04:00
914f2e4d93
added new call to get the UserInfo in context with the requesting client to allow for pairwise identifiers.
...
temporary implementation of pairwise identifiers in place
2013-09-10 16:01:17 -04:00
Justin Richer