960319b796
improved logging configuration, removed transactional from service
2014-05-25 15:38:44 -04:00
85fd4e71ce
typo in error message
2014-05-25 15:37:58 -04:00
2af51dc77a
better URI check for prompt filter short circuit
2014-05-25 14:24:25 -04:00
f4a1a2acff
fixed prompt filter coding error
2014-05-24 23:16:29 -04:00
89d55e3d33
added support for default max auth age and require auth time, made prompt filter only work on authorization endpoint
2014-05-24 22:12:41 -04:00
5c6e75bd53
cleaned up UI for client editing
2014-05-24 20:56:54 -04:00
05e9624ae3
added support for encrypted and symmetrically signed id tokens and user info responses
2014-05-23 21:15:50 -04:00
ffe1b29906
Added Signed JWT support to UserInfo endpoint response, closes #593
2014-05-23 19:15:03 -04:00
e4d5f4a540
added system wide cache for all symmetric validators, closes # 557
2014-05-23 16:16:06 -04:00
ca333d256b
Appropriately catch runtime exceptions in all guava caches, closes #603
2014-05-23 15:00:40 -04:00
df9c9747ce
more reasonable check for whether or not a user auth is present, addresses #602
2014-05-23 11:49:51 -04:00
4e890a4d7d
enforce clients using a redirect flow have at least one redirect uri registered when using dynamic registration, made error handling more consistent across all APIs
...
closes #596
2014-05-21 18:29:51 -04:00
a225b00920
added null check and permissions check to ID token generation, closes #602
2014-05-21 17:45:25 -04:00
880014176f
[maven-release-plugin] prepare for next development iteration
2014-05-13 18:23:11 -04:00
ca8a003e3d
[maven-release-plugin] prepare release mitreid-connect-1.1.5
2014-05-13 18:23:08 -04:00
dcf36234c4
moved CSRF generator to request parser instead of confirmation controller
2014-05-13 09:48:34 -04:00
a253ebc908
added CSRF protection to approval page
2014-05-13 09:27:02 -04:00
fcfbf1080f
renamed auth request variable
2014-05-13 09:26:27 -04:00
7cd36b471f
Make introspection endpoint access authorization pluggable.
2014-05-07 16:44:56 +02:00
4b697ba909
webfinger checks host on acct: URIs, closes #404
2014-04-25 21:21:00 -04:00
b8129bf60d
[maven-release-plugin] prepare for next development iteration
2014-04-21 19:19:10 -04:00
a9e34ac9bd
[maven-release-plugin] prepare release mitreid-connect-1.1.4
2014-04-21 19:19:07 -04:00
376403fa4a
account for registration time in approval page, closes #550
2014-04-19 07:28:20 -04:00
1d2f968bd1
configuration cleanup, closes #568
2014-04-18 22:11:58 -04:00
318a28ddf8
added stats mock to unit tests
2014-04-16 22:05:03 -04:00
521017c5c2
updated stats service to have a resettable cache triggered by other service events
2014-04-16 21:39:37 -04:00
7f310400b1
simple cache for stats
2014-04-16 21:18:12 -04:00
39509bfdc4
Performance improvement of token cleanup:
...
an alternative token cleanup mechanism designed to maintain a very compact memory footprint while performing cleanup in consecutive runs of the cleanup thread. This serves to address OutOfMemoryException issues of the original token cleanup mechanism when process is under load. Also, added cleanup of the authentication_holder table.
2014-04-10 23:38:37 -04:00
265624b285
a fix for a NullPointerException whenever a client requests a client scope to be granted.
2014-04-10 22:41:20 -04:00
97cd00e06c
[maven-release-plugin] prepare for next development iteration
2014-03-19 21:40:21 -04:00
23c7cf6996
[maven-release-plugin] prepare release mitreid-connect-1.1.3
2014-03-19 21:40:18 -04:00
ad5ffb64e8
[maven-release-plugin] prepare for next development iteration
2014-03-08 11:17:40 +00:00
1635cf957d
[maven-release-plugin] prepare release mitreid-connect-1.1.2
2014-03-08 11:17:35 +00:00
53cc7ef447
Fixed audience claim on client auth assertion
2014-03-06 19:45:05 +00:00
1fcef858c6
updated server discovery document to reflect new capabilities
2014-03-06 16:48:27 +00:00
b67121f0cd
added client_secret_jwt auth method support, closes #174
2014-03-04 23:45:36 +00:00
15b017992c
added DELETE to token api because revocation endpoint doesn't work for this kind of management, closes #191
2014-03-01 11:05:46 +00:00
89f015cf1c
Updated Token API to be less leaky
2014-02-28 21:14:27 +00:00
dd391ebf3c
Display contacts, popup for image, cleanup of more info
2014-02-16 21:58:16 -05:00
dab52ca8a0
enhancements to approval page
2014-02-16 18:25:05 -05:00
ec6a78c1ba
made prompt pluralizable to comply with spec, closes #519
2014-02-16 01:41:08 -05:00
9395c3802d
[maven-release-plugin] prepare for next development iteration
2014-02-10 15:28:14 -05:00
4f8311962a
[maven-release-plugin] prepare release mitreid-connect-1.1.1
2014-02-10 15:28:11 -05:00
19dbe92d4e
initial support for displaying claim values for requested scopes
2014-01-20 20:56:04 -05:00
3b52ce8201
happy new year!
2014-01-20 12:38:42 -05:00
ebbc7209aa
automated code formatting and cleanup
2013-12-03 14:19:34 -05:00
e1e7f7a579
[maven-release-plugin] prepare for next development iteration
2013-12-02 12:18:11 -05:00
42fe973f7b
[maven-release-plugin] prepare release mitreid-connect-1.1.0
2013-12-02 12:18:08 -05:00
4a8d693746
fixed prompt filter map mismatch (I hate type erasure)
2013-12-02 11:55:09 -05:00
ce1f3f2f94
updated mockito, fixed some unit tests
2013-11-27 12:37:05 -05:00
d330bd1c9b
cleanup, added revocation uri to server config
2013-11-27 12:23:04 -05:00
ed06b14406
publish revocation endpoint, addresses #520
2013-11-27 12:13:42 -05:00
b7011f508e
urlencode client IDs in client registration URIs, addresses #422
2013-11-27 12:12:10 -05:00
8c1bfb7e0c
set current user's email address to owner when using admin UI
2013-11-27 12:11:36 -05:00
6c4d2a8e8d
vestigial comment cleanup
2013-11-27 12:06:53 -05:00
db5532e9bf
comment cleanup
2013-11-27 11:34:41 -05:00
39fb96a802
pull request from extensions map
2013-11-27 11:20:38 -05:00
86e0f0c7ee
cleaned up old comments
2013-11-27 11:20:01 -05:00
a24eadeb11
cleaned up responseType calls, addresses #451
2013-11-27 11:03:15 -05:00
df511a81cc
override from #465 no longer needed
2013-11-27 10:53:16 -05:00
d3dbb00e77
ensure clients and tokens don't get special system scopes, addresses #320
2013-11-27 10:35:56 -05:00
ef01de168d
Moved special token scopes to scope service interface
2013-11-27 10:21:52 -05:00
4f986d6a38
clean up some auto generated functions
2013-11-27 09:57:56 -05:00
f56135810c
Fixed request object precedence order
2013-11-27 09:52:26 -05:00
447df56947
removed unused nonce exception
2013-11-27 09:10:35 -05:00
27f391ef01
Fixed compilation errors for SECOAUTH milestone updates
2013-11-25 09:31:50 -05:00
190caee9a1
refactored userinfo serializer
2013-11-18 09:49:23 -05:00
46be502ed1
Enforces minimum Java version 1.6 on the openid-connect-server project.
2013-10-22 18:08:02 -07:00
2a34994383
cleanup view
2013-09-26 17:07:38 -04:00
7a4366c083
collapsed two serialization functions into one
2013-09-26 16:15:30 -04:00
65a7e1d724
Added UserInfo.toJson method; added ScopeClaimTranslationService; rewrote UserInfoSerializer to use both
2013-09-26 12:03:39 -04:00
cb449c25b1
Made a UserInfoSerializer class, attempted to switch UserInfoInterceptor over to use it, but it requires a bad hack. I might be missing something.
2013-09-26 12:03:39 -04:00
73863302e9
added spring-tx dependency to server
2013-09-24 14:08:53 -04:00
8a5a16f374
refactored project into four modules:
...
Common
Client
Server Library
Server Webapp
addresses #367
2013-09-23 17:19:09 -04:00
bf3e0033fe
initial refactor of userinfoview for new model components
2013-09-19 12:36:22 -04:00
9debf1486d
pass authorized and requested claims as strings to view
2013-09-19 12:36:22 -04:00
b396610f35
refactor processing of request object
2013-09-19 12:36:22 -04:00
47d304851d
Created token service for OIDC special tokens; removed creation of id tokens and registration_access_tokens to the new service.
2013-09-17 16:56:46 -04:00
66e837f650
Move extension parameters into OAuth2Request.extensions map; remove all calls to OAuth2Request.getRequestParameters.
2013-09-17 10:54:19 -04:00
e1ed53a229
added missing parts to discovery
2013-09-16 17:27:04 -04:00
6605877a1b
added encryption/decryption to cached JWK-URI service
2013-09-16 17:27:04 -04:00
9f13dc8f77
wrap errors in saving the client in an HTTP 400 (instead of HTTP 500) error
2013-09-13 14:22:42 -04:00
9b72c6b1f3
check sector identifier URI's contents and match against redirect URIs, addresses #504
2013-09-13 14:22:24 -04:00
1aa5fe25c6
re-decrypt request object at userinfo endpoint (this shouldn't need to happen)
2013-09-12 17:05:34 -04:00
09cd752c86
added basic support for encrypted request objects, addresses #475
2013-09-12 17:05:12 -04:00
a52f86db49
removed NYI tags from request object algorithm fields
2013-09-12 16:46:22 -04:00
d09b3b50d6
call encode() instead of new() on Base64URL utility
2013-09-12 15:19:14 -04:00
35bd9c8eda
throw appropriate errors from request factory
2013-09-12 14:48:54 -04:00
e67a41c556
added transient passthroughs to JOSE algorithms for client
2013-09-12 14:08:37 -04:00
c9aa42dbef
better processing for signed request objects
2013-09-12 13:56:10 -04:00
f9ca15139d
added phone-number verified, addresses #505
...
affects #455
2013-09-12 10:19:14 -04:00
6cbed133b2
let user know that the client is using a pairwise identifier on approval
2013-09-11 17:39:55 -04:00
a9f639a718
moved subject type and sector identifier controls to the 'access' tab
2013-09-11 17:14:35 -04:00
6b66139ead
added unit test for uuid service
2013-09-11 15:28:00 -04:00
0281cf02fe
calculate pairwise based on redirect uri rather than client id
2013-09-11 14:37:17 -04:00
f6a8ac4529
added unit test for default userinfo service (with pairwise checks)
2013-09-11 11:59:40 -04:00
77c0473438
fixed comparison order to be null safe
...
cleaned up type check
2013-09-11 11:59:34 -04:00
dbdc2e777d
added pairwise identifier service and repository
2013-09-10 17:15:58 -04:00
bdf62eaa36
need to check the sector identifier at some point
2013-09-10 16:35:51 -04:00
914f2e4d93
added new call to get the UserInfo in context with the requesting client to allow for pairwise identifiers.
...
temporary implementation of pairwise identifiers in place
2013-09-10 16:01:17 -04:00
149fb1bac1
services shouldn't be transactional
2013-09-10 15:26:09 -04:00
29d1c7d54a
userinfo endpoint now uses OAuth2Authentication exclusively
...
(which is all it was really doing before)
2013-09-10 14:16:34 -04:00
ac42c00062
id token now uses userinfo's sub
2013-09-10 13:50:49 -04:00
f139541485
added randomized subs to demo users
2013-09-10 13:48:37 -04:00
b9da10d176
look up by username instead of subject
2013-09-10 11:39:00 -04:00
9ea82aacf0
clean up unused getter/setter
2013-09-10 11:38:42 -04:00
9720b60f05
allow loading of structured scopes from scopes.sql file (and temp tables)
2013-09-06 16:07:25 -04:00
5e676e0e59
fixed scope UI
2013-09-06 16:07:25 -04:00
2b663bb23c
UI for scope editing
2013-09-06 16:07:25 -04:00
469e722f72
defer to system scope matcher in approval handler
2013-09-06 16:07:25 -04:00
99ad9b883e
added validator that knows how to deal with structured scopes
2013-09-06 16:07:25 -04:00
59187d47e4
use new unified parsing for approval page
2013-09-06 16:07:25 -04:00
85533d50cf
scope comparison for TofuUserApprovalHandler
2013-09-06 16:07:25 -04:00
1c4c53f252
scope comparison for introspection endpoint
2013-09-06 16:07:24 -04:00
6152a943d8
serialize structured scopes properly (with tests)
2013-09-06 16:07:24 -04:00
72f0ab631d
added transient structured value to system scope, added scope matcher function to scope service
2013-09-06 16:07:24 -04:00
3fc34f15c8
added structured scope update to mysql (affects #455 )
2013-09-06 16:07:24 -04:00
b416888b07
Structured Scopes from BB+
2013-09-06 16:07:24 -04:00
127507246e
if the client doesn't ask for any system scopes, but asks for some non-system scopes, they'll now get the defaults instead of none
...
addresses #498
2013-09-06 13:30:22 -04:00
64bbb73d1b
cleaned up CORS filter implementation
2013-09-03 16:01:19 -04:00
6ff4ae1458
added CORS filter
2013-09-03 15:17:18 -04:00
81cb60ad7b
made introspection and revocation work with basic auth (and possible OAuth tokens, but that needs more work)
2013-09-03 15:17:16 -04:00
bdbff8d45c
tell spring to not stuff model into the redirects, partially addresses #492
2013-08-30 16:38:07 -04:00
84f097edf4
removed outdated client credentials filter, addresses #491
2013-08-30 11:48:52 -04:00
d7be122a21
added basic user profile view implementation
2013-08-29 17:33:42 -04:00
55ea880396
hide admin panels from non-admin users, addresses #472
2013-08-29 17:15:13 -04:00
235029ba0e
inject user's authorities into javascript context
2013-08-29 16:58:36 -04:00
eab4563551
inject user's email address into contacts on dynamic registration
2013-08-29 16:58:24 -04:00
be6179d1ac
inject the current user into the javascript context
2013-08-29 16:44:01 -04:00
5c10eef8b7
added delete function
2013-08-29 14:18:54 -04:00
d92b7c4810
changed display of core client components, added warning
2013-08-29 11:50:05 -04:00
4009d9ea82
added create and update functions
2013-08-29 11:11:37 -04:00
8e6da2b936
json view and form elements
2013-08-28 16:42:43 -04:00
36151975c1
added client read and oauth token support for CRUD abilities
2013-08-28 15:32:18 -04:00
ead99474be
fixed panels for client form
2013-08-28 14:38:03 -04:00
fb66af2071
added form editor and control for newly-registered clients
2013-08-28 14:20:20 -04:00
51973ea595
added dev page for self-service client registration
2013-08-28 14:17:30 -04:00
2108311d65
Revert "refactored code to use the more generic JWT declaration."
...
This reverts commit e0b56bc72a
2013-08-26 15:33:08 -04:00
e0b56bc72a
refactored code to use the more generic JWT declaration.
2013-08-26 11:32:46 -04:00
ca777f7dc4
proper null check for client's preferred signature method
2013-08-20 16:45:45 -04:00
07bec462cc
added comment about why we can't use set intersection method.
2013-08-20 14:09:14 -04:00
b89436d7b9
UserInfoView returning intersection of claims request parameter and request object claims in effect now.
2013-08-20 08:55:56 -04:00
bd3d2a5cee
created crypto tab
2013-08-19 17:35:05 -04:00
3f66d16236
removed NYI tag from ID token signing alg
2013-08-19 17:31:13 -04:00
48a9202f79
fixed jquery.on regex to be less aggressive
2013-08-19 17:20:29 -04:00
941e9544e2
Compare client_ids instead of Client objects
2013-08-19 16:55:56 -04:00
3eae6f2789
Changed client algorithm check to look for null instead of JWSAlgorithm.NONE, which is a valid value.
2013-08-19 16:55:29 -04:00
0059c7b4cc
Use clients preferred algorithm, if any, to sign
2013-08-19 16:33:18 -04:00
2fb138aa19
fixed jquery.on syntax bug, addresses #346
2013-08-19 16:07:34 -04:00
8edc8cc69a
Disable unsupported JOSE algorithms in UI, addresses #476
2013-08-19 15:52:00 -04:00
8c91861188
load server configuration into JS app
2013-08-19 15:52:00 -04:00
e40b1cf850
animated loading bar for management console
2013-08-19 15:52:00 -04:00
a80c19384f
added 'use server default' to JOSE options, addresses #462
2013-08-19 15:52:00 -04:00
b54f33d0db
fixed json elements of "claims" and "userinfo" being processed out of order.
2013-08-19 14:15:53 -04:00
7b813c79ee
parsing "claims" parameter directly from userinfoendpoint requests.
2013-08-19 13:32:34 -04:00
1ffbb39a2b
refactored json parser to a private static field.
2013-08-19 13:30:56 -04:00
89056bd911
removed test-specific constructor and default constructor.
2013-08-19 13:30:56 -04:00
ba0c3c5d78
id tokens always expire, addresses #416
2013-08-19 12:42:37 -04:00
7e51a361ba
changed to using relative em lengths instead of hard px length values for token timeout form elements.
2013-08-15 16:19:47 -04:00
c1ee5141a4
added back default timeouts and fixed refresh token check
2013-08-15 15:50:36 -04:00
00db39dab9
addresses issue #471 . setting default timeout values in the backbone model to null.
2013-08-15 15:29:16 -04:00
1b674b6420
restored bootstrap to out-of-the-box formatting, addresses #454
2013-08-15 14:50:18 -04:00
a6bb56ed9a
unit select box appropriately disabled after saving now.
2013-08-15 14:03:25 -04:00
86c6a0ea8b
clear token timeout form fields when disabled and also disable unit selector.
2013-08-15 13:09:53 -04:00
3f01ae1a71
renamed token expiration form field ids from -seconds to -time.
2013-08-15 11:13:29 -04:00
2242db5c11
shortened token timeout form fields.
2013-08-15 11:13:29 -04:00
6f8143937e
dropdown time unit chooser added for token expiration.
2013-08-15 11:13:29 -04:00
7ab53795b1
refactor js. getFormTokenValue() -> getFormTokenNumberValue().
2013-08-15 11:13:29 -04:00
7d51335055
added prompt=login support, addresses #323
2013-08-14 17:00:56 -04:00
a0646452ab
test for max_age, force login if not fresh enough, addresses #467
2013-08-14 16:50:51 -04:00
6c1e91b7e3
auth_time is now tracked, addresses #288
2013-08-14 15:39:41 -04:00
e88c6c4943
Changed predicates methods to use Collections2.filter rather than Sets.filter
2013-08-13 10:31:39 -04:00
f1357cceb4
corrected output for badly-formatted timeout date.
2013-08-12 16:20:42 -04:00
025eb05d3a
added date format validity check for moment.js usage.
2013-08-12 16:15:06 -04:00
c1607b53e4
null-checking in date display for approved sites.
2013-08-12 15:52:30 -04:00
d67a492b6c
date display logic to use moment.js.
2013-08-12 15:03:46 -04:00
ba7e791985
initial moment time formatting commit.
2013-08-12 12:15:47 -04:00
a72ba6d98b
importing moment.js library.
2013-08-12 11:23:43 -04:00
6687e3a831
override createOAuth2Request method for factory iss #465 .
2013-08-09 13:03:46 -04:00
ef4482249c
Dyn-reg endpoint now creates the registration access token from scratch instead of calling token services; token services no longer needs to check for RAT scope to avoid expiring RATs
2013-08-09 11:49:11 -04:00
15e512cec3
renamed JWSUtils -> IdTokenHashUtils, renamed internal variables
2013-08-08 14:34:19 -04:00
0f16bacc63
TestJWSUtils done.
2013-08-08 14:10:35 -04:00
2ba8ad71f1
updated hash tests.
2013-08-08 14:10:35 -04:00
cdd3a6d478
changed at_hash/c_hash impl. HMAC-SHA --> regular SHA.
2013-08-08 14:10:35 -04:00
fd611ce353
Had an unsaved file hanging around - formatting JSPs
2013-08-08 14:03:59 -04:00
a91f160e34
Fixed formatting in tag files
2013-08-08 14:00:01 -04:00
5beac9d50d
Fixed formatting in JSPs
2013-08-08 13:18:14 -04:00
2d4d7f7be9
Had to hand-merge some things; git got confused
2013-08-07 10:59:55 -04:00
861beeba64
Added c_hash function, added stub of unit test for JWSUtils
2013-08-07 10:43:26 -04:00
37580cc21e
JWSUtils uses JWSAlgorithm to match bit length; ConnectTokenEnhancer calls the util method now
2013-08-07 10:41:53 -04:00
3a591dc1f4
Added JWSUtils class;
2013-08-07 10:38:28 -04:00
be97aedbc7
Used Predicates to filter expired tokens and approved sites;
2013-08-06 16:42:49 -04:00
b3bb43881d
Moved getExpired to service layers
2013-08-06 16:33:27 -04:00
eea37cf79c
Fixed token expiration bug by removing jsql queries. Instead expired tokens or approved sites are filtered at the repository level
2013-08-06 11:28:13 -04:00
ce4ab6a766
Updated spring version to 3.2.3; added a 10-minute initial delay to the scheduled tasks in task-config.xml
2013-08-05 16:31:56 -04:00
265214511c
Renamed oAuth2RequestFactory
2013-08-05 14:04:48 -04:00
a4c1a7a37d
Issue 449
2013-08-02 11:20:47 -04:00
9dda789488
Updated database tables
2013-08-02 11:16:11 -04:00
2f711c88a7
Removed nonce service
2013-08-02 10:56:28 -04:00
d4fbb4f599
Removed Event class
2013-08-02 10:06:41 -04:00
88863f4910
replaced mock TokenRequest and the storedAuth test field with concrete objects. test should pass now.
2013-07-30 11:42:11 -04:00
1392faa83c
replaced mock client auth with concrete OAuth2Request object
2013-07-30 11:42:11 -04:00
ad2ace6d74
Do not expire registration tokens
2013-07-30 11:33:15 -04:00
beaeaa4ccc
I can spell "consortium", I promise
2013-07-29 17:40:26 -04:00
b2b6fd6448
further cleanup
2013-07-29 17:00:35 -04:00
856c0ea0b5
Merge commit '023dd440d4a0e6e59a14c88013837d79a77c74e0' into 1.1-merge
...
Conflicts:
openid-connect-client/pom.xml
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/AuthorizationRequestImpl.java
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectionAuthorityGranter.java
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectionUrlProvider.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisher.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisherMapping.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/JwkViewResolver.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticClientConfigurationService.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticServerConfigurationService.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/StaticSingleIssuerService.java
openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/ThirdPartyIssuerService.java
openid-connect-client/src/test/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilterTest.java
openid-connect-common/pom.xml
openid-connect-common/src/main/java/org/mitre/jose/keystore/JWKSetKeyStore.java
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/JwtSigningAndValidationService.java
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/DefaultJwtSigningAndValidationService.java
openid-connect-common/src/main/java/org/mitre/jwt/signer/service/impl/JWKSetSigningAndValidationServiceCacheService.java
openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java
openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java
openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthorizationCodeRepository.java
openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2TokenRepository.java
openid-connect-common/src/main/java/org/mitre/oauth2/service/OAuth2TokenEntityService.java
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java
openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java
openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java
openid-connect-common/src/main/java/org/mitre/openid/connect/model/Event.java
openid-connect-common/src/main/java/org/mitre/openid/connect/model/OIDCAuthenticationToken.java
openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java
openid-connect-common/src/main/java/org/mitre/util/jpa/JpaUtil.java
openid-connect-server/.gitignore
openid-connect-server/pom.xml
openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2AuthorizationCodeService.java
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultSystemScopeService.java
openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java
openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java
openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java
openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java
openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestFactory.java
openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAuthenticationProvider.java
openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerClientAssertionTokenEndpointFilter.java
openid-connect-server/src/main/java/org/mitre/openid/connect/exception/InvalidJwtSignatureException.java
openid-connect-server/src/main/java/org/mitre/openid/connect/exception/UnknownUserInfoSchemaException.java
openid-connect-server/src/main/java/org/mitre/openid/connect/exception/UserNotFoundException.java
openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java
openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultApprovedSiteService.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultNonceService.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultStatsService.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultUserInfoUserDetailsService.java
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultWhitelistedSiteService.java
openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/ExceptionAsJSONView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/POCOUserInfoView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/StatsSummary.java
openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ManagerController.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/RequestObjectAuthorizationEndpoint.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoInterceptor.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java
openid-connect-server/src/main/webapp/WEB-INF/tags/aboutContent.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/breadcrumbs.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/contactContent.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/copyright.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/header.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/landingPageAbout.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/landingPageContact.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/landingPageStats.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/landingPageWelcome.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/sidebar.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/statsContent.tag
openid-connect-server/src/main/webapp/WEB-INF/tags/topbar.tag
openid-connect-server/src/main/webapp/WEB-INF/views/about.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/approve.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/contact.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/exception/usernotfound.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/login.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/manage.jsp
openid-connect-server/src/main/webapp/WEB-INF/views/stats.jsp
pom.xml
2013-07-29 16:21:20 -04:00
023dd440d4
[maven-release-plugin] prepare for next development iteration
2013-07-29 11:30:08 -04:00
5e8f93cf15
[maven-release-plugin] prepare release mitreid-connect-1.0.6
2013-07-29 11:30:04 -04:00
e658ffd7fc
format/cleanup and copyright
2013-07-29 11:28:51 -04:00
d4b544d519
disable token API (for now)
2013-07-29 11:23:07 -04:00
906db0ac86
Opened token api access to all users; restricted to only show currently-logged-in-users tokens
2013-07-29 09:18:08 -04:00
71da5b3d94
clean up some discovery values
2013-07-26 17:07:28 -04:00
c62bed37ff
convert server to use normalizer
2013-07-26 17:07:08 -04:00
93c3e7906f
put in line breaks into the extra long comments in DiscoveryEndpoint.java
2013-07-25 09:25:06 -04:00
20871852c0
updated dependencies for secoauth 1.1
2013-07-24 09:38:47 -04:00
b397f0ae15
First go at adding token API; needs to be tested
2013-07-24 09:14:46 -04:00
88db457fc4
Removed .springBeans from tracking; removed initializingbean in favor of @PostConstruct
2013-07-18 09:34:52 -04:00
dfbf01c9e3
Added .springBeans to gitignore
2013-07-16 15:03:44 -04:00
aad432c5d7
replaced stracktrace-printing with logger messages. removed some unused imports.
2013-07-16 13:52:32 -04:00
f483d41b88
getCustomClaim -> getClaim. Also, removed outdated TODOs.
2013-07-16 13:17:25 -04:00
17a96ca122
removed resolved TODOs. Fixed by the resolution of issue #345 .
2013-07-15 14:54:01 -04:00
0d882faeca
added a TODO and fixed some comment typos.
2013-07-15 14:24:04 -04:00
15aea61fbe
Applied code cleanup
2013-07-12 16:58:41 -04:00
3e23967b46
Updated code to reflect SECOAUTH changes
2013-07-12 16:21:05 -04:00
9a6f345e15
yes, allow default scoping if the client doesn't ask for any.
2013-07-12 15:05:17 -04:00
3d312b7eb5
Deleted PermissionDeniedException class. Unused.
2013-07-12 11:40:11 -04:00
c5743dc810
updated unit tests to reflect new exception-throwing behavior.
2013-07-12 11:36:34 -04:00
ada54c297d
addresses issue #382 . Throw an exception when client tries to upscope.
2013-07-12 11:36:33 -04:00
0d8c2442d2
[maven-release-plugin] prepare for next development iteration
2013-07-12 10:09:41 -04:00
9bf5f70957
[maven-release-plugin] prepare release mitreid-connect-1.0.5
2013-07-12 10:09:38 -04:00
12cb672c6d
Added new file for task config
2013-07-12 09:46:18 -04:00
059c2545c9
Split task configuration out into its own spring file
2013-07-12 09:46:18 -04:00
910839e5d9
fixed typo referring to client id as a client secret in code comments.
2013-07-10 16:53:49 -04:00
2d3f43e3b8
Added task scheduling for deleting expired tokens and approved sites. Configuration is all done in application-context.xml so that it is easy to configure
2013-07-10 14:34:37 -04:00
93a0492e97
made optional parameters optional
2013-07-10 12:50:57 -04:00
a9da88fb79
brought introspection endpoint and introspection token services into compliance with draft, addresses #376
2013-07-10 12:50:57 -04:00
34373d777c
base URL of the server is set by the issuer.
2013-07-08 13:06:52 -04:00
3eddd58ae4
added unit test for checking expiration date of refreshed tokens.
2013-07-05 15:35:23 -04:00
24b24f6fa3
More unit tests for refreshing access tokens--specifically, checking scope processing.
2013-07-05 15:22:45 -04:00
5ffe1a50a2
Added null-handling for Scope values from the auth request. (Without this, a NullPointerException gets thrown with null scope values).
2013-07-05 15:14:56 -04:00
ed2223cae3
unit tests of exceptions cases for refreshing access tokens.
2013-07-05 12:32:45 -04:00
3353b92426
deeper unit tests on access token creation.
2013-07-05 12:03:56 -04:00
936f581a0b
[maven-release-plugin] prepare for next development iteration
2013-06-28 16:00:52 -04:00
27edec1a56
[maven-release-plugin] prepare release mitreid-connect-1.0.4
2013-06-28 16:00:46 -04:00
10f9858870
fixed typo on the about page.
2013-06-28 15:44:08 -04:00
42027e451c
added REQUIRED response types to discovery doc. Also, fixed 2 typos in the list of supported grant types.
2013-06-28 15:31:50 -04:00
2a92185433
added introspection endpoint URL to discovery document.
2013-06-28 15:31:50 -04:00
741946d1ae
updated server discovery code comments.
2013-06-28 15:31:50 -04:00
f27b69d06b
removed Version field from server discovery configuration.
2013-06-28 15:31:50 -04:00
5505b26aac
Form fix for login elements
...
addresses #352
2013-06-28 13:17:58 -04:00
4f9cbb4b3f
added check for null
2013-06-27 09:29:47 -04:00
1528c93acd
TestDefaultSystemScopeService unit tests done.
2013-06-25 16:31:45 -04:00
eca62f2d36
initial commit for TestDefaultSystemScopeService.
2013-06-25 16:31:45 -04:00
d0dc3c79cb
more unit tests for TestDefaultOAuth2ProviderTokenService.
2013-06-25 16:31:45 -04:00
dc51af5b83
removed testing builder inner class from DefaultOAuth2ProviderTokenService. Also, added more unit tests.
2013-06-25 16:31:45 -04:00
5ee7aae5d2
initial commit TestDefaultOAuth2ProviderTokenService.
2013-06-25 16:31:45 -04:00
abc4f01dde
TestDefaultStatsService done.
2013-06-25 16:31:45 -04:00
c212821267
Fixed ChainedTokenGranter setup
2013-06-24 10:14:10 -04:00
530c3a75ee
Applyed refactoring
2013-06-24 09:44:59 -04:00
f0f2fbea40
updated secoauth library version in poms
2013-06-21 14:23:58 -04:00
8b1a538464
Updated msql table definitions
2013-06-20 16:28:09 -04:00
cf3cee5ec2
removed lolcat :(
2013-06-20 11:14:29 -04:00
37dd7e7042
changed demo user accounts for server
2013-06-19 16:08:06 -04:00
2b3376e0ed
[maven-release-plugin] prepare for next development iteration
2013-06-18 16:13:04 -04:00
7fe4bc3b56
[maven-release-plugin] prepare release mitreid-connect-1.0.3
2013-06-18 16:12:59 -04:00
d6f5ca68bf
Added time skew to nonce service test
2013-06-18 15:30:36 -04:00
8935a87c23
TestDefaultWhitelistedSiteService done. Removed constructors from DefaultWhitelistedSiteService.
2013-06-18 15:20:06 -04:00
5fb1ef3aca
Revised test methods for checking for offline_access scope. Previous tests were doing trivial checking.
2013-06-18 15:19:55 -04:00
8851f4d037
TestDefaultOAuth2ClientDetailsEntityService done. Removed constructors from DefaultOAuth2ClientDetailsEntityService.
2013-06-18 15:19:55 -04:00
701217d98c
TestDefaultNonceService done.
2013-06-18 15:19:55 -04:00
4ee904cbfd
removed setter/getter from DefaultUserInfoUserDetailsService and updated test class with Mockito annotations.
2013-06-18 15:19:46 -04:00
5428848627
updated TestDefaultApprovedSiteService to use annotation style Mocking. Allows for removal of injector constructor.
2013-06-18 15:19:46 -04:00
01fcb4828d
removed test constructors for DefaultBlacklistedSiteService.java. Used annotation method of injecting mock objects into testing class (@InjectMocks).
2013-06-18 15:19:33 -04:00
9a3625ae2b
made unit test for checking blacklisted sites. Introduced a new constructor to be able to inject repository for testing.
2013-06-18 15:19:33 -04:00
c577b691c7
moved OIDC auth token and userinfo interception filter to common package, addresses #353
2013-06-12 14:45:03 -04:00
8290d198c2
added passthrough of userinfo for remote OIDC users
2013-06-12 14:22:13 -04:00
aea562f565
moved mockito dependency to core project
2013-06-10 14:11:43 -04:00
6ed7477bc0
added stats to admin UI page, restyled scopes and dynamically registered flags
2013-06-07 18:05:07 -04:00
6ec8b77f81
beans version update (is this a config file? should this even be in here?)
2013-06-07 18:05:07 -04:00
338edcce31
fixed typos in admin.js
2013-06-07 15:41:13 -04:00
9388c664ab
moved reuse refresh token checkbox to its own div/label, addresses #345
2013-06-06 16:42:26 -04:00
567a3314d6
[maven-release-plugin] prepare for next development iteration
2013-06-06 16:05:59 -04:00
1286726188
[maven-release-plugin] prepare release mitreid-connect-1.0.2
2013-06-06 16:05:52 -04:00
dc9d5c667e
cleaned up error log messages
2013-06-06 13:44:50 -04:00
1b601abd6f
Removed previous constructor from DefaultUserInforUserDetailsService.java and put in getter/setter for UserInfoRepository as a replacement.
2013-06-04 16:58:14 -04:00
3f7fe30f5c
Added comments to unit tests
2013-05-31 15:31:54 -04:00
a7f2e605fa
Added two unit tests using the Mockito framework
2013-05-31 15:04:18 -04:00
b0dc5fb4e2
Fix a bug where a client is deleted before details looked up. Also return 204 on success
2013-05-31 14:30:51 -04:00
3c5025c52b
Updated version number for secoauth
2013-05-28 15:38:36 -04:00
76e5ff8053
Finished cleanup, ready to create pull request
2013-05-28 12:43:33 -04:00
c46095b6a3
Warning message for unimplemented UI features
2013-05-22 22:41:35 -07:00
25d75a1b30
[maven-release-plugin] prepare for next development iteration
2013-05-20 17:38:01 -04:00
5418bdef5a
[maven-release-plugin] prepare release mitreid-connect-1.0.1
2013-05-20 17:37:52 -04:00
81cd13f6d3
added RegisteredClient class to facilitate client configuration and dynamic registration, addresses #335
2013-05-20 17:19:28 -04:00
545ddace95
updated registration URI, addresses #321
2013-05-10 11:54:48 -07:00
cc9eea5b3d
updated issuer to more common deployment pattern for simple Tomcat instances, addresses #333
2013-05-10 11:46:16 -07:00
713f0a4d25
Renamed OAuth2Request authorizatoinParameters map to requestParameters
2013-05-03 17:07:04 -04:00
967b3f2953
Cleanup from renaming
2013-05-03 16:15:42 -04:00
1e24b31cc3
Propogating rename of AuthorizationRequest to OAuth2Request
2013-05-03 13:53:57 -04:00
defa5b8fbc
[maven-release-plugin] prepare for next development iteration
2013-05-02 15:01:59 -04:00
Justin Richer