dfc8df42f5
moved server configuration injection to pre-request
2015-06-01 19:09:42 -04:00
79317d5b70
JWK Set by value added to admin UI, addresses #826
2015-06-01 15:35:21 -04:00
e43600494a
minor automated code cleanup
2015-06-01 15:35:20 -04:00
642942b5cf
Generalized client key handling into a single cache service
2015-06-01 15:35:20 -04:00
032d41e5ed
added JWKs-by-value support to client data model and API, closes #826
2015-06-01 15:35:20 -04:00
8d3a8471aa
updated refresh token to use converter instead of dummy field
2015-05-29 12:58:00 -04:00
9662f3e8b3
switched access token to using converter instead of dummy field
2015-05-29 12:40:50 -04:00
9ba1a78d09
removed binary objects from data API importers, removed binary object JSON utility entirely
2015-05-27 19:33:05 -04:00
c974267cde
return prompt=none error to client, closes #667
2015-05-27 12:11:41 -04:00
cbf6316050
cleaned up logic on user info interceptor to fix detection of redirects
2015-05-27 12:06:58 -04:00
fe6d2f8a6e
updated and expanded unit tests to account for new data layer
2015-05-26 22:00:21 -04:00
d5a08d4996
cleaned up vestigial service component, to be fixed (maybe) in #825
2015-05-26 22:00:21 -04:00
d9e03b769b
fixed auth holder reference handling, import/export works now
2015-05-26 22:00:21 -04:00
3d1aee77b4
updated 1.2 import to reflect new objects
2015-05-26 22:00:21 -04:00
441b19f0c5
fixed data export to comply with new auth holder
2015-05-26 22:00:21 -04:00
a7905c9f82
only save strings in the Extensions map
2015-05-26 22:00:20 -04:00
cb8abca0f6
removed embedded JOSE classes in favor of converters
2015-05-22 13:04:21 -04:00
6be2b4f65e
added ES* and PS* support for signed objects
2015-05-22 13:04:21 -04:00
04dc037f9e
fixed unit tests to account for refresh token rotation
2015-05-14 11:17:10 -04:00
aeed2fa003
issue new refresh tokens for clients who are configured for it, closes #408
2015-05-13 18:01:49 -04:00
31d5e3ad0e
echo back requested scopes in error thrown by validator, closes #708
2015-05-13 16:55:28 -04:00
52b1bda8d8
version match and cleanup
2015-05-12 21:00:44 -04:00
24a464e142
put in a dummy resource set service so that introspection can pass through
2015-05-12 20:30:05 -04:00
a2edb31753
moved UMA server to its own module
2015-05-12 15:59:03 -04:00
7188a06488
added deletion functionality to UI
2015-05-12 11:16:51 -04:00
43a432eb9a
removed extraneous TODO
2015-05-12 10:31:22 -04:00
ed7799b54a
make RPTs optionally expire, closes #794
2015-05-11 19:00:26 -04:00
e0cdeb3571
inject uma token service
2015-05-11 18:20:57 -04:00
fc64dcc9b9
discovery endpoint cleanup
2015-05-11 15:34:50 -04:00
f4f08d9449
RPT endpoint cleanup
2015-05-11 15:28:09 -04:00
1f083c7acb
extracted RPT generation component to new token service class, closes #797
2015-05-11 15:20:26 -04:00
0ea06f01b8
moved claims processor to the right package
2015-05-11 15:07:56 -04:00
53d4f15923
shuffle authz endpoint
2015-05-11 14:56:55 -04:00
7951ff5086
separated claims processing out into its own service, closes #796
2015-05-11 14:44:21 -04:00
8d5c7d6226
fixed some rogue documentation
2015-05-11 13:03:17 -04:00
afad3a720b
Merge branch 'master' into uma
...
* master:
added strict URI matching option to redirect resolver (off by default)
2015-05-11 12:33:05 -04:00
e155cdc282
added strict URI matching option to redirect resolver (off by default)
2015-05-09 16:37:11 -04:00
06f7dc984d
switched to view constants
2015-04-12 21:20:10 -05:00
d6dfa89533
check client information on delete of resource set
2015-04-12 21:15:03 -05:00
7273b0a5b7
fixed discovery endpoint information, closes #805
2015-04-12 17:00:46 -05:00
eb49d9624c
inject claims from OIDC auth token into permission ticket
2015-03-31 18:21:34 -04:00
98cd5ba27d
added save to permission ticket system
2015-03-31 18:21:14 -04:00
08413302eb
configured OIDC client on claims collection endpoint
2015-03-31 15:35:20 -04:00
f48049be4d
deny tickets with no claims required (closes a race condition)
2015-03-31 10:26:06 -04:00
dc10779abb
removed extraneous issuer in discovery endpoint, closes #793
2015-03-31 10:10:14 -04:00
a38a0b6f75
removed extraneous bob
2015-03-30 18:19:13 -04:00
6e095e3266
can now add and remove email address claims from the UI
2015-03-30 17:54:16 -04:00
687517d7f4
Merge branch 'master' into claims-editing-ui
2015-03-30 12:21:59 -04:00
d015d17fad
search for local users first (by email), then check remote users
2015-03-30 12:20:19 -04:00
348ff7ee17
made webfinger endpoint search by email address, then by username
2015-03-30 12:18:50 -04:00
5aa5cc1a10
added search by email to user info data stack
2015-03-30 12:18:50 -04:00
e89d8cd985
added webfinger lookup helper service
2015-03-30 11:49:49 -04:00
394785b9c4
don't give resource sets default client scopes
2015-03-30 09:57:10 -04:00
7af19dbd61
added copyright text
2015-03-30 08:44:51 -04:00
3e931c68b4
added policy editing overview page
2015-03-20 17:27:10 -04:00
5698393d31
created claims API
2015-03-19 16:44:34 -04:00
bde03411f1
Merge branch 'master' into uma
2015-03-18 21:42:26 -04:00
006a4d1ec6
fixed import function of 1.2 data service
2015-03-18 21:42:18 -04:00
6f149cba69
Merge branch 'master' into uma
2015-03-18 20:10:19 -04:00
30e894a64a
put 'kid' into JWS header, closes #784
2015-03-18 20:09:06 -04:00
866186f611
pointed data API at the correct service version
2015-03-18 19:54:42 -04:00
6daeeefb33
augmented introspection unit tests with one for new permissions mode
2015-03-18 08:45:05 -04:00
9f913244a0
fixed unit tests for introspection results
2015-03-18 08:00:18 -04:00
7df31f1e87
completed rudimentary UMA authorization API.
...
Working: resource set registration, permission ticket creation, RPT creation from ticket
Still missing: adding required claims to resource set, adding provided claims to permission ticket
2015-03-17 22:26:12 -04:00
1be9da52c6
separated ticket object from permission object to facilitate re-use of permission object with tokens
2015-03-17 21:16:29 -04:00
f123366069
added scope filtering to protection api
2015-03-17 19:43:02 -04:00
ff958e20b6
basic authorization support
2015-03-17 19:21:20 -04:00
098519da5e
added OAuth2 error reporting to permission and resource set endpoints
2015-03-17 19:01:44 -04:00
2aadb09f49
started claims service, added expiration to permissions
2015-03-16 22:52:21 -04:00
c234f78dbd
Merge branch 'master' into authorization-api
2015-03-13 19:08:14 -04:00
5873b336f2
fixed erroneous import
2015-03-13 19:07:27 -04:00
8352145d82
Merge branch 'master' into authorization-api
...
Conflicts:
openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java
openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java
2015-03-13 18:39:26 -04:00
ba51df0c37
consolidated client credential filter beans
...
(note: imports magic from secoauth)
2015-03-13 18:30:09 -04:00
4f12fab56b
made unused auth codes expired (they're still single-use), refactored auth code service layer
2015-03-13 13:45:49 -04:00
2abcd96bbe
set fallback locale to English, ultimate fall through is to return the code string itself
2015-03-12 17:28:27 -04:00
285ad71874
made input reader use UTF8, imported the first set of Swedish text to the JSON format
2015-03-12 17:07:08 -04:00
80605becf1
rudimentary json-based message source
2015-03-12 15:26:23 -04:00
e1fb8272cc
redirect error on prompt=none, addresses #667
2015-03-12 09:26:38 -04:00
ad9b49733f
externalized queries for scopes, blacklists, user info, pairwise identifiers, and whitelists, closes #771 even harder
2015-03-11 16:13:28 -04:00
15b97b1dcb
Externalized strings for named queries on auth holders, auth codes, clients, and tokens, closes #771
2015-03-11 15:51:51 -04:00
61a596dc15
externalized strings from user info views
2015-03-11 14:00:14 -04:00
86e95d9e6e
externalized json entity and error parameters, closes #770
2015-03-11 13:52:32 -04:00
e56161e223
extracted http "code" view parameter
2015-03-11 13:39:07 -04:00
1735dbca11
extracted controller URLs to constants, closes #769
2015-03-11 13:20:59 -04:00
617d485478
updated all references to media types to use constants instead of literals, closes #767
2015-03-11 12:06:38 -04:00
c777ebfac9
added universal OAuth exception handling
2015-03-11 11:41:28 -04:00
76b7324d88
fixed execution order of introspection endpoint
2015-03-10 18:29:48 -04:00
8c8f912880
fixed endpoint processing to account for client id
2015-03-10 15:37:07 -04:00
ee522100b9
Merge branch 'master' into uma-introspection
...
* master:
fixed logger variable name
made logger declarations consistent across project, closes #780
Fixed logger
null safe
removed DateUtil
added icons to scope editing panel
2015-03-10 15:03:26 -04:00
5d35f2c1a6
toned down errors on introspection endpoint
2015-03-10 14:58:22 -04:00
65d7b00f4d
added uma-processing of scopes to introspection results
2015-03-10 12:38:37 -04:00
627bcaee43
added client_id to resource sets
2015-03-10 12:38:13 -04:00
e5e4c15058
removed introspection authorizer hook
2015-03-10 11:12:37 -04:00
2a6a17486a
added initial uma discovery endpoint
2015-03-09 16:15:30 -04:00
621399545e
cleaned up introspection endpoint processing
2015-03-09 16:15:09 -04:00
764df71758
refactored introspection to allow for UMA style token access
2015-03-09 12:43:05 -04:00
1da5c2cd84
fixed imports
2015-03-09 11:51:41 -04:00
c7f6811961
refactored scope enforcement utilities to a separate authentication class
2015-03-09 11:51:24 -04:00
48b857eb85
fixed logger variable name
2015-03-09 07:37:09 -04:00
c09b63c69f
made logger declarations consistent across project, closes #780
2015-03-08 21:56:33 -04:00
Justin Richer