-
Notifications
You must be signed in to change notification settings - Fork 150
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sector_identifier
has to be based on host only. Also optimize redirect_uri's validation based on sector_identifier_uri
#1503
Comments
yuriyz
added a commit
to GluuFederation/oxTrust
that referenced
this issue
Dec 4, 2020
…tibility and sectorIdentifierCacheLifetimeInMinutes configuration properties GluuFederation/oxAuth#1503
yuriyz
added a commit
that referenced
this issue
Dec 16, 2020
…ze redirect_uri's validation based on `sector_identifier_uri` #1503
Done in 4.2.2 and jans. |
yurem
added a commit
that referenced
this issue
Oct 5, 2021
* Revert "Temporary disable tests" This reverts commit a74cca4 * fix: update passport social script to handle provider config state problem #1448 * (4.2.2) Refresh token removing doesn't look up in persistence. #1480 * fix: update jwt date check function in passport scripts #1482 * Merge www pass from master * (4.2.2) 1. session_id should not be included into response if it's not explicitly allowed. 2. ``/end_session` should validate by sid value #1485 * (4.2.2) Corrected validation by sid at /end_session endpoint. #1485 * (4.2.2) Set session reference into identity object independently from invalidateSessionCookiesAfterAuthorizationFlow flag. #1486 * (4.2.2) Added cache support for discovery page (`.well-known/openid-configuration`). #1487 * (4.2.2) Return sid from authorization endpoint. #1485 * Update dependencies * Corrected authorization code clean up at token endpoint. * Corrected bug for refreshing token based on requested offline_access scope #1492 * Fixed NPE #1492 * (4.2.2) JWKS : Added key selection strategy. Supported strategies are : OLDER, NEWER, FIRST. #1494 * Avoid NPE due to clientRegDefaultToCodeFlowWithRefresh conf property * Fixed client and tests related to switching /end_session to sid. #1485 * (4.2.2) Added client's custom attributes to response if present in dynamicRegistrationCustomAttributes configuration property. #1488 * (4.2.2) Print only sessionId at INFO log level. * Fix ACR change when used alias * Fix ACR change when used alias * (4.2.2) Added nested JWT support into JWE #949 * (4.2.2) Corrected CrossEncryptionTest #949 * (4.2.2) Return sub value for ROPC based on `openidSubAttribute`. #1491 * (4.2.2) Added a new claim to the id_token: `"grant": <value>". #1497 * (4.2.2) Added required method to UnmodifiableAuthorizationGrant #1497 * (4.2.2) More logs in trace - added keySelectionStrategy #1494 * Adjust endpoint response according to compatibility flag #1499 * Allow bean to parse both string/list scopes formats #1499 * (4.2.2) Client's Pre-authorization flag takes higher priority. If it's true then we will ignore spec's "consent MUST" for offline access. #1496 * Fix javadoc param * casa's DUO plugin related files * Casa's DUO plugin * BioID interception script and CASA integration * Avoid NPE when there is no grant #1499 * bioid image * (4.2.2) BUG : PostAuthentication script calls re-authentication instead of re-authorization. #1504 * (4.2.2) Fixed bug - 500 server error when we request for an authorization token concurrenly #1481 * (4.2.2) Checked also grant scopes for offline_access scope. #1492 * Added more trace logs during key selection. * (4.2.2) id_token is missed during 2 concurrent calls for ROPC #1493 * #1506 - Modify the `claims-gathering` script so that it first tries to read claims from PCT before directing to the page to enter claims. * Don't stop on unsuccessfull BC installation * (4.2.2) NPE during backchannel logout if grant object was not identified #1505 * BioID script * Fix PasswordValidator faces validator dependend beans injection after JSF update to 2.3.x #1508 * Fix PasswordValidator faces validator dependend beans injection after JSF update to 2.3.x #1508 * (4.2.2) Introduced revoke interception script #1502 * (4.2.2) `sector_identifier` has to be based on host only. Also optimize redirect_uri's validation based on `sector_identifier_uri` #1503 * #1056 Modify the `claims-gathering` script so that it first tries to read claims from PCT before directing to the page to enter claims. * Fix compilation after BC upgrade * Version 4.2.2.Final * Temporary disable client side tests * Revert "Temporary disable client side tests" This reverts commit 1e3b7bb. * Version 4.2.3-SNAPSHOT * Temporary disable client side tests * Revert "Temporary disable client side tests" This reverts commit 2f59e2a. * Minor code improvements for IntrospectionWebService * (4.2.3) Added Stat and StatEntry entities. * (4.2.3) Added Stat and StatEntry entities. #1512 * Add XML signature test * (4.2.3) Added net.agkn.hll to pom #1512 * (4.2.3) Added "stat" base dn to config #1512 * (4.2.3) Added stat event and stat related configurations. #1512 * (4.2.3) Implemented StatService. #1512 * (4.2.3) Added stat timer. #1512 * (4.2.3) Added stat response item. #1512 * More logs * Reduced intervals of timers for test purpose. * (4.2.3) Report about token creation to stat service. #1512 * (4.2.3) Stat timer initialization. #1512 * Revert "Reduced intervals of timers for test purpose." This reverts commit ccaf020 * (4.2.3) added more logs #1512 * #1518 * (4.2.3) Fixed initialization of stat service #1512 * (4.2.3) Prevent NPE if stat service is not correctly initialized. #1512 * (4.2.3) Added reporting of active user to SessionIdService. #1512 * (4.2.3) Added stat response. #1512 * (4.2.3) Report for active user when authenticated session is created. #1512 * (4.2.3) Wrapped reporting active user into separate method. #1512 * (4.2.3) Added report for RPT token. #1512 * (4.2.3) Adding stat web service. #1512 * (4.2.3) Added month validation and run validation methods to StatWS. #1512 * (4.2.3) Added authorization validation and cardinality union for MAU (StatWS). #1512 * (4.2.3) Added aggregation for MAU and tokens per grant type (StatWS). #1512 * (4.2.3) Added aggregation of StatResponseItem (StatWS). #1512 * (4.2.3) Constructed stat response and prefixed endpoint with /internal/stat (StatWS) #1512 * Version 4.2.3.Final * Temporary disable client side tests * (4.2.3) Corrected client authentication for StatWS #1512 * (4.2.3) Corrected client authentication for StatWS #1512 * (4.2.3) Added Stat client service and client test. #1512 * (4.2.3) `SectorIdentifierService` must be consistent with PairwiseIdentifierService and use host of sectorIdentifierUri (not entire uri). #1520 * Revert "Temporary disable client side tests" This reverts commit 8138ae8 * (4.2.3) added basic and post client authentication for stat #1512 * Version 4.3.0.Final * Temporary disable client side tests * Revert "Temporary disable client side tests" This reverts commit 23aa6bc. * (4.3) Avoid NPE in User Info Endpoint (caused by scope removing) #1517 * A sample script to explain redirection to a third party app and back to Gluu server * typo * New interceptions script to modify id_token #1523 * Add license * (4.3) Added ability to persist attributes into token object. Removed refresh token object after access_token and id_token are created. #1526 * (4.3) Removed statNodeId from configuration. #1512 * (4.3) Stat: Use mac address as nodeId. #1512 * (4.3) Added @Expiration annotation to AbstractToken (to cover all derived classes) #1528 * (4.3) Re-set ttl of objects on update. #1528 * (4.3) Re-set ttl of UMA Resource on update. #1528 * (4.3) Added keyAlgsAllowedForGeneration configuration property. #1525 * (4.3) Restricted keys generation by keyAlgsAllowedForGeneration configuration property. #1525 * feat(casa): allow preferred method to be prompted GluuFederation/casa#87 * Check if signatire verification method returns true * Backport: Add system flag config to enable/disable CIBA #1404 * Backport: Add system flag config to enable/disable CIBA #1404 * fix(4.3): mau report must not effect authentication #1512 * fix: failed to create Ldap connection pool with encoded password. #1531 * fix(forgot_password): update script compatibility (#1535) * fix(forgot.xhtml): remove broken syntax There was an additional `<` char on the file fix #1534 * fix(forgot_password): import and send correct args ConfigurationService should be imported from `service.common` and `init` should be called with additional arg `customScript` fix #1534 * feat(forgot_password): add important info to log fix #1534 * refactor(4.3): added logs about id_token creation https://github.com/JanssenProject/jans-auth-server/issues/102 * refactor(4.3): added trace logs about refresh_token creation https://github.com/JanssenProject/jans-auth-server/issues/102 * refactor(4.3): added trace logs about access_token creation https://github.com/JanssenProject/jans-auth-server/issues/102 * feat(4.3): added simpleclient_common dependency #1321 * fix(4.3): switched hll serialization to base64 from plain string #1538 * chore: added more log messages about stat node id creation * feat: move ORM to oxOrm * fix: fix dependecies * feat: add SQL/Spanner ORM libs * feat(4.3): constants for stat service #1321 * fix: fix configuration path * feat: merge ORM from Jans * feat: merge ORM from Jans * feat: update to conform new API * feat: update to conform new API * fix(4.3): don't create monthly branch if db does not support tree structure #1543 * fix(4.3): don't create monthly branch if db does not support tree structure #1543 * fix: merge cleaner fixes from Jans * fix: remove deprecated attributes * fix: remove unused attribute * feat(4.3) : added openmetrics response support to StatWS #1512 #1321 * fix: use right UmaResource class in cleaner job * fix: missing oxAuth dynamic configuration after save oxTrust #2067 * fix: missing oxAuth dynamic configuration after save oxTrust #2067 * fix: removed cleanServiceBaseDns configuration property used during development GluuFederation/oxTrust#2067 * feat: clean only oxAuth metrics * feat: avoid potential NPE * feat: add new ORM dependecies * fix(4.3): openmetrics reponse construction #1544 * fix(4.3): openmetrics response construction #1544 * fix(4.3): changed label name #1544 * fix(4.3): fixed npe in stat ws #1544 * fix(4.3): made access to hll thread-safe #1544 * fix(4.3): corrected stat labels #1544 * feat: don't use lower case in authenticate if DB is Spanner * feat: don't use lower case in use search if DB is Spanner * fix(4.3): don't add branch if db does not support branches * fix(4.3): don't add branch for rpt service if db does not support branches * feat (4.3): added new introspectionSkipAuthorization conf property https://github.com/JanssenProject/jans-auth-server/issues/105 * fix(4.3): removed redundant amr attribute reference. * feat(4.3): made mtls service ignore order during subject matching https://github.com/JanssenProject/jans-auth-server/issues/116 * feat(4.3): corrected typo https://github.com/JanssenProject/jans-auth-server/issues/117 * feat: Add sample passwordless authentication flow * DCR response should return 201 : indicates success + record persisted * Revert "DCR response should return 201 : indicates success + record persisted" This reverts commit 7ccdd40. * feat(4.3): added ability to skip authorization for introspection endpoint https://github.com/JanssenProject/jans-auth-server/issues/105 * feat: use right OC to execute authentication filter. Jans ORM #1 * fix: merge inum PCT generation code from Jans * feat: update server test profiles * feat: add missing SQL/Spanner conf files * feat: fix typo in names * feat: update default server profile * feat: update server test profiles * feat: sync with setup * fix: use right client keystores * feat: update server test profiles * feat: merge from Jans * feat: merge code from Jans * fix(4.3): corrected logging of consent gathering session service * fix(4.3): corrected logging of consent gathering session service * fix: use ldap sdk version which defined in ORM * feat: Support for platform authenticators as FIDO2 devices (touch ID in Apple devices) * feat: update libs * Fix: register prometheus counters once for giver registrar #1553 * feat: update libs * feat(4.3): forced stat scope for statistic endpoint #1554 * fix(4.3): ignore corrupted data during stat aggregation #1555 * feat(4.3): added statAuthorizationScope configuration property and enforced it #1554 * feat(4.3): removed oxauth-rp, rp-demo and rp-sprint-boot modules #1545 * ci: added updatePolicy: always to repo * fix(4.3): do not return session_id if sessionIdRequestParameterEnabled is false https://github.com/JanssenProject/jans-auth-server/issues/149 * feat: add pingid integration * chore: add README for casa script * chore: make README point to prod docs * feat: touch id as a fido2 device * docs: typo * fix: image not needed * fix: properly url decode query parameters in QueryStringDecoder * feat: added overload for url decode method in QueryStringDecoder * feat: update jquery * feat: add trace logging to dump redirect URI * feat(4.3): added organization to client * feat: Integrating Impossible travel feature by Deduce Insights in Passwordless Authentication flow. #1563 * fix: update to conform new ORM * fix: #1563 - moved code to seperate folder + implemented account lock on impossible travel detection * fix: fix oxEnrollmentCode custom attribute removal * feat : Interception script to integrate 2FA mechanism by Stytch with the Gluu Server #1564 * feat: casa plugin for Stytch Creds as a 2FA method * Version 4.3.0.Final * feat: temporary disable tests * Revert "feat: temporary disable tests" This reverts commit e6dcfda. * feat: force to use recent joda-time * fix(4.3): fixed persistence of session on acr changed detection #1552 * fix(4.3): removed filtering of stat endpoint Authorization is checked inside WS. * fix(4.3): added SSA and additional access token validation during client update #1567 * feat: added more logs to add user method * fix: consent Gathering Script is not working in 4.3.0 version. #1549 * fix: consent Gathering Script is not working in 4.3.0 version. #1549 * fix: consent Gathering Script is not working in 4.3.0 version. #1549 * fix(4.3): removed client_credentials token validation #1567 * Merge with 4.3.0 * Merge with 4.3.0 * Merge with 4.3.0 Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: kdhttps <kdhttps@gmail.com> Co-authored-by: Christian <59786962+christian-hawk@users.noreply.github.com> Co-authored-by: Jose <bonustrack310@gmail.com> Co-authored-by: Madhumita <madhu@gluu.org> Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Djeumen Rolain <uprightech@gmail.com>
yurem
added a commit
to GluuFederation/oxTrust
that referenced
this issue
Oct 5, 2021
* Version 4.2.0.Final * Version 4.2.1.Final * Remove unencrypted redis password from database * reset password when Secret question and Secret Answer are active. #2001 * Not able to delete claims redirect uri for any client #2002 * Use same resource messages varible name in oxAuth and oxTrust * Remove temporary file * Add .metadata to ingore list * Fix i18n messages issue * Remove old dependencies * Fix Some UI issues * Add health-check controller to oxtrust-server * buttons in json configuration ? #2003 * Device authz grant type supported and configuration manage. GluuFederation/oxAuth#141 * Remove old dependency * Store issued tokens count metrics #1436 * Use libs versions defined in bom file * Changes in this commit: * Re-introduced oxtrust-api into oxTrust * oxtrust : added dynamicRegistrationAllowedPasswordGrantScopes to oxauth conf GluuFederation/oxAuth#1130 * oxtrust : added description for dynamicRegistrationAllowedPasswordGrantScopes GluuFederation/oxAuth#1130 (cherry picked from commit 1e71ea5) * Change javax.faces with jakarta.faces * Injection: Cross-Site Scripting #2012 * Injection: Cross-Site Scripting #2012 * oxtrust : added new software statement related configuration properties to UI. GluuFederation/oxAuth#1444 (cherry picked from commit d32feac) * oxtrust : corrected software statement related configuration properties on UI. GluuFederation/oxAuth#1444 (cherry picked from commit d32feac) * Fix autocomplete issues, update bootsfaces to latest * Initiate user logout upon successfull password reset * add spacer * Fix security question field on forgot password reset form * Change label / values for Scope visibility #2015 * (4.2.1) oxtrust : added description of refreshTokenExtendLifetimeOnRotation configuration property GluuFederation/oxAuth#1449 (cherry picked from commit bf86387) * Visual issues on OIDC client advanced settings page #2018 * U2F enrollments not shown in User's Authentication Methods panel #2017 * Fix issues after Richfaces version changed * Fix popup issue after richfaces upgrade * UI fixes * Password reset functionality is not working when security Question and security answer is entered. #2019 * Password reset functionality is not working when security Question and security answer is entered. #2019 * oxtrust : forbid fragment in redirect_uri #2020 * JAXB-API implementation error #2005 * Convert trust contact from xml to json * Forgot password functionality not working with captcha #2022 * fixed scopes inventory * Disable browser's autocomplete for password fields * gluu-release-attributes-post-processor * CR copy binary attributes to local LDAP as base64 string #2025 * Remove CustomScriptService * Remove CustomScriptService * Use CustomScriptManager instead of ScriptService * Fix compilation issue * Use CustomScriptService * Add U2F checkU2fAttestations option * Fix search person by uid in person add action * Fix search user by e-mail and uniqueness check * Add checkU2fAttestations Fido2 property * Fix search user by uid when uid is case sensetive * Fix search person by uid in person add action * Revert "Fix search person by uid in person add action" This reverts commit c964095. * Fix search person by uid in person add action * Version 4.2.1.Final * Saml Configured relay party : assertionlifetime value box is so small its value cannot be read . #2026 * Use latest 5.4.x hibernate validator * Improve health check * 503-fix * Error Viewing InCommon Metadata #2029 * unverified-rp fix * double nameid fix * Re-try to download UMA metadata * Add ability to specify oxauth address instead of calling FQDN #2032 * Branch for 4.2.2 * Version 4.2.2-SNAPSHOT * oxTrust should use acr level to check acr instead of acr_name #2033 * oxTrust should use acr level to check acr instead of acr_name #2033 * Fix possibles memory leak * Remove static fields usage to improve memory usage * Move some noisy log lines to debug/trace * Prevent registration of the attribute with the same name #2040 * Prevent registration of the attribute with the same name #2040 * 7 day statistics on home screen has strange behavior * (4.2.2) oxtrust : added discoveryCacheLifetimeInMinutes to GUI GluuFederation/oxAuth#1487 (cherry picked from commit f415f14) * On oxtrust passport provider, the automatically generated callback url is invalid when using containers #2041 * Fix compilation error * Fix missing parent metric branch bug * Fix missing parent metric branch bug * (4.2.2) oxtrust : added keySelectionStrategy to GUI GluuFederation/oxAuth#1494 * (4.2.2) oxtrust : set format=select GluuFederation/oxAuth#1494 * Add flag field, see GluuFederation/oxAuth#1499 * Fix compilation issue * Remove sector_identifier_uri menu with dialogs and provide ability #2044 * Remove sector_identifier_uri menu with dialogs and provide ability to enter it as text with automatic population of redirect_uris #2044 * Passport Config: field mapping dropdown #2027 * Passport Config: field mapping dropdown #2027 * Passport Config: field mapping dropdown #2027 * (4.2.2) oxtrust : added subjectIdentifierBasedOnWholeUriBackwardCompatibility and sectorIdentifierCacheLifetimeInMinutes configuration properties GluuFederation/oxAuth#1503 * (4.2.2) oxtrust : added REVOKE_TOKEN custom script type GluuFederation/oxAuth#1502 * Don't stop on unsuccessfull BC installation * Use oxAuth configuration to check if application should render login graph on home page #2045 * Fix method to update log level oxAuth #204 * Fix OIDC error * Passport Config: field mapping dropdown #2027 * Missing information on server status view #2047 * The request is missing a required parameter error obtained in flow 3 #2046 * Version 4.2.2.Final * Use MetricService to prepare base branches * 4.2.2-SNAPSHOT -> 4.2.2.Final * Version 4.2.3-SNAPSHOT * Fix OIDC error * Passport Config: field mapping dropdown #2027 * The request is missing a required parameter error obtained in flow 3 #2046 * (4.2.3) oxtrust : Added stat related configurations to UI. GluuFederation/oxAuth#1512 * Remove swagger file from oxTrust repo * Remove swagger file from oxTrust repo * Version 4.2.3.Final * Version 4.3.0.Final * Use documentStoreService instead of local file system to load metadata file * New interceptions script to modify id_token oxAuth #1523 * oxtrust: added keyAlgsAllowedForGeneration configuration property. GluuFederation/oxAuth#1525 * Backport: Added cibaEnabled flag in the configuration. GluuFederation/oxAuth#1404 * Add defaults passport strategies * feat(oxtrust): design configuration for openid-client new passport provider strategy #2052 * feat(oxtrust): design configuration for openid-client new passport provider strategy #2052 * fix(oxtrust): remove sector identifier pages from the code #2057 * fix(oxtrust): support custom app schema and appschema #2057 * fix(oxtrust): add pagination for search feature against a big enough userbase #2061 * fix(oxtrust): add pagination for search feature against a big enough userbase #2061 * fix(oxtrust): add pagination for search feature against a big enough userbase #2061 * fix(oxtrust): add pagination for search feature against a big enough userbase #2061 * fix(oxtrust): add pagination for search feature against a big enough userbase #2061 * feat: move ORM to oxOrm * feat: update to conform latest ORM * feat: update to conform ORM * feat: update to conform ORM * feat: update to conform ORM * fix: update to conform new API * fix: update to conform new API * fix: compilation fixes * feat: add SQL/Spanner support * feat: update models * fix: cache Refresh: Don't print ldap password in log #2055 * feat: merge ORM from Jans * feat: merge ORM from Jans * feat: update to conform new API * fix: fix search when DB is table based * fix: remove deprecated attributes * fix: remove unused attribute * feat: sync gluuOxtrustStat with bean * fix: missing oxAuth dynamic configuration after save #2067 * fix: update cleaner job to use more effective RDBS methods #2066 * fix: missing oxAuth dynamic configuration after save #2067 * fix: don't update GluuConfiguration bean attributes in get method #2065 * feat: add new ORM dependecies * fix: remove userPassword from client * fix: remove userPassword from client * fix: don't attempt ot create branches * feat: don't use lower case in authenticate if DB is Spanner * feat(oxtrust): setting custom acr-value for idp-initiated flow #2051 * feat(oxtrust): enable custom validation checked by default (incorrectly) #2070 * feat(oxtrust): fido device service log for new registered user with scim should be in warn log #2068 * feat(oxtrust): Rremove 'generate sp metadata' feature #2043 * feat(oxtrust): add person form nrashes with new objectclass #2069 * Fix(oxTrust): saml nameid configuration is not working in cloud edition #2073 * Fix(oxTrust): saml nameid configuration is not working in cloud edition #2073 * feat: show JCA document store password properly * feat: show JCA document store password properly * Fix(oxTrust): saml nameid configuration is not working in cloud edition #2073 * Fix(oxTrust): first uma rpt token after starting up #2060 * Fix(oxTrust): saml nameid configuration is not working in cloud edition #2073 * fix(oxtrust): saml nameid configuration is not working in cloud edition #2073 * fix(oxtrust): saml nameid configuration is not working in cloud edition #2073 * fix(oxtrust): fill correct provider options as per type in passport provider configuration #2074 * fix(oxtrust): email attribute validation Not working on view profile section. #2054 * feat(admin-ui): add option to show only enables or disabled scripts * chore: remove joda lib usage * feat(oxtrust): update morris.js library to latest #2078 * feat(oxtrust): update morris.js library to latest #2078 * fix: include postAuthenticationFlows for relying-party shibboleth config * feat(oxtrust): fill correct provider options as per type in passport provider configuration #2074 * feat(oxtrust): adding extra libraries created wrong classpath in oxauth.xml #2077 * feat(oxtrust): adding extra libraries created wrong classpath in oxauth.xml #2077 * feat(oxtrust): cache refresh not working on 4.3.0 version. #2072 * fix(oxTrust): oops error on clicking Other custom Scripts #2081 * feat: update libs * feat(oxtrust): password reset success completion redirection #2082 * fix: add shibboleth transcoding rules generation Added code to generate Shibboleth 4 style transcoding rules which are useful in the resolution of issue #74 in oxShibboleth * fix: minor code style fixes and SAML1 references removal * fix: remove SAML1 reference from gluu-attribute-rules.xml.vm * fix(oxtrust): fix active scripts checkbox label * feat: adjust json-config UI form as per GluuFederation/scim#20 * feat: remove test mode property usage GluuFederation/scim#20 * feat: add OAuth protection mechanism for scim GluuFederation/scim#20 * feat: add OAuth protection mechanism for scim pt 2. GluuFederation/scim#20 * feat: remove extra logging statements GluuFederation/scim#20 * feat: fix commit 0ff85f7 GluuFederation/scim#20 * feat(oxtrust): enhance usability of scopes picker in client edition form #2085 * feat(oxtrust): updating client id in passport IDP-initiated flow config throws Oops error. #2084 * feat: added http request extraction for shibboleth * fix: malformed gluu-attribute-rules.xml.vm * fix: relying-party template generated incorrect config data for shibboleth * feat: adjust json-config UI form as per GluuFederation/scim#22 * feat: use URL Connection client executor when proxy is required * fix: "Organization Configuration" throwing error #2075 * feat: use new method to lookup manger group * feat: register new method in gluufn library * fix: fix NPE when version is not exists * fix: create connection provider before checking it's status * fix: update to conform new ORM * fix: fix AD server configuration * (oxTrust) fix oops error when the sector identifier uri is not valid or the content is not valid * chore: refactor REST services protection logic Related GluuFederation/scim#26 * feat: add no-protection mode GluuFederation/scim#26 * feat: store acr in user profile to allow use it in IDP * Version 4.3.0.Final * fix: use Final binaries * fix: don't fail on javadoc * fix(oxtrust): identity throws oops error on providing invalid sector uri which is not friendly, returning “oops” is a bug, and must be escalated. #2091 * feat: shorten sentence GluuFederation/scim#26 Co-authored-by: Gasmyr <thomas@gluu.org> Co-authored-by: Milton BO <jmcm578@gmail.com> Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: Dzouato Djeumen Rolain Bonaventure <uprightech@gmail.com> Co-authored-by: Harjinder Dhanjal <malotian@gmail.com> Co-authored-by: Jose <bonustrack310@gmail.com> Co-authored-by: gasmyr <gasmyrmougang@yahoo.fr>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the issue
Correct the generation of algorithmic subject identifiers to only use the host portion of the
sector_identifier_uri
. Add a configuration setting to keep the old behavior (based on whole uri).Validate the list of
redirect_uris
against the JSON file hosted at thesector_identifier_uri
during client registration AND update. This is probably another behavior for which one or more configuration settings should be added.Support: 9141
The text was updated successfully, but these errors were encountered: