Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

sector_identifier has to be based on host only. Also optimize redirect_uri's validation based on sector_identifier_uri #1503

Closed
yuriyz opened this issue Nov 27, 2020 · 1 comment
Assignees
Labels
enhancement libs update, re-factroring, etc.
Milestone

Comments

@yuriyz
Copy link
Contributor

yuriyz commented Nov 27, 2020

Describe the issue

  1. Correct the generation of algorithmic subject identifiers to only use the host portion of the sector_identifier_uri. Add a configuration setting to keep the old behavior (based on whole uri).

  2. Validate the list of redirect_uris against the JSON file hosted at the sector_identifier_uri during client registration AND update. This is probably another behavior for which one or more configuration settings should be added.

Support: 9141

@yuriyz yuriyz added the enhancement libs update, re-factroring, etc. label Nov 27, 2020
@yuriyz yuriyz added this to the 4.2.2 milestone Nov 27, 2020
@yuriyz yuriyz self-assigned this Nov 27, 2020
yuriyz added a commit to GluuFederation/oxTrust that referenced this issue Dec 4, 2020
…tibility and sectorIdentifierCacheLifetimeInMinutes configuration properties

GluuFederation/oxAuth#1503
yuriyz added a commit that referenced this issue Dec 16, 2020
…ze redirect_uri's validation based on `sector_identifier_uri`

#1503
@yuriyz
Copy link
Contributor Author

yuriyz commented Dec 21, 2020

Done in 4.2.2 and jans.

@yuriyz yuriyz closed this as completed Dec 21, 2020
yurem added a commit that referenced this issue Oct 5, 2021
* Revert "Temporary disable tests"

This reverts commit a74cca4

* fix: update passport social script to handle provider config state problem #1448

* (4.2.2) Refresh token removing doesn't look up in persistence.

#1480

* fix: update jwt date check function in passport scripts #1482

* Merge www pass from master

* (4.2.2) 1. session_id should not be included into response if it's not explicitly allowed.
 2. ``/end_session` should validate by sid value

#1485

* (4.2.2) Corrected validation by sid at /end_session endpoint.

#1485

* (4.2.2) Set session reference into identity object independently from invalidateSessionCookiesAfterAuthorizationFlow flag.

#1486

* (4.2.2) Added cache support for discovery page (`.well-known/openid-configuration`).

#1487

* (4.2.2) Return sid from authorization endpoint.

#1485

* Update dependencies

* Corrected authorization code clean up at token endpoint.

* Corrected bug for refreshing token based on requested offline_access scope

#1492

* Fixed NPE

#1492

* (4.2.2) JWKS : Added key selection strategy. Supported strategies are : OLDER, NEWER, FIRST.

#1494

* Avoid NPE due to clientRegDefaultToCodeFlowWithRefresh conf property

* Fixed client and tests related to switching /end_session to sid.

#1485

* (4.2.2) Added client's custom attributes to response if present in dynamicRegistrationCustomAttributes configuration property.

#1488

* (4.2.2) Print only sessionId at INFO log level.

* Fix ACR change when used alias

* Fix ACR change when used alias

* (4.2.2) Added nested JWT support into JWE

#949

* (4.2.2) Corrected CrossEncryptionTest

#949

* (4.2.2) Return sub value for ROPC based on `openidSubAttribute`.

#1491

* (4.2.2) Added a new claim to the id_token: `"grant": <value>".

#1497

* (4.2.2) Added required method to UnmodifiableAuthorizationGrant

#1497

* (4.2.2) More logs in trace - added keySelectionStrategy

#1494

* Adjust endpoint response according to compatibility flag #1499

* Allow bean to parse both string/list scopes formats #1499

* (4.2.2) Client's Pre-authorization flag takes higher priority. If it's true then we will ignore spec's "consent MUST" for offline access.

#1496

* Fix javadoc param

* casa's DUO plugin related files

* Casa's DUO plugin

* BioID interception script and CASA integration

* Avoid NPE when there is no grant #1499

* bioid image

* (4.2.2) BUG : PostAuthentication script calls re-authentication instead of re-authorization.

#1504

* (4.2.2) Fixed bug - 500 server error when we request for an authorization token concurrenly

#1481

* (4.2.2) Checked also grant scopes for offline_access scope.

#1492

* Added more trace logs during key selection.

* (4.2.2) id_token is missed during 2 concurrent calls for ROPC

#1493

* #1506 - Modify the `claims-gathering` script so that it first tries to read claims from PCT before directing to the page to enter claims.

* Don't stop on unsuccessfull BC installation

* (4.2.2) NPE during backchannel logout if grant object was not identified

#1505

* BioID script

* Fix PasswordValidator faces validator dependend beans injection after
JSF update to 2.3.x #1508

* Fix PasswordValidator faces validator dependend beans injection after
JSF update to 2.3.x #1508

* (4.2.2) Introduced revoke interception script

#1502

* (4.2.2) `sector_identifier` has to be based on host only. Also optimize redirect_uri's validation based on `sector_identifier_uri`

#1503

* #1056 Modify the `claims-gathering` script so that it first tries to read claims from PCT before directing to the page to enter claims.

* Fix compilation after BC upgrade

* Version 4.2.2.Final

* Temporary disable client side tests

* Revert "Temporary disable client side tests"

This reverts commit 1e3b7bb.

* Version 4.2.3-SNAPSHOT

* Temporary disable client side tests

* Revert "Temporary disable client side tests"

This reverts commit 2f59e2a.

* Minor code improvements for IntrospectionWebService

* (4.2.3) Added Stat and StatEntry entities.

* (4.2.3) Added Stat and StatEntry entities.

#1512

* Add XML signature test

* (4.2.3) Added net.agkn.hll to pom

#1512

* (4.2.3) Added "stat" base dn to config

#1512

* (4.2.3) Added stat event and stat related configurations.

#1512

* (4.2.3) Implemented StatService.

#1512

* (4.2.3) Added stat timer.

#1512

* (4.2.3) Added stat response item.

#1512

* More logs

* Reduced intervals of timers for test purpose.

* (4.2.3) Report about token creation to stat service.

#1512

* (4.2.3) Stat timer initialization.

#1512

* Revert "Reduced intervals of timers for test purpose."

This reverts commit ccaf020

* (4.2.3) added more logs

#1512

* #1518

* (4.2.3) Fixed initialization of stat service

#1512

* (4.2.3) Prevent NPE if stat service is not correctly initialized.

#1512

* (4.2.3) Added reporting of active user to SessionIdService.

#1512

* (4.2.3) Added stat response.

#1512

* (4.2.3) Report for active user when authenticated session is created.

#1512

* (4.2.3) Wrapped reporting active user into separate method.

#1512

* (4.2.3) Added report for RPT token.

#1512

* (4.2.3) Adding stat web service.

#1512

* (4.2.3) Added month validation and run validation methods to StatWS.

#1512

* (4.2.3) Added authorization validation and cardinality union for MAU (StatWS).

#1512

* (4.2.3) Added aggregation for MAU and tokens per grant type (StatWS).

#1512

* (4.2.3) Added aggregation of StatResponseItem (StatWS).

#1512

* (4.2.3) Constructed stat response and prefixed endpoint with /internal/stat (StatWS)

#1512

* Version 4.2.3.Final

* Temporary disable client side tests

* (4.2.3) Corrected client authentication for StatWS

#1512

* (4.2.3) Corrected client authentication for StatWS

#1512

* (4.2.3) Added Stat client service and client test.

#1512

* (4.2.3) `SectorIdentifierService` must be consistent with PairwiseIdentifierService and use host of sectorIdentifierUri (not entire uri).

#1520

* Revert "Temporary disable client side tests"

This reverts commit 8138ae8

* (4.2.3) added basic and post client authentication for stat

#1512

* Version 4.3.0.Final

* Temporary disable client side tests

* Revert "Temporary disable client side tests"

This reverts commit 23aa6bc.

* (4.3) Avoid NPE in User Info Endpoint (caused by scope removing)

#1517

* A sample script to explain redirection to a third party app and back to Gluu server

* typo

* New interceptions script to modify id_token #1523

* Add license

* (4.3) Added ability to persist attributes into token object. Removed refresh token object after access_token and id_token are created.

#1526

* (4.3) Removed statNodeId from configuration.

#1512

* (4.3) Stat: Use mac address as nodeId.

#1512

* (4.3) Added @Expiration annotation to AbstractToken (to cover all derived classes)

#1528

* (4.3) Re-set ttl of objects on update.

#1528

* (4.3) Re-set ttl of UMA Resource on update.

#1528

* (4.3) Added keyAlgsAllowedForGeneration configuration property.

#1525

* (4.3) Restricted keys generation by keyAlgsAllowedForGeneration configuration property.

#1525

* feat(casa): allow preferred method to be prompted GluuFederation/casa#87

* Check if signatire verification method returns true

* Backport: Add system flag config to enable/disable CIBA #1404

* Backport: Add system flag config to enable/disable CIBA #1404

* fix(4.3): mau report must not effect authentication

#1512

* fix: failed to create Ldap connection pool with encoded password. #1531

* fix(forgot_password): update script compatibility (#1535)

* fix(forgot.xhtml): remove broken syntax
There was an additional `<` char on the file
fix #1534

* fix(forgot_password): import and send correct args
ConfigurationService should be imported from `service.common`
and `init` should be called with additional arg `customScript`
fix #1534

* feat(forgot_password): add important info to log
fix #1534

* refactor(4.3): added logs about id_token creation

https://github.com/JanssenProject/jans-auth-server/issues/102

* refactor(4.3): added trace logs about refresh_token creation

https://github.com/JanssenProject/jans-auth-server/issues/102

* refactor(4.3): added trace logs about access_token creation

https://github.com/JanssenProject/jans-auth-server/issues/102

* feat(4.3): added simpleclient_common dependency

#1321

* fix(4.3): switched hll serialization to base64 from plain string

#1538

* chore: added more log messages about stat node id creation

* feat: move ORM to oxOrm

* fix: fix dependecies

* feat: add SQL/Spanner ORM libs

* feat(4.3): constants for stat service

#1321

* fix: fix configuration path

* feat: merge ORM from Jans

* feat: merge ORM from Jans

* feat: update to conform new API

* feat: update to conform new API

* fix(4.3): don't create monthly branch if db does not support tree structure

#1543

* fix(4.3): don't create monthly branch if db does not support tree structure

#1543

* fix: merge cleaner fixes from Jans

* fix: remove deprecated attributes

* fix: remove unused attribute

* feat(4.3) : added openmetrics response support to StatWS

#1512
#1321

* fix: use right UmaResource class in cleaner job

* fix: missing oxAuth dynamic configuration after save oxTrust #2067

* fix: missing oxAuth dynamic configuration after save oxTrust #2067

* fix: removed cleanServiceBaseDns configuration property used during development

GluuFederation/oxTrust#2067

* feat: clean only oxAuth metrics

* feat: avoid potential NPE

* feat: add new ORM dependecies

* fix(4.3): openmetrics reponse construction

#1544

* fix(4.3): openmetrics response construction

#1544

* fix(4.3): changed label name

#1544

* fix(4.3): fixed npe in stat ws

#1544

* fix(4.3): made access to hll thread-safe

#1544

* fix(4.3): corrected stat labels

#1544

* feat: don't use lower case in authenticate if DB is Spanner

* feat: don't use lower case in use search if DB is Spanner

* fix(4.3): don't add branch if db does not support branches

* fix(4.3): don't add branch for rpt service if db does not support branches

* feat (4.3): added new introspectionSkipAuthorization conf property

https://github.com/JanssenProject/jans-auth-server/issues/105

* fix(4.3): removed redundant amr attribute reference.

* feat(4.3): made mtls service ignore order during subject matching

https://github.com/JanssenProject/jans-auth-server/issues/116

* feat(4.3): corrected typo

https://github.com/JanssenProject/jans-auth-server/issues/117

* feat: Add sample passwordless authentication flow

* DCR response should return 201 : indicates success + record persisted

* Revert "DCR response should return 201 : indicates success + record persisted"

This reverts commit 7ccdd40.

* feat(4.3): added ability to skip authorization for introspection endpoint

https://github.com/JanssenProject/jans-auth-server/issues/105

* feat: use right OC to execute authentication filter. Jans ORM #1

* fix: merge inum PCT generation code from Jans

* feat: update server test profiles

* feat: add missing SQL/Spanner conf files

* feat: fix typo in names

* feat: update default server profile

* feat: update server test profiles

* feat: sync with setup

* fix: use right client keystores

* feat: update server test profiles

* feat: merge from Jans

* feat: merge code from Jans

* fix(4.3): corrected logging of consent gathering session service

* fix(4.3): corrected logging of consent gathering session service

* fix: use ldap sdk version which defined in ORM

* feat: Support for platform authenticators as FIDO2 devices (touch ID in Apple devices)

* feat: update libs

* Fix: register prometheus counters once for giver registrar

#1553

* feat: update libs

* feat(4.3): forced stat scope for statistic endpoint

#1554

* fix(4.3): ignore corrupted data during stat aggregation

#1555

* feat(4.3): added statAuthorizationScope configuration property and enforced it

#1554

* feat(4.3): removed oxauth-rp, rp-demo and rp-sprint-boot modules

#1545

* ci: added updatePolicy: always to repo

* fix(4.3): do not return session_id if sessionIdRequestParameterEnabled is false

https://github.com/JanssenProject/jans-auth-server/issues/149

* feat: add pingid integration

* chore: add README for casa script

* chore: make README point to prod docs

* feat: touch id as a fido2 device

* docs: typo

* fix: image not needed

* fix: properly url decode query parameters in QueryStringDecoder

* feat: added overload for url decode method in QueryStringDecoder

* feat: update jquery

* feat: add trace logging to dump redirect URI

* feat(4.3): added organization to client

* feat: Integrating Impossible travel feature by Deduce Insights in Passwordless Authentication flow.  #1563

* fix: update to conform new ORM

* fix: #1563 - moved code to seperate folder + implemented account lock on impossible travel detection

* fix: fix oxEnrollmentCode custom attribute removal

* feat : Interception script to integrate 2FA mechanism by Stytch with the Gluu Server #1564

* feat: casa plugin for Stytch Creds as a 2FA method

* Version 4.3.0.Final

* feat: temporary disable tests

* Revert "feat: temporary disable tests"

This reverts commit e6dcfda.

* feat: force to use recent joda-time

* fix(4.3): fixed persistence of session on acr changed detection

#1552

* fix(4.3): removed filtering of stat endpoint

Authorization is checked inside WS.

* fix(4.3): added SSA and additional access token validation during client update

#1567

* feat: added more logs to add user method

* fix: consent Gathering Script is not working in 4.3.0 version. #1549

* fix: consent Gathering Script is not working in 4.3.0 version. #1549

* fix: consent Gathering Script is not working in 4.3.0 version. #1549

* fix(4.3): removed client_credentials token validation

#1567

* Merge with 4.3.0

* Merge with 4.3.0

* Merge with 4.3.0

Co-authored-by: YuriyZ <yzabrovarniy@gmail.com>
Co-authored-by: kdhttps <kdhttps@gmail.com>
Co-authored-by: Christian <59786962+christian-hawk@users.noreply.github.com>
Co-authored-by: Jose <bonustrack310@gmail.com>
Co-authored-by: Madhumita <madhu@gluu.org>
Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com>
Co-authored-by: Djeumen Rolain <uprightech@gmail.com>
yurem added a commit to GluuFederation/oxTrust that referenced this issue Oct 5, 2021
* Version 4.2.0.Final

* Version 4.2.1.Final

* Remove unencrypted redis password from database

* reset password when Secret question and Secret Answer are active. #2001

* Not able to delete claims redirect uri for any client #2002

* Use same resource messages varible name in oxAuth and oxTrust

* Remove temporary file

* Add .metadata to ingore list

* Fix i18n messages issue

* Remove old dependencies

* Fix Some UI issues

* Add health-check controller to oxtrust-server

* buttons in json configuration ? #2003

* Device authz grant type supported and configuration manage. GluuFederation/oxAuth#141

* Remove old dependency

* Store issued tokens count metrics #1436

* Use libs versions defined in bom file

* Changes in this commit:
   * Re-introduced oxtrust-api into oxTrust

* oxtrust : added dynamicRegistrationAllowedPasswordGrantScopes to oxauth conf

GluuFederation/oxAuth#1130

* oxtrust : added description for dynamicRegistrationAllowedPasswordGrantScopes

GluuFederation/oxAuth#1130

(cherry picked from commit 1e71ea5)

* Change javax.faces with jakarta.faces

* Injection: Cross-Site Scripting #2012

* Injection: Cross-Site Scripting #2012

* oxtrust : added new software statement related configuration properties to UI.

GluuFederation/oxAuth#1444

(cherry picked from commit d32feac)

* oxtrust : corrected software statement related configuration properties on UI.

GluuFederation/oxAuth#1444

(cherry picked from commit d32feac)

* Fix autocomplete issues, update bootsfaces to latest

* Initiate user logout upon successfull password reset

* add spacer

* Fix security question field on forgot password reset form

* Change label / values for Scope visibility #2015

* (4.2.1) oxtrust : added description of refreshTokenExtendLifetimeOnRotation configuration property

GluuFederation/oxAuth#1449

(cherry picked from commit bf86387)

* Visual issues on OIDC client advanced settings page #2018

* U2F enrollments not shown in User's Authentication Methods panel #2017

* Fix issues after Richfaces version changed

* Fix popup issue after richfaces upgrade

* UI fixes

* Password reset functionality is not working when security Question and security answer is entered. #2019

* Password reset functionality is not working when security Question and security answer is entered. #2019

* oxtrust : forbid fragment in redirect_uri

#2020

* JAXB-API implementation error #2005

* Convert trust contact from xml to json

* Forgot password functionality not working with captcha #2022

* fixed scopes inventory

* Disable browser's autocomplete for password fields

* gluu-release-attributes-post-processor

* CR copy binary attributes to local LDAP as base64 string #2025

* Remove CustomScriptService

* Remove CustomScriptService

* Use CustomScriptManager instead of ScriptService

* Fix compilation issue

* Use CustomScriptService

* Add U2F checkU2fAttestations option

* Fix search person by uid in person add action

* Fix search user by e-mail and uniqueness check

* Add checkU2fAttestations Fido2 property

* Fix search user by uid when uid is case sensetive

* Fix search person by uid in person add action

* Revert "Fix search person by uid in person add action"

This reverts commit c964095.

* Fix search person by uid in person add action

* Version 4.2.1.Final

* Saml Configured relay party : assertionlifetime value box is so small its value cannot be read . #2026

* Use latest 5.4.x hibernate validator

* Improve health check

* 503-fix

* Error Viewing InCommon Metadata #2029

* unverified-rp fix

* double nameid fix

* Re-try to download UMA metadata

* Add ability to specify oxauth address instead of calling FQDN #2032

* Branch for 4.2.2

* Version 4.2.2-SNAPSHOT

* oxTrust should use acr level to check acr instead of acr_name #2033

* oxTrust should use acr level to check acr instead of acr_name #2033

* Fix possibles memory leak

* Remove static fields usage to improve memory usage

* Move some noisy log lines to debug/trace

* Prevent registration of the attribute with the same name #2040

* Prevent registration of the attribute with the same name #2040

* 7 day statistics on home screen has strange behavior

* (4.2.2) oxtrust : added discoveryCacheLifetimeInMinutes to GUI

GluuFederation/oxAuth#1487
(cherry picked from commit f415f14)

* On oxtrust passport provider, the automatically generated callback url is invalid when using containers #2041

* Fix compilation error

* Fix missing parent metric branch  bug

* Fix missing parent metric branch  bug

* (4.2.2) oxtrust : added keySelectionStrategy to GUI

GluuFederation/oxAuth#1494

* (4.2.2) oxtrust : set format=select

GluuFederation/oxAuth#1494

* Add flag field, see GluuFederation/oxAuth#1499

* Fix compilation issue

* Remove sector_identifier_uri menu with dialogs and provide ability #2044

* Remove sector_identifier_uri menu with dialogs and provide ability to enter it as text with automatic population of redirect_uris #2044

* Passport Config: field mapping dropdown #2027

* Passport Config: field mapping dropdown #2027

* Passport Config: field mapping dropdown #2027

* (4.2.2) oxtrust : added subjectIdentifierBasedOnWholeUriBackwardCompatibility and sectorIdentifierCacheLifetimeInMinutes configuration properties

GluuFederation/oxAuth#1503

* (4.2.2) oxtrust : added REVOKE_TOKEN custom script type

GluuFederation/oxAuth#1502

* Don't stop on unsuccessfull BC installation

* Use oxAuth configuration to check if application should render login
graph on home page #2045

* Fix method to update log level oxAuth #204

* Fix OIDC error

* Passport Config: field mapping dropdown #2027

* Missing information on server status view #2047

* The request is missing a required parameter error obtained in flow 3 #2046

* Version 4.2.2.Final

* Use MetricService to prepare base branches

* 4.2.2-SNAPSHOT -> 4.2.2.Final

* Version 4.2.3-SNAPSHOT

* Fix OIDC error

* Passport Config: field mapping dropdown #2027

* The request is missing a required parameter error obtained in flow 3 #2046

* (4.2.3) oxtrust : Added stat related configurations to UI.

GluuFederation/oxAuth#1512

* Remove swagger file from oxTrust repo

* Remove swagger file from oxTrust repo

* Version 4.2.3.Final

* Version 4.3.0.Final

* Use documentStoreService instead of local file system to load metadata
file

* New interceptions script to modify id_token oxAuth #1523

* oxtrust: added keyAlgsAllowedForGeneration configuration property.

GluuFederation/oxAuth#1525

* Backport: Added cibaEnabled flag in the configuration.
GluuFederation/oxAuth#1404

* Add defaults passport strategies

* feat(oxtrust): design configuration for openid-client new passport provider strategy #2052

* feat(oxtrust): design configuration for openid-client new passport provider strategy #2052

* fix(oxtrust): remove sector identifier pages from the code #2057

* fix(oxtrust): support custom app schema and appschema #2057

* fix(oxtrust): add pagination for search feature against a big enough userbase #2061

* fix(oxtrust): add pagination for search feature against a big enough userbase #2061

* fix(oxtrust): add pagination for search feature against a big enough userbase #2061

* fix(oxtrust): add pagination for search feature against a big enough userbase #2061

* fix(oxtrust): add pagination for search feature against a big enough userbase #2061

* feat: move ORM to oxOrm

* feat: update to conform latest ORM

* feat: update to conform ORM

* feat: update to conform ORM

* feat: update to conform ORM

* fix: update to conform new API

* fix: update to conform new API

* fix: compilation fixes

* feat: add SQL/Spanner support

* feat: update models

* fix: cache Refresh: Don't print ldap password in log #2055

* feat: merge ORM from Jans

* feat: merge ORM from Jans

* feat: update to conform new API

* fix: fix search when DB is table based

* fix: remove deprecated attributes

* fix: remove unused attribute

* feat: sync gluuOxtrustStat with bean

* fix: missing oxAuth dynamic configuration after save #2067

* fix: update cleaner job to use more effective RDBS methods #2066

* fix: missing oxAuth dynamic configuration after save #2067

* fix: don't update GluuConfiguration bean attributes in get method #2065

* feat: add new ORM dependecies

* fix: remove userPassword from client

* fix: remove userPassword from client

* fix: don't attempt ot create branches

* feat: don't use lower case in authenticate if DB is Spanner

* feat(oxtrust): setting custom acr-value for idp-initiated flow #2051

* feat(oxtrust): enable custom validation checked by default (incorrectly) #2070

* feat(oxtrust): fido device service log for new registered user with scim should be in warn log #2068

* feat(oxtrust): Rremove 'generate sp metadata' feature #2043

* feat(oxtrust): add person form nrashes with new objectclass #2069

* Fix(oxTrust): saml nameid configuration is not working in cloud edition #2073

* Fix(oxTrust): saml nameid configuration is not working in cloud edition #2073

* feat: show JCA document store password properly

* feat: show JCA document store password properly

* Fix(oxTrust): saml nameid configuration is not working in cloud edition #2073

* Fix(oxTrust):  first uma rpt token after starting up #2060

* Fix(oxTrust): saml nameid configuration is not working in cloud edition #2073

* fix(oxtrust): saml nameid configuration is not working in cloud edition #2073

* fix(oxtrust): saml nameid configuration is not working in cloud edition #2073

* fix(oxtrust): fill correct provider options as per type in passport provider configuration #2074

* fix(oxtrust): email attribute validation Not working on view profile section. #2054

* feat(admin-ui): add option to show only enables or disabled scripts

* chore: remove joda lib usage

* feat(oxtrust): update morris.js library to latest #2078

* feat(oxtrust): update morris.js library to latest #2078

* fix: include postAuthenticationFlows for relying-party shibboleth config

* feat(oxtrust): fill correct provider options as per type in passport provider configuration #2074

* feat(oxtrust): adding extra libraries created wrong classpath in oxauth.xml #2077

* feat(oxtrust): adding extra libraries created wrong classpath in oxauth.xml #2077

* feat(oxtrust): cache refresh not working on 4.3.0 version. #2072

* fix(oxTrust): oops error on clicking Other custom Scripts #2081

* feat: update libs

* feat(oxtrust): password reset success completion redirection #2082

* fix: add shibboleth transcoding rules generation

Added code to generate Shibboleth 4 style transcoding rules
which are useful in the resolution of issue #74 in oxShibboleth

* fix: minor code style fixes and SAML1 references removal

* fix: remove SAML1 reference from gluu-attribute-rules.xml.vm

* fix(oxtrust): fix active scripts checkbox label

* feat: adjust json-config UI form as per GluuFederation/scim#20

* feat: remove test mode property usage GluuFederation/scim#20

* feat: add OAuth protection mechanism for scim GluuFederation/scim#20

* feat: add OAuth protection mechanism for scim pt 2. GluuFederation/scim#20

* feat: remove extra logging statements GluuFederation/scim#20

* feat: fix commit 0ff85f7 GluuFederation/scim#20

* feat(oxtrust): enhance usability of scopes picker in client edition form #2085

* feat(oxtrust): updating client id in passport IDP-initiated flow config throws Oops error. #2084

* feat: added http request extraction for shibboleth

* fix: malformed gluu-attribute-rules.xml.vm

* fix: relying-party template generated incorrect config data for shibboleth

* feat: adjust json-config UI form as per GluuFederation/scim#22

* feat: use URL Connection client executor when proxy is required

* fix: "Organization Configuration" throwing error #2075

* feat: use new method to lookup manger group

* feat: register new method in gluufn library

* fix: fix NPE when version is not exists

* fix: create connection provider before checking it's status

* fix: update to conform new ORM

* fix: fix AD server configuration

* (oxTrust) fix oops error when the sector identifier uri is not valid or the content is not valid

* chore: refactor REST services protection logic

Related GluuFederation/scim#26

* feat: add no-protection mode
GluuFederation/scim#26

* feat: store acr in user profile to allow use it in IDP

* Version 4.3.0.Final

* fix: use Final binaries

* fix: don't fail on javadoc

* fix(oxtrust): identity throws oops error on providing invalid sector uri which is not friendly, returning “oops” is a bug, and must be escalated. #2091

* feat: shorten sentence GluuFederation/scim#26

Co-authored-by: Gasmyr <thomas@gluu.org>
Co-authored-by: Milton BO <jmcm578@gmail.com>
Co-authored-by: YuriyZ <yzabrovarniy@gmail.com>
Co-authored-by: Dzouato Djeumen Rolain Bonaventure <uprightech@gmail.com>
Co-authored-by: Harjinder Dhanjal <malotian@gmail.com>
Co-authored-by: Jose <bonustrack310@gmail.com>
Co-authored-by: gasmyr <gasmyrmougang@yahoo.fr>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement libs update, re-factroring, etc.
Projects
None yet
Development

No branches or pull requests

1 participant