Add support for nested JWE tokens #949
Comments
yuriyz
added
enhancement
yuriyz
added a commit
that referenced
this issue
Nov 20, 2018
yuriyz
added a commit
that referenced
this issue
Nov 20, 2018
yuriyz
added a commit
that referenced
this issue
Nov 20, 2018
yuriyz
added a commit
that referenced
this issue
Nov 20, 2018
yurem
pushed a commit
that referenced
this issue
Nov 21, 2018
yurem
pushed a commit
that referenced
this issue
Nov 21, 2018
yurem
pushed a commit
that referenced
this issue
Nov 21, 2018
yurem
pushed a commit
that referenced
this issue
Nov 21, 2018
yurem
pushed a commit
that referenced
this issue
Nov 21, 2018
yurem
pushed a commit
that referenced
this issue
Nov 21, 2018
yurem
pushed a commit
that referenced
this issue
Nov 21, 2018
yurem
pushed a commit
that referenced
this issue
Nov 21, 2018
yuriyz
added a commit
that referenced
this issue
Nov 21, 2018
|
Diff: |
yuriyz
added a commit
that referenced
this issue
Nov 14, 2020
yuriyz
added a commit
that referenced
this issue
Nov 14, 2020
|
Implemented in 4.2.2 and jans. |
yurem
added a commit
that referenced
this issue
Oct 5, 2021
* Revert "Temporary disable tests" This reverts commit a74cca4 * fix: update passport social script to handle provider config state problem #1448 * (4.2.2) Refresh token removing doesn't look up in persistence. #1480 * fix: update jwt date check function in passport scripts #1482 * Merge www pass from master * (4.2.2) 1. session_id should not be included into response if it's not explicitly allowed. 2. ``/end_session` should validate by sid value #1485 * (4.2.2) Corrected validation by sid at /end_session endpoint. #1485 * (4.2.2) Set session reference into identity object independently from invalidateSessionCookiesAfterAuthorizationFlow flag. #1486 * (4.2.2) Added cache support for discovery page (`.well-known/openid-configuration`). #1487 * (4.2.2) Return sid from authorization endpoint. #1485 * Update dependencies * Corrected authorization code clean up at token endpoint. * Corrected bug for refreshing token based on requested offline_access scope #1492 * Fixed NPE #1492 * (4.2.2) JWKS : Added key selection strategy. Supported strategies are : OLDER, NEWER, FIRST. #1494 * Avoid NPE due to clientRegDefaultToCodeFlowWithRefresh conf property * Fixed client and tests related to switching /end_session to sid. #1485 * (4.2.2) Added client's custom attributes to response if present in dynamicRegistrationCustomAttributes configuration property. #1488 * (4.2.2) Print only sessionId at INFO log level. * Fix ACR change when used alias * Fix ACR change when used alias * (4.2.2) Added nested JWT support into JWE #949 * (4.2.2) Corrected CrossEncryptionTest #949 * (4.2.2) Return sub value for ROPC based on `openidSubAttribute`. #1491 * (4.2.2) Added a new claim to the id_token: `"grant": <value>". #1497 * (4.2.2) Added required method to UnmodifiableAuthorizationGrant #1497 * (4.2.2) More logs in trace - added keySelectionStrategy #1494 * Adjust endpoint response according to compatibility flag #1499 * Allow bean to parse both string/list scopes formats #1499 * (4.2.2) Client's Pre-authorization flag takes higher priority. If it's true then we will ignore spec's "consent MUST" for offline access. #1496 * Fix javadoc param * casa's DUO plugin related files * Casa's DUO plugin * BioID interception script and CASA integration * Avoid NPE when there is no grant #1499 * bioid image * (4.2.2) BUG : PostAuthentication script calls re-authentication instead of re-authorization. #1504 * (4.2.2) Fixed bug - 500 server error when we request for an authorization token concurrenly #1481 * (4.2.2) Checked also grant scopes for offline_access scope. #1492 * Added more trace logs during key selection. * (4.2.2) id_token is missed during 2 concurrent calls for ROPC #1493 * #1506 - Modify the `claims-gathering` script so that it first tries to read claims from PCT before directing to the page to enter claims. * Don't stop on unsuccessfull BC installation * (4.2.2) NPE during backchannel logout if grant object was not identified #1505 * BioID script * Fix PasswordValidator faces validator dependend beans injection after JSF update to 2.3.x #1508 * Fix PasswordValidator faces validator dependend beans injection after JSF update to 2.3.x #1508 * (4.2.2) Introduced revoke interception script #1502 * (4.2.2) `sector_identifier` has to be based on host only. Also optimize redirect_uri's validation based on `sector_identifier_uri` #1503 * #1056 Modify the `claims-gathering` script so that it first tries to read claims from PCT before directing to the page to enter claims. * Fix compilation after BC upgrade * Version 4.2.2.Final * Temporary disable client side tests * Revert "Temporary disable client side tests" This reverts commit 1e3b7bb. * Version 4.2.3-SNAPSHOT * Temporary disable client side tests * Revert "Temporary disable client side tests" This reverts commit 2f59e2a. * Minor code improvements for IntrospectionWebService * (4.2.3) Added Stat and StatEntry entities. * (4.2.3) Added Stat and StatEntry entities. #1512 * Add XML signature test * (4.2.3) Added net.agkn.hll to pom #1512 * (4.2.3) Added "stat" base dn to config #1512 * (4.2.3) Added stat event and stat related configurations. #1512 * (4.2.3) Implemented StatService. #1512 * (4.2.3) Added stat timer. #1512 * (4.2.3) Added stat response item. #1512 * More logs * Reduced intervals of timers for test purpose. * (4.2.3) Report about token creation to stat service. #1512 * (4.2.3) Stat timer initialization. #1512 * Revert "Reduced intervals of timers for test purpose." This reverts commit ccaf020 * (4.2.3) added more logs #1512 * #1518 * (4.2.3) Fixed initialization of stat service #1512 * (4.2.3) Prevent NPE if stat service is not correctly initialized. #1512 * (4.2.3) Added reporting of active user to SessionIdService. #1512 * (4.2.3) Added stat response. #1512 * (4.2.3) Report for active user when authenticated session is created. #1512 * (4.2.3) Wrapped reporting active user into separate method. #1512 * (4.2.3) Added report for RPT token. #1512 * (4.2.3) Adding stat web service. #1512 * (4.2.3) Added month validation and run validation methods to StatWS. #1512 * (4.2.3) Added authorization validation and cardinality union for MAU (StatWS). #1512 * (4.2.3) Added aggregation for MAU and tokens per grant type (StatWS). #1512 * (4.2.3) Added aggregation of StatResponseItem (StatWS). #1512 * (4.2.3) Constructed stat response and prefixed endpoint with /internal/stat (StatWS) #1512 * Version 4.2.3.Final * Temporary disable client side tests * (4.2.3) Corrected client authentication for StatWS #1512 * (4.2.3) Corrected client authentication for StatWS #1512 * (4.2.3) Added Stat client service and client test. #1512 * (4.2.3) `SectorIdentifierService` must be consistent with PairwiseIdentifierService and use host of sectorIdentifierUri (not entire uri). #1520 * Revert "Temporary disable client side tests" This reverts commit 8138ae8 * (4.2.3) added basic and post client authentication for stat #1512 * Version 4.3.0.Final * Temporary disable client side tests * Revert "Temporary disable client side tests" This reverts commit 23aa6bc. * (4.3) Avoid NPE in User Info Endpoint (caused by scope removing) #1517 * A sample script to explain redirection to a third party app and back to Gluu server * typo * New interceptions script to modify id_token #1523 * Add license * (4.3) Added ability to persist attributes into token object. Removed refresh token object after access_token and id_token are created. #1526 * (4.3) Removed statNodeId from configuration. #1512 * (4.3) Stat: Use mac address as nodeId. #1512 * (4.3) Added @Expiration annotation to AbstractToken (to cover all derived classes) #1528 * (4.3) Re-set ttl of objects on update. #1528 * (4.3) Re-set ttl of UMA Resource on update. #1528 * (4.3) Added keyAlgsAllowedForGeneration configuration property. #1525 * (4.3) Restricted keys generation by keyAlgsAllowedForGeneration configuration property. #1525 * feat(casa): allow preferred method to be prompted GluuFederation/casa#87 * Check if signatire verification method returns true * Backport: Add system flag config to enable/disable CIBA #1404 * Backport: Add system flag config to enable/disable CIBA #1404 * fix(4.3): mau report must not effect authentication #1512 * fix: failed to create Ldap connection pool with encoded password. #1531 * fix(forgot_password): update script compatibility (#1535) * fix(forgot.xhtml): remove broken syntax There was an additional `<` char on the file fix #1534 * fix(forgot_password): import and send correct args ConfigurationService should be imported from `service.common` and `init` should be called with additional arg `customScript` fix #1534 * feat(forgot_password): add important info to log fix #1534 * refactor(4.3): added logs about id_token creation https://github.com/JanssenProject/jans-auth-server/issues/102 * refactor(4.3): added trace logs about refresh_token creation https://github.com/JanssenProject/jans-auth-server/issues/102 * refactor(4.3): added trace logs about access_token creation https://github.com/JanssenProject/jans-auth-server/issues/102 * feat(4.3): added simpleclient_common dependency #1321 * fix(4.3): switched hll serialization to base64 from plain string #1538 * chore: added more log messages about stat node id creation * feat: move ORM to oxOrm * fix: fix dependecies * feat: add SQL/Spanner ORM libs * feat(4.3): constants for stat service #1321 * fix: fix configuration path * feat: merge ORM from Jans * feat: merge ORM from Jans * feat: update to conform new API * feat: update to conform new API * fix(4.3): don't create monthly branch if db does not support tree structure #1543 * fix(4.3): don't create monthly branch if db does not support tree structure #1543 * fix: merge cleaner fixes from Jans * fix: remove deprecated attributes * fix: remove unused attribute * feat(4.3) : added openmetrics response support to StatWS #1512 #1321 * fix: use right UmaResource class in cleaner job * fix: missing oxAuth dynamic configuration after save oxTrust #2067 * fix: missing oxAuth dynamic configuration after save oxTrust #2067 * fix: removed cleanServiceBaseDns configuration property used during development GluuFederation/oxTrust#2067 * feat: clean only oxAuth metrics * feat: avoid potential NPE * feat: add new ORM dependecies * fix(4.3): openmetrics reponse construction #1544 * fix(4.3): openmetrics response construction #1544 * fix(4.3): changed label name #1544 * fix(4.3): fixed npe in stat ws #1544 * fix(4.3): made access to hll thread-safe #1544 * fix(4.3): corrected stat labels #1544 * feat: don't use lower case in authenticate if DB is Spanner * feat: don't use lower case in use search if DB is Spanner * fix(4.3): don't add branch if db does not support branches * fix(4.3): don't add branch for rpt service if db does not support branches * feat (4.3): added new introspectionSkipAuthorization conf property https://github.com/JanssenProject/jans-auth-server/issues/105 * fix(4.3): removed redundant amr attribute reference. * feat(4.3): made mtls service ignore order during subject matching https://github.com/JanssenProject/jans-auth-server/issues/116 * feat(4.3): corrected typo https://github.com/JanssenProject/jans-auth-server/issues/117 * feat: Add sample passwordless authentication flow * DCR response should return 201 : indicates success + record persisted * Revert "DCR response should return 201 : indicates success + record persisted" This reverts commit 7ccdd40. * feat(4.3): added ability to skip authorization for introspection endpoint https://github.com/JanssenProject/jans-auth-server/issues/105 * feat: use right OC to execute authentication filter. Jans ORM #1 * fix: merge inum PCT generation code from Jans * feat: update server test profiles * feat: add missing SQL/Spanner conf files * feat: fix typo in names * feat: update default server profile * feat: update server test profiles * feat: sync with setup * fix: use right client keystores * feat: update server test profiles * feat: merge from Jans * feat: merge code from Jans * fix(4.3): corrected logging of consent gathering session service * fix(4.3): corrected logging of consent gathering session service * fix: use ldap sdk version which defined in ORM * feat: Support for platform authenticators as FIDO2 devices (touch ID in Apple devices) * feat: update libs * Fix: register prometheus counters once for giver registrar #1553 * feat: update libs * feat(4.3): forced stat scope for statistic endpoint #1554 * fix(4.3): ignore corrupted data during stat aggregation #1555 * feat(4.3): added statAuthorizationScope configuration property and enforced it #1554 * feat(4.3): removed oxauth-rp, rp-demo and rp-sprint-boot modules #1545 * ci: added updatePolicy: always to repo * fix(4.3): do not return session_id if sessionIdRequestParameterEnabled is false https://github.com/JanssenProject/jans-auth-server/issues/149 * feat: add pingid integration * chore: add README for casa script * chore: make README point to prod docs * feat: touch id as a fido2 device * docs: typo * fix: image not needed * fix: properly url decode query parameters in QueryStringDecoder * feat: added overload for url decode method in QueryStringDecoder * feat: update jquery * feat: add trace logging to dump redirect URI * feat(4.3): added organization to client * feat: Integrating Impossible travel feature by Deduce Insights in Passwordless Authentication flow. #1563 * fix: update to conform new ORM * fix: #1563 - moved code to seperate folder + implemented account lock on impossible travel detection * fix: fix oxEnrollmentCode custom attribute removal * feat : Interception script to integrate 2FA mechanism by Stytch with the Gluu Server #1564 * feat: casa plugin for Stytch Creds as a 2FA method * Version 4.3.0.Final * feat: temporary disable tests * Revert "feat: temporary disable tests" This reverts commit e6dcfda. * feat: force to use recent joda-time * fix(4.3): fixed persistence of session on acr changed detection #1552 * fix(4.3): removed filtering of stat endpoint Authorization is checked inside WS. * fix(4.3): added SSA and additional access token validation during client update #1567 * feat: added more logs to add user method * fix: consent Gathering Script is not working in 4.3.0 version. #1549 * fix: consent Gathering Script is not working in 4.3.0 version. #1549 * fix: consent Gathering Script is not working in 4.3.0 version. #1549 * fix(4.3): removed client_credentials token validation #1567 * Merge with 4.3.0 * Merge with 4.3.0 * Merge with 4.3.0 Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: kdhttps <kdhttps@gmail.com> Co-authored-by: Christian <59786962+christian-hawk@users.noreply.github.com> Co-authored-by: Jose <bonustrack310@gmail.com> Co-authored-by: Madhumita <madhu@gluu.org> Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Djeumen Rolain <uprightech@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add support for nested JWE tokens
Here is example: https://connect2id.com/products/nimbus-jose-jwt/examples/signed-and-encrypted-jwt
https://support.gluu.org/authentication/6108/problem-with-decrypting-jwe/#at41701
The text was updated successfully, but these errors were encountered: