-
Yuriy Movchan authored
* Revert "Temporary disable tests" This reverts commit a74cca4c * fix: update passport social script to handle provider config state problem #1448 * (4.2.2) Refresh token removing doesn't look up in persistence. https://github.com/GluuFederation/oxAuth/issues/1480 * fix: update jwt date check function in passport scripts #1482 * Merge www pass from master * (4.2.2) 1. session_id should not be included into response if it's not explicitly allowed. 2. ``/end_session` should validate by sid value https://github.com/GluuFederation/oxAuth/issues/1485 * (4.2.2) Corrected validation by sid at /end_session endpoint. https://github.com/GluuFederation/oxAuth/issues/1485 * (4.2.2) Set session reference into identity object independently from invalidateSessionCookiesAfterAuthorizationFlow flag. https://github.com/GluuFederation/oxAuth/issues/1486 * (4.2.2) Added cache support for discovery page (`.well-known/openid-configuration`). https://github.com/GluuFederation/oxAuth/issues/1487 * (4.2.2) Return sid from authorization endpoint. https://github.com/GluuFederation/oxAuth/issues/1485 * Update dependencies * Corrected authorization code clean up at token endpoint. * Corrected bug for refreshing token based on requested offline_access scope https://github.com/GluuFederation/oxAuth/issues/1492 * Fixed NPE https://github.com/GluuFederation/oxAuth/issues/1492 * (4.2.2) JWKS : Added key selection strategy. Supported strategies are : OLDER, NEWER, FIRST. https://github.com/GluuFederation/oxAuth/issues/1494 * Avoid NPE due to clientRegDefaultToCodeFlowWithRefresh conf property * Fixed client and tests related to switching /end_session to sid. https://github.com/GluuFederation/oxAuth/issues/1485 * (4.2.2) Added client's custom attributes to response if present in dynamicRegistrationCustomAttributes configuration property. https://github.com/GluuFederation/oxAuth/issues/1488 * (4.2.2) Print only sessionId at INFO log level. * Fix ACR change when used alias * Fix ACR change when used alias * (4.2.2) Added nested JWT support into JWE https://github.com/GluuFederation/oxAuth/issues/949 * (4.2.2) Corrected CrossEncryptionTest https://github.com/GluuFederation/oxAuth/issues/949 * (4.2.2) Return sub value for ROPC based on `openidSubAttribute`. https://github.com/GluuFederation/oxAuth/issues/1491 * (4.2.2) Added a new claim to the id_token: `"grant": <value>". https://github.com/GluuFederation/oxAuth/issues/1497 * (4.2.2) Added required method to UnmodifiableAuthorizationGrant https://github.com/GluuFederation/oxAuth/issues/1497 * (4.2.2) More logs in trace - added keySelectionStrategy https://github.com/GluuFederation/oxAuth/issues/1494 * Adjust endpoint response according to compatibility flag #1499 * Allow bean to parse both string/list scopes formats #1499 * (4.2.2) Client's Pre-authorization flag takes higher priority. If it's true then we will ignore spec's "consent MUST" for offline access. https://github.com/GluuFederation/oxAuth/issues/1496 * Fix javadoc param * casa's DUO plugin related files * Casa's DUO plugin * BioID interception script and CASA integration * Avoid NPE when there is no grant #1499 * bioid image * (4.2.2) BUG : PostAuthentication script calls re-authentication instead of re-authorization. https://github.com/GluuFederation/oxAuth/issues/1504 * (4.2.2) Fixed bug - 500 server error when we request for an authorization token concurrenly https://github.com/GluuFederation/oxAuth/issues/1481 * (4.2.2) Checked also grant scopes for offline_access scope. https://github.com/GluuFederation/oxAuth/issues/1492 * Added more trace logs during key selection. * (4.2.2) id_token is missed during 2 concurrent calls for ROPC https://github.com/GluuFederation/oxAuth/issues/1493 * #1506 - Modify the `claims-gathering` script so that it first tries to read claims from PCT before directing to the page to enter claims. * Don't stop on unsuccessfull BC installation * (4.2.2) NPE during backchannel logout if grant object was not identified https://github.com/GluuFederation/oxAuth/issues/1505 * BioID script * Fix PasswordValidator faces validator dependend beans injection after JSF update to 2.3.x #1508 * Fix PasswordValidator faces validator dependend beans injection after JSF update to 2.3.x #1508 * (4.2.2) Introduced revoke interception script https://github.com/GluuFederation/oxAuth/issues/1502 * (4.2.2) `sector_identifier` has to be based on host only. Also optimize redirect_uri's validation based on `sector_identifier_uri` https://github.com/GluuFederation/oxAuth/issues/1503 * #1056 Modify the `claims-gathering` script so that it first tries to read claims from PCT before directing to the page to enter claims. * Fix compilation after BC upgrade * Version 4.2.2.Final * Temporary disable client side tests * Revert "Temporary disable client side tests" This reverts commit 1e3b7bb1. * Version 4.2.3-SNAPSHOT * Temporary disable client side tests * Revert "Temporary disable client side tests" This reverts commit 2f59e2a8. * Minor code improvements for IntrospectionWebService * (4.2.3) Added Stat and StatEntry entities. * (4.2.3) Added Stat and StatEntry entities. https://github.com/GluuFederation/oxAuth/issues/1512 * Add XML signature test * (4.2.3) Added net.agkn.hll to pom https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Added "stat" base dn to config https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Added stat event and stat related configurations. https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Implemented StatService. https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Added stat timer. https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Added stat response item. https://github.com/GluuFederation/oxAuth/issues/1512 * More logs * Reduced intervals of timers for test purpose. * (4.2.3) Report about token creation to stat service. https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Stat timer initialization. https://github.com/GluuFederation/oxAuth/issues/1512 * Revert "Reduced intervals of timers for test purpose." This reverts commit ccaf0206 * (4.2.3) added more logs https://github.com/GluuFederation/oxAuth/issues/1512 * #1518 * (4.2.3) Fixed initialization of stat service https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Prevent NPE if stat service is not correctly initialized. https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Added reporting of active user to SessionIdService. https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Added stat response. https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Report for active user when authenticated session is created. https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Wrapped reporting active user into separate method. https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Added report for RPT token. https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Adding stat web service. https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Added month validation and run validation methods to StatWS. https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Added authorization validation and cardinality union for MAU (StatWS). https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Added aggregation for MAU and tokens per grant type (StatWS). https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Added aggregation of StatResponseItem (StatWS). https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Constructed stat response and prefixed endpoint with /internal/stat (StatWS) https://github.com/GluuFederation/oxAuth/issues/1512 * Version 4.2.3.Final * Temporary disable client side tests * (4.2.3) Corrected client authentication for StatWS https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Corrected client authentication for StatWS https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) Added Stat client service and client test. https://github.com/GluuFederation/oxAuth/issues/1512 * (4.2.3) `SectorIdentifierService` must be consistent with PairwiseIdentifierService and use host of sectorIdentifierUri (not entire uri). https://github.com/GluuFederation/oxAuth/issues/1520 * Revert "Temporary disable client side tests" This reverts commit 8138ae8a * (4.2.3) added basic and post client authentication for stat https://github.com/GluuFederation/oxAuth/issues/1512 * Version 4.3.0.Final * Temporary disable client side tests * Revert "Temporary disable client side tests" This reverts commit 23aa6bcb. * (4.3) Avoid NPE in User Info Endpoint (caused by scope removing) https://github.com/GluuFederation/oxAuth/issues/1517 * A sample script to explain redirection to a third party app and back to Gluu server * typo * New interceptions script to modify id_token #1523 * Add license * (4.3) Added ability to persist attributes into token object. Removed refresh token object after access_token and id_token are created. https://github.com/GluuFederation/oxAuth/issues/1526 * (4.3) Removed statNodeId from configuration. https://github.com/GluuFederation/oxAuth/issues/1512 * (4.3) Stat: Use mac address as nodeId. https://github.com/GluuFederation/oxAuth/issues/1512 * (4.3) Added @Expiration annotation to AbstractToken (to cover all derived classes) https://github.com/GluuFederation/oxAuth/issues/1528 * (4.3) Re-set ttl of objects on update. https://github.com/GluuFederation/oxAuth/issues/1528 * (4.3) Re-set ttl of UMA Resource on update. https://github.com/GluuFederation/oxAuth/issues/1528 * (4.3) Added keyAlgsAllowedForGeneration configuration property. https://github.com/GluuFederation/oxAuth/issues/1525 * (4.3) Restricted keys generation by keyAlgsAllowedForGeneration configuration property. https://github.com/GluuFederation/oxAuth/issues/1525 * feat(casa): allow preferred method to be prompted https://github.com/GluuFederation/casa/issues/87 * Check if signatire verification method returns true * Backport: Add system flag config to enable/disable CIBA #1404 * Backport: Add system flag config to enable/disable CIBA #1404 * fix(4.3): mau report must not effect authentication https://github.com/GluuFederation/oxAuth/issues/1512 * fix: failed to create Ldap connection pool with encoded password. #1531 * fix(forgot_password): update script compatibility (#1535) * fix(forgot.xhtml): remove broken syntax There was an additional `<` char on the file fix #1534 * fix(forgot_password): import and send correct args ConfigurationService should be imported from `service.common` and `init` should be called with additional arg `customScript` fix #1534 * feat(forgot_password): add important info to log fix #1534 * refactor(4.3): added logs about id_token creation https://github.com/JanssenProject/jans-auth-server/issues/102 * refactor(4.3): added trace logs about refresh_token creation https://github.com/JanssenProject/jans-auth-server/issues/102 * refactor(4.3): added trace logs about access_token creation https://github.com/JanssenProject/jans-auth-server/issues/102 * feat(4.3): added simpleclient_common dependency https://github.com/GluuFederation/oxAuth/issues/1321 * fix(4.3): switched hll serialization to base64 from plain string https://github.com/GluuFederation/oxAuth/issues/1538 * chore: added more log messages about stat node id creation * feat: move ORM to oxOrm * fix: fix dependecies * feat: add SQL/Spanner ORM libs * feat(4.3): constants for stat service https://github.com/GluuFederation/oxAuth/issues/1321 * fix: fix configuration path * feat: merge ORM from Jans * feat: merge ORM from Jans * feat: update to conform new API * feat: update to conform new API * fix(4.3): don't create monthly branch if db does not support tree structure https://github.com/GluuFederation/oxAuth/issues/1543 * fix(4.3): don't create monthly branch if db does not support tree structure https://github.com/GluuFederation/oxAuth/issues/1543 * fix: merge cleaner fixes from Jans * fix: remove deprecated attributes * fix: remove unused attribute * feat(4.3) : added openmetrics response support to StatWS https://github.com/GluuFederation/oxAuth/issues/1512 https://github.com/GluuFederation/oxAuth/issues/1321 * fix: use right UmaResource class in cleaner job * fix: missing oxAuth dynamic configuration after save oxTrust #2067 * fix: missing oxAuth dynamic configuration after save oxTrust #2067 * fix: removed cleanServiceBaseDns configuration property used during development https://github.com/GluuFederation/oxTrust/issues/2067 * feat: clean only oxAuth metrics * feat: avoid potential NPE * feat: add new ORM dependecies * fix(4.3): openmetrics reponse construction https://github.com/GluuFederation/oxAuth/issues/1544 * fix(4.3): openmetrics response construction https://github.com/GluuFederation/oxAuth/issues/1544 * fix(4.3): changed label name https://github.com/GluuFederation/oxAuth/issues/1544 * fix(4.3): fixed npe in stat ws https://github.com/GluuFederation/oxAuth/issues/1544 * fix(4.3): made access to hll thread-safe https://github.com/GluuFederation/oxAuth/issues/1544 * fix(4.3): corrected stat labels https://github.com/GluuFederation/oxAuth/issues/1544 * feat: don't use lower case in authenticate if DB is Spanner * feat: don't use lower case in use search if DB is Spanner * fix(4.3): don't add branch if db does not support branches * fix(4.3): don't add branch for rpt service if db does not support branches * feat (4.3): added new introspectionSkipAuthorization conf property https://github.com/JanssenProject/jans-auth-server/issues/105 * fix(4.3): removed redundant amr attribute reference. * feat(4.3): made mtls service ignore order during subject matching https://github.com/JanssenProject/jans-auth-server/issues/116 * feat(4.3): corrected typo https://github.com/JanssenProject/jans-auth-server/issues/117 * feat: Add sample passwordless authentication flow * DCR response should return 201 : indicates success + record persisted * Revert "DCR response should return 201 : indicates success + record persisted" This reverts commit 7ccdd401. * feat(4.3): added ability to skip authorization for introspection endpoint https://github.com/JanssenProject/jans-auth-server/issues/105 * feat: use right OC to execute authentication filter. Jans ORM #1 * fix: merge inum PCT generation code from Jans * feat: update server test profiles * feat: add missing SQL/Spanner conf files * feat: fix typo in names * feat: update default server profile * feat: update server test profiles * feat: sync with setup * fix: use right client keystores * feat: update server test profiles * feat: merge from Jans * feat: merge code from Jans * fix(4.3): corrected logging of consent gathering session service * fix(4.3): corrected logging of consent gathering session service * fix: use ldap sdk version which defined in ORM * feat: Support for platform authenticators as FIDO2 devices (touch ID in Apple devices) * feat: update libs * Fix: register prometheus counters once for giver registrar https://github.com/GluuFederation/oxAuth/issues/1553 * feat: update libs * feat(4.3): forced stat scope for statistic endpoint https://github.com/GluuFederation/oxAuth/issues/1554 * fix(4.3): ignore corrupted data during stat aggregation https://github.com/GluuFederation/oxAuth/issues/1555 * feat(4.3): added statAuthorizationScope configuration property and enforced it https://github.com/GluuFederation/oxAuth/issues/1554 * feat(4.3): removed oxauth-rp, rp-demo and rp-sprint-boot modules https://github.com/GluuFederation/oxAuth/issues/1545 * ci: added updatePolicy: always to repo * fix(4.3): do not return session_id if sessionIdRequestParameterEnabled is false https://github.com/JanssenProject/jans-auth-server/issues/149 * feat: add pingid integration * chore: add README for casa script * chore: make README point to prod docs * feat: touch id as a fido2 device * docs: typo * fix: image not needed * fix: properly url decode query parameters in QueryStringDecoder * feat: added overload for url decode method in QueryStringDecoder * feat: update jquery * feat: add trace logging to dump redirect URI * feat(4.3): added organization to client * feat: Integrating Impossible travel feature by Deduce Insights in Passwordless Authentication flow. #1563 * fix: update to conform new ORM * fix: #1563 - moved code to seperate folder + implemented account lock on impossible travel detection * fix: fix oxEnrollmentCode custom attribute removal * feat : Interception script to integrate 2FA mechanism by Stytch with the Gluu Server #1564 * feat: casa plugin for Stytch Creds as a 2FA method * Version 4.3.0.Final * feat: temporary disable tests * Revert "feat: temporary disable tests" This reverts commit e6dcfdac. * feat: force to use recent joda-time * fix(4.3): fixed persistence of session on acr changed detection https://github.com/GluuFederation/oxAuth/issues/1552 * fix(4.3): removed filtering of stat endpoint Authorization is checked inside WS. * fix(4.3): added SSA and additional access token validation during client update https://github.com/GluuFederation/oxAuth/issues/1567 * feat: added more logs to add user method * fix: consent Gathering Script is not working in 4.3.0 version. #1549 * fix: consent Gathering Script is not working in 4.3.0 version. #1549 * fix: consent Gathering Script is not working in 4.3.0 version. #1549 * fix(4.3): removed client_credentials token validation https://github.com/GluuFederation/oxAuth/issues/1567 * Merge with 4.3.0 * Merge with 4.3.0 * Merge with 4.3.0 Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: kdhttps <kdhttps@gmail.com> Co-authored-by: Christian <59786962+christian-hawk@users.noreply.github.com> Co-authored-by: Jose <bonustrack310@gmail.com> Co-authored-by: Madhumita <madhu@gluu.org> Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Djeumen Rolain <uprightech@gmail.com>