Introduce revoke interception script #1502
Comments
yuriyz
added a commit
to GluuFederation/oxCore
that referenced
this issue
Dec 4, 2020
yuriyz
added a commit
to GluuFederation/oxTrust
that referenced
this issue
Dec 4, 2020
yuriyz
added a commit
that referenced
this issue
Dec 10, 2020
yuriyz
added a commit
to GluuFederation/community-edition-setup
that referenced
this issue
Dec 11, 2020
yuriyz
added a commit
to GluuFederation/docs-gluu-server-prod
that referenced
this issue
Dec 14, 2020
|
Done in 4.2.2 and jans. Sample script and docs provided. |
yurem
added a commit
to GluuFederation/oxCore
that referenced
this issue
Oct 5, 2021
* Version 4.2.0.Final * Version 4.2.1.Final * Remove uncrypter redis password * Simple test to check session ttl. (cherry picked from commit 4027666) * Simple test to check session ttl. (cherry picked from commit 59bedca) * (4.2.1) During CB entry update make sure TTL is updated too. #199 (cherry picked from commit 956a06f) * Update to conform Couchbase 6.5 * Don't load entry from DB afte merge #200 * Sample for session replacement * Store issued tokens count metrics #1436 * disabled manual tests * Add uniq identifier for each metric entry to allow find whcih node addded this record oxAuth #1438 * Change javax.faces with jakarta.faces * Injection: Cross-Site Scripting oxTrust #2012 * Move some log from DEBUG to TRACE #201 * Update methods to store oxExternalUid as multivalued by default oxAuth #1442 * Update sample to add user with oxExternalUid and search by this attribute * Added new methods related to software_statement validation. GluuFederation/oxAuth#1444 * Renamed new methods related to software_statement validation. GluuFederation/oxAuth#1444 * Corrected DummyClientRegistrationType. GluuFederation/oxAuth#1444 * Fix variable name spelling * Use CustomObjectAttribute instead of CustomAttribute in user services to use JSON data types #1445 * Rename method to get value as object * JAXB-API implementation error oxTrust #2005 * Add new utility methods to xml service * Add ScriptService in oxCore * Add scope to ScriptService * Add methods * Fix dependecy issue * Merge ScriptService into AbstractCustomScriptService * Merge ScriptService into AbstractCustomScriptService * Default custom ScriptService * Version 4.2.1.Final * Load scripts during startup instead of send async even to load them after startup oxCore #202 * Add property to specify when exernal service is loaded * Override default timeout in bucket infor request * Fail isConnected method check if at least one bucket is not online * Version 4.2.2-SNAPSHOT * Add additional methods * Added CouchbaseConnectionConfiguration (config api) GluuFederation/oxauth-config#136 * Added config id GluuFederation/oxauth-config#136 * During CB entry update make sure TTL is updated too. #199 * Turn off metric reported by default if there is no configuration * Simple test to check session ttl. * disabled manual test * Simple test to check session ttl. * Revert " During CB entry update make sure TTL is updated too. #199" This reverts commit d2f8041 * Moving noisy log lines to trace * oxAuth reloads custom scripts (file method) * (4.2.2) Avoid race condition during saving grant object in cache GluuFederation/oxAuth#1478 * (4.2.2) oxcore : added revoke token custom script GluuFederation/oxAuth#1502 * Destroy CouchbaseEnvironment object on container restart #207 * Destroy CouchbaseEnvironment object on container restart #207 * Fix typo in method name * Metric Service clean all entries when DB is Couchbase #206 * Metric Service clean all entries when DB is Couchbase #206 * Fix method to update log level #204 * Don't fail in javadocs error * Add boolean switcher for id token in logout uri #2046 * Persistence extension script still running after disabled oxAuth #1514 * Version 4.2.2.Final * Version 4.2.3-SNAPSHOT * (4.2.2) oxcore : removed printing password from JcaDocumentStoreConfiguration and WebDavDocumentStoreConfiguration * Use UTF-8 encodeing during convertion base64 to XML * Fix XML doc reading and signature validation * Commented updateAppendersAndLogLevel() method which cause memory leak #204 * Temporary enabled back old solution. #204 * Version 4.2.3.Final * Version 4.3.0.Final * New interceptions script to modify id_token oxAuth #1523 * Add license * Convert decrypted data to UTF-8 string * Add keepAliveInterval CB SDK support * (4.2.3) ORM : allow to ignore TTL update on merging. GluuFederation/oxAuth#1528 * Revert "(4.2.3) ORM : allow to ignore TTL update on merging." This reverts commit 478a71b * Allow to skip TTL set on Couchbase document update Jans ORM #6 * Don't update ttl on docuemnt update by default * (4.2.3) Avoid NPE in BaseEntryManager.getExpirationValue() GluuFederation/oxAuth#1528 * Revert "Don't update ttl on docuemnt update by default" This reverts commit 8707a19 * fix: issue #216 * feat: move ORM to oxOrm * feat: move ORM to oxOrm * feat: move ORM to oxOrm * feat: move ORM to oxOrm * feat: move ORM to oxOrm * feat: move ORM to oxOrm * feat: move ORM to oxOrm * feat: move ORM to oxOrm * feat: merge ORM from Jans * fix: skip metrics clean up because we do this in oxAuth * fix: merge cache changes from Jans * fix: add application type * Remove unused attributes * feat: add method to determine if DB is Spanner * fix: #217 * feat: allow to use unecrypted password in JCA config * feat: decryptedPassword should be ignored * fix: fix annotation type in JCA config * fix: add removed from JDK 11 group interface * feat: upgrade libs * feat: upgrade libs * feat: update libs * feat: update libs * feat: Add methods, see GluuFederation/scim#18 * feat: augment scim protection modes GluuFederation/scim#20 * feat: simplify interface GluuFederation/scim#18 * feat: add field for GluuFederation/scim#22 * feat: add class to check if proxy specified * feat: add method to lookup typed entry * feat: check if OC is null * feat: add no-protection scim mode GluuFederation/scim#26 * Version 4.3.0.Final * Merge with 4.3.0 Co-authored-by: Gasmyr <thomas@gluu.org> Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: Jose <bonustrack310@gmail.com>
yurem
added a commit
to GluuFederation/oxOrm
that referenced
this issue
Oct 5, 2021
* Version 4.2.0.Final * Version 4.2.1.Final * Remove uncrypter redis password * Simple test to check session ttl. (cherry picked from commit 4027666) * Simple test to check session ttl. (cherry picked from commit 59bedca) * (4.2.1) During CB entry update make sure TTL is updated too. GluuFederation/oxCore#199 (cherry picked from commit 956a06f) * Update to conform Couchbase 6.5 * Don't load entry from DB afte merge #200 * Sample for session replacement * Store issued tokens count metrics #1436 * disabled manual tests * Add uniq identifier for each metric entry to allow find whcih node addded this record oxAuth #1438 * Change javax.faces with jakarta.faces * Injection: Cross-Site Scripting oxTrust #2012 * Move some log from DEBUG to TRACE #201 * Update methods to store oxExternalUid as multivalued by default oxAuth #1442 * Update sample to add user with oxExternalUid and search by this attribute * Added new methods related to software_statement validation. GluuFederation/oxAuth#1444 * Renamed new methods related to software_statement validation. GluuFederation/oxAuth#1444 * Corrected DummyClientRegistrationType. GluuFederation/oxAuth#1444 * Fix variable name spelling * Use CustomObjectAttribute instead of CustomAttribute in user services to use JSON data types #1445 * Rename method to get value as object * JAXB-API implementation error oxTrust #2005 * Add new utility methods to xml service * Add ScriptService in oxCore * Add scope to ScriptService * Add methods * Fix dependecy issue * Merge ScriptService into AbstractCustomScriptService * Merge ScriptService into AbstractCustomScriptService * Default custom ScriptService * Version 4.2.1.Final * Load scripts during startup instead of send async even to load them after startup oxCore #202 * Add property to specify when exernal service is loaded * Override default timeout in bucket infor request * Fail isConnected method check if at least one bucket is not online * Version 4.2.2-SNAPSHOT * Add additional methods * Added CouchbaseConnectionConfiguration (config api) GluuFederation/oxauth-config#136 * Added config id GluuFederation/oxauth-config#136 * During CB entry update make sure TTL is updated too. #199 * Turn off metric reported by default if there is no configuration * Simple test to check session ttl. * disabled manual test * Simple test to check session ttl. * Revert " During CB entry update make sure TTL is updated too. #199" This reverts commit d2f8041 * Moving noisy log lines to trace * oxAuth reloads custom scripts (file method) * (4.2.2) Avoid race condition during saving grant object in cache GluuFederation/oxAuth#1478 * (4.2.2) oxcore : added revoke token custom script GluuFederation/oxAuth#1502 * Destroy CouchbaseEnvironment object on container restart #207 * Destroy CouchbaseEnvironment object on container restart #207 * Fix typo in method name * Metric Service clean all entries when DB is Couchbase #206 * Metric Service clean all entries when DB is Couchbase #206 * Fix method to update log level #204 * Don't fail in javadocs error * Add boolean switcher for id token in logout uri #2046 * Persistence extension script still running after disabled oxAuth #1514 * Version 4.2.2.Final * Version 4.2.3-SNAPSHOT * (4.2.2) oxcore : removed printing password from JcaDocumentStoreConfiguration and WebDavDocumentStoreConfiguration * Use UTF-8 encodeing during convertion base64 to XML * Fix XML doc reading and signature validation * Commented updateAppendersAndLogLevel() method which cause memory leak GluuFederation/oxCore#204 * Temporary enabled back old solution. GluuFederation/oxCore#204 * Version 4.2.3.Final * Version 4.3.0.Final * New interceptions script to modify id_token oxAuth #1523 * Add license * Convert decrypted data to UTF-8 string * Add keepAliveInterval CB SDK support * (4.2.3) ORM : allow to ignore TTL update on merging. GluuFederation/oxAuth#1528 * Revert "(4.2.3) ORM : allow to ignore TTL update on merging." This reverts commit 478a71b * Allow to skip TTL set on Couchbase document update Jans ORM #6 * Don't update ttl on docuemnt update by default * (4.2.3) Avoid NPE in BaseEntryManager.getExpirationValue() GluuFederation/oxAuth#1528 * Revert "Don't update ttl on docuemnt update by default" This reverts commit 8707a19 * fix: issue #216 * feat: merge from jans-orm * feat: merge from jans-orm * feat: merge ORM from Jans * feat: merge ORM from Jans * feat: merge ORM from Jans * feat: merge ORM from Jans * fix: move schema bean to right location * fix: Fix license and config prefix * fix: fix test failues * fix: fix test failures * fix: fix compilation issues * fix: fix tests failures * feat: merge ORM from Jans * fix: issue #216 * fix: fix eq conversion if table column is JSON * feat: update tests to conform SQL ORM API * feat: add sample to search if user belong to group * feat: throw exception when objectClass used in filter is unknown * feat: add entry class type to MappingException message * fix: fix filter test * fix: fix filter tests * chore: sync with jans-orm * fix: throw exception if table not exists * fix: fix typo in code * feat: don't use lower case in authenticate if DB is Spanner * Throw ORM exception is entryClass is not defined * feat: throw right exception when column is undefined * fix(4.3) : transfered TTL 30 days bugfix to cb specific manager https://github.com/JanssenProject/jans-orm/issues/25 * fix(4.3) : avoid npe https://github.com/JanssenProject/jans-orm/issues/25 https://github.com/JanssenProject/jans-auth-server/issues/126 * fix(4.3.0) : added missed parethesis https://github.com/JanssenProject/jans-orm/issues/25 * feat: Support Fpis Truststores * chore: make baseEntry extend Entry * fix(oxOrm-oxtrust): cache Refresh not working on 4.3.0 version. #2072 * feat: reffactor exception catch in connection provider * fix: fix properties helper split method * Revert "fix: fix properties helper split method" This reverts commit 2403686. * Revert "fix(oxOrm-oxtrust): cache Refresh not working on 4.3.0 version. #2072" This reverts commit 3377a6a. * feat: add test to check custom field removal * fix: fix search by multivalued column in SQL * Version 4.3.0.Final * fix: fix tests * fix: fix tests * fix: fix tests * fix(4.3) : corrected attributes according to existing schema GluuFederation/oxAuth#1552 * Merge with 4.3.0 Co-authored-by: Gasmyr <thomas@gluu.org> Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: Jose <bonustrack310@gmail.com>
yurem
added a commit
that referenced
this issue
Oct 5, 2021
* Revert "Temporary disable tests" This reverts commit a74cca4 * fix: update passport social script to handle provider config state problem #1448 * (4.2.2) Refresh token removing doesn't look up in persistence. #1480 * fix: update jwt date check function in passport scripts #1482 * Merge www pass from master * (4.2.2) 1. session_id should not be included into response if it's not explicitly allowed. 2. ``/end_session` should validate by sid value #1485 * (4.2.2) Corrected validation by sid at /end_session endpoint. #1485 * (4.2.2) Set session reference into identity object independently from invalidateSessionCookiesAfterAuthorizationFlow flag. #1486 * (4.2.2) Added cache support for discovery page (`.well-known/openid-configuration`). #1487 * (4.2.2) Return sid from authorization endpoint. #1485 * Update dependencies * Corrected authorization code clean up at token endpoint. * Corrected bug for refreshing token based on requested offline_access scope #1492 * Fixed NPE #1492 * (4.2.2) JWKS : Added key selection strategy. Supported strategies are : OLDER, NEWER, FIRST. #1494 * Avoid NPE due to clientRegDefaultToCodeFlowWithRefresh conf property * Fixed client and tests related to switching /end_session to sid. #1485 * (4.2.2) Added client's custom attributes to response if present in dynamicRegistrationCustomAttributes configuration property. #1488 * (4.2.2) Print only sessionId at INFO log level. * Fix ACR change when used alias * Fix ACR change when used alias * (4.2.2) Added nested JWT support into JWE #949 * (4.2.2) Corrected CrossEncryptionTest #949 * (4.2.2) Return sub value for ROPC based on `openidSubAttribute`. #1491 * (4.2.2) Added a new claim to the id_token: `"grant": <value>". #1497 * (4.2.2) Added required method to UnmodifiableAuthorizationGrant #1497 * (4.2.2) More logs in trace - added keySelectionStrategy #1494 * Adjust endpoint response according to compatibility flag #1499 * Allow bean to parse both string/list scopes formats #1499 * (4.2.2) Client's Pre-authorization flag takes higher priority. If it's true then we will ignore spec's "consent MUST" for offline access. #1496 * Fix javadoc param * casa's DUO plugin related files * Casa's DUO plugin * BioID interception script and CASA integration * Avoid NPE when there is no grant #1499 * bioid image * (4.2.2) BUG : PostAuthentication script calls re-authentication instead of re-authorization. #1504 * (4.2.2) Fixed bug - 500 server error when we request for an authorization token concurrenly #1481 * (4.2.2) Checked also grant scopes for offline_access scope. #1492 * Added more trace logs during key selection. * (4.2.2) id_token is missed during 2 concurrent calls for ROPC #1493 * #1506 - Modify the `claims-gathering` script so that it first tries to read claims from PCT before directing to the page to enter claims. * Don't stop on unsuccessfull BC installation * (4.2.2) NPE during backchannel logout if grant object was not identified #1505 * BioID script * Fix PasswordValidator faces validator dependend beans injection after JSF update to 2.3.x #1508 * Fix PasswordValidator faces validator dependend beans injection after JSF update to 2.3.x #1508 * (4.2.2) Introduced revoke interception script #1502 * (4.2.2) `sector_identifier` has to be based on host only. Also optimize redirect_uri's validation based on `sector_identifier_uri` #1503 * #1056 Modify the `claims-gathering` script so that it first tries to read claims from PCT before directing to the page to enter claims. * Fix compilation after BC upgrade * Version 4.2.2.Final * Temporary disable client side tests * Revert "Temporary disable client side tests" This reverts commit 1e3b7bb. * Version 4.2.3-SNAPSHOT * Temporary disable client side tests * Revert "Temporary disable client side tests" This reverts commit 2f59e2a. * Minor code improvements for IntrospectionWebService * (4.2.3) Added Stat and StatEntry entities. * (4.2.3) Added Stat and StatEntry entities. #1512 * Add XML signature test * (4.2.3) Added net.agkn.hll to pom #1512 * (4.2.3) Added "stat" base dn to config #1512 * (4.2.3) Added stat event and stat related configurations. #1512 * (4.2.3) Implemented StatService. #1512 * (4.2.3) Added stat timer. #1512 * (4.2.3) Added stat response item. #1512 * More logs * Reduced intervals of timers for test purpose. * (4.2.3) Report about token creation to stat service. #1512 * (4.2.3) Stat timer initialization. #1512 * Revert "Reduced intervals of timers for test purpose." This reverts commit ccaf020 * (4.2.3) added more logs #1512 * #1518 * (4.2.3) Fixed initialization of stat service #1512 * (4.2.3) Prevent NPE if stat service is not correctly initialized. #1512 * (4.2.3) Added reporting of active user to SessionIdService. #1512 * (4.2.3) Added stat response. #1512 * (4.2.3) Report for active user when authenticated session is created. #1512 * (4.2.3) Wrapped reporting active user into separate method. #1512 * (4.2.3) Added report for RPT token. #1512 * (4.2.3) Adding stat web service. #1512 * (4.2.3) Added month validation and run validation methods to StatWS. #1512 * (4.2.3) Added authorization validation and cardinality union for MAU (StatWS). #1512 * (4.2.3) Added aggregation for MAU and tokens per grant type (StatWS). #1512 * (4.2.3) Added aggregation of StatResponseItem (StatWS). #1512 * (4.2.3) Constructed stat response and prefixed endpoint with /internal/stat (StatWS) #1512 * Version 4.2.3.Final * Temporary disable client side tests * (4.2.3) Corrected client authentication for StatWS #1512 * (4.2.3) Corrected client authentication for StatWS #1512 * (4.2.3) Added Stat client service and client test. #1512 * (4.2.3) `SectorIdentifierService` must be consistent with PairwiseIdentifierService and use host of sectorIdentifierUri (not entire uri). #1520 * Revert "Temporary disable client side tests" This reverts commit 8138ae8 * (4.2.3) added basic and post client authentication for stat #1512 * Version 4.3.0.Final * Temporary disable client side tests * Revert "Temporary disable client side tests" This reverts commit 23aa6bc. * (4.3) Avoid NPE in User Info Endpoint (caused by scope removing) #1517 * A sample script to explain redirection to a third party app and back to Gluu server * typo * New interceptions script to modify id_token #1523 * Add license * (4.3) Added ability to persist attributes into token object. Removed refresh token object after access_token and id_token are created. #1526 * (4.3) Removed statNodeId from configuration. #1512 * (4.3) Stat: Use mac address as nodeId. #1512 * (4.3) Added @Expiration annotation to AbstractToken (to cover all derived classes) #1528 * (4.3) Re-set ttl of objects on update. #1528 * (4.3) Re-set ttl of UMA Resource on update. #1528 * (4.3) Added keyAlgsAllowedForGeneration configuration property. #1525 * (4.3) Restricted keys generation by keyAlgsAllowedForGeneration configuration property. #1525 * feat(casa): allow preferred method to be prompted GluuFederation/casa#87 * Check if signatire verification method returns true * Backport: Add system flag config to enable/disable CIBA #1404 * Backport: Add system flag config to enable/disable CIBA #1404 * fix(4.3): mau report must not effect authentication #1512 * fix: failed to create Ldap connection pool with encoded password. #1531 * fix(forgot_password): update script compatibility (#1535) * fix(forgot.xhtml): remove broken syntax There was an additional `<` char on the file fix #1534 * fix(forgot_password): import and send correct args ConfigurationService should be imported from `service.common` and `init` should be called with additional arg `customScript` fix #1534 * feat(forgot_password): add important info to log fix #1534 * refactor(4.3): added logs about id_token creation https://github.com/JanssenProject/jans-auth-server/issues/102 * refactor(4.3): added trace logs about refresh_token creation https://github.com/JanssenProject/jans-auth-server/issues/102 * refactor(4.3): added trace logs about access_token creation https://github.com/JanssenProject/jans-auth-server/issues/102 * feat(4.3): added simpleclient_common dependency #1321 * fix(4.3): switched hll serialization to base64 from plain string #1538 * chore: added more log messages about stat node id creation * feat: move ORM to oxOrm * fix: fix dependecies * feat: add SQL/Spanner ORM libs * feat(4.3): constants for stat service #1321 * fix: fix configuration path * feat: merge ORM from Jans * feat: merge ORM from Jans * feat: update to conform new API * feat: update to conform new API * fix(4.3): don't create monthly branch if db does not support tree structure #1543 * fix(4.3): don't create monthly branch if db does not support tree structure #1543 * fix: merge cleaner fixes from Jans * fix: remove deprecated attributes * fix: remove unused attribute * feat(4.3) : added openmetrics response support to StatWS #1512 #1321 * fix: use right UmaResource class in cleaner job * fix: missing oxAuth dynamic configuration after save oxTrust #2067 * fix: missing oxAuth dynamic configuration after save oxTrust #2067 * fix: removed cleanServiceBaseDns configuration property used during development GluuFederation/oxTrust#2067 * feat: clean only oxAuth metrics * feat: avoid potential NPE * feat: add new ORM dependecies * fix(4.3): openmetrics reponse construction #1544 * fix(4.3): openmetrics response construction #1544 * fix(4.3): changed label name #1544 * fix(4.3): fixed npe in stat ws #1544 * fix(4.3): made access to hll thread-safe #1544 * fix(4.3): corrected stat labels #1544 * feat: don't use lower case in authenticate if DB is Spanner * feat: don't use lower case in use search if DB is Spanner * fix(4.3): don't add branch if db does not support branches * fix(4.3): don't add branch for rpt service if db does not support branches * feat (4.3): added new introspectionSkipAuthorization conf property https://github.com/JanssenProject/jans-auth-server/issues/105 * fix(4.3): removed redundant amr attribute reference. * feat(4.3): made mtls service ignore order during subject matching https://github.com/JanssenProject/jans-auth-server/issues/116 * feat(4.3): corrected typo https://github.com/JanssenProject/jans-auth-server/issues/117 * feat: Add sample passwordless authentication flow * DCR response should return 201 : indicates success + record persisted * Revert "DCR response should return 201 : indicates success + record persisted" This reverts commit 7ccdd40. * feat(4.3): added ability to skip authorization for introspection endpoint https://github.com/JanssenProject/jans-auth-server/issues/105 * feat: use right OC to execute authentication filter. Jans ORM #1 * fix: merge inum PCT generation code from Jans * feat: update server test profiles * feat: add missing SQL/Spanner conf files * feat: fix typo in names * feat: update default server profile * feat: update server test profiles * feat: sync with setup * fix: use right client keystores * feat: update server test profiles * feat: merge from Jans * feat: merge code from Jans * fix(4.3): corrected logging of consent gathering session service * fix(4.3): corrected logging of consent gathering session service * fix: use ldap sdk version which defined in ORM * feat: Support for platform authenticators as FIDO2 devices (touch ID in Apple devices) * feat: update libs * Fix: register prometheus counters once for giver registrar #1553 * feat: update libs * feat(4.3): forced stat scope for statistic endpoint #1554 * fix(4.3): ignore corrupted data during stat aggregation #1555 * feat(4.3): added statAuthorizationScope configuration property and enforced it #1554 * feat(4.3): removed oxauth-rp, rp-demo and rp-sprint-boot modules #1545 * ci: added updatePolicy: always to repo * fix(4.3): do not return session_id if sessionIdRequestParameterEnabled is false https://github.com/JanssenProject/jans-auth-server/issues/149 * feat: add pingid integration * chore: add README for casa script * chore: make README point to prod docs * feat: touch id as a fido2 device * docs: typo * fix: image not needed * fix: properly url decode query parameters in QueryStringDecoder * feat: added overload for url decode method in QueryStringDecoder * feat: update jquery * feat: add trace logging to dump redirect URI * feat(4.3): added organization to client * feat: Integrating Impossible travel feature by Deduce Insights in Passwordless Authentication flow. #1563 * fix: update to conform new ORM * fix: #1563 - moved code to seperate folder + implemented account lock on impossible travel detection * fix: fix oxEnrollmentCode custom attribute removal * feat : Interception script to integrate 2FA mechanism by Stytch with the Gluu Server #1564 * feat: casa plugin for Stytch Creds as a 2FA method * Version 4.3.0.Final * feat: temporary disable tests * Revert "feat: temporary disable tests" This reverts commit e6dcfda. * feat: force to use recent joda-time * fix(4.3): fixed persistence of session on acr changed detection #1552 * fix(4.3): removed filtering of stat endpoint Authorization is checked inside WS. * fix(4.3): added SSA and additional access token validation during client update #1567 * feat: added more logs to add user method * fix: consent Gathering Script is not working in 4.3.0 version. #1549 * fix: consent Gathering Script is not working in 4.3.0 version. #1549 * fix: consent Gathering Script is not working in 4.3.0 version. #1549 * fix(4.3): removed client_credentials token validation #1567 * Merge with 4.3.0 * Merge with 4.3.0 * Merge with 4.3.0 Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: kdhttps <kdhttps@gmail.com> Co-authored-by: Christian <59786962+christian-hawk@users.noreply.github.com> Co-authored-by: Jose <bonustrack310@gmail.com> Co-authored-by: Madhumita <madhu@gluu.org> Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Djeumen Rolain <uprightech@gmail.com>
yurem
added a commit
to GluuFederation/oxTrust
that referenced
this issue
Oct 5, 2021
* Version 4.2.0.Final * Version 4.2.1.Final * Remove unencrypted redis password from database * reset password when Secret question and Secret Answer are active. #2001 * Not able to delete claims redirect uri for any client #2002 * Use same resource messages varible name in oxAuth and oxTrust * Remove temporary file * Add .metadata to ingore list * Fix i18n messages issue * Remove old dependencies * Fix Some UI issues * Add health-check controller to oxtrust-server * buttons in json configuration ? #2003 * Device authz grant type supported and configuration manage. GluuFederation/oxAuth#141 * Remove old dependency * Store issued tokens count metrics #1436 * Use libs versions defined in bom file * Changes in this commit: * Re-introduced oxtrust-api into oxTrust * oxtrust : added dynamicRegistrationAllowedPasswordGrantScopes to oxauth conf GluuFederation/oxAuth#1130 * oxtrust : added description for dynamicRegistrationAllowedPasswordGrantScopes GluuFederation/oxAuth#1130 (cherry picked from commit 1e71ea5) * Change javax.faces with jakarta.faces * Injection: Cross-Site Scripting #2012 * Injection: Cross-Site Scripting #2012 * oxtrust : added new software statement related configuration properties to UI. GluuFederation/oxAuth#1444 (cherry picked from commit d32feac) * oxtrust : corrected software statement related configuration properties on UI. GluuFederation/oxAuth#1444 (cherry picked from commit d32feac) * Fix autocomplete issues, update bootsfaces to latest * Initiate user logout upon successfull password reset * add spacer * Fix security question field on forgot password reset form * Change label / values for Scope visibility #2015 * (4.2.1) oxtrust : added description of refreshTokenExtendLifetimeOnRotation configuration property GluuFederation/oxAuth#1449 (cherry picked from commit bf86387) * Visual issues on OIDC client advanced settings page #2018 * U2F enrollments not shown in User's Authentication Methods panel #2017 * Fix issues after Richfaces version changed * Fix popup issue after richfaces upgrade * UI fixes * Password reset functionality is not working when security Question and security answer is entered. #2019 * Password reset functionality is not working when security Question and security answer is entered. #2019 * oxtrust : forbid fragment in redirect_uri #2020 * JAXB-API implementation error #2005 * Convert trust contact from xml to json * Forgot password functionality not working with captcha #2022 * fixed scopes inventory * Disable browser's autocomplete for password fields * gluu-release-attributes-post-processor * CR copy binary attributes to local LDAP as base64 string #2025 * Remove CustomScriptService * Remove CustomScriptService * Use CustomScriptManager instead of ScriptService * Fix compilation issue * Use CustomScriptService * Add U2F checkU2fAttestations option * Fix search person by uid in person add action * Fix search user by e-mail and uniqueness check * Add checkU2fAttestations Fido2 property * Fix search user by uid when uid is case sensetive * Fix search person by uid in person add action * Revert "Fix search person by uid in person add action" This reverts commit c964095. * Fix search person by uid in person add action * Version 4.2.1.Final * Saml Configured relay party : assertionlifetime value box is so small its value cannot be read . #2026 * Use latest 5.4.x hibernate validator * Improve health check * 503-fix * Error Viewing InCommon Metadata #2029 * unverified-rp fix * double nameid fix * Re-try to download UMA metadata * Add ability to specify oxauth address instead of calling FQDN #2032 * Branch for 4.2.2 * Version 4.2.2-SNAPSHOT * oxTrust should use acr level to check acr instead of acr_name #2033 * oxTrust should use acr level to check acr instead of acr_name #2033 * Fix possibles memory leak * Remove static fields usage to improve memory usage * Move some noisy log lines to debug/trace * Prevent registration of the attribute with the same name #2040 * Prevent registration of the attribute with the same name #2040 * 7 day statistics on home screen has strange behavior * (4.2.2) oxtrust : added discoveryCacheLifetimeInMinutes to GUI GluuFederation/oxAuth#1487 (cherry picked from commit f415f14) * On oxtrust passport provider, the automatically generated callback url is invalid when using containers #2041 * Fix compilation error * Fix missing parent metric branch bug * Fix missing parent metric branch bug * (4.2.2) oxtrust : added keySelectionStrategy to GUI GluuFederation/oxAuth#1494 * (4.2.2) oxtrust : set format=select GluuFederation/oxAuth#1494 * Add flag field, see GluuFederation/oxAuth#1499 * Fix compilation issue * Remove sector_identifier_uri menu with dialogs and provide ability #2044 * Remove sector_identifier_uri menu with dialogs and provide ability to enter it as text with automatic population of redirect_uris #2044 * Passport Config: field mapping dropdown #2027 * Passport Config: field mapping dropdown #2027 * Passport Config: field mapping dropdown #2027 * (4.2.2) oxtrust : added subjectIdentifierBasedOnWholeUriBackwardCompatibility and sectorIdentifierCacheLifetimeInMinutes configuration properties GluuFederation/oxAuth#1503 * (4.2.2) oxtrust : added REVOKE_TOKEN custom script type GluuFederation/oxAuth#1502 * Don't stop on unsuccessfull BC installation * Use oxAuth configuration to check if application should render login graph on home page #2045 * Fix method to update log level oxAuth #204 * Fix OIDC error * Passport Config: field mapping dropdown #2027 * Missing information on server status view #2047 * The request is missing a required parameter error obtained in flow 3 #2046 * Version 4.2.2.Final * Use MetricService to prepare base branches * 4.2.2-SNAPSHOT -> 4.2.2.Final * Version 4.2.3-SNAPSHOT * Fix OIDC error * Passport Config: field mapping dropdown #2027 * The request is missing a required parameter error obtained in flow 3 #2046 * (4.2.3) oxtrust : Added stat related configurations to UI. GluuFederation/oxAuth#1512 * Remove swagger file from oxTrust repo * Remove swagger file from oxTrust repo * Version 4.2.3.Final * Version 4.3.0.Final * Use documentStoreService instead of local file system to load metadata file * New interceptions script to modify id_token oxAuth #1523 * oxtrust: added keyAlgsAllowedForGeneration configuration property. GluuFederation/oxAuth#1525 * Backport: Added cibaEnabled flag in the configuration. GluuFederation/oxAuth#1404 * Add defaults passport strategies * feat(oxtrust): design configuration for openid-client new passport provider strategy #2052 * feat(oxtrust): design configuration for openid-client new passport provider strategy #2052 * fix(oxtrust): remove sector identifier pages from the code #2057 * fix(oxtrust): support custom app schema and appschema #2057 * fix(oxtrust): add pagination for search feature against a big enough userbase #2061 * fix(oxtrust): add pagination for search feature against a big enough userbase #2061 * fix(oxtrust): add pagination for search feature against a big enough userbase #2061 * fix(oxtrust): add pagination for search feature against a big enough userbase #2061 * fix(oxtrust): add pagination for search feature against a big enough userbase #2061 * feat: move ORM to oxOrm * feat: update to conform latest ORM * feat: update to conform ORM * feat: update to conform ORM * feat: update to conform ORM * fix: update to conform new API * fix: update to conform new API * fix: compilation fixes * feat: add SQL/Spanner support * feat: update models * fix: cache Refresh: Don't print ldap password in log #2055 * feat: merge ORM from Jans * feat: merge ORM from Jans * feat: update to conform new API * fix: fix search when DB is table based * fix: remove deprecated attributes * fix: remove unused attribute * feat: sync gluuOxtrustStat with bean * fix: missing oxAuth dynamic configuration after save #2067 * fix: update cleaner job to use more effective RDBS methods #2066 * fix: missing oxAuth dynamic configuration after save #2067 * fix: don't update GluuConfiguration bean attributes in get method #2065 * feat: add new ORM dependecies * fix: remove userPassword from client * fix: remove userPassword from client * fix: don't attempt ot create branches * feat: don't use lower case in authenticate if DB is Spanner * feat(oxtrust): setting custom acr-value for idp-initiated flow #2051 * feat(oxtrust): enable custom validation checked by default (incorrectly) #2070 * feat(oxtrust): fido device service log for new registered user with scim should be in warn log #2068 * feat(oxtrust): Rremove 'generate sp metadata' feature #2043 * feat(oxtrust): add person form nrashes with new objectclass #2069 * Fix(oxTrust): saml nameid configuration is not working in cloud edition #2073 * Fix(oxTrust): saml nameid configuration is not working in cloud edition #2073 * feat: show JCA document store password properly * feat: show JCA document store password properly * Fix(oxTrust): saml nameid configuration is not working in cloud edition #2073 * Fix(oxTrust): first uma rpt token after starting up #2060 * Fix(oxTrust): saml nameid configuration is not working in cloud edition #2073 * fix(oxtrust): saml nameid configuration is not working in cloud edition #2073 * fix(oxtrust): saml nameid configuration is not working in cloud edition #2073 * fix(oxtrust): fill correct provider options as per type in passport provider configuration #2074 * fix(oxtrust): email attribute validation Not working on view profile section. #2054 * feat(admin-ui): add option to show only enables or disabled scripts * chore: remove joda lib usage * feat(oxtrust): update morris.js library to latest #2078 * feat(oxtrust): update morris.js library to latest #2078 * fix: include postAuthenticationFlows for relying-party shibboleth config * feat(oxtrust): fill correct provider options as per type in passport provider configuration #2074 * feat(oxtrust): adding extra libraries created wrong classpath in oxauth.xml #2077 * feat(oxtrust): adding extra libraries created wrong classpath in oxauth.xml #2077 * feat(oxtrust): cache refresh not working on 4.3.0 version. #2072 * fix(oxTrust): oops error on clicking Other custom Scripts #2081 * feat: update libs * feat(oxtrust): password reset success completion redirection #2082 * fix: add shibboleth transcoding rules generation Added code to generate Shibboleth 4 style transcoding rules which are useful in the resolution of issue #74 in oxShibboleth * fix: minor code style fixes and SAML1 references removal * fix: remove SAML1 reference from gluu-attribute-rules.xml.vm * fix(oxtrust): fix active scripts checkbox label * feat: adjust json-config UI form as per GluuFederation/scim#20 * feat: remove test mode property usage GluuFederation/scim#20 * feat: add OAuth protection mechanism for scim GluuFederation/scim#20 * feat: add OAuth protection mechanism for scim pt 2. GluuFederation/scim#20 * feat: remove extra logging statements GluuFederation/scim#20 * feat: fix commit 0ff85f7 GluuFederation/scim#20 * feat(oxtrust): enhance usability of scopes picker in client edition form #2085 * feat(oxtrust): updating client id in passport IDP-initiated flow config throws Oops error. #2084 * feat: added http request extraction for shibboleth * fix: malformed gluu-attribute-rules.xml.vm * fix: relying-party template generated incorrect config data for shibboleth * feat: adjust json-config UI form as per GluuFederation/scim#22 * feat: use URL Connection client executor when proxy is required * fix: "Organization Configuration" throwing error #2075 * feat: use new method to lookup manger group * feat: register new method in gluufn library * fix: fix NPE when version is not exists * fix: create connection provider before checking it's status * fix: update to conform new ORM * fix: fix AD server configuration * (oxTrust) fix oops error when the sector identifier uri is not valid or the content is not valid * chore: refactor REST services protection logic Related GluuFederation/scim#26 * feat: add no-protection mode GluuFederation/scim#26 * feat: store acr in user profile to allow use it in IDP * Version 4.3.0.Final * fix: use Final binaries * fix: don't fail on javadoc * fix(oxtrust): identity throws oops error on providing invalid sector uri which is not friendly, returning “oops” is a bug, and must be escalated. #2091 * feat: shorten sentence GluuFederation/scim#26 Co-authored-by: Gasmyr <thomas@gluu.org> Co-authored-by: Milton BO <jmcm578@gmail.com> Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: Dzouato Djeumen Rolain Bonaventure <uprightech@gmail.com> Co-authored-by: Harjinder Dhanjal <malotian@gmail.com> Co-authored-by: Jose <bonustrack310@gmail.com> Co-authored-by: gasmyr <gasmyrmougang@yahoo.fr>
yurem
added a commit
to GluuFederation/community-edition-setup
that referenced
this issue
Oct 5, 2021
* fix post setup for scim * Casa's script for DUO * oxBiometricDevices, oxDUODevices * Putting oxDuoDevices and oxBiometricDevices at the bottom * oxBiometricDevices and oxDuoDevices are a part of gluuCustomPerson and not GluuPerson * fix custom_schema.json * change desc in custom_schema.json * (4.2.2) setup: revoke interception script sample GluuFederation/oxAuth#1502 * ask if oxtrust to be installed * couchase user pfrefix in datasource * fix version in post-setup * Version 4.2.2.Final * Version 4.2.3-SNAPSHOT * (4.2.2) setup: added ou=stat,o=gluu GluuFederation/oxAuth#1512 * (4.2.3) setup: added jansStatEntry OC GluuFederation/oxAuth#1512 * (4.2.3) setup: added jansId to indexes GluuFederation/oxAuth#1512 * change mod_ssl name for rhel7 * data type imapdata -> json for attrib 42E1 * ldap2cb: migrate to py3 and fixes * Make some SCIM attributes multivalued as in spec * Add multivalued data * Version 4.2.3.Final * (4.2.3) setup: added statWebServiceIntervalLimitInSeconds:60 GluuFederation/oxAuth#1512 * mod_ssl centos7 * Version 4.3.0.Final * Add u2f and fido2 test data * Add sample update_token script * Add sample update_token script * fixes templates * show version on tui * fixes * no-chroot install script * install missing packages * Add keepAliveInterval CB SDK support * F2 to display version info * python3-six dependency for gluu_setup.py * refactor: 4.3.0 setup * fix: oxd-server.default * fix: idp download * fix: don't backup same file * refactor: seperate argparser * refactor(rdbm): json files * fix: add ou=stat,o=gluu * feat: migrate Jans to Gluu OC * feat: migrate Jans to Gluu OC * refactor: rdbm works * feat(rdbm): installation * fix: gluu_installer.py for args * fix: radius installer * fix(rdbm): local install * fix(schema): add missing attributes * fix(rdbm): schema and sql data types * fix: gluuPerson * fix: update package list * fix: update installer for missing packages * fix: ruamel module * fix: add pylib path to encode.py * refactor: re-order installers * fix: encode.py * fix: doc_id gluu --> _ * fix: remov unused file db_utils_org.py * feat: add -n option to gluu_install.py * fix: change ce setup branch * feat: implement --no-progress * fix: redhat8 installs * feat: add -no-setup to installer * fix: typo * fix: enable opendj * re-add stat service attrbiutes * fix: generate schema * fix: set jetty timeout 300 * fix: set systemd tiemout * fix: spanner fixes * feat: logging config * fix: cb installation * refactor: log filename db-backend.log * feat: add --dist-server-base * fix: couchbase test data loading * fix: cn for uniqueness in ldap * fix: load test data for ldap * fix: test data loader ldap bind * fix: dsconfig after test data * fix: remove attrbiutes lifetime & salt * fix: implement spanner test data loader * fix: add del and exp to gluuPasswordResetRequest * fix: re-generate schema * feat: pre add base metric entries * feat: pre add base metric entries * feat: pre add base metric entries * fix: spacing * Update install.py added sqlalchemy extraction to ces_dir * fix: added ssnId to oxAuthUmaRPT * fix: added ssnId to oxAuthUmaPCT * fix: load ldif * fix(wrends): change display text to opendj * fix: spanner subtables * fix: couchbase install (ref: #741) * faet: review Spanner indexes #736 * fix: remote couchbase arg * faet: review Spanner indexes #736 * fix: mysql indexes (ref: #737) * fix: chown root:gluu gluuOptPythonFolder * fix(spanner): passport installation (ref: #740) * fix: creating o=metric related entries (ref: #742) * fix: ldap test data loader * fix: spanner test data loading * feat(test-data): display if test data will be loaded * feat(cert): download Apple WebAuthn Root CA * fix: setting couchbase admin password * fix: passport cert files mode * feat: merge test config changes from jans * fix: saml couchbase install (ref: #741) * fix: check if apache module is availabe before enabling (ref: #741) * feat: check user and group before adding * fix: remove wrong error line for rendering ecnode script * feat: check if opendj ports are free (ref: #743) * fix: /etc/certs permissions * feat: fix attribute names to conform Gluu shema * feat: update test CIBA configuration * feat: update test CIBA configuration * fix: test data additional columns creation * feat: fix configuration entry DN in server tests * fix: limit lenght of description for indexing * fix: set size 768 for description * fix: spanner test data columns * fix: cb test oxauth config * feat: update default server profile * feat: update default server profile * feat: update default server profile * fix: don't create gluuCustomPerson * fix: typo * feat: update default server profile * feat: command line backend options * fix: set couchbase host to hostname for local installation * fix: disable ssl ofr cb test profile * feat: merge scim properties from Jans * fix: couchbase hostname * fix: rdbm test data columns * fix: local mysql installation * fix: typo * fix: prepend plus sign GluuFederation/casa#138 * feat(tui): implement backends * fix: oxd server gluu storage config * fix: typo * fix: oxd-server progress string * fix: remote cb install * fix: remove tmp file * fix: create UMA SCIM resource (ref: #744) * fix: typo * fix: double backup when inserting lines to file * fix: scim-rp.jks goes to bot output and certs dir * feat: file descriptor limits for systemd services (ref: #734 #745 ) * fix: post install tasks * refactor(backend): disable rdbm * feat: re-try download three times on fail * Load module before config https://support.gluu.org/other/9790/bug-in-httpdconf/ * fix: passport certs ownerships * fix: remove sqlalchemy related code from install.py * fix: remove gluu_install.py if extracted within container * fix: chenage jetty version * fix: typo * Updated marketing messages Updated marketing messages * Revert "refactor(backend): disable rdbm" This reverts commit e204f11. * fix: re-do commit 0fc53c8 * fix: re-do commit 1ff6a74 * refactor(rdbm): suppress rdbm options * fix: scim istallation * fix: ownership of webapps dir (ref: #746) * feat(setup4.3): added stat scope GluuFederation/oxAuth#1554 * refactor(4.3setup): renamed scope stat -> jans_stat GluuFederation/oxAuth#1554 * fix: centos packages * chore: sync scim script wrt oxexternal * chore: remove comment * feat: add enable war updates to gluu_install.py * feat: extract sqlalchemy * feat: gluu_install.py update oxd-server * feat: dummy installation * feat: added o to oxAuthClient * fix: typo on help * fix: update shibboleth idp custom script * chore: adjust length casa attributes * fix: don't create config for oxd * feat: Touch ID as a fido2 device (platform authenticator) * feat: Adjust protection mode handling in SCIM See GluuFederation/scim#20 * feat: scim scopes (ref: #750) * feat: UMA mode for SCIM (ref: #752) * feat: dbUtils set config by dn * fix: find oxd_host when collecting properties * feat: fido installer add do_import arg * fix: collect properties for cb backend * fix: collect properties oxd_host * feat: backup option for copyFile * fix: collect properties casa for cb backend * fix: set_configuration for cb * feat: function determine_key_gen_path() * feat: conform script wrt latest changes GluuFederation/scim#18 * feat: Update OpenDJ version * feat: add jetty version * feat: adjust template for new field, see GluuFederation/scim#22 * fix: fix oxDeviceData size * fix: fic consent script api version * feat: jetty-10 integration * fix: jetty inifile * fix: jetty inifile * feat: jetty version is available with option -a * fix: arg parser * fix: spanner passport install * fix: spanner related issues * feat: gluu-utils * fix: check City in TUI (ref: #754) * fix: updated idp.properties for Shibboleth IDP install * feat: Casa plugin for Stytch Credentials * fix: use Final binaries * feat: remove oxaut-rp installation * fix: idp.session.slop entry in idp.properties prevents Shib IDP start * fix: opendj version 4.4.12 * fix: re-enable encoding setup.properties * fix: prevent casa client vanish * fix: Fix wrong steps count in consent script * fix: load setup.properties * fix: update jetty version * fix: mem calculation when setup.properties loaded * fix: set opendj ram constraint * fix: gluu-radius unable to start * fix: gluu-radius failed to start due to incorrect user/group * fix: ownership issue * fix: radius init.d script Co-authored-by: Mustafa Baser <mbaser@mail.com> Co-authored-by: Madhumita <madhu@gluu.org> Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: Jose <bonustrack310@gmail.com> Co-authored-by: David <nikdavnik@gmail.com> Co-authored-by: Ganesh <ganesh.sharma@worldiswelcome.com> Co-authored-by: Mike Schwartz <mike@gluu.org> Co-authored-by: Djeumen Rolain <uprightech@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the issue
Introduce revoke interception script. With revoke interception script it will be possible to inject custom logic (especially with
invalidateSessionCookiesAfterAuthorizationFlowconjunction).Support: 9103
The text was updated successfully, but these errors were encountered: