Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(jans-auth-server): add restriction for request_uri parameter (blocklist/filter) #1503

Closed
yuriyz opened this issue Jun 3, 2022 · 3 comments
Closed

feat(jans-auth-server): add restriction for request_uri parameter (blocklist/filter) #1503

yuriyz opened this issue Jun 3, 2022 · 3 comments
Assignees
@yuriyz
Labels
comp-jans-auth-server Component affected by issue or PR kind-feature Issue or PR is a new feature request
Milestone
1.0.1

Comments

@yuriyz
Copy link
Contributor

yuriyz commented Jun 3, 2022
edited

Description

feat(jans-auth-server): add restriction for request_uri parameter (blocklist/filter).
We should not allow RP initiate call to any provided url send to AS.

Note: must be done in oxauth as well (4.4.1)

Mike: let’s call it request_uri_blocked_list
@yuriyz yuriyz added comp-jans-auth-server Component affected by issue or PR kind-feature Issue or PR is a new feature request labels Jun 3, 2022
@yuriyz yuriyz self-assigned this Jun 3, 2022
@yuriyz
Copy link
Contributor Author

yuriyz commented Jun 3, 2022

We can add allowed client.request_uris - allowed request_uris for given client (similar to client.redirect_uri).

yuriyz added a commit to GluuFederation/oxAuth that referenced this issue Jun 9, 2022
@yuriyz
feat(oxauth): added restriction for request_uri parameter (blacklist/…
c567baf 
…allowed list) (4.5)

JanssenProject/jans#1503
@yuriyzz yuriyzz mentioned this issue Jun 9, 2022
Merged
yuriyz added a commit to GluuFederation/oxAuth that referenced this issue Jun 9, 2022
@yuriyz
feat(oxauth): added restriction for request_uri parameter (blacklist/…
2116ac5 
…allowed list) (4.5)

JanssenProject/jans#1503
(cherry picked from commit c567baf)
@yuriyzz yuriyzz mentioned this issue Jun 9, 2022
Merged
yuriyz added a commit to GluuFederation/community-edition-setup that referenced this issue Jun 9, 2022
@yuriyz
feat(community-edition-setup): added localhost to requestUriBlackList
c03fe1c 
JanssenProject/jans#1503
@yuriyzz yuriyzz mentioned this issue Jun 9, 2022
Merged
yuriyz added a commit to GluuFederation/community-edition-setup that referenced this issue Jun 9, 2022
@yuriyz
feat(community-edition-setup): added localhost to requestUriBlackList
74b984e 
JanssenProject/jans#1503
(cherry picked from commit c03fe1c)
@yuriyz
Copy link
Contributor Author

yuriyz commented Jun 10, 2022
edited

Configuration property is called requestUriBlockList.

yuriyz added a commit to GluuFederation/oxAuth that referenced this issue Jun 10, 2022
@yuriyz
chore(oxauth): renamed requestUriBlackList -> requestUriBlockList (4.5)
bcbabc1 
JanssenProject/jans#1503
yuriyz added a commit to GluuFederation/oxAuth that referenced this issue Jun 10, 2022
@yuriyz
chore(oxauth): renamed requestUriBlackList -> requestUriBlockList (4.5)
f500010 
JanssenProject/jans#1503
(cherry picked from commit bcbabc1)
@yuriyzz yuriyzz mentioned this issue Jun 10, 2022
Merged
@moabu moabu added this to the 1.0.1 milestone Jun 15, 2022
yuriyz added a commit that referenced this issue Jun 15, 2022
@yuriyz
feat(jans-auth-server): added restriction for request_uri parameter (…
0696d92 
…blocklist and allowed client.request_uri) #1503

#1503
@yuriyzz yuriyzz mentioned this issue Jun 15, 2022
Merged
yuriyz added a commit that referenced this issue Jun 15, 2022
@yuriyz
Merge pull request #1556 from JanssenProject/jans-auth-server-1503
2e709dd 
feat(jans-auth-server): added restriction for request_uri parameter (blocklist and allowed client.request_uri) #1503
@yuriyz
Copy link
Contributor Author

yuriyz commented Jun 15, 2022

Done in jans, 4.4.1 and oxauth master.

@yuriyz yuriyz closed this as completed Jun 15, 2022
@yuriyz yuriyz changed the title feat(jans-auth-server): add restriction for request_uri parameter (blacklist/filter) feat(jans-auth-server): add restriction for request_uri parameter (blocklist/filter) Jun 15, 2022
yuriyz added a commit to GluuFederation/community-edition-setup that referenced this issue Jun 16, 2022
@yuriyz
chore(community-edition-setup): requestUriBlackList -> requestUriBloc…
e061f97 
…kList

JanssenProject/jans#1503
@yuriyz yuriyz mentioned this issue Jun 16, 2022
Merged
yuriyz added a commit to GluuFederation/community-edition-setup that referenced this issue Jun 16, 2022
@yuriyz
chore(community-edition-setup): requestUriBlackList -> requestUriBloc…
53fbae7 
…kList (#884)

JanssenProject/jans#1503
yuriyz added a commit to GluuFederation/community-edition-setup that referenced this issue Jun 16, 2022
@yuriyz
chore(community-edition-setup): requestUriBlackList -> requestUriBloc…
f0a5780 
…kList (main)

JanssenProject/jans#1503
@yuriyz yuriyz mentioned this issue Jun 16, 2022
Merged
yuriyz added a commit to GluuFederation/community-edition-setup that referenced this issue Jun 16, 2022
@yuriyz
chore(community-edition-setup): requestUriBlackList -> requestUriBloc…
68e3688 
…kList (main) (#885)

JanssenProject/jans#1503
@mo-auto mo-auto mentioned this issue Jul 5, 2022
Merged
@mo-auto3 mo-auto3 mentioned this issue Jul 6, 2022
Merged
@mo-auto3 mo-auto3 mentioned this issue Jul 6, 2022
Merged
@mo-auto mo-auto mentioned this issue Jul 6, 2022
Merged
This was referenced Aug 30, 2022
Merged
Merged
This was referenced Aug 30, 2022
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuriyz yuriyz

Labels
comp-jans-auth-server Component affected by issue or PR kind-feature Issue or PR is a new feature request
Projects
None yet
Milestone
1.0.1
Development

No branches or pull requests
2 participants
@yuriyz @moabu