-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Enhance zosmf authentication scheme to support client certificates #2207
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: achmelo <a.chmelo@gmail.com>
Signed-off-by: achmelo <a.chmelo@gmail.com>
Signed-off-by: achmelo <a.chmelo@gmail.com>
Signed-off-by: achmelo <a.chmelo@gmail.com>
Signed-off-by: achmelo <a.chmelo@gmail.com>
Signed-off-by: achmelo <a.chmelo@gmail.com>
Signed-off-by: achmelo <a.chmelo@gmail.com>
Signed-off-by: achmelo <a.chmelo@gmail.com>
Signed-off-by: achmelo <a.chmelo@gmail.com>
Signed-off-by: Petr Weinfurt <weipe03@ca.com>
…GH2072/zosmf_x509 # Conflicts: # gateway-service/src/test/java/org/zowe/apiml/acceptance/ZosmfSchemeTest.java
Signed-off-by: Petr Weinfurt <weipe03@ca.com>
Signed-off-by: achmelo <a.chmelo@gmail.com>
Signed-off-by: achmelo <a.chmelo@gmail.com>
Signed-off-by: achmelo <a.chmelo@gmail.com>
Signed-off-by: achmelo <a.chmelo@gmail.com>
Signed-off-by: achmelo <a.chmelo@gmail.com>
balhar-jakub
approved these changes
Mar 25, 2022
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There are a few comments around duplication but in general it looks good.
gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/schema/ZosmfScheme.java
Show resolved
Hide resolved
gateway-service/src/test/java/org/zowe/apiml/acceptance/ZosmfSchemeTest.java
Show resolved
Hide resolved
gateway-service/src/test/java/org/zowe/apiml/acceptance/ZosmfSchemeTest.java
Outdated
Show resolved
Hide resolved
Signed-off-by: achmelo <a.chmelo@gmail.com>
Kudos, SonarCloud Quality Gate passed! |
achmelo
added a commit
that referenced
this pull request
Apr 19, 2022
…tes (#2207) * get JWT from authsource Signed-off-by: achmelo <a.chmelo@gmail.com> * create JWT auth source if X509 is provided Signed-off-by: achmelo <a.chmelo@gmail.com> * update original authsource Signed-off-by: achmelo <a.chmelo@gmail.com> * expect token in header for valid client cert Signed-off-by: achmelo <a.chmelo@gmail.com> * remove imports Signed-off-by: achmelo <a.chmelo@gmail.com> * accept client cert auth after loadbalancer Signed-off-by: achmelo <a.chmelo@gmail.com> * reject request if zosmf scheme is not available Signed-off-by: achmelo <a.chmelo@gmail.com> * test config refactoring Signed-off-by: achmelo <a.chmelo@gmail.com> * update and add unit tests Signed-off-by: achmelo <a.chmelo@gmail.com> * Acceptance tests with check of X509 transformation to JWT. Signed-off-by: Petr Weinfurt <weipe03@ca.com> * Remove unused imports. Signed-off-by: Petr Weinfurt <weipe03@ca.com> * access zosmf with client cert Signed-off-by: achmelo <a.chmelo@gmail.com> * remove unused test Signed-off-by: achmelo <a.chmelo@gmail.com> * refactor, code smells Signed-off-by: achmelo <a.chmelo@gmail.com> * code coverage Signed-off-by: achmelo <a.chmelo@gmail.com> * udpate comment Signed-off-by: achmelo <a.chmelo@gmail.com> * extract duplication Signed-off-by: achmelo <a.chmelo@gmail.com> Co-authored-by: achmelo <a.chmelo@gmail.com> Co-authored-by: Petr Weinfurt <weipe03@ca.com> Co-authored-by: achmelo <37397715+achmelo@users.noreply.github.com> (cherry picked from commit 5750072) Signed-off-by: achmelo <a.chmelo@gmail.com>
achmelo
added a commit
that referenced
this pull request
Apr 28, 2022
* refactor: Refactoring for gateway.filters classes (#2157) Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> (cherry picked from commit ab36819) Signed-off-by: achmelo <a.chmelo@gmail.com> * refactor: introduce dedicated origin of the authentication source (#2163) * refactor: use dedicated origin of the authentication source instead of QueryResponse.Source Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * refactor: improve code coverage Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * refactor: resolve licence issue Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * refactor: refactor JUnit test Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit d18f388) Signed-off-by: achmelo <a.chmelo@gmail.com> * refactor: Refactored PostStoreLoadBalancerCacheFilter and LocationFilter (#2168) * Refactored PostStoreLoadBalancerCacheFilter Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * Refactored LocationFilter Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * addressed code review Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> (cherry picked from commit c6f018b) Signed-off-by: achmelo <a.chmelo@gmail.com> * chore: publish coverage from internal port tests, provide comment where resu… (#2195) * publish coverage from internal port tests, provide comment where results are not stored, remove integration test count publish Signed-off-by: achmelo <a.chmelo@gmail.com> * merge Signed-off-by: achmelo <a.chmelo@gmail.com> * correct job name Signed-off-by: achmelo <a.chmelo@gmail.com> (cherry picked from commit d471bed) Signed-off-by: achmelo <a.chmelo@gmail.com> * apiml/GH2062/add-x509-auth-source (#2185) * feat(authentication): introduce x509 authentication source Introduce the object and basic service for a client certificate as source of authentication Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * refactor: use dedicated origin of the authentication source instead of QueryResponse.Source Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * refactor: improve code coverage Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * refactor: resolve licence issue Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Add implementation of AuthSourceService interface to process client certificate authentication Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: add JUnits Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: return BAD REQUEST (400) when X509 certificate which cannot be used for client authentication is used in authentication scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: fix error in acceptance test (ZosmfSchemeTest) Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: fix Sonar issues Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: define X509 authentication source service as bean in configuration Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * rerun Signed-off-by: achmelo <a.chmelo@gmail.com> Co-authored-by: achmelo <a.chmelo@gmail.com> (cherry picked from commit efd53a8) Signed-off-by: achmelo <a.chmelo@gmail.com> * resolve additional conflicts Signed-off-by: achmelo <a.chmelo@gmail.com> * fix: Add BearerContent filter to enable bearer auth (#2197) * Add BearerContent filter to enable bearer auth Signed-off-by: at670475 <andrea.tabone@broadcom.com> * Add BearerContent filter to enable bearer auth Signed-off-by: at670475 <andrea.tabone@broadcom.com> * Add functional test to test bearer auth Signed-off-by: at670475 <andrea.tabone@broadcom.com> * Convert to given_when_then Signed-off-by: at670475 <andrea.tabone@broadcom.com> * Add functional test for gateway Signed-off-by: at670475 <andrea.tabone@broadcom.com> * Add functional tests for DS Signed-off-by: at670475 <andrea.tabone@broadcom.com> * Fix git diff Signed-off-by: at670475 <andrea.tabone@broadcom.com> (cherry picked from commit 1d41704) Signed-off-by: achmelo <a.chmelo@gmail.com> * refactor: Introduce applid to the SafIdtProvider (#2219) * Failing acceptance tests Signed-off-by: Jakub Balhar <jakub.balhar@broadcom.net> * Fix tests and limit the certificate related ones Signed-off-by: Jakub Balhar <jakub.balhar@broadcom.net> Co-authored-by: Jakub Balhar <jakub.balhar@broadcom.net> (cherry picked from commit 2536f4d) Signed-off-by: achmelo <a.chmelo@gmail.com> * feat: Enhance zosmf authentication scheme to support client certificates (#2207) * get JWT from authsource Signed-off-by: achmelo <a.chmelo@gmail.com> * create JWT auth source if X509 is provided Signed-off-by: achmelo <a.chmelo@gmail.com> * update original authsource Signed-off-by: achmelo <a.chmelo@gmail.com> * expect token in header for valid client cert Signed-off-by: achmelo <a.chmelo@gmail.com> * remove imports Signed-off-by: achmelo <a.chmelo@gmail.com> * accept client cert auth after loadbalancer Signed-off-by: achmelo <a.chmelo@gmail.com> * reject request if zosmf scheme is not available Signed-off-by: achmelo <a.chmelo@gmail.com> * test config refactoring Signed-off-by: achmelo <a.chmelo@gmail.com> * update and add unit tests Signed-off-by: achmelo <a.chmelo@gmail.com> * Acceptance tests with check of X509 transformation to JWT. Signed-off-by: Petr Weinfurt <weipe03@ca.com> * Remove unused imports. Signed-off-by: Petr Weinfurt <weipe03@ca.com> * access zosmf with client cert Signed-off-by: achmelo <a.chmelo@gmail.com> * remove unused test Signed-off-by: achmelo <a.chmelo@gmail.com> * refactor, code smells Signed-off-by: achmelo <a.chmelo@gmail.com> * code coverage Signed-off-by: achmelo <a.chmelo@gmail.com> * udpate comment Signed-off-by: achmelo <a.chmelo@gmail.com> * extract duplication Signed-off-by: achmelo <a.chmelo@gmail.com> Co-authored-by: achmelo <a.chmelo@gmail.com> Co-authored-by: Petr Weinfurt <weipe03@ca.com> Co-authored-by: achmelo <37397715+achmelo@users.noreply.github.com> (cherry picked from commit 5750072) Signed-off-by: achmelo <a.chmelo@gmail.com> * chore: improved testing for zaas client compatibility for both v1 and v2 base urls (#2239) Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> (cherry picked from commit 046bce0) Signed-off-by: achmelo <a.chmelo@gmail.com> * feat: Enhance x509 authentication scheme to support client certificates (part 1) (#2244) * feat: Enhance x509 authentication scheme to support client certificates (part 1) move the logic which gets authentication source from request to scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 1) add more JUnit tests Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 1) get authentication source from scheme in ServiceAuthenticationDecorator Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 1) fix tests for ServiceAuthenticationDecorator Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit 615badf) Signed-off-by: achmelo <a.chmelo@gmail.com> * chore: rename AbstractAuthenticationScheme interface (#2247) Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit 90fa300) Signed-off-by: achmelo <a.chmelo@gmail.com> * fixes after merge Signed-off-by: achmelo <a.chmelo@gmail.com> * feat: zowe jwt from x509 (#2245) * zowe jwt Signed-off-by: achmelo <a.chmelo@gmail.com> * translate x509 into zoweJWT Signed-off-by: achmelo <a.chmelo@gmail.com> * update header after LB Signed-off-by: achmelo <a.chmelo@gmail.com> * integration tests for zowejwtscheme Signed-off-by: achmelo <a.chmelo@gmail.com> * fix tests Signed-off-by: achmelo <a.chmelo@gmail.com> * run when zosmf auth tests Signed-off-by: achmelo <a.chmelo@gmail.com> * hostname Signed-off-by: achmelo <a.chmelo@gmail.com> * cleanup Signed-off-by: achmelo <a.chmelo@gmail.com> * common string Signed-off-by: achmelo <a.chmelo@gmail.com> * get JWT in create command Signed-off-by: achmelo <a.chmelo@gmail.com> * send empty header in case of missing auth in request Signed-off-by: achmelo <a.chmelo@gmail.com> * return empty command Signed-off-by: achmelo <a.chmelo@gmail.com> * translate all exceptions from createTokenWithoutCreds into custom so it can be propagated with zuul exception Signed-off-by: achmelo <a.chmelo@gmail.com> * use header to inform about transformation failure Signed-off-by: achmelo <a.chmelo@gmail.com> * styles Signed-off-by: achmelo <a.chmelo@gmail.com> * custom exception, code smells Signed-off-by: achmelo <a.chmelo@gmail.com> * override default method Signed-off-by: achmelo <a.chmelo@gmail.com> * documentation, mark applyToRequest as deprecated Signed-off-by: achmelo <a.chmelo@gmail.com> * return failure header to client Signed-off-by: achmelo <a.chmelo@gmail.com> * inform about invalid token Signed-off-by: achmelo <a.chmelo@gmail.com> * higher timeout Signed-off-by: achmelo <a.chmelo@gmail.com> * higher timeout all container tests Signed-off-by: achmelo <a.chmelo@gmail.com> * remove cookie and add error header if token is expired Signed-off-by: achmelo <a.chmelo@gmail.com> (cherry picked from commit aedbbda) Signed-off-by: achmelo <a.chmelo@gmail.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) (#2260) * feat: Enhance x509 authentication scheme to support client certificates (part 1) move the logic which gets authentication source from request to scheme * feat: Enhance x509 authentication scheme to support client certificates (part 2) - validate extended key usage for X509 certificate in getAuthSourceFromRequest() method; - use AuthSourceService in X509Scheme. Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * merge with master branch Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) -remove unnecessary usage of Serializable Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) - cleanup Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit d888a11) * fix: Improve metrics in mocked-backend for metrics service (#2274) * Emit one metric event at a time Signed-off-by: Carson Cook <carson.cook@ibm.com> * Convert metrics to json with values Signed-off-by: Carson Cook <carson.cook@ibm.com> (cherry picked from commit f12ebe8) * feat: Enhance x509 authentication scheme to support client certificates (part 3) (#2285) * feat: Enhance x509 authentication scheme to support client certificates (part 1) move the logic which gets authentication source from request to scheme * feat: Enhance x509 authentication scheme to support client certificates (part 2) - validate extended key usage for X509 certificate in getAuthSourceFromRequest() method; - use AuthSourceService in X509Scheme. Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * merge with master branch Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) -remove unnecessary usage of Serializable Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) - cleanup Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add "X-Zowe-Auth-Failure" headers for X509Scheme error situations Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add "X-Zowe-Auth-Failure" header when client certificate is missing or invalid Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add IT for X509Scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - store information about X509 validation error in context to set error header later Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - resolve merge conflicts Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - fix IT for X509 scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Resolve PR review suggestions Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit a053b00) * feat: zowe jwt from x509 (update) (#2292) * feat: Enhance x509 authentication scheme to support client certificates (part 1) move the logic which gets authentication source from request to scheme * feat: Enhance x509 authentication scheme to support client certificates (part 2) - validate extended key usage for X509 certificate in getAuthSourceFromRequest() method; - use AuthSourceService in X509Scheme. Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * merge with master branch Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) -remove unnecessary usage of Serializable Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 2) - cleanup Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add "X-Zowe-Auth-Failure" headers for X509Scheme error situations Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add "X-Zowe-Auth-Failure" header when client certificate is missing or invalid Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add IT for X509Scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - store information about X509 validation error in context to set error header later Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - resolve merge conflicts Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - fix IT for X509 scheme Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Add isExpired() method to ZoweJwtScheme to correctly detect expiration Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Check for validation errors in context to propagate them into "X-Zowe-Auth-Failure" header Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Move default expiration for X509 certificate into AuthConfigurationProperties Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Fix merge issues Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit c602080) * fix: preserve request cookies (#2293) * chore: more generic changlog action (#2269) * checkout specified branch Signed-off-by: achmelo <a.chmelo@gmail.com> * branch to merge for PR Signed-off-by: achmelo <a.chmelo@gmail.com> * hardcode value Signed-off-by: achmelo <a.chmelo@gmail.com> * revert Signed-off-by: achmelo <a.chmelo@gmail.com> * different format Signed-off-by: achmelo <a.chmelo@gmail.com> * github ref Signed-off-by: achmelo <a.chmelo@gmail.com> * tag name Signed-off-by: achmelo <a.chmelo@gmail.com> * do not clone repository again Signed-off-by: achmelo <a.chmelo@gmail.com> * get cookies from original request Signed-off-by: achmelo <a.chmelo@gmail.com> * integration test to verify cookies preservation Signed-off-by: achmelo <a.chmelo@gmail.com> (cherry picked from commit 71c6649) * refactor: move ZOSMF transformation logic into createCommand() (#2294) * Move ZOSMF transformation logic from apply() method to createCommand() Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * refactor: resolve Sonar issue Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit 38601c4) Signed-off-by: achmelo <a.chmelo@gmail.com> * fix tests Signed-off-by: achmelo <a.chmelo@gmail.com> * chore: remove unused code Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * feat: use default expiration time in Zosmf scheme for auth. source without expiration (#2298) Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit 122837e) * feat: functionality for error message in HttpBasicPassTicketScheme (#2301) * functionality for error message in HttpBasicPassTicketScheme Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * updated HttpBasicPassTicketSchemeTest to reflect new PassTicketCommand containing error messages Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * cleanup with exceptions, error messages Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * revert back to throwing exception when generating pass ticket Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * only x-zowe-auth-failure before creating command Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * updating apply and applyToRequest with authorizationValue=null Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * added back messageService, and message for auth source error Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * add x-zowe-auth header in apply and applyToRequest, error messages in generating passTicket and authSource Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * moved logic - add request header with cookie only if authorizationValue is not null Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * empty commit to trigger job build Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * removed import in HttpBasicPassTicketSchemeTest Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * moved logic for applyToRequest - add request header with cookie only if authorizationValue is not null Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * added error messages when parsed auth source is null and when its userId is null Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * added try catch block for parse Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * removing TokenExpireException from try catch block Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * removing only TokenNotValidException from try catch block Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * added back catch block for exception TokenNotValidException Signed-off-by: Amanda D'Errico <amanda.derrico@ibm.com> * Fix NPE in HttpBasicPassTicketScheme.isExpired() method Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Use dedicated method to remove cookie Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Fix JUnit test Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> Co-authored-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit 9eb006f) Signed-off-by: achmelo <a.chmelo@gmail.com> * fix: replication of data for infinispan nodes (#2308) * chore: more generic changlog action (#2269) * checkout specified branch Signed-off-by: achmelo <a.chmelo@gmail.com> * branch to merge for PR Signed-off-by: achmelo <a.chmelo@gmail.com> * hardcode value Signed-off-by: achmelo <a.chmelo@gmail.com> * revert Signed-off-by: achmelo <a.chmelo@gmail.com> * different format Signed-off-by: achmelo <a.chmelo@gmail.com> * github ref Signed-off-by: achmelo <a.chmelo@gmail.com> * tag name Signed-off-by: achmelo <a.chmelo@gmail.com> * do not clone repository again Signed-off-by: achmelo <a.chmelo@gmail.com> * replica mode Signed-off-by: achmelo <a.chmelo@gmail.com> * run infinispan tests only Signed-off-by: achmelo <a.chmelo@gmail.com> * Revert "run infinispan tests only" This reverts commit cb19682. * different hostname for CS with infinispan Signed-off-by: achmelo <a.chmelo@gmail.com> * revert hostname Signed-off-by: achmelo <a.chmelo@gmail.com> (cherry picked from commit 5b5880c) * feat: Discovery service health check (#2312) * Discovery service health check Signed-off-by: Boris Petkov <boris.petkov@broadcom.com> * Discovery service health check with Partial status Signed-off-by: Boris Petkov <boris.petkov@broadcom.com> (cherry picked from commit 2f167ff) * feat: TLSv1.3 configuration (#2314) * chore: more generic changlog action (#2269) * checkout specified branch Signed-off-by: achmelo <a.chmelo@gmail.com> * branch to merge for PR Signed-off-by: achmelo <a.chmelo@gmail.com> * hardcode value Signed-off-by: achmelo <a.chmelo@gmail.com> * revert Signed-off-by: achmelo <a.chmelo@gmail.com> * different format Signed-off-by: achmelo <a.chmelo@gmail.com> * github ref Signed-off-by: achmelo <a.chmelo@gmail.com> * tag name Signed-off-by: achmelo <a.chmelo@gmail.com> * do not clone repository again Signed-off-by: achmelo <a.chmelo@gmail.com> * enable 1.3, add supported ciphers Signed-off-by: achmelo <a.chmelo@gmail.com> * Add TLSv1.3 support in onboarding-enabler sample app Signed-off-by: at670475 <andrea.tabone@broadcom.com> Co-authored-by: Andrea Tabone <andrea.tabone@broadcom.com> Co-authored-by: Andrea Tabone <39694626+taban03@users.noreply.github.com> (cherry picked from commit e96135a) * Refactor: authentication schemes exception handling (#2317) * refactor: change exception handling in authentication schemes Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Fix IT Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Fix IT Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Improve test coverage Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> * Rename unit test Signed-off-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> (cherry picked from commit 5db1b80) Signed-off-by: achmelo <a.chmelo@gmail.com> * fixes after merge Signed-off-by: achmelo <a.chmelo@gmail.com> * merge Signed-off-by: achmelo <a.chmelo@gmail.com> Co-authored-by: Amanda D'Errico <40764145+amandaderrico@users.noreply.github.com> Co-authored-by: Yelyzaveta Chebanova <yelyzaveta.chebanova@broadcom.com> Co-authored-by: Andrea Tabone <39694626+taban03@users.noreply.github.com> Co-authored-by: Jakub Balhar <jakub@balhar.net> Co-authored-by: Jakub Balhar <jakub.balhar@broadcom.net> Co-authored-by: Petr Weinfurt <petr.weinfurt@broadcom.com> Co-authored-by: Petr Weinfurt <weipe03@ca.com> Co-authored-by: Carson Cook <CarsonCook@users.noreply.github.com> Co-authored-by: Boris Petkov <boris.petkov@broadcom.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Enhance zosmf authentication scheme to be able to generate z/OSMF token based on client certificate. The certificae is mapped to mainframe userid, then passticket is generated and the user is authenticated with z/OSMF using previously generated passticket.
Linked to #2072
Type of change
Please delete options that are not relevant.
Checklist:
For more details about how should the code look like read the Contributing guideline