Skip to content

Latest commit

 

History

History
809 lines (615 loc) · 118 KB

CHANGELOG.md

File metadata and controls

809 lines (615 loc) · 118 KB
Raw

Changelog

1.0.21 (2023-12-14)

Features

Bug Fixes

Documentation

  • config-api: auth featureFlags should be described as enum in spec (#6590) (fdf33c1)

1.0.20 (2023-11-08)

Features

  • adding scopes in config-api endpoint access token based on tags (admin-ui) #6413 (#6414) (643ba07)
  • changing names of clients used in admin-ui #1375 (#6326) (9e63acb)
  • jans-auth-server: add configuration property to AS which will allow to bypass basic client authentication restriction to query only own tokens #6307 (#6317) (d44a820)
  • jans-auth-server: added PKCE support to authz challenge endpoint #6180 (#6339) (d9a24bc)
  • jans-auth-server: allow revoke any token - explicitly allow by config and scope #6381 (#6412) (47cbee9)
  • jans-auth-server: enabled JWT response at introspection endpoint configured by AS and client config (#6433) (06210a9)

Bug Fixes

  • jans-auth-server: cnf introspection response is null even when valid cert is send during MTLS #6343 (#6363) (6fb2a34)
  • prepare for 1.0.20 release (c6e806e)

1.0.19 (2023-10-11)

Features

  • agama: add support for autoconfiguration (#6210) (18f15da)
  • jans-auth-server: added "authorization_challenge" scope enforcement #5856 (#6216) (b3db5c8)
  • jans-auth-server: added DPoP to authorization code and PAR (#6196) (be559bf)
  • jans-auth-server: passing custom parameters in the body of POST authorization request and ROPC #6141 (#6148) (00673ae)
  • jans-auth: new lifetime attribute in ssa (#6214) (b049e33)

Bug Fixes

  • jans-auth-server: apply clientWhiteList when session is valid (allowPostLogoutRedirectWithoutValidation=true ) (#6162) (d10dee5)
  • prepare for 1.0.19 release (554fd43)

1.0.18 (2023-09-23)

Features

Bug Fixes

  • jans-auth-server: corrected client's jar-with-dependencies built (#6080) (099d552)
  • jans-auth-server: redirect when session does not exist but client_id parameter is present (#6104) (f8f9591)
  • jans-auth-server: swagger is malformed due to typo #6085 (#6086) (e1ae899)
  • prepare for 1.0.18 release (87af7e4)

1.0.17 (2023-09-17)

Features

  • BCFIPS support (sub-part 01) (#5767) (d8cea00)
  • BCFIPS support (sub-part 02) (#5779) (bdc2dc5)
  • BCFIPS support (sub-part 03) (#5852) (8b0d12b)
  • jans-auth-server: add client_id parameter support to /end_session #5942 (#6032) (09ee345)
  • jans-auth-server: added "The Use of Attestation in OAuth 2.0 Dynamic Client Registration" spec support #5562 (#5868) (38653c9)
  • jans-auth-server: OAuth 2.0 for First-Party Native Applications (#5654) (9d90e28)

Bug Fixes

  • jans-auth-server: fixed prompts handling when acr is changed #5930 (#5931) (98fd86f)
  • jans-auth-server: ignore custom OC for non-LDAP during client merge (#5979) (b52afe6)
  • jans-auth-server: server can handle prompts incorrectly when acr is changed #5930 (#6002) (949a8dc)
  • jans-auth-server: server-fips module cause FullRebuild failure (#6029) (7589bca)
  • prepare for 1.0.17 release (4ba8c15)
  • remove pending deployments when exceeding 5 minutes #5636 (#5762) (64ded2c)
  • version reference (432a904)

1.0.16 (2023-08-02)

Features

  • add new methnod to fido2 extension to allow modify json (#5686) (6f56e51), closes #5680
  • add proxy support to HttpService2 (#5586) (0fb05b3)
  • jans-auth-server: added DPoP-Nonce and client level dpop control "dpop_bound_access_tokens" (#5607) (cc5a47a)
  • jans-auth-server: automatically provision scopes if they are present in the SSA for trusted issuer #5164 (#5553) (abaa10f)

Bug Fixes

  • authentication Filter should not process OPTIONS request (#5525) (aed5e4f), closes #5524
  • jans-auth-server: if scopes are missed in grant_type=refresh_token AS must take scopes from previous grant #5462 (#5630) (7032bb6)
  • jans-auth-server: npe during client registration #5559 (#5560) (9477aee)
  • jans-auth-server: state is not always returned on redirect from /end_session endpoint #5704 (#5707) (ebf6fc8)
  • prepare for 1.0.16 release (042ce79)
  • prepare for 1.0.16 release (b2649c3)

1.0.15 (2023-07-12)

Features

  • add a prefix to Log statements #5201 (#5475) (ccb3f05)
  • add authorization headers needed to access scan API from SG (#5093) (631abf2), closes #5092
  • add method to allow authenticate user by inum #5004 (#5005) (fc67b1f)
  • agama: update deployer to account project's metadata noDirectLaunch (#5182) (cb4ae38)
  • jans-auth-server: add "introspection" scope check on introspection endpoint access #4557 (#4716) (ce2d75c)
  • jans-auth-server: added ability to set client expiration via DCR #5057 (#5185) (a15054b)
  • jans-auth-server: avoided unnecessary "session not found" error messages during refresh token flow #4785 (#4786) (dbf0d52)
  • jans-auth-server: invalidate discovery cache if some scripts are (re)loaded #4500 (#4812) (ed48b4f)
  • jans-auth-server: log httpresponse body configurated by httpLoggingResponseBodyContent #349 (#4417) (08d92b3)
  • jans-auth-server: made not found exceptions logging level configurable #4973 (#4982) (98be22b)
  • jans-auth-server: Support of Select Account interception script #3452 (#5149) (b062148)
  • modifyAccessToken() must provide convenient method to add header (#5018) (9bc3d5f)
  • move notify-client2 library to fido2 project #5030 (#5031) (ed5e09e)
  • register jackson2 resteasy provider at startup #5038 (#5039) (81fed0f)
  • remove credentialsEncryptionKey field from admin-ui configuration #4539 (#4576) (35b475f)
  • update SG script and notify client to conform scan API #5061 (#5062) (7afc42b)

Bug Fixes

  • config-api: revert hide smtp and client model utility method (#4976) (6519744)
  • cors filter should not store in local variable allowed (#4688) (0d99195), closes #4687
  • jans-auth-server/pom.xml to reduce vulnerabilities (#4271) (6f5db18)
  • jans-auth-server: check client has access before granting (#5399) (f23f42f)
  • jans-auth-server: ClassCastException during select account #5285 (#5286) (4d17cbc)
  • jans-auth-server: corrected current_sessions cookie value encoding #5262 (#5352) (fa41e0c)
  • jans-auth-server: Device Flow fails if web session already exists #3388 (#5114) (2a78113)
  • jans-auth-server: dynamic registration - assign to client only scopes which are explicitly in request #4426 (#4577) (0b0e624)
  • jans-auth-server: explicit user consent is required when up-scope within client authorized scopes #5247 (#5360) (210bfc8)
  • jans-auth-server: forced clientWhiteList when session is valid for post_logout_redirect_uri (allowPostLogoutRedirectWithoutValidation=true ) #4672 (#4681) (a9f045b)
  • jans-auth-server: Illegal op_policy_uri parameter: - exclude entries with blank values from discovery response (oxauth counterpart) #4888 (#4934) (8603290)
  • jans-auth-server: initializing of jsf navigation has been updated; (#5253) (bed5d6f)
  • jans-auth-server: maintain client scopes during authorization #5247 (#5448) (a2127e0)
  • jans-auth-server: upgraded jettison, 1.5.2 -> 1.5.4 #4591 (#4592) (e90269f)
  • prepare for 1.0.12 release (6f83197)
  • prepare for 1.0.13 release (493478e)
  • prepare for 1.0.14 release (25ccadf)
  • prepare for 1.0.15 release (0e3cc2f)
  • update test to conform errorHandlingMethod=remote config #4815 (#4816) (cf0cca4)
  • upgrade com.google.http-client:google-http-client-jackson2 from 1.40.1 to 1.42.3 (#3531) (c363a63)

Documentation

1.0.13 (2023-05-10)

Features

  • jans-auth-server: add "introspection" scope check on introspection endpoint access #4557 (#4716) (ce2d75c)
  • jans-auth-server: avoided unnecessary "session not found" error messages during refresh token flow #4785 (#4786) (dbf0d52)
  • jans-auth-server: invalidate discovery cache if some scripts are (re)loaded #4500 (#4812) (ed48b4f)
  • jans-auth-server: log httpresponse body configurated by httpLoggingResponseBodyContent #349 (#4417) (08d92b3)

Bug Fixes

  • cors filter should not store in local variable allowed (#4688) (0d99195), closes #4687
  • jans-auth-server/pom.xml to reduce vulnerabilities (#4271) (6f5db18)
  • jans-auth-server: forced clientWhiteList when session is valid for post_logout_redirect_uri (allowPostLogoutRedirectWithoutValidation=true ) #4672 (#4681) (a9f045b)
  • prepare for 1.0.13 release (493478e)
  • update test to conform errorHandlingMethod=remote config #4815 (#4816) (cf0cca4)
  • upgrade com.google.http-client:google-http-client-jackson2 from 1.40.1 to 1.42.3 (#3531) (c363a63)

1.0.12 (2023-04-18)

Features

  • add support for version field to project metadata #4533 (#4534) (0eefb90)
  • jans-auth-server: redirect back to RP when session is expired or if not possible show error page #4449 (#4505) (0983e73)
  • remove credentialsEncryptionKey field from admin-ui configuration #4539 (#4576) (35b475f)

Bug Fixes

  • agama: avoid assets mess/loss when different projects use the same folder/file names (#4503) (def096b)
  • avoid setting agama configuration root dir based on java system variable (#4524) (1d93fd7)
  • jans-auth-server: dynamic registration - assign to client only scopes which are explicitly in request #4426 (#4577) (0b0e624)
  • jans-auth-server: upgraded jettison, 1.5.2 -> 1.5.4 #4591 (#4592) (e90269f)
  • jans-config-api: agama deployment detail endpoint not including all flows IDs (#4565) (358c494)
  • prepare for 1.0.12 release (6f83197)

1.0.11 (2023-04-05)

Features

  • agama: add means to selectively prevent flow crash when a subflow crashes (#4436) (5d8f0ad)
  • backend changes to submit SSA from admin-ui #4298 (#4364) (7e27b6d)
  • jans-auth-server: added configurable acr to Device Flow #4305 (#4424) (fbd4ede)
  • jans-auth-server: align JWT Response for OAuth Token Introspection with spec #3240 (#4151) (02e1595)
  • jans-auth-server: increase sessionIdUnauthenticatedUnusedLifetime value in setup #4445 (#4446) (ecf9395)
  • jans-auth-server: use "nologs" version of WebApplicationException in custom script context to avoid stacktrace during redirects #4447 (#4448) (ccc4e52)
  • loggerService should update root log level #4251 (#4252) (20264a2)
  • userName -> smtpAuthenticationAccountUsername; (#4401) (2bbb95d)

Bug Fixes

  • jans-auth-server: avoid redirect 302 exception every time an authentication request is issued #2287 (#4361) (b5d3901)
  • jans-auth-server: corrected npe in redirect uri validator #4330 (#4331) (6fec544)
  • jans-auth-server: fixed test which prevents build from completion #4386 (#4387) (4c195ca)
  • jans-auth-server: simple_password_auth is missed in acr_values_supported #4258 (#4259) (85bb15c)
  • jans-auth-server: white/blank screen after device flow authn #4237 (#4243) (89f744d)
  • jans-auth: #4137 properties file entries were missing (#4322) (a069890)
  • prepare for release (60775c0)
  • Unable to send emails issue 4121 (#4333) (70a566b)
  • update UserService to correclty add user when DB is not LDAP #4396 (#4397) (77de049)

1.0.10 (2023-03-16)

Features

  • jans-auth-server: added online_access scope to issue session bound refresh token #3012 (#4106) (635f611)
  • jans-linux-setup: enable agama engine by default (#4131) (7e432dc)

Bug Fixes

  • prepare release for 1.0.10 (e996926)

1.0.9 (2023-03-09)

Features

  • agama: update gama deployment endpoint to support configuration properties (#4049) (392525c)
  • getting license credentials from SCAN (#4052) (5c563b7)
  • jans-auth-server: introduced additional_token_endpoint_auth_method client's property #3473 (#4033) (79dcb60)

Bug Fixes

1.0.8 (2023-03-01)

Bug Fixes

  • jans-auth-server: WebApplicationException is not propagated out of "Update Token" script #3996 (#3997) (d561f14)
  • solved error when generate jwt of ssa return error, but ssa persist in database (#3985) (768fd04)

1.0.7 (2023-02-22)

Features

  • add custom Github External Authenticator script for ADS #3625 (#3626) (f922a7a)
  • add fast forward suport to skip step authentication flow #3582 (#3583) (25ee0af)
  • add more loggers (#3742) (919bc86)
  • add project metadata and related handling #3476 (#3584) (b95e53e)
  • docs: updated swagger for new endpoint get jwt of ssa, also added more documentation for scopes. (7dcca94)
  • jans-auth-server: add configurable rotation of client's registration access token #3578 (#3876) (83183c0)
  • jans-auth-server: added dynamicRegistrationDefaultCustomAttributes to provide default custom attributes during dcr #3595 (#3596) (6202230)
  • jans-auth-server: added flexible date formatter handler to AS (required by certification tools) #3600 (#3601) (f646d73)
  • jans-auth-server: added flexible formatter handler for IdTokenFactory class (#3605) (f4b0179)
  • jans-auth-server: added sector_identifier_uri content validation (certification) #3639 (#3641) (2583e53)
  • jans-auth-server: introduced key_ops for granular map of crypto service to rotation profile #3415 (#3642) (58693c5)
  • jans-auth-server: new endpoint for get jwt of ssa based on jti. (#3724) (7dcca94)
  • jans-auth-server: OAuth 2.0 Step-up - added acr and auth_time #2589 (#3887) (2bd7a67)
  • jans-auth-server: OAuth 2.0 Step-up - added acr and auth_time to introspection response #2589 (#3885) (a325998)
  • jans-auth-server: provide ability to ignore/bypass prompt=consent #3721 (#3851) (c0286ba)
  • jans-auth-server: provided ability to set scriptDns related attributes of client (e.g. introspectionScripts) #3645 (#3668) (cee2525)
  • jans-auth-server: provided convenient method to add claim to AT as JWT in modifyAccessToken() method #3579 (#3629) (cf0a824)
  • jans-auth-server: renamed "key_ops" -> "key_ops_type" #3790 (#3791) (cadb3d6)
  • jans-auth-server: renamed "key_ops" -> "key_ops_type" #3790 (#3792) (7a6bcba)
  • jans-auth-server: use key_ops=ssa to generate jwt from ssa (#3806) (2603bbb)
  • process lib directory in .gama files for ADS projects deployment (#3644) (40268ad)
  • Support Super Gluu one step authentication to Fido2 server #3593 (#3599) (c013b16)

Bug Fixes

  • jans-auth-server: added testng to agama-inbound #3714 (#3719) (955ac8c)
  • jans-auth-server: AS complication fails on main #3863 (#3864) (e2aa1a6)
  • jans-auth-server: corrected issue caught by RegisterRequestTest #3683 (#3684) (3e201d8)
  • jans-auth-server: error from introspection interception script is not propagated during AT as JWT creation #3904 (#3905) (8c551c0)
  • jans-auth-server: jansApp attribute only relevant for SG (#3782) (6153a13)
  • jans-auth-server: key_ops in jwks must be array #3777 (#3778) (2be2a03)
  • jans-auth-server: provided corrected public key for outdated keystores during id_token creation if key_ops_type is absent #3840 (#3841) (3291eab)
  • jans-auth-server: wrong Client Authn Method at token endpoint throws npe #3503 (#3598) (e3bd1e8)
  • jans-config-api: runtime exceptions in config-api at startup (#3725) (8748cc3)
  • prepare 1.0.7 release (ce02fd9)

1.0.6 (2023-01-09)

Features

  • add custom annotation for configuration property and feature flag documentation (#2852) (9991d1c)
  • agama: deploy flows from .gama files (#3250) (df14f8a)
  • changes in admin-ui plugin to allow agama-developer-studio to use its OAuth2 apis #3085 (#3298) (9e9a7bd)
  • config-api: audit log, agama ADS spec, fix for 0 index search (#3369) (ea04e2c)
  • documentation for ssa and remove softwareRoles query param of get ssa (#3031) (d8e14eb)
  • jans-auth-server: added ability to return error out of introspection and update_token custom script #3255 (#3356) (a3e5227)
  • jans-auth-server: added externalUriWhiteList configuration property before call external uri from AS #3130 (#3425) (6c7df6f)
  • jans-auth-server: added token exchange support to client #2518 (#2855) (943d99f)
  • jans-auth-server: avoid compilation problem when version is flipped in test code #3148 (#3210) (4d61c7b)
  • jans-auth-server: block authentication flow originating from a webview (#3204) (e48380e)
  • jans-auth-server: check offline_access implementation has all conditions defined in spec #1945 (#3004) (af30e4c)
  • jans-auth-server: corrected GluuOrganization - refactor getOrganizationName() #2947 (#2948) (9275576)
  • jans-auth-server: draft for - improve dcr / ssa validation for dynamic registration #2980 (#3109) (233a78c)
  • jans-auth-server: end session - if id_token is expired but signature is correct, we should make attempt to look up session by "sid" claim #3231 (#3291) (cd11750)
  • jans-auth-server: implemented auth server config property to disable prompt=login #3006 (#3522) (0233cd1)
  • jans-auth-server: java docs for ssa (#2995) (892b87a)
  • jans-auth-server: new configuration for userinfo has been added (#3349) (3ccc4a9)
  • jans-auth-server: remove ox properties name (#3285) (f70b207)
  • jans-auth-server: remove redirect uri on client registration when grant types is password or client credentials (#3076) (cd876b4)
  • jans-auth-server: renamed "code"->"random" uniqueness claims of id_token to avoid confusion with Authorization Code Flow #3466 (#3467) (dd9d049)
  • jans-auth-server: specify minimum acr for clients #343 (#3083) (b0034ec)
  • jans-auth-server: ssa validation endpoint (#2842) (de8a86e)
  • jans-auth-server: swagger docs for ssa (#2953) (7f93bca)
  • jans-auth-server: updated mau on refreshing access token #2955 (#3025) (56de619)
  • ssa revoke endpoint (#2865) (9c68f91)

Bug Fixes

  • (jans-auth-server): fixed Client serialization/deserialization issue #2946 (#3064) (31b5bfc)
  • (jans-auth-server): fixed client's sortby #3075 (#3079) (e6b0e58)
  • #2487 - removing inwebo (#2975) (052f91f)
  • agama: after moving agama to jans-auth-server agama model tests are not run #3246 (#3247) (9887e23)
  • agama: fix agama auth dependency which blocks build process #3149 (#3244) (8f9fee3)
  • agama: fixing tests run on jenkins #3149 (#3261) (cc6c5e1)
  • catch org.eclipse.jetty.http.BadMessageException: in (#3330) (1e0ff76), closes #3329
  • getting ready for a release (0bda832)
  • jans-auth-server/pom.xml to reduce vulnerabilities (#3314) (f3e8205)
  • jans-auth-server: changed getAttributeValues to getAttributeObjectValues (#3346) (a39b61e)
  • jans-auth-server: compilation error of server side tests #3363 (#3364) (e83c087)
  • jans-auth-server: corrected keys description "id_token <purpose>" -> "Connect " #3415 (#3560) (75f99bd)
  • jans-auth-server: corrected regression made in token request #2921 (#2922) (deeae74)
  • jans-auth-server: Duplicate iss and aud on introspection as jwt #3366 (#3387) (8780e94)
  • jans-auth-server: fix language metadata format (#2883) (e21e206)
  • jans-auth-server: native sso - return device secret if device_sso scope is present #2790 (#2791) (9fa213f)
  • jans-auth-server: parse string from object (#3470) (db9b204)
  • jans-auth-server: when obtain new token using refresh token, check whether scope is null (#3382) (22743d9)
  • jans-auth-server: wrong import in GluuOrganization class which leads to failure on jans-config-api #2957 (#2958) (af4eda8)
  • jans-auth-server: wrong userinfo_encryption_enc_values_supported in OpenID Configuration #2725 (#2951) (bc1a8ca)
  • prepare for 1.0.6 release (9e4c8fb)
  • upgrade org.mvel:mvel2 from 2.1.3.Final to 2.4.14.Final (#648) (c4034d1)
  • user attributes not updated #2753 (#3326) (c0a0f66)
  • user attributes not updated #2753 (#3403) (f793f92)

Documentation

  • jmeter benchmark authorization code flow test description (#3312) (6e0c04d)
  • prepare for 1.0.4 release (c23a2e5)

1.0.5 (2022-12-01)

Features

  • add custom annotation for configuration property and feature flag documentation (#2852) (9991d1c)
  • documentation for ssa and remove softwareRoles query param of get ssa (#3031) (d8e14eb)
  • jans-auth-server: check offline_access implementation has all conditions defined in spec #1945 (#3004) (af30e4c)
  • jans-auth-server: corrected GluuOrganization - refactor getOrganizationName() #2947 (#2948) (9275576)
  • jans-auth-server: java docs for ssa (#2995) (892b87a)
  • jans-auth-server: remove redirect uri on client registration when grant types is password or client credentials (#3076) (cd876b4)
  • jans-auth-server: specify minimum acr for clients #343 (#3083) (b0034ec)
  • jans-auth-server: swagger docs for ssa (#2953) (7f93bca)
  • jans-auth-server: updated mau on refreshing access token #2955 (#3025) (56de619)

Bug Fixes

  • (jans-auth-server): fixed Client serialization/deserialization issue #2946 (#3064) (31b5bfc)
  • (jans-auth-server): fixed client's sortby #3075 (#3079) (e6b0e58)
  • #2487 - removing inwebo (#2975) (052f91f)
  • getting ready for a release (0bda832)
  • jans-auth-server: corrected regression made in token request #2921 (#2922) (deeae74)
  • jans-auth-server: wrong import in GluuOrganization class which leads to failure on jans-config-api #2957 (#2958) (af4eda8)
  • jans-auth-server: wrong userinfo_encryption_enc_values_supported in OpenID Configuration #2725 (#2951) (bc1a8ca)

1.0.4 (2022-11-08)

Features

Bug Fixes

  • jans-auth-server: fix language metadata format (#2883) (e21e206)

Documentation

  • prepare for 1.0.4 release (c23a2e5)

1.0.3 (2022-11-01)

Features

  • agama: add utility classes for inbound identity (#2280) (ca6fdc9)
  • disable TLS in CB client by default (#2167) (8ec5dd3)
  • jans-auth-server: add access_token_singing_alg_values_supported to discovery #2372 (#2403) (3784c83)
  • jans-auth-server: added allowSpontaneousScopes AS json config #2074 (#2111) (3083a3f)
  • jans-auth-server: added convenient idTokenLifetime client property #2656 (#2668) (f97bfce)
  • jans-auth-server: added creator info to scope (time/id/type) #1934 (#2023) (ca65b24)
  • jans-auth-server: allow authentication for max_age=0 #2361 (#2362) (aed6ee3)
  • jans-auth-server: allow end session with expired id_token_hint (by checking signature and sid) #2430 (#2431) (1b46b44)
  • jans-auth-server: Draft support of OpenID Connect Native SSO (#2711) (595d1aa)
  • jans-auth-server: extended client schema - added jansClientGroup #1824 (#2299) (29cfd4e)
  • jans-auth-server: renamed "enabledComponents" conf property -> "featureFlags" #2290 (#2319) (56a33c4)
  • jans-auth-server: updating arquillian tests 1247 (#2017) (ee200a7)
  • jans-linux-setup: added token exchange grant type (#2768) (b3abcfe)
  • ssa creation endpoint (#2495) (61c83e3)
  • update Coucbase ORM to conform SDK 3.x (config updates) #1851 (#2118) (fceec83)
  • upgrade org.jetbrains:annotations from 18.0.0 to 23.0.0 (#637) (e5fca5a)

Bug Fixes

  • config-api: client default value handling (#2585) (fbcbbad)
  • fixed multiple encoding issue during authz (#2152) (fb0b6d7)
  • include idtoken with dynamic scopes for ciba (#2108) (d9b5341)
  • jans auth server: well known uppercase grant_types response_mode (#2706) (39f613d)
  • jans-auth-server: "login:prompt" property passed in request object JWT breaks authentication #2493 (#2537) (9d4d84a)
  • jans-auth-server/pom.xml to reduce vulnerabilities (#2466) (86e62f9)
  • jans-auth-server/pom.xml to reduce vulnerabilities (#2520) (f927692)
  • jans-auth-server: added schema for ssa, corrected persistence, added ttl #2543 (#2544) (ce2bc3f)
  • jans-auth-server: client tests expects "scope to claim" mapping which are disabled by default #1873 (958cc92)
  • jans-auth-server: fixing client tests effected by "scope to claim" mapping which is disabled by default #1873 (#1910) (6d81792)
  • jans-auth-server: generate description during built-in key rotation #1790 (#2068) (cd1a77d)
  • jans-auth-server: increased period of session authn time check (#1918) (a41905a)
  • jans-auth-server: native sso - return device secret if device_sso scope is present #2790 (#2791) (9fa213f)
  • jans-auth-server: npe - regression in token endpoint (#2763) (fe659d7)
  • jans-auth-server: npe in discovery if SSA endpoint is absent #2497 (#2498) (c3b00b4)
  • jans-auth-server: perform redirect_uri validation if FAPI flag is true #2500 (#2502) (aad0460)
  • jans-auth-server: PKCE parameters from first SSO request retains in further calls (#2620) (de98b41)
  • jans-auth-server: ssa get endpoint (#2719) (35ffbf0)
  • jans-auth-server: structure, instance customAttributes, initial data for ssa (#2577) (f11f789)
  • jans-config-api/plugins/sample/helloworld/pom.xml to reduce vulnerabilities (#972) (e2ae05e)
  • jans-eleven/pom.xml to reduce vulnerabilities (#2676) (d27a7f9)
  • select first sig key if none requested (#2494) (31fb464)
  • upgrade com.google.http-client:google-http-client-jackson2 from 1.26.0 to 1.40.1 (#644) (31bc823)

Miscellaneous Chores

Documentation

1.0.2 (2022-08-30)

Features

  • add support for date ranges in statistic client #1575 (#1653) (8048cd9)
  • disable TLS in CB client by default (#2167) (8ec5dd3)
  • jans-auth-server: add support for ranges in statistic endpoint (UI team request) (fd66720)
  • jans-auth-server: added allowSpontaneousScopes AS json config #2074 (#2111) (3083a3f)
  • jans-auth-server: added convenient method for up-scoping or down-scoping AT scopes #1218 (5d71655)
  • jans-auth-server: added creator info to scope (time/id/type) #1934 (#2023) (ca65b24)
  • jans-auth-server: added restriction for request_uri parameter (blocklist and allowed client.request_uri) #1503 (0696d92)
  • jans-auth-server: added sid and authn_time for active sessions response (bf9b572)
  • jans-auth-server: if applicationType is not set during client registration AS should default to 'web' #1687 (f9695e1)
  • jans-auth-server: improve client assertion creation code (ClientAuthnRequest) #1182 (81946b2)
  • jans-auth-server: improved TokenRestWebServiceValidator and added test for it #1591 (929048e)
  • jans-auth-server: jwt "exp" must consider "keyRegenerationInterval" #1233 (023cf8a)
  • jans-auth-server: make check whether user is active case insensitive #1550 (d141837)
  • jans-auth-server: persist org_id from software statement into client's "o" attribute (021d3bd)
  • jans-auth-server: removed dcrSkipSignatureValidation configuration property #1623 (6550247)
  • jans-auth-server: removed id_generation_endpoint and other claims from discovery response #1827 (4068197)
  • jans-auth-server: split grant validation logic into TokenRestWebServiceValidator #1591 (812e605)
  • jans-auth-server: split validation logic to TokenRestWebServiceValidator #1591 (f9f6f49)
  • jans-auth-server: updating arquillian tests 1247 (#2017) (ee200a7)
  • update Coucbase ORM to conform SDK 3.x (config updates) #1851 (#2118) (fceec83)

Bug Fixes

  • include idtoken with dynamic scopes for ciba (#2108) (d9b5341)
  • jans-auth-server: client tests expects "scope to claim" mapping which are disabled by default #1873 (958cc92)
  • jans-auth-server: corrected npe in JwtAuthorizationRequest (9c9e7bf)
  • jans-auth-server: disable surefire for jans-auth-static (7869efa)
  • jans-auth-server: fix missing jsonobject annotation (#1651) (be5b82a)
  • jans-auth-server: fixed NPE during getting AT lifetime #1233 (f8be086)
  • jans-auth-server: fixing client tests effected by "scope to claim" mapping which is disabled by default #1873 (#1910) (6d81792)
  • jans-auth-server: generate description during built-in key rotation #1790 (#2068) (cd1a77d)
  • jans-auth-server: increased period of session authn time check (#1918) (a41905a)
  • login.xhtml: add google client js (#1666) (daf9849)

Documentation

Miscellaneous Chores

1.0.1 (2022-07-06)

Features

  • add support for date ranges in statistic client #1575 (#1653) (8048cd9)
  • agama: improve flows timeout (#1447) (ccfb62e)
  • jans-auth-server: add support for ranges in statistic endpoint (UI team request) (fd66720)
  • jans-auth-server: added convenient method for up-scoping or down-scoping AT scopes #1218 (5d71655)
  • jans-auth-server: added restriction for request_uri parameter (blocklist and allowed client.request_uri) #1503 (0696d92)
  • jans-auth-server: added sid and authn_time for active sessions response (bf9b572)
  • jans-auth-server: improve client assertion creation code (ClientAuthnRequest) #1182 (81946b2)
  • jans-auth-server: make check whether user is active case insensitive #1550 (d141837)
  • jans-auth-server: persist org_id from software statement into client's "o" attribute (021d3bd)
  • jans-auth-server: removed dcrSkipSignatureValidation configuration property #1623 (6550247)

Bug Fixes

  • jans-auth-server: added SessionRestWebService to rest initializer (f0ebf67)
  • jans-auth-server: corrected npe in JwtAuthorizationRequest (9c9e7bf)
  • jans-auth-server: disable surefire for jans-auth-static (7869efa)
  • jans-auth-server: fix missing jsonobject annotation (#1651) (be5b82a)

Miscellaneous Chores

1.0.0 (2022-05-19)

Features

  • add script for Google login (#1141) (bac9144)
  • create apis to verify and save license api-keys in Admin UI #1196 (#1203) (315faec)
  • jans-auth-server: #808 sign-in with apple interception script (c21183a)
  • jans-auth-server: adapted authorization ws to use authzrequest (58c5336)
  • jans-auth-server: added authzrequest abstraction (af8faf0)
  • jans-auth-server: authorized acr values (#1068) (26e576a)
  • jans-auth-server: changed prog lang name python->jython (b9ba291)
  • jans-auth-server: client registration language metadata (#1237) (a8d0157)
  • jans-auth-server: enable person authn script to have multiple acr names (#1074) (1dc9250)
  • jans-auth-server: force signed request object (#1052) (28ebbc1)
  • jans-auth-server: hide 302 redirect exception in logs #1294 (00197c7)
  • jans-auth,jans-cli,jans-config-api: changes to handle new attribute description in Client object and new custom script type (d4a9f15)
  • jans-config-api: user mgmt endpoint (a093758)
  • jans-config-api: user mgmt endpoint (0ea10fd)
  • jans-core: compile java code on the fly for custom script (5da6e27)
  • jans-core: remove UPDATE_USER and USER_REGISTRATION scripts #1289 (c34e75d)
  • jans: jetty 11 integration (#1123) (6c1caa1)
  • support regex client attribute to validate redirect uris (#1005) (a78ee1a)

Bug Fixes

  • admin-ui: the backend issues related to jetty 11 migration #1258 (#1259) (d61be0b)
  • bug(jans-auth-server): custom pages are not found #1318 (e1e0bf9)
  • jans-auth-server: added faces context as source of locale (#1189) (ce770ae)
  • jans-auth-server: authorize page message policy (#1096) (f10ccb1)
  • jans-auth-server: corrected fallback value of checkUserPresenceOnRefreshToken (a822ae5)
  • jans-auth-server: corrected log vulnerability (1000a60)
  • jans-auth-server: corrected npe in response type class (941248d)
  • jans-auth-server: corrected signature algorithm identification with java 11 and later (3e203f2)
  • jans-auth-server: corrected thread-safety bug in ApplicationAuditLogger #803 (ef73c2b)
  • jans-auth-server: disabled issuing AT by refresh token if user status=inactive (3df72a8)
  • jans-auth-server: do not serialize jwkThumbprint (d8634fe)
  • jans-auth-server: during encryption AS must consider client's jwks too, not only jwks_uri (475b154)
  • jans-auth-server: dynamic client registration managment delete event (911e54b)
  • jans-auth-server: escape login_hint before rendering (e1a682a)
  • jans-auth-server: fixed equals/hashcode by removing redundant dn field (d27659d)
  • jans-auth-server: fixed server and tests after jetty 11 migration (#1354) (3fa19f4)
  • jans-auth-server: gluuStatus -> jansStatus (7f86d6d)
  • jans-auth-server: isolate regex redirection uri validation test (#1075) (cca0551)
  • jans-auth-server: removed CONFIG_API from AS supported script types #1286 (c209868)
  • jans-auth-server: removed ThumbSignInExternalAuthenticator (a13ca51)
  • jans-auth-server: renamed localization resoruces files #1198 (#1199) (4561f2a)
  • jans-auth-server: restored id generator call to external custom script (#1128) (5ba98c1)
  • jans-auth-server: use duration class instead of custom util to calculate seconds from date to now (#1249) (5ae76ab)
  • jans-auth-server: validate pkce after extraction data from request object (#999) (29fdfae)
  • jans-auth-server: validate redirect_uri blank and client redirect uris single item to return by default (#1046) (aa139e4)
  • jans-core: corrected ExternalUmaClaimsGatheringService (cfe1b6d)
  • Typo httpLoggingExludePaths jans-auth-server jans-cli jans-config-api jans-linux-setup docker-jans-persistence-loader (47a20ee)
  • update mysql/spanner mappings #1053 (94fb2c6)
  • Use highest level script in case ACR script is not found. Added FF to keep existing behavior. (#1070) (07473d9)

Miscellaneous Chores

1.0.0-beta.16 (2022-03-14)

Features

  • jans-auth-server: forbid plain pkce if fapi=true (fapi1-advanced-final-par-plain-pkce-rejected fail) #946 (21cecb0)
  • jans-auth-server: new client config option defaultpromptlogin #979 (4e3de26)
  • support regex client attribute to validate redirect uris (#1005) (a78ee1a)

Bug Fixes

  • jans-auth-server: corrected ParValidatorTest #946 (04a01fd)
  • jans-auth-server: corrected sonar reported issue (7c88078)
  • jans-auth-server: fix npe (e6debb2)
  • jans-auth-server: reduce noise in logs when session can't be found (47afc47)
  • jans-auth-server: removed reference of removed tests #996 (cabc4f2)
  • jans-auth-server: validate pkce after extraction data from request object (#999) (29fdfae)

Miscellaneous Chores

1.0.0-beta.15 (2022-03-02)

Features

  • #836 support push token update on finish authentication (#837) (4d6d916)
  • jans-auth-server: add methods to dynamic client registration script to modify POST, PUT and GET responses (#661) (2aa2ba8)
  • jans-auth-server: added cache support to /stat endpoint (e1dba92)
  • jans-auth-server: added new stat response service with test (9d60629)
  • jans-auth-server: added post response modification method (db936f9)
  • jans-auth-server: added put response modification method (00a24f2)
  • jans-auth-server: added read response modification method (ec8864b)
  • jans-auth-server: added to par extra nbf and exp (for 60min) validation (#838) (9db47a4)
  • jans-auth-server: allow return custom authz params to rp in response (#756) (0e865fb)
  • jans-auth-server: extending crypto support sub pr4 (#670) (fe07d76)
  • jans-auth-server: invoke custom script methods for response modification (da44d5a)
  • jans-auth-server: reject par without pkce for fapi (332df41)
  • jans-auth-server: set public subject identifier per client (#800) (c303bbc)
  • jans-auth-server: turn off consent for pairwise openid-only scope (#708) (a96007d)
  • jans-config-api: add deletable flag to admin-ui role object #888 (#900) (500a773)
  • par should be able to register with nbf (a4a2981)

Bug Fixes

  • brazilob jarm fapi conformance test last7 issues (#695) (edab074)
  • code reformatting as suggested (a70ceda)
  • correction as suggested in review (adddb1a)
  • early exit to avoid nested if(s) (ab65ac9)
  • for JARM issue 310 311 and 314 (ae0cdb9)
  • import Nullable (5057531)
  • jans-auth-server: check alg none to display error JARM issue310 (#786) (b21a052)
  • jans-auth-server: corrected 500 error if absent redirect_uri in object for fapi (89e586a)
  • jans-auth-server: corrected error code for absent redirect_uri in object (fapi) (f73430c)
  • jans-auth-server: corrected jarm error response (1d4b53b)
  • jans-auth-server: corrected jarm isuue #310 (#773) (e1cdc19)
  • jans-auth-server: corrected jarm response mode (9e3bf69)
  • jans-auth-server: corrected npe in jarm (5cae544)
  • jans-auth-server: corrected wrong expires_in (428c5b3)
  • jans-auth-server: covered one more case when consent is off (8b59739)
  • jans-auth-server: don't fail registration without custom script (#711) (277be82)
  • jans-auth-server: error code correction unregister redirect_uri (#814) #816 (fe4d6a0)
  • jans-auth-server: fixed device authz tests (8a952d7)
  • jans-auth-server: fixed error code during error response creation (0d47490)
  • jans-auth-server: for issue#315 JARM registered redirect uri (#752) (fe2dc59)
  • jans-auth-server: if consent is off then check whether response already have access_tokne (81ad31b)
  • jans-auth-server: if consent is off then check whether response already have code (294bb22)
  • jans-auth-server: jarm failing tests (#745) (5d0b401)
  • jans-auth-server: jarm tests fix (ddf3423)
  • jans-auth-server: set par expiration to request object exp #824 (#860) (c835c38)
  • JARM tests fix (3bfb95f)
  • newly added eddsa cause exception (#727) (6e5a865)
  • replace non UTF-8 characters (#770) (bb386cd)
  • upgrade commons-codec:commons-codec from 1.7 to 20041127.091804 (3d319b8)
  • upgrade oauth.signpost:signpost-commonshttp4 from 2.0.0 to 2.1.1 (7246e8f)
  • upgrade org.apache.httpcomponents:httpcore from 4.4.5 to 4.4.15 (82689d2)
  • upgrade org.bitbucket.b_c:jose4j from 0.6.4 to 0.7.9 (874e2ad)
  • upgrade org.codehaus.jettison:jettison from 1.3.2 to 1.4.1 (5ffe19d)
  • use diamond operator (#766) (57664b0)

Miscellaneous Chores