-
Notifications
You must be signed in to change notification settings - Fork 827
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feature: filter IdP retrival #2882
Conversation
- allow to delete a relyingPartySecret on IdP - Filter IdP list by origin - Return the auth_method to show current configured client authentication method
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/187584735 The labels on this github issue will be updated when the story is started. |
generated documentation can be downloaded as ZIP |
NEW Filter: uaac curl -b /identity-providers?origin=sap.proxy | jq -r .[0] Allow to get IdP based on origin. Do not iterate over all. |
…n IdP Alternative to PR: #2882, #2887 and PR: #2885 Only one call in backend, but more input on client side. authMethod is used to make this change non-breakable. Because before the update prevented the removal of the relyingPartySecret. No if authMethod is not client_secret_basic or client_secret_post, then the relyingPartySecret can be overwritten with null.
…n IdP (#2896) * WIP: idp secret * feature: delete secret on existing IdP - allow to delete a relyingPartySecret on IdP - Filter IdP list by origin - Return the auth_method to show current configured client authentication method * Documentation * fix names * sonar * sonar * Add patch call to change a secret from an external IdP * Alias handling * 2nd alternative fix: allow to change or delete a relyingPartySecret on IdP Alternative to PR: #2882, #2887 and PR: #2885 Only one call in backend, but more input on client side. authMethod is used to make this change non-breakable. Because before the update prevented the removal of the relyingPartySecret. No if authMethod is not client_secret_basic or client_secret_post, then the relyingPartySecret can be overwritten with null. * sonar * Tests added * Sonar smell * Review * more checks for edge cases * more tests to cover edge cases * Review Again fixed an edge case CLIENT_SECRET_BASIC, CLIENT_SECRET_POST both same method, therefore treat them equal * Review Again fixed an edge case Found during tests * Test refactored * small doc fixes - some clarification & formatting - no need to call out what the default is in the description because the `.optional("client_secret_basic")` syntax would automatically add that language. * doc: clarify when external OIDC client auth requirements - clarify when config.jwtClientAuthentication and config.relyingPartySecret are required in relation to the new field config.authMethod * Review, removed auth_method which is not used, but we ue authMethod field only * revert this * remove deprecated --------- Co-authored-by: Peter Chen <peter-h.chen@broadcom.com>
…torIdp2 # Conflicts: # server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java
…feature/idp-secret # Conflicts: # model/src/main/java/org/cloudfoundry/identity/uaa/constants/ClientAuthentication.java # model/src/main/java/org/cloudfoundry/identity/uaa/provider/AbstractExternalOAuthIdentityProviderDefinition.java # server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java
…re/idp-secret # Conflicts: # server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java
Many calls to IdPs first retrieve all and then filter by origin on client side. The origin has an index in DB, therefore there should be an option to get the IdP by origin filter.
NEW
Filter: uaac curl -b /identity-providers?origin=sap.proxy | jq -r .[0]
Allow to get IdP based on origin. Do not iterate over all.
Sonar
https://sonarcloud.io/summary/new_code?id=cloudfoundry-identity-parent&pullRequest=2882