Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(jans-auth-server): OpenID AuthZEN implementation #9596

Closed
wants to merge 4,521 commits into from
Closed

feat(jans-auth-server): OpenID AuthZEN implementation #9596

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4521 commits
Select commit Hold shift + click to select a range
14e0416
fix(config-api): lock endpoint fixes and SAML IDP NPE (#9386)
pujavs Sep 5, 2024
466c161
feat(jans-lock): cedarling-mvp (#9384)
olehbozhok Sep 6, 2024
3c14434
feat(jans-pycloudlib): handle required files for external configurati…
iromli Sep 6, 2024
fc87b08
feat(jans-auth): add warn to check if server can't set authenticated …
yurem Sep 6, 2024
314f247
chore(jans-linux-setup): restart jans services in post-setup (#9400)
devrimyatar Sep 6, 2024
b645f0b
feat(jans-core): store file_name and file_path in separate columns (…
yurem Sep 6, 2024
c49be90
fix: high CPU usage on opening tarp #9390 (#9391)
duttarnab Sep 9, 2024
8fd5d66
fix: add missing super gluu related files to authn project (#9408)
jgomer2001 Sep 9, 2024
c832069
chore(cloud-native): sync assets into OCI images (#9406)
iromli Sep 9, 2024
2a7c0da
fix(jans-cli-tui): re-order feed and background task messages (#9418)
devrimyatar Sep 9, 2024
3702661
fix(jans-linux-setup): suse setup issues (#9401)
devrimyatar Sep 9, 2024
37bc45b
feat(config-api): initializing core documentStore manager timer for c…
pujavs Sep 9, 2024
0138e82
fix(config-api): scope validation issue #9426 (#9428)
pujavs Sep 9, 2024
297bdc0
docs: fix mysql-ops command order (#9416)
moabu Sep 10, 2024
cea08b5
feat(jans-lock): implement fetch policy stores (#9423)
olehbozhok Sep 10, 2024
19e770a
fix(jans-cli-tui): populate config-api widgets when page entered (#9436)
devrimyatar Sep 10, 2024
b07568e
fix(jans-cli-tui): hide messages configuration page (#9437)
devrimyatar Sep 10, 2024
8606bbc
doc(jans-auth-server): improved doc for acr aliasing #9438 (#9439)
yuriyz Sep 10, 2024
adfd926
feat(jans-cli-tui): deploy Agama Lab community projects (#9370)
devrimyatar Sep 10, 2024
cc02c6f
Jans config fix (#9448)
pujavs Sep 10, 2024
9ec8afc
fix: update wrong clause (#9454)
jgomer2001 Sep 11, 2024
82ea7df
feat: allow specifying scopes during execution of authz url (#9452)
duttarnab Sep 11, 2024
6a75640
fix(jans-trap): Next Month Arrow is Hidden in calender of client expi…
mjatin-dev Sep 11, 2024
14c854a
fix(jans-linux-setup): jans ldap link server (#9457)
devrimyatar Sep 11, 2024
664b866
fix(jans-auth-server): when arc is changed to agama flow fails with A…
yuriyz Sep 11, 2024
b6722b5
fix(jans-cli-tui): asset issues (#9441)
devrimyatar Sep 11, 2024
39ba40a
fix(jans-linux-setup): ruamel.yaml fixes (#9462)
devrimyatar Sep 11, 2024
4c4aa9e
docs(SCIM config): update the configuration guides for SCIM #9337 (#9…
imShakil Sep 12, 2024
5584e9f
fix(jans-cli-tui): scim patch operation (#9474)
devrimyatar Sep 12, 2024
404b5bb
fix(config-ap): lock audit endpoint parameter declaration error#9460 …
pujavs Sep 12, 2024
e9e9808
feat(jans-lock): structuring Cedarling MVP according to the anatomy p…
olehbozhok Sep 12, 2024
4e3941c
fix(jans-cli-tui): duplicate schema names in info (#9481)
devrimyatar Sep 12, 2024
97493c8
feat(charts): reduce mounted files for external configuration backend…
iromli Sep 12, 2024
fc71c51
feat(cedarling): add an example application using python binding (#9479)
olehbozhok Sep 13, 2024
5775da2
fix(jans-tarp): next Month Arrow is Hidden in calander (#9477)
mjatin-dev Sep 13, 2024
9da5c1f
feat(jans-auth-server): updated tx_token implementation to latest tx …
yuriyz Sep 13, 2024
9611711
feat(jans-lock): add endpoints to allow send bulk audit data (#9488)
yurem Sep 13, 2024
0f3838b
feat(jans-config-api): update schema to conform code (#9490)
yurem Sep 13, 2024
5b911a7
feat(jans-conf-api): evaluationTimeNs should be integer (#9492)
yurem Sep 13, 2024
c15ccfe
fix(terraform-provider-jans): update terraform module (#9464)
moabu Sep 13, 2024
af9d2bc
feat(jans-lock): cedarling code refactoring to improve its readabilit…
olehbozhok Sep 16, 2024
4b07e84
chore: sync assets for OCI images (#9497)
iromli Sep 16, 2024
72593e0
chore(release): release 1.1.5 (#9499)
moabu Sep 16, 2024
2cbfeed
chore(release): prep work for 1.1.6-SNAPSHOT and dev (#9516)
moabu Sep 17, 2024
df0fb3d
feat(jans-auth-server): added dedicated deviceSessionLifetime conf pr…
yuriyz Sep 17, 2024
016bf37
docs: update README.md for Lock changes (#9509)
nynymike Sep 18, 2024
d60da8e
docs(config): logging config documentation update (#9109)
ossdhaval Sep 19, 2024
9b4f5cf
feat(jans-linux-setup): turn off update profile on first login for th…
devrimyatar Sep 19, 2024
23ef80c
fix(jans-auth-server): new jans server installation show null in plac…
yuriyz Sep 19, 2024
dc7afcd
feat(jans-auth): update SG script to conform API (#9541)
yurem Sep 19, 2024
6580d48
fix(jans-cli-tui): hide realm in idp setup (#9538)
devrimyatar Sep 19, 2024
661b380
feat(jans-auth): update SG script to conform API (#9551)
yurem Sep 20, 2024
607a16f
Sg fix api (#9552)
yurem Sep 20, 2024
f4bcaad
feat(config-api): client token mgt endpoint (#9554)
pujavs Sep 21, 2024
c03344a
refactor(jans-cedarling): move cedarling top level (#9564)
moabu Sep 23, 2024
4dcd3a3
docs: add license header instruction to contribution guide (#9500)
ossdhaval Sep 23, 2024
ed80ee6
feat (cedarling): Log Startup message (#9546)
olehbozhok Sep 23, 2024
dabf7f5
fix: update jansExtUid regardless of skipProfileUpdate value (#9566)
jgomer2001 Sep 23, 2024
46d2027
chore: remove id_token_hint from logout url (#9567)
jgomer2001 Sep 23, 2024
f02d7e6
feat(jans-lock): rename Lock Master to Lock Server (#9573)
yurem Sep 24, 2024
1b3ff7a
fix(jans-fido): correct display name for fido interception script #94…
shekhar16 Sep 24, 2024
8dcb12b
fix(jans-auth-server): typo in forceIdTokenHintPrecense, precense -> …
yuriyz Sep 24, 2024
779582f
feat(jans-orm): add CB cluster option waitUntilReady support #9570 (#…
yurem Sep 24, 2024
9082677
fix: changes in passkey script (#9582)
duttarnab Sep 24, 2024
57f3e30
chore: update labels in fido2 page (#9585)
jgomer2001 Sep 24, 2024
66c5159
feat(jans-cedarling): Policy Store: Parse Schema and Policies (#9575)
olehbozhok Sep 25, 2024
336ed6b
feat(jans-auth-server): OpenID AuthZEN - added subject, resource, act…
yuriyz Sep 25, 2024
e04e105
feat(config-api): session and token endpoint (#9595)
pujavs Sep 25, 2024
d480e81
feat(docker-jans-saml): turn off profile update on first login (#9561)
iromli Sep 26, 2024
34c6899
fix(jans-pycloudlib): couchbase client exec_query doesn't support tim…
iromli Sep 26, 2024
ea17aee
feat(jans-cedarling): Policy Store: Parse Policies - both valid and i…
olehbozhok Sep 26, 2024
76c7466
fix(jans-auth-server): added operationId to /ssa/validate swagger (#9…
yuriyz Sep 26, 2024
e6fcec1
feat(jans-tarp): Show loader in jans tarp on Submit/Add form until re…
mjatin-dev Sep 27, 2024
002249d
refactor(docs): minor re-organisation of documentation sections (#9583)
ossdhaval Sep 27, 2024
133daa4
refactor(docs): rename `admin` to `janssen-server` (#9612)
ossdhaval Sep 27, 2024
f46fe6b
feat(config-api): enhancement to fido2 delete endpoint, revoke sessio…
pujavs Sep 27, 2024
9984ce0
feat(orm): update ORM drivers #9618 (#9619)
yurem Sep 30, 2024
bfba964
test(config-api): marked ignore for failing test case (#9616)
pujavs Sep 30, 2024
0dfe0ff
fix(jans-auth-server): prevent rxss #9613 (#9620)
yuriyz Sep 30, 2024
2d78b66
feat(jans-cedarling): add python bindings (#9607)
olehbozhok Sep 30, 2024
df79335
chore: skip plugin build (#9594)
jgomer2001 Sep 30, 2024
e9d206f
feat(jans-orm): use protobuf-java defined in upstream dependecies (#9…
yurem Sep 30, 2024
0ed1517
fix(docs): Update Cedarling content (#9629)
nynymike Oct 1, 2024
dca6d73
fix(docs): fix broken links (#9623)
ossdhaval Oct 1, 2024
c7f4a70
fix(docs): add missing hash for Python 3.11 (#9628)
iromli Oct 1, 2024
c23fbd0
feat(jans-auth-server): OpenID AuthZEN - added request, response and …
yuriyz Oct 1, 2024
eaf321e
chore: update scorecard workflow (#9632)
moabu Oct 1, 2024
ce41cff
fix(jans-linux-setup): remove admin group (#9633)
devrimyatar Oct 1, 2024
b255313
Merge branch 'main' into jans-auth-server-9557
yuriyz Oct 1, 2024
012c29c
fix(jans-linux-setup): import ruamel in fucntion read_yaml_file() (#9…
devrimyatar Oct 1, 2024
05f33cf
feat(jans-auth-server): OpenID AuthZEN - added new access evaluation …
yuriyz Oct 2, 2024
5e7b579
fix(jans-linux-setup): remove references of the admin group #9646 (#9…
devrimyatar Oct 2, 2024
538ce59
chore(cloud-native): sync assets and dependencies (#9606)
iromli Oct 3, 2024
0a2f980
fix(jans-cli-tui): mime-type check (#9650)
devrimyatar Oct 3, 2024
5bc8a6a
feat(jans-auth-server): OpenID AuthZEN - added access evaluation vali…
yuriyz Oct 3, 2024
e032900
feat(jans-auth-server): OpenID AuthZEN - added test for access evalua…
yuriyz Oct 3, 2024
4b62acb
docs: fix wrong Agama engine paths (#9662)
jgomer2001 Oct 3, 2024
cfc337e
refactor(docs): move Cedarling document to a top level directory (#9644)
ossdhaval Oct 3, 2024
a9d4d5b
feat(jans-auth-server): OpenID AuthZEN - added access evaluation scop…
yuriyz Oct 4, 2024
71bba37
feat(jans-bom): update spanner libs (#9668)
yurem Oct 4, 2024
b4d6e20
feat(config-api): custom asset mgt enhancement for asset dir mapping …
pujavs Oct 4, 2024
8087e03
feat(jans-cedarling): parse access_token -- create access token and C…
olehbozhok Oct 8, 2024
91b6874
docs: split apart Cedarling Docs into Multiple Pages (#9670)
nynymike Oct 8, 2024
63e3e00
docs(docker-compose): update docs to be more comprehensive (#9658)
misba7 Oct 8, 2024
8657118
feat(jans-orm): redefine protobuf-java version (#9688)
yurem Oct 8, 2024
907034c
docs: update account-linking-index.md (#9542)
mzico Oct 9, 2024
345a227
docs(jans-cedarling): add python docs (#9691)
SafinWasi Oct 9, 2024
a924902
fix(docs): update old tui command with new `jans` wrapper version (#9…
ossdhaval Oct 10, 2024
ffb3654
fix(docs): update customization doc for asset intake details (#9695)
ossdhaval Oct 10, 2024
cd0cf7f
chore(jans-keyclokak-integration): update dependencies causing secur…
uprightech Oct 10, 2024
8d3474b
feat(jans-cedarling): Parse Cedar Schema for Access Token and Workloa…
olehbozhok Oct 10, 2024
c2eef7b
Doc per service (#9724)
yurem Oct 11, 2024
5be7c7a
fix(docs): navigation for Cedarling (#9721)
ossdhaval Oct 11, 2024
595fff6
feat(jans-pycloudlib): remove support for ldap persistence (#9729)
iromli Oct 11, 2024
bea6ffc
fix(jans-linux-setup): fix logmanager.sh (#9735)
mzico Oct 14, 2024
75df2bf
fix(jans-linux-setup): mysql backend with setup.properties (#9738)
devrimyatar Oct 14, 2024
009a987
feat(jans-config-api): remove session_id from API and use sid in API …
pujavs Oct 14, 2024
5f3b30e
chore(jans-linux-setup): remove ldap (#9733)
devrimyatar Oct 14, 2024
b7b9742
feat(jans-cedarling): add type hints for cedarling_python (#9725)
olehbozhok Oct 15, 2024
39c1ffa
fix(jans-linux-setup): suse mysql version 8.0.39 (#9746)
devrimyatar Oct 15, 2024
2c55975
feat(cloud-native)!: remove support for ldap persistence (#9669)
iromli Oct 15, 2024
cc84a90
fix(jans-linux-setup): jans cli corrections 9710 (#9747)
devrimyatar Oct 15, 2024
013d547
feat(jans-auth-server): spontaneous scope description should have sco…
yuriyz Oct 15, 2024
d8d355e
feat(jans-orm): add search support in json path (#9755)
yurem Oct 15, 2024
5c69a4c
feat(jans-orm): add search support in json path (#9759)
yurem Oct 15, 2024
132fffb
fix(jans-cli-tui): config-api configuration (#9766)
devrimyatar Oct 16, 2024
60f2f2f
feat(jans-orm): fix like_regex in json array (#9773)
yurem Oct 16, 2024
731e12b
chore(jans-keycloak-integration): downgrade kc version to 25.0.6 #976…
uprightech Oct 16, 2024
6220e9c
fix(jans-linux-setup): downgrade KC (#9770)
devrimyatar Oct 16, 2024
7211df1
docs(jans-lock): add default schema (#9741)
SafinWasi Oct 17, 2024
5c3d656
feat(jans-cedarling): Implement JWT validation for JwtService (#9726)
rmarinn Oct 17, 2024
af19012
feat(jans-casa): update bioid plugin (#9774)
SafinWasi Oct 17, 2024
12c355c
fix: downgrade keycloak version to 25.0.6 (#9775)
iromli Oct 17, 2024
7b82651
docs: add release process doc (#9683)
moabu Oct 17, 2024
09cf80d
chore(deps): bump org.apache.maven.plugins:maven-site-plugin from 4.0…
dependabot[bot] Oct 17, 2024
ab45f22
docs: adding Trusted Issuer Schema format in docs #9784 (#9785)
duttarnab Oct 17, 2024
4a0b206
feat(jans-orm): add search support in json path (#9834)
yurem Oct 18, 2024
2883801
chore(deps): bump org.apache.maven.plugins:maven-deploy-plugin from 3…
dependabot[bot] Oct 18, 2024
ea49ab2
chore(deps): bump org.apache.maven.plugins:maven-install-plugin from …
dependabot[bot] Oct 18, 2024
f08be1f
chore(deps): bump org.apache.maven.plugins:maven-dependency-plugin fr…
dependabot[bot] Oct 18, 2024
460e48e
chore(deps): bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.…
dependabot[bot] Oct 18, 2024
0fb0b44
chore(deps): bump log4j.version from 2.23.1 to 2.24.1 in /jans-casa (…
dependabot[bot] Oct 18, 2024
6d1b114
chore(deps): bump org.apache.tika:tika-core from 2.6.0 to 2.9.2 in /j…
dependabot[bot] Oct 18, 2024
b9d022a
chore(deps): bump org.bouncycastle:bcmail-fips from 1.0.4 to 2.0.5 in…
dependabot[bot] Oct 18, 2024
f9e82e6
docs(jans-cedarling): update python example (#9783)
SafinWasi Oct 18, 2024
53c299c
test(jans-cedarling): rectify intermittent failure in get_token_claim…
djellemah Oct 18, 2024
502aac3
feat(jans-cedarling): Implement python bindings for the authorize met…
olehbozhok Oct 18, 2024
cc5c0c8
feat(config-api): session and token search enhancement (#9844)
pujavs Oct 18, 2024
a3bb5bd
fix(jans-cli-tui): asset management (#9848)
devrimyatar Oct 21, 2024
b6c6e62
feat(jans-orm): add search support in json path (#9845)
yurem Oct 21, 2024
199bf98
feat(jans-orm): use right booelan type in JSON and plan SQL queries (…
yurem Oct 21, 2024
c13bb10
refactor(docs): refactor interception script documentation (#9753)
mmrraju Oct 21, 2024
845edc9
ci(jans-cedarling): testcase workflow (#9853)
SafinWasi Oct 21, 2024
c898ebc
refactor(jans-cli-tui): display popup for save action (#9865)
devrimyatar Oct 21, 2024
17d32b0
feat(config-api): session endpoint changes for search in jansSessAttr…
pujavs Oct 21, 2024
080f866
chore(deps): bump org.apache.maven.plugins:maven-clean-plugin from 3.…
dependabot[bot] Oct 21, 2024
426a7a4
chore(deps): bump org.jacoco:jacoco-maven-plugin from 0.8.11 to 0.8.1…
dependabot[bot] Oct 21, 2024
eee014f
chore(deps): bump org.apache.maven.plugins:maven-javadoc-plugin from …
dependabot[bot] Oct 21, 2024
18a68f4
fix(jans-linux-setup): script location (#9869)
devrimyatar Oct 21, 2024
c074f85
fix(jans-cli-tui): do not hide ldap servers in authn when database is…
devrimyatar Oct 22, 2024
6a4c32e
chore(deps): bump bc.version from 1.78 to 1.78.1 in /jans-casa (#9864)
dependabot[bot] Oct 22, 2024
89b850b
chore(deps): bump com.github.spotbugs:spotbugs-maven-plugin from 4.8.…
dependabot[bot] Oct 22, 2024
052a13e
feat(jans-cedarling): Implement Validation Layer and ServiceFactory (…
olehbozhok Oct 22, 2024
79337e0
feat: simplify JSON value in MySQL (#9886)
yurem Oct 22, 2024
db4faf3
feat(config-api): pagination implemented in fido2, session and token …
pujavs Oct 22, 2024
8c6b338
fix(jans-linux-setup): index key lenght for text columns (#9890)
devrimyatar Oct 22, 2024
1ed5eb1
fix(docs): remove LDAP from documentation (#9839)
ossdhaval Oct 23, 2024
24a764f
chore(docs): update documentation for LDAP support removal (#9894)
ossdhaval Oct 23, 2024
50a8b5e
fix(jans-core): document store manager should use filePath (#9900)
yurem Oct 23, 2024
94ed82a
fix(jans-linux-setup): json values in arrays (#9908)
devrimyatar Oct 24, 2024
504c6dd
docs(jans-cedarling): add Application Entity back and Update Action P…
SafinWasi Oct 24, 2024
c77f2ec
feat(charts): allow using custom configuration schema (#9786)
iromli Oct 24, 2024
79e1980
docs: update customization docs with correct path and new screenshots…
misba7 Oct 24, 2024
2ea7274
fix(jans-cli-tui): hide agama script on default ACR tab (#9911)
devrimyatar Oct 24, 2024
0de6a45
feat(jans-cedarling): Add support of parsing the `Set` type in cedar-…
olehbozhok Oct 24, 2024
5e41e15
chore(deps): bump com.nimbusds:oauth2-oidc-sdk from 11.7 to 11.20.1 i…
dependabot[bot] Oct 24, 2024
4e03fe3
fix(config-api): acr enhancement for agama, asset mgt error message m…
pujavs Oct 24, 2024
c6f3890
chore(deps): bump antlr4.version from 4.10.1 to 4.13.2 in /agama (#9792)
dependabot[bot] Oct 24, 2024
5cb6a32
docs: changes in policy store docs (#9904)
duttarnab Oct 25, 2024
a8eeb58
Lock health check plugin (#9921)
yurem Oct 25, 2024
d8b581c
chore(deps): bump com.github.spotbugs:spotbugs-maven-plugin from 4.2.…
dependabot[bot] Oct 25, 2024
819f529
fix: add slash (#9926)
jgomer2001 Oct 25, 2024
378001c
fix(charts): resolve error parsing jans helm chart (#9930)
iromli Oct 25, 2024
f0fceb5
feat(jans-cedarling): Parse id_token -- create id_token and User enti…
olehbozhok Oct 26, 2024
fecffe9
chore(jans-linux-setup): facter script (#9942)
devrimyatar Oct 27, 2024
f35db99
docs(user-mgt): restructure user management documentation (#9946)
imShakil Oct 28, 2024
98f3d5b
feat(jans-cedarling): update policy_store.json parser and schema (#9910)
rmarinn Oct 28, 2024
5d50096
fix(docs): remove local LDAP references as LDAP support has been disc…
ossdhaval Oct 28, 2024
e81c2b3
feat(jans-linux-setup): Janssen services healt script (#9941)
devrimyatar Oct 28, 2024
e04835e
chore: update descriptors for ZK update (#9932)
jgomer2001 Oct 28, 2024
c1e7534
fix(jans-linux-setup): permission of jans_services_status.py (#9960)
devrimyatar Oct 28, 2024
ab1110f
feat(jans-cedarling): implement `KeyService` for `JwtService` for key…
rmarinn Oct 28, 2024
6f3cff4
chore(deps): bump jackson.version from 2.14.2 to 2.18.0 in /jans-casa…
dependabot[bot] Oct 28, 2024
6de8392
chore(deps): bump jakarta.el:jakarta.el-api from 5.0.1 to 6.0.1 in /j…
dependabot[bot] Oct 28, 2024
0a3007f
chore(deps): bump org.apache.tika:tika-core from 2.9.2 to 3.0.0 in /j…
dependabot[bot] Oct 28, 2024
c80ff7a
fix: update commons-io library (#9963)
jgomer2001 Oct 28, 2024
6b1eb3d
feat(jans-pycloudlib): add flag to support simple JSON data format (#…
iromli Oct 29, 2024
c4d2e9b
fix(docs): update cli command (#9727)
ossdhaval Oct 29, 2024
2059ce0
chore(deps): bump org.apache.maven.plugins:maven-dependency-plugin fr…
dependabot[bot] Oct 29, 2024
de7de0f
chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin from…
dependabot[bot] Oct 29, 2024
8deb721
feat(jans-auth-server): updateв first part applications implementatio…
yuriyz Oct 29, 2024
3406250
chore(deps): bump org.apache.maven.plugins:maven-dependency-plugin fr…
dependabot[bot] Oct 29, 2024
30b88ab
chore(deps): bump jackson.version from 2.18.0 to 2.18.1 in /jans-casa…
dependabot[bot] Oct 29, 2024
d4dbe2a
chore(deps): bump io.grpc:grpc-bom from 1.43.1 to 1.68.1 in /jans-cas…
dependabot[bot] Oct 29, 2024
95abf4b
chore(deps): bump com.fasterxml:aalto-xml from 1.3.2 to 1.3.3 in /jan…
dependabot[bot] Oct 29, 2024
873cf86
Lock health check plugin (#9928)
yurem Oct 29, 2024
5d2a1e9
refactor(cloud-native): remove ldap occurences in cloud-native (#9920)
iromli Oct 30, 2024
f709f33
feat(jans-auth-server): OpenID AuthZEN - added new configurations
yuriyz Oct 30, 2024
a8e7ed1
chore: misc descriptor updates (#9990)
jgomer2001 Oct 30, 2024
a1d343b
feat(jans-cedarling): implement validation for userinfo_token JWT (#9…
rmarinn Oct 30, 2024
a0c05d9
fix(jans-core): document store manager load filePath attribute (#9992)
yurem Oct 30, 2024
00dd97e
feat(jans-auth-server): OpenID AuthZEN - added access_evaluation feat…
yuriyz Oct 30, 2024
f9b0a91
chore(deps): bump blazemeter/taurus from 1.16.33 to 1.16.35 in /demos…
dependabot[bot] Oct 31, 2024
2f59807
feat(jans-core): integrate document store manager into applications (…
yurem Oct 31, 2024
dc903f1
feat(jans-auth-server): OpenID AuthZEN - introduced external script s…
yuriyz Oct 31, 2024
9f0d9e4
feat(jans-cli-tui): responsive navigation bar (#9998)
devrimyatar Oct 31, 2024
7d4c121
Merge branch 'main' into jans-auth-server-9557
yuriyz Oct 31, 2024
9873e11
feat(jans-auth-server): OpenID AuthZEN - added main access evaluation…
yuriyz Nov 1, 2024
02a5ef3
feat(jans-auth-server): OpenID AuthZEN - added /evaluation endpoint
yuriyz Nov 4, 2024
ed2b8fd
feat(jans-auth-server): OpenID AuthZEN - added unit test for /evaluat…
yuriyz Nov 5, 2024
669e146
feat(jans-auth-server): OpenID AuthZEN - added new tests to testng
yuriyz Nov 5, 2024
40c9ad5
feat(jans-auth-server): OpenID AuthZEN - added evaluation endpoint to…
yuriyz Nov 6, 2024
50923e6
merge from main
yuriyz Nov 7, 2024
34df8f5
feat(jans-auth-server): OpenID AuthZEN - added evaluation endpoint to…
yuriyz Nov 7, 2024
4447350
fixing merge from main
yuriyz Nov 7, 2024
0232b9d
fixing merge from main
yuriyz Nov 7, 2024
64f2b4d
Merge branch 'main' into jans-auth-server-9557
yuriyz Nov 7, 2024
05526c3
feat(jans-auth-server): OpenID AuthZEN - added missed evaluation endp…
yuriyz Nov 8, 2024
6acc024
temporary added logs to print runtime config
yuriyz Nov 8, 2024
169ab9a
fixing merge from main
yuriyz Nov 8, 2024
e22df90
more logs
yuriyz Nov 8, 2024
6ec6bd6
AuthZEN - fixed bug with client's scope check
yuriyz Nov 8, 2024
a49f378
reverted back logs added for debugging
yuriyz Nov 8, 2024
24a596f
AuthZEN - added simple request/response classes for client
yuriyz Nov 11, 2024
352d780
AuthZEN - added client to evaluation endpoint
yuriyz Nov 12, 2024
0404e07
AuthZEN - added marker interfaces whether request is json based or not
yuriyz Nov 12, 2024
7fef312
AuthZEN - corrected printing for json based requests
yuriyz Nov 12, 2024
cd99c0e
AuthZEN - added AccessEvaluation sample script
yuriyz Nov 13, 2024
7155951
AuthZEN - added full integration test for access evaluation endpoint
yuriyz Nov 14, 2024
26df831
AuthZEN - added integration test to testng
yuriyz Nov 14, 2024
c7e0d9b
AuthZEN - added custom script loading to setup
yuriyz Nov 14, 2024
66e658d
AuthZEN - added full run log to docs
yuriyz Nov 14, 2024
402684c
AuthZEN - added new /evaluation endpoint to swagger
yuriyz Nov 15, 2024
4258709
AuthZEN - docs update
yuriyz Nov 15, 2024
058ad77
AuthZEN - added documentation for AccessEvaluation custom script
yuriyz Nov 18, 2024
a94ed03
AuthZEN - added full documentation
yuriyz Nov 19, 2024
d5748aa
merged main
yuriyz Nov 19, 2024
e778676
Merge branch 'main' into jans-auth-server-9557
yuriyz Nov 19, 2024
a8ed01b
Merge branch 'main' into jans-auth-server-9557
moabu Nov 19, 2024
7eab464
Merge branch 'main' into jans-auth-server-9557
moabu Nov 19, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
245 changes: 245 additions & 0 deletions docs/assets/log/access-evaluation-run-log.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,245 @@
#######################################################
TEST: OpenID Connect Discovery
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/webfinger HTTP/1.1?resource=acct%3Aadmin%40happy-example.gluu.info&rel=http%3A%2F%2Fopenid.net%2Fspecs%2Fconnect%2F1.0%2Fissuer HTTP/1.1
Host: happy-example.gluu.info

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 207
Content-Type: application/jrd+json;charset=iso-8859-1
Date: Fri, 08 Nov 2024 17:15:19 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.52 (Ubuntu)
Set-Cookie: X-Correlation-Id=f8a91ca8-3ebb-48fb-852e-31e40b398b6d; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
"subject": "acct:[email protected]",
"links": [{
"rel": "http://openid.net/specs/connect/1.0/issuer",
"href": "https://happy-example.gluu.info"
}]
}


OpenID Connect Configuration
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
GET /.well-known/openid-configuration HTTP/1.1 HTTP/1.1
Host: happy-example.gluu.info

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 7715
Content-Type: application/json
Date: Fri, 08 Nov 2024 17:15:19 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.52 (Ubuntu)
Set-Cookie: X-Correlation-Id=474307e2-ed02-404e-bf35-a2bc60bf3421; Secure; HttpOnly
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
"request_parameter_supported" : true,
"pushed_authorization_request_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/par",
"introspection_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
"introspection_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/introspection",
"claims_parameter_supported" : false,
"status_list_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/status_list",
"issuer" : "https://happy-example.gluu.info",
"userinfo_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
"id_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
"access_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "ES512", "PS256", "PS384", "PS512" ],
"authorization_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/authorize",
"service_documentation" : "http://jans.org/docs",
"authorization_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
"introspection_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
"claims_supported" : [ "street_address", "country", "zoneinfo", "birthdate", "role", "gender", "formatted", "user_name", "phone_mobile_number", "preferred_username", "locale", "inum", "updated_at", "post_office_box", "nickname", "preferred_language", "email", "website", "email_verified", "profile", "locality", "room_number", "phone_number_verified", "given_name", "middle_name", "picture", "name", "phone_number", "postal_code", "region", "family_name", "jansAdminUIRole" ],
"ssa_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/ssa",
"token_endpoint_auth_methods_supported" : [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt", "tls_client_auth", "self_signed_tls_client_auth" ],
"tls_client_certificate_bound_access_tokens" : true,
"response_modes_supported" : [ "fragment", "query.jwt", "query", "fragment.jwt", "jwt", "form_post.jwt", "form_post" ],
"backchannel_logout_session_supported" : true,
"token_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/token",
"response_types_supported" : [ "code token", "code", "code id_token", "code token id_token", "token id_token", "token", "id_token" ],
"tx_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
"authorization_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
"backchannel_token_delivery_modes_supported" : [ "poll", "ping", "push" ],
"dpop_signing_alg_values_supported" : [ "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "ES512", "PS256", "PS384", "PS512" ],
"request_uri_parameter_supported" : true,
"backchannel_user_code_parameter_supported" : false,
"grant_types_supported" : [ "client_credentials", "urn:ietf:params:oauth:grant-type:device_code", "refresh_token", "implicit", "password", "authorization_code", "urn:ietf:params:oauth:grant-type:uma-ticket", "urn:ietf:params:oauth:grant-type:token-exchange" ],
"ui_locales_supported" : [ "en", "bg", "de", "es", "fr", "it", "ru", "tr" ],
"prompt_values_supported" : [ "none", "login", "consent", "select_account", "create" ],
"userinfo_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/userinfo",
"access_evaluation_v1_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/access/v1/evaluation",
"authorization_challenge_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/authorization_challenge",
"op_tos_uri" : "https://happy-example.gluu.info/tos",
"require_request_uri_registration" : false,
"id_token_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
"frontchannel_logout_session_supported" : true,
"authorization_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "ES512", "PS256", "PS384", "PS512" ],
"claims_locales_supported" : [ "en" ],
"clientinfo_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/clientinfo",
"request_object_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "ES512", "PS256", "PS384", "PS512" ],
"request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
"global_token_revocation_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/global-token-revocation",
"introspection_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "ES512", "PS256", "PS384", "PS512" ],
"tx_token_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "ES512", "PS256", "PS384", "PS512" ],
"session_revocation_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/revoke_session",
"check_session_iframe" : "https://happy-example.gluu.info/jans-auth/opiframe.htm",
"scopes_supported" : [ "address", "introspection", "role", "access_evaluation", "https://jans.io/auth/ssa.admin", "online_access", "openid", "clientinfo", "user_name", "profile", "uma_protection", "revoke_any_token", "global_token_revocation", "https://jans.io/scim/users.write", "revoke_session", "device_sso", "https://jans.io/scim/users.read", "phone", "mobile_phone", "offline_access", "authorization_challenge", "https://jans.io/oauth/lock/audit.write", "email", "https://jans.io/oauth/lock/audit.readonly" ],
"backchannel_logout_supported" : true,
"acr_values_supported" : [ "simple_password_auth" ],
"archived_jwks_uri" : "https://happy-example.gluu.info/jans-auth/restv1/jwks/archived",
"request_object_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
"device_authorization_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/device_authorization",
"display_values_supported" : [ "page", "popup" ],
"tx_token_encryption_enc_values_supported" : [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ],
"userinfo_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "ES512", "PS256", "PS384", "PS512" ],
"require_pushed_authorization_requests" : false,
"claim_types_supported" : [ "normal" ],
"userinfo_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ],
"end_session_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/end_session",
"revocation_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/revoke",
"backchannel_authentication_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/bc-authorize",
"token_endpoint_auth_signing_alg_values_supported" : [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "ES512", "PS256", "PS384", "PS512" ],
"frontchannel_logout_supported" : true,
"jwks_uri" : "https://happy-example.gluu.info/jans-auth/restv1/jwks",
"subject_types_supported" : [ "public", "pairwise" ],
"id_token_signing_alg_values_supported" : [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "ES512", "PS256", "PS384", "PS512" ],
"registration_endpoint" : "https://happy-example.gluu.info/jans-auth/restv1/register",
"id_token_token_binding_cnf_values_supported" : [ "tbh" ]
}


#######################################################
TEST: accessEvaluation_whenSubjectTypeIsAcceptedByScript_shouldGrantAccess
#######################################################
-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /jans-auth/restv1/register HTTP/1.1
Host: happy-example.gluu.info
Content-Type: application/json
Accept: application/json

{
"grant_types" : [ "authorization_code", "refresh_token" ],
"subject_type" : "public",
"application_type" : "web",
"scope" : "access_evaluation openid profile address email phone user_name",
"minimum_acr_priority_list" : [ ],
"redirect_uris" : [ "https://happy-example.gluu.info/jans-auth-rp/home.htm", "https://client.example.com/cb", "https://client.example.com/cb1", "https://client.example.com/cb2" ],
"client_name" : "access_evaluation test",
"additional_audience" : [ ],
"response_types" : [ "code", "id_token" ]
}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 201
Cache-Control: no-store
Connection: Keep-Alive
Content-Length: 1664
Content-Type: application/json
Date: Fri, 08 Nov 2024 17:15:20 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Server: Apache/2.4.52 (Ubuntu)
Set-Cookie: X-Correlation-Id=d7035723-e472-4cac-84c5-ef19f14fcc09; Secure; HttpOnly;HttpOnly
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{
"allow_spontaneous_scopes": false,
"application_type": "web",
"rpt_as_jwt": false,
"registration_client_uri": "https://happy-example.gluu.info/jans-auth/restv1/register?client_id=3cc97aab-014f-4ec9-b83a-51714e817030",
"tls_client_auth_subject_dn": "",
"run_introspection_script_before_jwt_creation": false,
"registration_access_token": "bcf42a29-d534-4ed4-a4aa-eceb4e50f472",
"client_id": "3cc97aab-014f-4ec9-b83a-51714e817030",
"token_endpoint_auth_method": "client_secret_basic",
"scope": "openid access_evaluation",
"client_secret": "aebc0eaa-f97f-4595-8ea1-ae6e541f46c6",
"client_id_issued_at": 1731086120,
"backchannel_logout_session_required": false,
"client_name": "access_evaluation test",
"par_lifetime": 600,
"spontaneous_scopes": [],
"id_token_signed_response_alg": "RS256",
"access_token_as_jwt": false,
"grant_types": [
"refresh_token",
"authorization_code"
],
"subject_type": "public",
"authorization_details_types": [],
"additional_token_endpoint_auth_methods": [],
"keep_client_authorization_after_expiration": false,
"require_par": false,
"redirect_uris": [
"https://client.example.com/cb2",
"https://client.example.com/cb1",
"https://client.example.com/cb",
"https://happy-example.gluu.info/jans-auth-rp/home.htm"
],
"redirect_uris_regex": "",
"additional_audience": [],
"frontchannel_logout_session_required": false,
"client_secret_expires_at": 0,
"access_token_signing_alg": "RS256",
"response_types": [
"code",
"id_token"
]
}

-------------------------------------------------------
REQUEST:
-------------------------------------------------------
POST /jans-auth/restv1/access/v1/evaluation HTTP/1.1
Host: happy-example.gluu.info
Content-Type: application/json
Authorization: Basic M2NjOTdhYWItMDE0Zi00ZWM5LWI4M2EtNTE3MTRlODE3MDMwOmFlYmMwZWFhLWY5N2YtNDU5NS04ZWExLWFlNmU1NDFmNDZjNg==

{"subject":{"id":"[email protected]","type":"super_admin","properties":null},"resource":{"id":"123","type":"account","properties":null},"action":{"name":"can_read","properties":{"method":"GET"}},"context":{"properties":null}}

-------------------------------------------------------
RESPONSE:
-------------------------------------------------------
HTTP/1.1 200
Connection: Keep-Alive
Content-Length: 132
Content-Type: application/json
Date: Fri, 08 Nov 2024 17:15:21 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=5, max=100
Server: Apache/2.4.52 (Ubuntu)
Set-Cookie: X-Correlation-Id=d4f99d9f-5b94-4863-a020-73f6fb62c5e8; Secure; HttpOnly;HttpOnly
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-Xss-Protection: 1; mode=block

{"decision":true,"context":{"id":"9e04dd22-e980-4e54-bc04-d64a0c2e1afe","reason_admin":{"reason":"super_admin"},"reason_user":null}}

1 change: 1 addition & 0 deletions docs/janssen-server/auth-server/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@ FAPI-CIBA OpenID Providers for the latest results.
* [Draft - Financial-grade API: Client Initiated Backchannel Authentication Profile](https://bitbucket.org/openid/fapi/src/master/Financial_API_WD_CIBA.md)
* [Draft - OpenID Connect Native SSO for Mobile Apps 1.0](https://openid.net/specs/openid-connect-native-sso-1_0.html#name-authorization-request)
* [Initiating User Registration via OpenID Connect 1.0](https://openid.net/specs/openid-connect-prompt-create-1_0.html)
* [The AuthZEN Authorization API 1.0](https://openid.github.io/authzen/)

** OAuth **

Expand Down
Loading