1.0.21 (2023-12-14)
- add Jans lock (#7074) (ff3e904)
- add message configuration api to config-api #6982 (#6983) (945ba76)
- agama: use a mixed strategy for serialization (#6883) (00aee0c)
- jans-auth-server: adapted test code after testng upgrade 6.14.3 -> 7.8.0 #6791 (#6792) (99377e4)
- jans-auth-server: archived jwks (#6503) (c86ae0a)
- jans-auth-server: set feature flags state according to list discussed in #6611 (#6769) (fa98c32)
- jans-auth-server: upgraded org.json lib #6926 (#6928) (d461661)
- replace jwt token with reference token to access config-api (admin ui plugin) #6562 (#6587) (7f82250)
- API spec metadata (#6473) (3922ddb)
- config-api: hide authenticationMethod client model utility method #7061 (#7063) (66cea41)
- feature flag default values (#6857) (75b49be)
- jans-auth-server: authz challenge session attributes are overwritten after external script run #6933 (#6936) (20bf1ce)
- jans-auth-server: ClassNotFoundException: javax.xml.bind.annotation.XmlElement #6798 (#6799) (3addc8b)
- jans-auth-server: UpdateToken script is not invoked during Implicit Flow #6561 (#6573) (3ca1b24)
- openapi spec version element (#6780) (e4aca8c)
- permission not getting added successfully #6519 (#6520) (690fa33)
- prepare for 1.0.21 release (#7008) (2132de6)
- serialization of undesired content when a flow crashes (#6609) (93fdc02)
- support boolean jdbc data type (#6957) (efb5d48)
1.0.20 (2023-11-08)
- adding scopes in config-api endpoint access token based on tags (admin-ui) #6413 (#6414) (643ba07)
- changing names of clients used in admin-ui #1375 (#6326) (9e63acb)
- jans-auth-server: add configuration property to AS which will allow to bypass basic client authentication restriction to query only own tokens #6307 (#6317) (d44a820)
- jans-auth-server: added PKCE support to authz challenge endpoint #6180 (#6339) (d9a24bc)
- jans-auth-server: allow revoke any token - explicitly allow by config and scope #6381 (#6412) (47cbee9)
- jans-auth-server: enabled JWT response at introspection endpoint configured by AS and client config (#6433) (06210a9)
- jans-auth-server: cnf introspection response is null even when valid cert is send during MTLS #6343 (#6363) (6fb2a34)
- prepare for 1.0.20 release (c6e806e)
1.0.19 (2023-10-11)
- agama: add support for autoconfiguration (#6210) (18f15da)
- jans-auth-server: added "authorization_challenge" scope enforcement #5856 (#6216) (b3db5c8)
- jans-auth-server: added DPoP to authorization code and PAR (#6196) (be559bf)
- jans-auth-server: passing custom parameters in the body of POST authorization request and ROPC #6141 (#6148) (00673ae)
- jans-auth: new lifetime attribute in ssa (#6214) (b049e33)
- jans-auth-server: apply clientWhiteList when session is valid (allowPostLogoutRedirectWithoutValidation=true ) (#6162) (d10dee5)
- prepare for 1.0.19 release (554fd43)
1.0.18 (2023-09-23)
- jans-auth-server: corrected client's jar-with-dependencies built (#6080) (099d552)
- jans-auth-server: redirect when session does not exist but client_id parameter is present (#6104) (f8f9591)
- jans-auth-server: swagger is malformed due to typo #6085 (#6086) (e1ae899)
- prepare for 1.0.18 release (87af7e4)
1.0.17 (2023-09-17)
- BCFIPS support (sub-part 01) (#5767) (d8cea00)
- BCFIPS support (sub-part 02) (#5779) (bdc2dc5)
- BCFIPS support (sub-part 03) (#5852) (8b0d12b)
- jans-auth-server: add client_id parameter support to /end_session #5942 (#6032) (09ee345)
- jans-auth-server: added "The Use of Attestation in OAuth 2.0 Dynamic Client Registration" spec support #5562 (#5868) (38653c9)
- jans-auth-server: OAuth 2.0 for First-Party Native Applications (#5654) (9d90e28)
- jans-auth-server: fixed prompts handling when acr is changed #5930 (#5931) (98fd86f)
- jans-auth-server: ignore custom OC for non-LDAP during client merge (#5979) (b52afe6)
- jans-auth-server: server can handle prompts incorrectly when acr is changed #5930 (#6002) (949a8dc)
- jans-auth-server: server-fips module cause FullRebuild failure (#6029) (7589bca)
- prepare for 1.0.17 release (4ba8c15)
- remove pending deployments when exceeding 5 minutes #5636 (#5762) (64ded2c)
- version reference (432a904)
1.0.16 (2023-08-02)
- add new methnod to fido2 extension to allow modify json (#5686) (6f56e51), closes #5680
- add proxy support to HttpService2 (#5586) (0fb05b3)
- jans-auth-server: added DPoP-Nonce and client level dpop control "dpop_bound_access_tokens" (#5607) (cc5a47a)
- jans-auth-server: automatically provision scopes if they are present in the SSA for trusted issuer #5164 (#5553) (abaa10f)
- authentication Filter should not process OPTIONS request (#5525) (aed5e4f), closes #5524
- jans-auth-server: if scopes are missed in grant_type=refresh_token AS must take scopes from previous grant #5462 (#5630) (7032bb6)
- jans-auth-server: npe during client registration #5559 (#5560) (9477aee)
- jans-auth-server: state is not always returned on redirect from /end_session endpoint #5704 (#5707) (ebf6fc8)
- prepare for 1.0.16 release (042ce79)
- prepare for 1.0.16 release (b2649c3)
- add a prefix to Log statements #5201 (#5475) (ccb3f05)
- add authorization headers needed to access scan API from SG (#5093) (631abf2), closes #5092
- add method to allow authenticate user by inum #5004 (#5005) (fc67b1f)
- agama: update deployer to account project's metadata
noDirectLaunch
(#5182) (cb4ae38) - jans-auth-server: add "introspection" scope check on introspection endpoint access #4557 (#4716) (ce2d75c)
- jans-auth-server: added ability to set client expiration via DCR #5057 (#5185) (a15054b)
- jans-auth-server: avoided unnecessary "session not found" error messages during refresh token flow #4785 (#4786) (dbf0d52)
- jans-auth-server: invalidate discovery cache if some scripts are (re)loaded #4500 (#4812) (ed48b4f)
- jans-auth-server: log httpresponse body configurated by httpLoggingResponseBodyContent #349 (#4417) (08d92b3)
- jans-auth-server: made not found exceptions logging level configurable #4973 (#4982) (98be22b)
- jans-auth-server: Support of Select Account interception script #3452 (#5149) (b062148)
- modifyAccessToken() must provide convenient method to add header (#5018) (9bc3d5f)
- move notify-client2 library to fido2 project #5030 (#5031) (ed5e09e)
- register jackson2 resteasy provider at startup #5038 (#5039) (81fed0f)
- remove credentialsEncryptionKey field from admin-ui configuration #4539 (#4576) (35b475f)
- update SG script and notify client to conform scan API #5061 (#5062) (7afc42b)
- config-api: revert hide smtp and client model utility method (#4976) (6519744)
- cors filter should not store in local variable allowed (#4688) (0d99195), closes #4687
- jans-auth-server/pom.xml to reduce vulnerabilities (#4271) (6f5db18)
- jans-auth-server: check client has access before granting (#5399) (f23f42f)
- jans-auth-server: ClassCastException during select account #5285 (#5286) (4d17cbc)
- jans-auth-server: corrected current_sessions cookie value encoding #5262 (#5352) (fa41e0c)
- jans-auth-server: Device Flow fails if web session already exists #3388 (#5114) (2a78113)
- jans-auth-server: dynamic registration - assign to client only scopes which are explicitly in request #4426 (#4577) (0b0e624)
- jans-auth-server: explicit user consent is required when up-scope within client authorized scopes #5247 (#5360) (210bfc8)
- jans-auth-server: forced clientWhiteList when session is valid for post_logout_redirect_uri (allowPostLogoutRedirectWithoutValidation=true ) #4672 (#4681) (a9f045b)
- jans-auth-server: Illegal op_policy_uri parameter: - exclude entries with blank values from discovery response (oxauth counterpart) #4888 (#4934) (8603290)
- jans-auth-server: initializing of jsf navigation has been updated; (#5253) (bed5d6f)
- jans-auth-server: maintain client scopes during authorization #5247 (#5448) (a2127e0)
- jans-auth-server: upgraded jettison, 1.5.2 -> 1.5.4 #4591 (#4592) (e90269f)
- prepare for 1.0.12 release (6f83197)
- prepare for 1.0.13 release (493478e)
- prepare for 1.0.14 release (25ccadf)
- prepare for 1.0.15 release (0e3cc2f)
- update test to conform errorHandlingMethod=remote config #4815 (#4816) (cf0cca4)
- upgrade com.google.http-client:google-http-client-jackson2 from 1.40.1 to 1.42.3 (#3531) (c363a63)
1.0.13 (2023-05-10)
- jans-auth-server: add "introspection" scope check on introspection endpoint access #4557 (#4716) (ce2d75c)
- jans-auth-server: avoided unnecessary "session not found" error messages during refresh token flow #4785 (#4786) (dbf0d52)
- jans-auth-server: invalidate discovery cache if some scripts are (re)loaded #4500 (#4812) (ed48b4f)
- jans-auth-server: log httpresponse body configurated by httpLoggingResponseBodyContent #349 (#4417) (08d92b3)
- cors filter should not store in local variable allowed (#4688) (0d99195), closes #4687
- jans-auth-server/pom.xml to reduce vulnerabilities (#4271) (6f5db18)
- jans-auth-server: forced clientWhiteList when session is valid for post_logout_redirect_uri (allowPostLogoutRedirectWithoutValidation=true ) #4672 (#4681) (a9f045b)
- prepare for 1.0.13 release (493478e)
- update test to conform errorHandlingMethod=remote config #4815 (#4816) (cf0cca4)
- upgrade com.google.http-client:google-http-client-jackson2 from 1.40.1 to 1.42.3 (#3531) (c363a63)
1.0.12 (2023-04-18)
- add support for version field to project metadata #4533 (#4534) (0eefb90)
- jans-auth-server: redirect back to RP when session is expired or if not possible show error page #4449 (#4505) (0983e73)
- remove credentialsEncryptionKey field from admin-ui configuration #4539 (#4576) (35b475f)
- agama: avoid assets mess/loss when different projects use the same folder/file names (#4503) (def096b)
- avoid setting agama configuration root dir based on java system variable (#4524) (1d93fd7)
- jans-auth-server: dynamic registration - assign to client only scopes which are explicitly in request #4426 (#4577) (0b0e624)
- jans-auth-server: upgraded jettison, 1.5.2 -> 1.5.4 #4591 (#4592) (e90269f)
- jans-config-api: agama deployment detail endpoint not including all flows IDs (#4565) (358c494)
- prepare for 1.0.12 release (6f83197)
1.0.11 (2023-04-05)
- agama: add means to selectively prevent flow crash when a subflow crashes (#4436) (5d8f0ad)
- backend changes to submit SSA from admin-ui #4298 (#4364) (7e27b6d)
- jans-auth-server: added configurable acr to Device Flow #4305 (#4424) (fbd4ede)
- jans-auth-server: align JWT Response for OAuth Token Introspection with spec #3240 (#4151) (02e1595)
- jans-auth-server: increase sessionIdUnauthenticatedUnusedLifetime value in setup #4445 (#4446) (ecf9395)
- jans-auth-server: use "nologs" version of WebApplicationException in custom script context to avoid stacktrace during redirects #4447 (#4448) (ccc4e52)
- loggerService should update root log level #4251 (#4252) (20264a2)
- userName -> smtpAuthenticationAccountUsername; (#4401) (2bbb95d)
- jans-auth-server: avoid redirect 302 exception every time an authentication request is issued #2287 (#4361) (b5d3901)
- jans-auth-server: corrected npe in redirect uri validator #4330 (#4331) (6fec544)
- jans-auth-server: fixed test which prevents build from completion #4386 (#4387) (4c195ca)
- jans-auth-server: simple_password_auth is missed in acr_values_supported #4258 (#4259) (85bb15c)
- jans-auth-server: white/blank screen after device flow authn #4237 (#4243) (89f744d)
- jans-auth: #4137 properties file entries were missing (#4322) (a069890)
- prepare for release (60775c0)
- Unable to send emails issue 4121 (#4333) (70a566b)
- update UserService to correclty add user when DB is not LDAP #4396 (#4397) (77de049)
1.0.10 (2023-03-16)
- jans-auth-server: added online_access scope to issue session bound refresh token #3012 (#4106) (635f611)
- jans-linux-setup: enable agama engine by default (#4131) (7e432dc)
- prepare release for 1.0.10 (e996926)
1.0.9 (2023-03-09)
- agama: update gama deployment endpoint to support configuration properties (#4049) (392525c)
- getting license credentials from SCAN (#4052) (5c563b7)
- jans-auth-server: introduced additional_token_endpoint_auth_method client's property #3473 (#4033) (79dcb60)
- jans-auth-server: bad indentation in AS swagger.yaml #4108 (#4109) (cdcefd2)
- prepare 1.0.9 release (e6ea522)
- prepare 1.0.9 release (55f7e0c)
- update next SNAPSHOT and dev (0df0e7a)
1.0.8 (2023-03-01)
- jans-auth-server: WebApplicationException is not propagated out of "Update Token" script #3996 (#3997) (d561f14)
- solved error when generate jwt of ssa return error, but ssa persist in database (#3985) (768fd04)
1.0.7 (2023-02-22)
- add custom Github External Authenticator script for ADS #3625 (#3626) (f922a7a)
- add fast forward suport to skip step authentication flow #3582 (#3583) (25ee0af)
- add more loggers (#3742) (919bc86)
- add project metadata and related handling #3476 (#3584) (b95e53e)
- docs: updated swagger for new endpoint get jwt of ssa, also added more documentation for scopes. (7dcca94)
- jans-auth-server: add configurable rotation of client's registration access token #3578 (#3876) (83183c0)
- jans-auth-server: added dynamicRegistrationDefaultCustomAttributes to provide default custom attributes during dcr #3595 (#3596) (6202230)
- jans-auth-server: added flexible date formatter handler to AS (required by certification tools) #3600 (#3601) (f646d73)
- jans-auth-server: added flexible formatter handler for IdTokenFactory class (#3605) (f4b0179)
- jans-auth-server: added sector_identifier_uri content validation (certification) #3639 (#3641) (2583e53)
- jans-auth-server: introduced key_ops for granular map of crypto service to rotation profile #3415 (#3642) (58693c5)
- jans-auth-server: new endpoint for get jwt of ssa based on jti. (#3724) (7dcca94)
- jans-auth-server: OAuth 2.0 Step-up - added acr and auth_time #2589 (#3887) (2bd7a67)
- jans-auth-server: OAuth 2.0 Step-up - added acr and auth_time to introspection response #2589 (#3885) (a325998)
- jans-auth-server: provide ability to ignore/bypass prompt=consent #3721 (#3851) (c0286ba)
- jans-auth-server: provided ability to set scriptDns related attributes of client (e.g. introspectionScripts) #3645 (#3668) (cee2525)
- jans-auth-server: provided convenient method to add claim to AT as JWT in modifyAccessToken() method #3579 (#3629) (cf0a824)
- jans-auth-server: renamed "key_ops" -> "key_ops_type" #3790 (#3791) (cadb3d6)
- jans-auth-server: renamed "key_ops" -> "key_ops_type" #3790 (#3792) (7a6bcba)
- jans-auth-server: use key_ops=ssa to generate jwt from ssa (#3806) (2603bbb)
- process lib directory in
.gama
files for ADS projects deployment (#3644) (40268ad) - Support Super Gluu one step authentication to Fido2 server #3593 (#3599) (c013b16)
- jans-auth-server: added testng to agama-inbound #3714 (#3719) (955ac8c)
- jans-auth-server: AS complication fails on main #3863 (#3864) (e2aa1a6)
- jans-auth-server: corrected issue caught by RegisterRequestTest #3683 (#3684) (3e201d8)
- jans-auth-server: error from introspection interception script is not propagated during AT as JWT creation #3904 (#3905) (8c551c0)
- jans-auth-server: jansApp attribute only relevant for SG (#3782) (6153a13)
- jans-auth-server: key_ops in jwks must be array #3777 (#3778) (2be2a03)
- jans-auth-server: provided corrected public key for outdated keystores during id_token creation if key_ops_type is absent #3840 (#3841) (3291eab)
- jans-auth-server: wrong Client Authn Method at token endpoint throws npe #3503 (#3598) (e3bd1e8)
- jans-config-api: runtime exceptions in config-api at startup (#3725) (8748cc3)
- prepare 1.0.7 release (ce02fd9)
- add custom annotation for configuration property and feature flag documentation (#2852) (9991d1c)
- agama: deploy flows from .gama files (#3250) (df14f8a)
- changes in admin-ui plugin to allow agama-developer-studio to use its OAuth2 apis #3085 (#3298) (9e9a7bd)
- config-api: audit log, agama ADS spec, fix for 0 index search (#3369) (ea04e2c)
- documentation for ssa and remove softwareRoles query param of get ssa (#3031) (d8e14eb)
- jans-auth-server: added ability to return error out of introspection and update_token custom script #3255 (#3356) (a3e5227)
- jans-auth-server: added externalUriWhiteList configuration property before call external uri from AS #3130 (#3425) (6c7df6f)
- jans-auth-server: added token exchange support to client #2518 (#2855) (943d99f)
- jans-auth-server: avoid compilation problem when version is flipped in test code #3148 (#3210) (4d61c7b)
- jans-auth-server: block authentication flow originating from a webview (#3204) (e48380e)
- jans-auth-server: check offline_access implementation has all conditions defined in spec #1945 (#3004) (af30e4c)
- jans-auth-server: corrected GluuOrganization - refactor getOrganizationName() #2947 (#2948) (9275576)
- jans-auth-server: draft for - improve dcr / ssa validation for dynamic registration #2980 (#3109) (233a78c)
- jans-auth-server: end session - if id_token is expired but signature is correct, we should make attempt to look up session by "sid" claim #3231 (#3291) (cd11750)
- jans-auth-server: implemented auth server config property to disable prompt=login #3006 (#3522) (0233cd1)
- jans-auth-server: java docs for ssa (#2995) (892b87a)
- jans-auth-server: new configuration for userinfo has been added (#3349) (3ccc4a9)
- jans-auth-server: remove ox properties name (#3285) (f70b207)
- jans-auth-server: remove redirect uri on client registration when grant types is password or client credentials (#3076) (cd876b4)
- jans-auth-server: renamed "code"->"random" uniqueness claims of id_token to avoid confusion with Authorization Code Flow #3466 (#3467) (dd9d049)
- jans-auth-server: specify minimum acr for clients #343 (#3083) (b0034ec)
- jans-auth-server: ssa validation endpoint (#2842) (de8a86e)
- jans-auth-server: swagger docs for ssa (#2953) (7f93bca)
- jans-auth-server: updated mau on refreshing access token #2955 (#3025) (56de619)
- ssa revoke endpoint (#2865) (9c68f91)
- (jans-auth-server): fixed Client serialization/deserialization issue #2946 (#3064) (31b5bfc)
- (jans-auth-server): fixed client's sortby #3075 (#3079) (e6b0e58)
- #2487 - removing inwebo (#2975) (052f91f)
- agama: after moving agama to jans-auth-server agama model tests are not run #3246 (#3247) (9887e23)
- agama: fix agama auth dependency which blocks build process #3149 (#3244) (8f9fee3)
- agama: fixing tests run on jenkins #3149 (#3261) (cc6c5e1)
- catch org.eclipse.jetty.http.BadMessageException: in (#3330) (1e0ff76), closes #3329
- getting ready for a release (0bda832)
- jans-auth-server/pom.xml to reduce vulnerabilities (#3314) (f3e8205)
- jans-auth-server: changed getAttributeValues to getAttributeObjectValues (#3346) (a39b61e)
- jans-auth-server: compilation error of server side tests #3363 (#3364) (e83c087)
- jans-auth-server: corrected keys description "id_token <purpose>" -> "Connect " #3415 (#3560) (75f99bd)
- jans-auth-server: corrected regression made in token request #2921 (#2922) (deeae74)
- jans-auth-server: Duplicate iss and aud on introspection as jwt #3366 (#3387) (8780e94)
- jans-auth-server: fix language metadata format (#2883) (e21e206)
- jans-auth-server: native sso - return device secret if device_sso scope is present #2790 (#2791) (9fa213f)
- jans-auth-server: parse string from object (#3470) (db9b204)
- jans-auth-server: when obtain new token using refresh token, check whether scope is null (#3382) (22743d9)
- jans-auth-server: wrong import in GluuOrganization class which leads to failure on jans-config-api #2957 (#2958) (af4eda8)
- jans-auth-server: wrong userinfo_encryption_enc_values_supported in OpenID Configuration #2725 (#2951) (bc1a8ca)
- prepare for 1.0.6 release (9e4c8fb)
- upgrade org.mvel:mvel2 from 2.1.3.Final to 2.4.14.Final (#648) (c4034d1)
- user attributes not updated #2753 (#3326) (c0a0f66)
- user attributes not updated #2753 (#3403) (f793f92)
- jmeter benchmark authorization code flow test description (#3312) (6e0c04d)
- prepare for 1.0.4 release (c23a2e5)
1.0.5 (2022-12-01)
- add custom annotation for configuration property and feature flag documentation (#2852) (9991d1c)
- documentation for ssa and remove softwareRoles query param of get ssa (#3031) (d8e14eb)
- jans-auth-server: check offline_access implementation has all conditions defined in spec #1945 (#3004) (af30e4c)
- jans-auth-server: corrected GluuOrganization - refactor getOrganizationName() #2947 (#2948) (9275576)
- jans-auth-server: java docs for ssa (#2995) (892b87a)
- jans-auth-server: remove redirect uri on client registration when grant types is password or client credentials (#3076) (cd876b4)
- jans-auth-server: specify minimum acr for clients #343 (#3083) (b0034ec)
- jans-auth-server: swagger docs for ssa (#2953) (7f93bca)
- jans-auth-server: updated mau on refreshing access token #2955 (#3025) (56de619)
- (jans-auth-server): fixed Client serialization/deserialization issue #2946 (#3064) (31b5bfc)
- (jans-auth-server): fixed client's sortby #3075 (#3079) (e6b0e58)
- #2487 - removing inwebo (#2975) (052f91f)
- getting ready for a release (0bda832)
- jans-auth-server: corrected regression made in token request #2921 (#2922) (deeae74)
- jans-auth-server: wrong import in GluuOrganization class which leads to failure on jans-config-api #2957 (#2958) (af4eda8)
- jans-auth-server: wrong userinfo_encryption_enc_values_supported in OpenID Configuration #2725 (#2951) (bc1a8ca)
1.0.4 (2022-11-08)
- jans-auth-server: added token exchange support to client #2518 (#2855) (943d99f)
- jans-auth-server: ssa validation endpoint (#2842) (de8a86e)
- ssa revoke endpoint (#2865) (9c68f91)
- prepare for 1.0.4 release (c23a2e5)
- agama: add utility classes for inbound identity (#2280) (ca6fdc9)
- disable TLS in CB client by default (#2167) (8ec5dd3)
- jans-auth-server: add access_token_singing_alg_values_supported to discovery #2372 (#2403) (3784c83)
- jans-auth-server: added allowSpontaneousScopes AS json config #2074 (#2111) (3083a3f)
- jans-auth-server: added convenient idTokenLifetime client property #2656 (#2668) (f97bfce)
- jans-auth-server: added creator info to scope (time/id/type) #1934 (#2023) (ca65b24)
- jans-auth-server: allow authentication for max_age=0 #2361 (#2362) (aed6ee3)
- jans-auth-server: allow end session with expired id_token_hint (by checking signature and sid) #2430 (#2431) (1b46b44)
- jans-auth-server: Draft support of OpenID Connect Native SSO (#2711) (595d1aa)
- jans-auth-server: extended client schema - added jansClientGroup #1824 (#2299) (29cfd4e)
- jans-auth-server: renamed "enabledComponents" conf property -> "featureFlags" #2290 (#2319) (56a33c4)
- jans-auth-server: updating arquillian tests 1247 (#2017) (ee200a7)
- jans-linux-setup: added token exchange grant type (#2768) (b3abcfe)
- ssa creation endpoint (#2495) (61c83e3)
- update Coucbase ORM to conform SDK 3.x (config updates) #1851 (#2118) (fceec83)
- upgrade org.jetbrains:annotations from 18.0.0 to 23.0.0 (#637) (e5fca5a)
- config-api: client default value handling (#2585) (fbcbbad)
- fixed multiple encoding issue during authz (#2152) (fb0b6d7)
- include idtoken with dynamic scopes for ciba (#2108) (d9b5341)
- jans auth server: well known uppercase grant_types response_mode (#2706) (39f613d)
- jans-auth-server: "login:prompt" property passed in request object JWT breaks authentication #2493 (#2537) (9d4d84a)
- jans-auth-server/pom.xml to reduce vulnerabilities (#2466) (86e62f9)
- jans-auth-server/pom.xml to reduce vulnerabilities (#2520) (f927692)
- jans-auth-server: added schema for ssa, corrected persistence, added ttl #2543 (#2544) (ce2bc3f)
- jans-auth-server: client tests expects "scope to claim" mapping which are disabled by default #1873 (958cc92)
- jans-auth-server: fixing client tests effected by "scope to claim" mapping which is disabled by default #1873 (#1910) (6d81792)
- jans-auth-server: generate description during built-in key rotation #1790 (#2068) (cd1a77d)
- jans-auth-server: increased period of session authn time check (#1918) (a41905a)
- jans-auth-server: native sso - return device secret if device_sso scope is present #2790 (#2791) (9fa213f)
- jans-auth-server: npe - regression in token endpoint (#2763) (fe659d7)
- jans-auth-server: npe in discovery if SSA endpoint is absent #2497 (#2498) (c3b00b4)
- jans-auth-server: perform redirect_uri validation if FAPI flag is true #2500 (#2502) (aad0460)
- jans-auth-server: PKCE parameters from first SSO request retains in further calls (#2620) (de98b41)
- jans-auth-server: ssa get endpoint (#2719) (35ffbf0)
- jans-auth-server: structure, instance customAttributes, initial data for ssa (#2577) (f11f789)
- jans-config-api/plugins/sample/helloworld/pom.xml to reduce vulnerabilities (#972) (e2ae05e)
- jans-eleven/pom.xml to reduce vulnerabilities (#2676) (d27a7f9)
- select first sig key if none requested (#2494) (31fb464)
- upgrade com.google.http-client:google-http-client-jackson2 from 1.26.0 to 1.40.1 (#644) (31bc823)
- release 1.0.2 (43dead6)
- no docs (529745d)
- no docs (ce2bc3f)
- no docs (9d4d84a)
- no docs (abfd466)
- no docs (aad0460)
- no docs (c3b00b4)
- no docs (f1f0b8d)
- no docs (3784c83)
- no docs (2e02d5e)
- no docs (5c752d1)
- no docs (3083a3f)
- no docs (e488d10)
- no docs (685be30)
- no docs (cd1a77d)
- no docs (ca65b24)
- no docs (9b54357)
- no docs (config-api swagger updated) (56a33c4)
- no docs (swagger is updated) (1b46b44)
- no docs (swagger updated) (aed6ee3)
- no docs (swagger updated) (29cfd4e)
- no docs required (a41905a)
- no docs required (958cc92)
- updated (739b939)
- add support for date ranges in statistic client #1575 (#1653) (8048cd9)
- disable TLS in CB client by default (#2167) (8ec5dd3)
- jans-auth-server: add support for ranges in statistic endpoint (UI team request) (fd66720)
- jans-auth-server: added allowSpontaneousScopes AS json config #2074 (#2111) (3083a3f)
- jans-auth-server: added convenient method for up-scoping or down-scoping AT scopes #1218 (5d71655)
- jans-auth-server: added creator info to scope (time/id/type) #1934 (#2023) (ca65b24)
- jans-auth-server: added restriction for request_uri parameter (blocklist and allowed client.request_uri) #1503 (0696d92)
- jans-auth-server: added sid and authn_time for active sessions response (bf9b572)
- jans-auth-server: if applicationType is not set during client registration AS should default to 'web' #1687 (f9695e1)
- jans-auth-server: improve client assertion creation code (ClientAuthnRequest) #1182 (81946b2)
- jans-auth-server: improved TokenRestWebServiceValidator and added test for it #1591 (929048e)
- jans-auth-server: jwt "exp" must consider "keyRegenerationInterval" #1233 (023cf8a)
- jans-auth-server: make check whether user is active case insensitive #1550 (d141837)
- jans-auth-server: persist org_id from software statement into client's "o" attribute (021d3bd)
- jans-auth-server: removed dcrSkipSignatureValidation configuration property #1623 (6550247)
- jans-auth-server: removed id_generation_endpoint and other claims from discovery response #1827 (4068197)
- jans-auth-server: split grant validation logic into TokenRestWebServiceValidator #1591 (812e605)
- jans-auth-server: split validation logic to TokenRestWebServiceValidator #1591 (f9f6f49)
- jans-auth-server: updating arquillian tests 1247 (#2017) (ee200a7)
- update Coucbase ORM to conform SDK 3.x (config updates) #1851 (#2118) (fceec83)
- include idtoken with dynamic scopes for ciba (#2108) (d9b5341)
- jans-auth-server: client tests expects "scope to claim" mapping which are disabled by default #1873 (958cc92)
- jans-auth-server: corrected npe in JwtAuthorizationRequest (9c9e7bf)
- jans-auth-server: disable surefire for jans-auth-static (7869efa)
- jans-auth-server: fix missing jsonobject annotation (#1651) (be5b82a)
- jans-auth-server: fixed NPE during getting AT lifetime #1233 (f8be086)
- jans-auth-server: fixing client tests effected by "scope to claim" mapping which is disabled by default #1873 (#1910) (6d81792)
- jans-auth-server: generate description during built-in key rotation #1790 (#2068) (cd1a77d)
- jans-auth-server: increased period of session authn time check (#1918) (a41905a)
- login.xhtml: add google client js (#1666) (daf9849)
- no docs (3083a3f)
- no docs (e488d10)
- no docs (685be30)
- no docs (cd1a77d)
- no docs (ca65b24)
- no docs (9b54357)
- no docs required (a41905a)
- no docs required (958cc92)
- no docs required (4068197)
- no docs required (812e605)
- no docs required (f9f6f49)
- no docs required (929048e)
1.0.1 (2022-07-06)
- add support for date ranges in statistic client #1575 (#1653) (8048cd9)
- agama: improve flows timeout (#1447) (ccfb62e)
- jans-auth-server: add support for ranges in statistic endpoint (UI team request) (fd66720)
- jans-auth-server: added convenient method for up-scoping or down-scoping AT scopes #1218 (5d71655)
- jans-auth-server: added restriction for request_uri parameter (blocklist and allowed client.request_uri) #1503 (0696d92)
- jans-auth-server: added sid and authn_time for active sessions response (bf9b572)
- jans-auth-server: improve client assertion creation code (ClientAuthnRequest) #1182 (81946b2)
- jans-auth-server: make check whether user is active case insensitive #1550 (d141837)
- jans-auth-server: persist org_id from software statement into client's "o" attribute (021d3bd)
- jans-auth-server: removed dcrSkipSignatureValidation configuration property #1623 (6550247)
- jans-auth-server: added SessionRestWebService to rest initializer (f0ebf67)
- jans-auth-server: corrected npe in JwtAuthorizationRequest (9c9e7bf)
- jans-auth-server: disable surefire for jans-auth-static (7869efa)
- jans-auth-server: fix missing jsonobject annotation (#1651) (be5b82a)
- add script for Google login (#1141) (bac9144)
- create apis to verify and save license api-keys in Admin UI #1196 (#1203) (315faec)
- jans-auth-server: #808 sign-in with apple interception script (c21183a)
- jans-auth-server: adapted authorization ws to use authzrequest (58c5336)
- jans-auth-server: added authzrequest abstraction (af8faf0)
- jans-auth-server: authorized acr values (#1068) (26e576a)
- jans-auth-server: changed prog lang name python->jython (b9ba291)
- jans-auth-server: client registration language metadata (#1237) (a8d0157)
- jans-auth-server: enable person authn script to have multiple acr names (#1074) (1dc9250)
- jans-auth-server: force signed request object (#1052) (28ebbc1)
- jans-auth-server: hide 302 redirect exception in logs #1294 (00197c7)
- jans-auth,jans-cli,jans-config-api: changes to handle new attribute description in Client object and new custom script type (d4a9f15)
- jans-config-api: user mgmt endpoint (a093758)
- jans-config-api: user mgmt endpoint (0ea10fd)
- jans-core: compile java code on the fly for custom script (5da6e27)
- jans-core: remove UPDATE_USER and USER_REGISTRATION scripts #1289 (c34e75d)
- jans: jetty 11 integration (#1123) (6c1caa1)
- support regex client attribute to validate redirect uris (#1005) (a78ee1a)
- admin-ui: the backend issues related to jetty 11 migration #1258 (#1259) (d61be0b)
- bug(jans-auth-server): custom pages are not found #1318 (e1e0bf9)
- jans-auth-server: added faces context as source of locale (#1189) (ce770ae)
- jans-auth-server: authorize page message policy (#1096) (f10ccb1)
- jans-auth-server: corrected fallback value of checkUserPresenceOnRefreshToken (a822ae5)
- jans-auth-server: corrected log vulnerability (1000a60)
- jans-auth-server: corrected npe in response type class (941248d)
- jans-auth-server: corrected signature algorithm identification with java 11 and later (3e203f2)
- jans-auth-server: corrected thread-safety bug in ApplicationAuditLogger #803 (ef73c2b)
- jans-auth-server: disabled issuing AT by refresh token if user status=inactive (3df72a8)
- jans-auth-server: do not serialize jwkThumbprint (d8634fe)
- jans-auth-server: during encryption AS must consider client's jwks too, not only jwks_uri (475b154)
- jans-auth-server: dynamic client registration managment delete event (911e54b)
- jans-auth-server: escape login_hint before rendering (e1a682a)
- jans-auth-server: fixed equals/hashcode by removing redundant dn field (d27659d)
- jans-auth-server: fixed server and tests after jetty 11 migration (#1354) (3fa19f4)
- jans-auth-server: gluuStatus -> jansStatus (7f86d6d)
- jans-auth-server: isolate regex redirection uri validation test (#1075) (cca0551)
- jans-auth-server: removed CONFIG_API from AS supported script types #1286 (c209868)
- jans-auth-server: removed ThumbSignInExternalAuthenticator (a13ca51)
- jans-auth-server: renamed localization resoruces files #1198 (#1199) (4561f2a)
- jans-auth-server: restored id generator call to external custom script (#1128) (5ba98c1)
- jans-auth-server: use duration class instead of custom util to calculate seconds from date to now (#1249) (5ae76ab)
- jans-auth-server: validate pkce after extraction data from request object (#999) (29fdfae)
- jans-auth-server: validate redirect_uri blank and client redirect uris single item to return by default (#1046) (aa139e4)
- jans-core: corrected ExternalUmaClaimsGatheringService (cfe1b6d)
- Typo httpLoggingExludePaths jans-auth-server jans-cli jans-config-api jans-linux-setup docker-jans-persistence-loader (47a20ee)
- update mysql/spanner mappings #1053 (94fb2c6)
- Use highest level script in case ACR script is not found. Added FF to keep existing behavior. (#1070) (07473d9)
- release 1.0.0 (b2895f2)
- release 1.0.0-beta.16 (a083ad6)
- release 1.0.0-beta.16 (90e4bb2)
- release 1.0.0-beta.16 (eec2073)
- release 1.0.0-beta.16 (cd92ead)
- release 1.0.0-beta.16 (7f0a91b)
- release 1.0.0-beta.16 (c2ad604)
- release 1.0.0-beta.16 (a641486)
- release 1.0.0-beta.16 (94d5791)
- release 1.0.0-beta.16 (16de429)
- release 1.0.0-beta.16 (72915c0)
- release 1.0.0-beta.16 (3ea2b37)
- release 1.0.0-beta.16 (78a6d39)
- release 1.0.0-beta.16 (11bfa93)
- release 1.0.0-beta.16 (22b180b)
- release 1.0.0-beta.16 (b9acd0b)
- release 1.0.0-beta.16 (328cd30)
- release 1.0.0-beta.16 (5a84602)
- release 1.0.0-beta.16 (4923277)
- release 1.0.0-beta.16 (258ba96)
- release 1.0.0-beta.16 (77c4423)
- release 1.0.0-beta.16 (688b324)
- release 1.0.0-beta.16 (4e86f15)
- release 1.0.0-beta.16 (8d514ee)
- release 1.0.0-beta.16 (0899898)
1.0.0-beta.16 (2022-03-14)
- jans-auth-server: forbid plain pkce if fapi=true (fapi1-advanced-final-par-plain-pkce-rejected fail) #946 (21cecb0)
- jans-auth-server: new client config option defaultpromptlogin #979 (4e3de26)
- support regex client attribute to validate redirect uris (#1005) (a78ee1a)
- jans-auth-server: corrected ParValidatorTest #946 (04a01fd)
- jans-auth-server: corrected sonar reported issue (7c88078)
- jans-auth-server: fix npe (e6debb2)
- jans-auth-server: reduce noise in logs when session can't be found (47afc47)
- jans-auth-server: removed reference of removed tests #996 (cabc4f2)
- jans-auth-server: validate pkce after extraction data from request object (#999) (29fdfae)
- release 1.0.0-beta.16 (a083ad6)
- release 1.0.0-beta.16 (90e4bb2)
- release 1.0.0-beta.16 (eec2073)
- release 1.0.0-beta.16 (cd92ead)
- release 1.0.0-beta.16 (7f0a91b)
- release 1.0.0-beta.16 (c2ad604)
- release 1.0.0-beta.16 (a641486)
- release 1.0.0-beta.16 (94d5791)
- release 1.0.0-beta.16 (16de429)
- release 1.0.0-beta.16 (72915c0)
- release 1.0.0-beta.16 (3ea2b37)
- release 1.0.0-beta.16 (78a6d39)
- release 1.0.0-beta.16 (11bfa93)
- release 1.0.0-beta.16 (22b180b)
- release 1.0.0-beta.16 (b9acd0b)
- release 1.0.0-beta.16 (328cd30)
- release 1.0.0-beta.16 (5a84602)
- release 1.0.0-beta.16 (4923277)
- release 1.0.0-beta.16 (258ba96)
- release 1.0.0-beta.16 (77c4423)
- release 1.0.0-beta.16 (688b324)
- release 1.0.0-beta.16 (4e86f15)
- release 1.0.0-beta.16 (8d514ee)
- release 1.0.0-beta.16 (0899898)
- #836 support push token update on finish authentication (#837) (4d6d916)
- jans-auth-server: add methods to dynamic client registration script to modify POST, PUT and GET responses (#661) (2aa2ba8)
- jans-auth-server: added cache support to /stat endpoint (e1dba92)
- jans-auth-server: added new stat response service with test (9d60629)
- jans-auth-server: added post response modification method (db936f9)
- jans-auth-server: added put response modification method (00a24f2)
- jans-auth-server: added read response modification method (ec8864b)
- jans-auth-server: added to par extra nbf and exp (for 60min) validation (#838) (9db47a4)
- jans-auth-server: allow return custom authz params to rp in response (#756) (0e865fb)
- jans-auth-server: extending crypto support sub pr4 (#670) (fe07d76)
- jans-auth-server: invoke custom script methods for response modification (da44d5a)
- jans-auth-server: reject par without pkce for fapi (332df41)
- jans-auth-server: set public subject identifier per client (#800) (c303bbc)
- jans-auth-server: turn off consent for pairwise openid-only scope (#708) (a96007d)
- jans-config-api: add deletable flag to admin-ui role object #888 (#900) (500a773)
- par should be able to register with nbf (a4a2981)
- brazilob jarm fapi conformance test last7 issues (#695) (edab074)
- code reformatting as suggested (a70ceda)
- correction as suggested in review (adddb1a)
- early exit to avoid nested if(s) (ab65ac9)
- for JARM issue 310 311 and 314 (ae0cdb9)
- import Nullable (5057531)
- jans-auth-server: check alg none to display error JARM issue310 (#786) (b21a052)
- jans-auth-server: corrected 500 error if absent redirect_uri in object for fapi (89e586a)
- jans-auth-server: corrected error code for absent redirect_uri in object (fapi) (f73430c)
- jans-auth-server: corrected jarm error response (1d4b53b)
- jans-auth-server: corrected jarm isuue #310 (#773) (e1cdc19)
- jans-auth-server: corrected jarm response mode (9e3bf69)
- jans-auth-server: corrected npe in jarm (5cae544)
- jans-auth-server: corrected wrong expires_in (428c5b3)
- jans-auth-server: covered one more case when consent is off (8b59739)
- jans-auth-server: don't fail registration without custom script (#711) (277be82)
- jans-auth-server: error code correction unregister redirect_uri (#814) #816 (fe4d6a0)
- jans-auth-server: fixed device authz tests (8a952d7)
- jans-auth-server: fixed error code during error response creation (0d47490)
- jans-auth-server: for issue#315 JARM registered redirect uri (#752) (fe2dc59)
- jans-auth-server: if consent is off then check whether response already have access_tokne (81ad31b)
- jans-auth-server: if consent is off then check whether response already have code (294bb22)
- jans-auth-server: jarm failing tests (#745) (5d0b401)
- jans-auth-server: jarm tests fix (ddf3423)
- jans-auth-server: set par expiration to request object exp #824 (#860) (c835c38)
- JARM tests fix (3bfb95f)
- newly added eddsa cause exception (#727) (6e5a865)
- replace non UTF-8 characters (#770) (bb386cd)
- upgrade commons-codec:commons-codec from 1.7 to 20041127.091804 (3d319b8)
- upgrade oauth.signpost:signpost-commonshttp4 from 2.0.0 to 2.1.1 (7246e8f)
- upgrade org.apache.httpcomponents:httpcore from 4.4.5 to 4.4.15 (82689d2)
- upgrade org.bitbucket.b_c:jose4j from 0.6.4 to 0.7.9 (874e2ad)
- upgrade org.codehaus.jettison:jettison from 1.3.2 to 1.4.1 (5ffe19d)
- use diamond operator (#766) (57664b0)