Check in before release

README.md

@@ -12,3 +12,27 @@
 ## Docs
 
 https://scitokens.org/
+
+## Notes
+
+This is standard OA4MP with an extension to handle SciTokens. 
+You should set the OIDCEnabled flag to false 
+(see here: http://grid.ncsa.illinois.edu/myproxy/oauth/server/dtd/server-dtd-service-tag.xhtml) and there is one additional configuration flag specific to SciTokens that needs to be set true, , 
+issueATasSciToken = issue the Access Tokens as a SciToken. 
+A snippet of the configuration might look like this:
+```XML
+<service  name="my.scitokens.server"
+          issueATasSciToken="true"
+          OIDCEnabled="false"
+          refreshTokenLifetime="1000000"
+          refreshTokenEnabled="true"
+          scheme="sciTokens"
+          schemeSpecificPart=""
+          clientSecretLength="40"
+          debug="trace">
+  <!-- other stuff -->
+ </service>
+ ```
+
+
+There is a template document as well at https://docs.google.com/document/d/1R9d5RI_4RgDlsiOmTK7_XVhjRaoNIXW_DijGKQ-YtZk/edit#

scitokens-cli/pom.xml

@@ -24,22 +24,22 @@
         <dependency>
             <groupId>edu.uiuc.ncsa.myproxy</groupId>
             <artifactId>oa4mp-client-loader-oauth2</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
         <dependency>
             <groupId>edu.uiuc.ncsa.myproxy</groupId>
             <artifactId>oa4mp-server-admin</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
         <dependency>
             <groupId>edu.uiuc.ncsa.myproxy</groupId>
             <artifactId>oa4mp-server-admin-oauth2</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
         <dependency>
             <groupId>edu.uiuc.ncsa.security.delegation</groupId>
             <artifactId>ncsa-security-oauth-2.0</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
         <dependency>
             <groupId>org.mariadb.jdbc</groupId>

scitokens-client/pom.xml

@@ -22,12 +22,12 @@
         <dependency>
                  <groupId>edu.uiuc.ncsa.myproxy</groupId>
                  <artifactId>oa4mp-client-api</artifactId>
-                 <version>4.1.0</version>
+                 <version>4.1.1</version>
              </dependency>
              <dependency>
                  <groupId>edu.uiuc.ncsa.myproxy</groupId>
                  <artifactId>oa4mp-client-oauth2</artifactId>
-                 <version>4.1.0</version>
+                 <version>4.1.1</version>
                  <type>war</type>
                  <scope>runtime</scope>
              </dependency>
@@ -40,7 +40,7 @@
              <dependency>
                  <groupId>edu.uiuc.ncsa.myproxy</groupId>
                  <artifactId>oa4mp-client-loader-oauth2</artifactId>
-                 <version>4.1.0</version>
+                 <version>4.1.1</version>
              </dependency>
         <dependency>
             <groupId>org.mariadb.jdbc</groupId>
@@ -51,36 +51,36 @@
         <dependency>
             <groupId>edu.uiuc.ncsa.security</groupId>
             <artifactId>ncsa-security-core</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
             <type>test-jar</type>
             <scope>test</scope>
         </dependency>
 
         <dependency>
             <groupId>edu.uiuc.ncsa.security</groupId>
             <artifactId>ncsa-security-util</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
             <type>test-jar</type>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>edu.uiuc.ncsa.security</groupId>
             <artifactId>ncsa-security-servlet</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
 
 
         <dependency>
             <groupId>edu.uiuc.ncsa.myproxy</groupId>
             <artifactId>myproxy-logon</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
 
 
         <dependency>
             <groupId>edu.uiuc.ncsa.security.delegation</groupId>
             <artifactId>ncsa-security-oauth-2.0</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>

scitokens-common/buildNumber.properties

@@ -1,3 +1,3 @@
 #maven.buildNumber.plugin properties file
-#Fri Oct 19 12:57:23 CDT 2018
-buildNumber\\d*=410
+#Wed Nov 07 11:27:23 CST 2018
+buildNumber\\d*=422

scitokens-common/pom.xml

@@ -22,21 +22,21 @@
         <!--  <dependency>
               <groupId>edu.uiuc.ncsa.myproxy</groupId>
               <artifactId>oa4mp-server-oauth2</artifactId>
-              <version>4.1.0</version>
+              <version>4.1.1</version>
               <type>war</type>
               <scope>runtime</scope>
           </dependency>-->
 <!--        <dependency>
             <groupId>edu.uiuc.ncsa.myproxy</groupId>
             <artifactId>oa4mp-server-oauth2</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
             <type>test-jar</type>
             <scope>test</scope>
         </dependency>-->
         <dependency>
             <groupId>edu.uiuc.ncsa.myproxy</groupId>
             <artifactId>oa4mp-server-api</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
         <dependency>
             <groupId>javax.ws.rs</groupId>
@@ -56,41 +56,41 @@
         <dependency>
             <groupId>edu.uiuc.ncsa.myproxy</groupId>
             <artifactId>oa4mp-server-loader-oauth2</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
  <!--       <dependency>
             <groupId>edu.uiuc.ncsa.security</groupId>
             <artifactId>ncsa-security-core</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
             <type>test-jar</type>
             <scope>test</scope>
         </dependency>-->
  <!--       <dependency>
             <groupId>edu.uiuc.ncsa.security.delegation</groupId>
             <artifactId>ncsa-security-delegation-common</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
             <type>test-jar</type>
             <scope>test</scope>
         </dependency>-->
 
  <!--       <dependency>
             <groupId>edu.uiuc.ncsa.myproxy</groupId>
             <artifactId>oa4mp-server-test</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
             <type>test-jar</type>
             <scope>test</scope>
         </dependency>-->
         <dependency>
             <groupId>edu.uiuc.ncsa.security.delegation</groupId>
             <artifactId>ncsa-security-oauth-2.0</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
 
 
         <dependency>
             <groupId>edu.uiuc.ncsa.security</groupId>
             <artifactId>ncsa-security-servlet</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
@@ -106,7 +106,7 @@
         <dependency>
             <groupId>edu.uiuc.ncsa.myproxy</groupId>
             <artifactId>myproxy-logon</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
 
         <dependency>
@@ -129,7 +129,7 @@
         <dependency>
             <groupId>edu.uiuc.ncsa.security.delegation</groupId>
             <artifactId>ncsa-security-oauth-1.0a</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>

scitokens-server/buildNumber.properties

@@ -1,3 +1,3 @@
 #maven.buildNumber.plugin properties file
-#Fri Oct 19 12:57:38 CDT 2018
-buildNumber\\d*=295
+#Wed Nov 07 11:27:39 CST 2018
+buildNumber\\d*=303

scitokens-server/pom.xml

@@ -27,22 +27,22 @@
         <dependency>
             <groupId>edu.uiuc.ncsa.myproxy</groupId>
             <artifactId>oa4mp-server-oauth2</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
             <type>war</type>
             <scope>runtime</scope>
         </dependency>
 
         <!--      <dependency>
                   <groupId>edu.uiuc.ncsa.myproxy</groupId>
                   <artifactId>oa4mp-server-oauth2</artifactId>
-                  <version>4.1.0</version>
+                  <version>4.1.1</version>
                   <type>test-jar</type>
                   <scope>test</scope>
               </dependency>-->
         <dependency>
             <groupId>edu.uiuc.ncsa.myproxy</groupId>
             <artifactId>oa4mp-server-api</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
         <dependency>
             <groupId>javax.ws.rs</groupId>
@@ -62,7 +62,7 @@
         <dependency>
             <groupId>edu.uiuc.ncsa.myproxy</groupId>
             <artifactId>oa4mp-server-loader-oauth2</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
@@ -73,42 +73,42 @@
         <!-- <dependency>
              <groupId>edu.uiuc.ncsa.security</groupId>
              <artifactId>ncsa-security-core</artifactId>
-             <version>4.1.0</version>
+             <version>4.1.1</version>
              <type>test-jar</type>
              <scope>test</scope>
          </dependency>
          <dependency>
              <groupId>edu.uiuc.ncsa.security.delegation</groupId>
              <artifactId>ncsa-security-delegation-common</artifactId>
-             <version>4.1.0</version>
+             <version>4.1.1</version>
              <type>test-jar</type>
              <scope>test</scope>
          </dependency>
 
          <dependency>
              <groupId>edu.uiuc.ncsa.myproxy</groupId>
              <artifactId>oa4mp-server-test</artifactId>
-             <version>4.1.0</version>
+             <version>4.1.1</version>
              <type>test-jar</type>
              <scope>test</scope>
          </dependency>-->
         <dependency>
             <groupId>edu.uiuc.ncsa.security.delegation</groupId>
             <artifactId>ncsa-security-oauth-2.0</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
 
         <dependency>
             <groupId>edu.uiuc.ncsa.security</groupId>
             <artifactId>ncsa-security-util</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
             <type>test-jar</type>
             <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>edu.uiuc.ncsa.security</groupId>
             <artifactId>ncsa-security-servlet</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
         <dependency>
             <groupId>org.apache.logging.log4j</groupId>
@@ -124,7 +124,7 @@
         <dependency>
             <groupId>edu.uiuc.ncsa.myproxy</groupId>
             <artifactId>myproxy-logon</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
 
         <dependency>
@@ -147,7 +147,7 @@
         <dependency>
             <groupId>edu.uiuc.ncsa.security.delegation</groupId>
             <artifactId>ncsa-security-oauth-1.0a</artifactId>
-            <version>4.1.0</version>
+            <version>4.1.1</version>
         </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>

scitokens-server/src/main/java/org/scitokens/servlet/STATServlet.java

@@ -38,6 +38,7 @@
 import java.security.spec.InvalidKeySpecException;
 import java.util.*;
 
+import static edu.uiuc.ncsa.security.core.util.DebugUtil.trace;
 import static edu.uiuc.ncsa.security.oauth_2_0.server.claims.OA2Claims.EXPIRATION;
 import static edu.uiuc.ncsa.security.oauth_2_0.server.claims.OA2Claims.ISSUED_AT;
 import static edu.uiuc.ncsa.security.oauth_2_0.server.claims.OA2Claims.ISSUER;
@@ -332,14 +333,17 @@ public String getRawSciToken2(STTransaction stTransaction, Map<String, String> p
         sciTokens.put(NOT_VALID_BEFORE, Long.valueOf((System.currentTimeMillis() - 5000L) / 1000L)); // not before is 5 minutes before current
 
         String usernameClaimkey = SUBJECT;
-        ServletDebugUtil.dbg(this, "getting username claim key");
+        trace(this, "getting username claim key");
         if (stClient.getUsernameClaimKey() != null) {
             usernameClaimkey = stClient.getUsernameClaimKey();
         }
-        ServletDebugUtil.dbg(this, "Got username claim key=" + usernameClaimkey);
-
-
+        trace(this, "Got username claim key=" + usernameClaimkey);
         // Now to resolve audience and scope requests.
+        if(!claims.containsKey(usernameClaimkey)){
+            String message = "Error: there is no username associated with the claim \"" + usernameClaimkey + "\"";
+            ServletDebugUtil.warn(this, message);
+            throw new IllegalStateException(message);
+        }
         TemplateResolver templateResolver = new TemplateResolver(claims.getString(usernameClaimkey), groups);
         LinkedList<String> requestedPermissions = new LinkedList<>();
         StringTokenizer st = new StringTokenizer(stTransaction.getStScopes(), " ");