Add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 #9974

imran-ishaq · 2024-10-29T12:54:56Z

Prepare

Read PR guidelines
Read license information

Description

Target issue

closes #9248

Implementation Details

Test and Document the changes

Static code analysis has been run locally and issues have been fixed
Relevant unit and integration tests have been added/updated
Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

I confirm that there is no impact on the docs due to the code changes in this PR.

…script for attestation and assertion API calls Signed-off-by: imran-ishaq <imranishaq024@gmail.com>

…ript for attestation and assertion API calls #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com>

Signed-off-by: imran-ishaq <imranishaq024@gmail.com>

dryrunsecurity · 2024-10-29T12:55:20Z

DryRun Security Summary

The provided code changes focus on enhancing the security and robustness of the FIDO2 authentication process in the Janssen FIDO2 server application, covering various aspects of the attestation and assertion flows, with a strong emphasis on verifying the integrity and source of the provided data.

Expand for full summary

Summary:

The provided code changes focus on enhancing the security and robustness of the FIDO2 (Fast Identity Online) authentication process in the Janssen FIDO2 server application. The changes cover various aspects of the attestation and assertion (authentication) flows, with a strong emphasis on verifying the integrity and source of the provided data.

Key security improvements include:

Relying Party (RP) Domain Verification: The code has been updated to verify the RP domain against a list of allowed/requested parties, helping to prevent potential domain spoofing attacks.
Credential Management: The application ensures that only valid and registered credentials are allowed for the assertion process, handling different types of authenticators (e.g., platform, hybrid, USB, NFC, BLE).
External Security Integration: The code integrates an ExternalFido2Service that allows for custom security checks or integrations during the assertion process.
Persistence and Expiration: The application stores the assertion request and response in the persistence layer, with appropriate expiration settings to limit the lifetime of unfinished requests.
Push Token and Session Updates: The code handles updates to the user's push token and session information, ensuring a seamless and secure authentication experience.

Overall, the changes in this pull request demonstrate the application's commitment to implementing robust FIDO2 authentication mechanisms and validating the integrity of the attestation and assertion data, which is crucial for maintaining a secure and reliable authentication process.

Files Changed:

AttestationErrorResponseType.java: Adds a new error type called INVALID_ORIGIN, which represents an error related to the attestation origin validation.
AttestationService.java: Enhances the RP domain verification by checking the domain against the list of configured requested parties, reducing the risk of domain spoofing attacks.
AssertionService.java: Improves the security of the assertion process by verifying the RP domain, managing allowed credentials, integrating external security services, and handling session and push token updates.
Fido2ExternalAuthenticator.py: Separates the assertion and attestation flows, passes domain information as part of the FIDO2 request parameters, and properly handles exceptions and metadata configuration.
CommonVerifiers.java: Strengthens the verification of the RP domain and the counter value, helping to prevent replay attacks and other security vulnerabilities.

Code Analysis

We ran 9 analyzers against 5 files and 1 analyzer had findings. 8 analyzers had no findings.

Analyzer	Findings
Authn/Authz Analyzer	6 findings

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

…tion and assertion API calls #9248 (#9974) * feat(jans-fido2): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * refactor(docs): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): handle origin if http or https is missing #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com>

…0080) * chore(main): release jans-orm 1.0.1-SNAPSHOT (#1713) * chore(main): release jans-fido2 1.0.1-SNAPSHOT (#1712) * chore(main): release jans-auth-server 1.0.1-SNAPSHOT (#1711) * chore(main): release jans-core 1.0.1-SNAPSHOT (#1710) * chore(main): release jans-scim 1.0.1-SNAPSHOT (#1709) * chore(main): release jans-notify 1.0.1-SNAPSHOT (#1708) * chore(main): release agama 1.0.1-SNAPSHOT (#1707) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#2466) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2471) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * build(deps): bump commons-text from 1.9 to 1.10.0 in /jans-bom (#2679) Bumps commons-text from 1.9 to 1.10.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-text dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2676) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3037311 * fix: jans-config-api/plugins/sample/helloworld/pom.xml to reduce vulnerabilities (#972) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1009963 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1058913 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1085989 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1303102 Co-authored-by: pujavs <43700552+pujavs@users.noreply.github.com> * fix: jans-config-api/pom.xml to reduce vulnerabilities (#1746) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452 Co-authored-by: pujavs <43700552+pujavs@users.noreply.github.com> * docs: update README.md (#2367) * chore(main): release jans-core 1.0.5-SNAPSHOT (#3143) * chore(main): release jans-config-api 1.0.5-SNAPSHOT (#3142) * chore(main): release jans-auth-server 1.0.5-SNAPSHOT (#3141) * chore(main): release jans-notify 1.0.5-SNAPSHOT (#3140) * chore(main): release jans-orm 1.0.5-SNAPSHOT (#3139) * chore(main): release jans-eleven 1.0.5-SNAPSHOT (#3138) * chore(main): release jans-fido2 1.0.5-SNAPSHOT (#3137) * chore(main): release jans-bom 1.0.5-SNAPSHOT (#3136) * chore: add owner to jans-config-api (#3283) * build(deps): bump postgresql from 42.5.0 to 42.5.1 in /jans-bom (#3068) Bumps [postgresql](https://github.com/pgjdbc/pgjdbc) from 42.5.0 to 42.5.1. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.5.0...REL42.5.1) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#3315) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#3314) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(main): release jans-eleven 1.0.6-SNAPSHOT (#3538) * chore(main): release jans-bom 1.0.6-SNAPSHOT (#3539) * chore(main): release jans-notify 1.0.6-SNAPSHOT (#3540) * chore(main): release jans-config-api 1.0.6-SNAPSHOT (#3541) * chore(main): release jans-orm 1.0.6-SNAPSHOT (#3542) * chore(main): release jans-scim 1.0.6-SNAPSHOT (#3543) * chore(main): release jans-auth-server 1.0.6-SNAPSHOT (#3544) * chore(main): release jans-fido2 1.0.6-SNAPSHOT (#3545) * chore(main): release jans-core 1.0.6-SNAPSHOT (#3546) * fix: cbor data stream lenght calculatro return wrong lengh #3614 (#3615) * chore(main): release jans-core 1.0.7-SNAPSHOT (#3919) * chore(main): release jans-scim 1.0.7-SNAPSHOT (#3918) * chore(main): release jans-notify 1.0.7-SNAPSHOT (#3917) * chore(main): release jans-auth-server 1.0.7-SNAPSHOT (#3916) * chore(main): release jans-bom 1.0.7-SNAPSHOT (#3915) * chore(main): release jans-orm 1.0.7-SNAPSHOT (#3914) * chore(main): release agama 1.0.7-SNAPSHOT (#3913) * chore(main): release jans-eleven 1.0.7-SNAPSHOT (#3912) * chore(main): release jans-config-api 1.0.7-SNAPSHOT (#3911) * chore(main): release jans-fido2 1.0.7-SNAPSHOT (#3910) * chore(main): release jans-notify 1.0.8-SNAPSHOT (#4008) * chore(main): release jans-auth-server 1.0.8-SNAPSHOT (#4007) * chore(main): release jans-config-api 1.0.8-SNAPSHOT (#4006) * chore(main): release jans-scim 1.0.8-SNAPSHOT (#4004) * chore(main): release jans-fido2 1.0.8-SNAPSHOT (#4005) * chore(main): release jans-bom 1.0.8-SNAPSHOT (#4003) * chore(main): release jans-core 1.0.8-SNAPSHOT (#4002) * chore(main): release jans-orm 1.0.8-SNAPSHOT (#4001) * chore(main): release jans-eleven 1.0.8-SNAPSHOT (#4000) * chore(main): release agama 1.0.8-SNAPSHOT (#3999) * chore(main): release jans-auth-server 1.0.9-SNAPSHOT (#4064) * chore(main): release jans-fido2 1.0.9-SNAPSHOT (#4062) * chore(main): release jans-auth-server 1.0.10-SNAPSHOT (#4175) * chore(main): release jans-fido2 1.0.10-SNAPSHOT (#4173) * chore(main): release jans-eleven 1.0.10-SNAPSHOT (#4172) * chore(main): release jans-orm 1.0.10-SNAPSHOT (#4171) * chore(main): release jans-notify 1.0.10-SNAPSHOT (#4170) * chore(main): release jans-config-api 1.0.10-SNAPSHOT (#4169) * chore(main): release jans-core 1.0.10-SNAPSHOT (#4168) * chore(main): release jans-bom 1.0.10-SNAPSHOT (#4167) * chore(main): release agama 1.0.10-SNAPSHOT (#4166) * chore(main): release jans-eleven 1.0.11-SNAPSHOT (#4473) * chore(main): release jans-core 1.0.11-SNAPSHOT (#4472) * chore(main): release jans-notify 1.0.11-SNAPSHOT (#4471) * chore(main): release jans-auth-server 1.0.11-SNAPSHOT (#4470) * chore(main): release jans-fido2 1.0.11-SNAPSHOT (#4469) * chore(main): release jans-bom 1.0.11-SNAPSHOT (#4467) * chore(main): release agama 1.0.11-SNAPSHOT (#4466) * chore(main): release jans-orm 1.0.11-SNAPSHOT (#4465) * chore(main): release jans-config-api 1.0.11-SNAPSHOT (#4464) * chore(main): release jans-orm 1.0.12-SNAPSHOT (#4638) * chore(main): release jans-bom 1.0.12-SNAPSHOT (#4636) * chore(main): release jans-core 1.0.12-SNAPSHOT (#4637) * chore(main): release jans-notify 1.0.12-SNAPSHOT (#4634) * chore(main): release jans-config-api 1.0.12-SNAPSHOT (#4633) * chore(main): release jans-auth-server 1.0.12-SNAPSHOT (#4632) * chore(main): release jans-eleven 1.0.12-SNAPSHOT (#4631) * chore(main): release agama 1.0.12-SNAPSHOT (#4630) * chore(main): release jans-scim 1.0.12-SNAPSHOT (#4629) * chore(main): release jans-fido2 1.0.12-SNAPSHOT (#4635) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#4271) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3367610 * chore(deps): bump jettison from 1.5.2 to 1.5.4 in /jans-auth-server (#4275) Bumps [jettison](https://github.com/jettison-json/jettison) from 1.5.2 to 1.5.4. - [Release notes](https://github.com/jettison-json/jettison/releases) - [Commits](jettison-json/jettison@jettison-1.5.2...jettison-1.5.4) --- updated-dependencies: - dependency-name: org.codehaus.jettison:jettison dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(main): release jans-config-api 1.0.13-SNAPSHOT (#4920) * chore(main): release jans-notify 1.0.13-SNAPSHOT (#4917) * chore(main): release jans-auth-server 1.0.13-SNAPSHOT (#4918) * chore(main): release jans-orm 1.0.13-SNAPSHOT (#4916) * chore(main): release agama 1.0.13-SNAPSHOT (#4915) * chore(main): release jans-bom 1.0.13-SNAPSHOT (#4913) * chore(main): release jans-core 1.0.13-SNAPSHOT (#4914) * chore(main): release jans-scim 1.0.13-SNAPSHOT (#4912) * chore(main): release jans-eleven 1.0.13-SNAPSHOT (#4911) * chore(main): release jans-fido2 1.0.13-SNAPSHOT (#4919) * docs: write topic overview pages for properties, feature flags and endpoint sections (#5147) * docs(scripts): endpoint section README.md Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(scripts): property section readme Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(scripts): add how to set properties Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(scripts): add details to feature flag readme Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * chore(main): release jans-bom 1.0.14-SNAPSHOT (#5211) * chore(main): release jans-config-api 1.0.14-SNAPSHOT (#5209) * chore(main): release jans-scim 1.0.14-SNAPSHOT (#5208) * chore(main): release jans-eleven 1.0.14-SNAPSHOT (#5207) * chore(main): release agama 1.0.14-SNAPSHOT (#5206) * chore(main): release jans-orm 1.0.14-SNAPSHOT (#5205) * chore(main): release jans-fido2 1.0.14-SNAPSHOT (#5204) * chore(main): release jans-core 1.0.14-SNAPSHOT (#5203) * chore(main): release jans-config-api 1.0.15-SNAPSHOT (#5495) * chore(main): release jans-bom 1.0.15-SNAPSHOT (#5493) * chore(main): release agama 1.0.15-SNAPSHOT (#5492) * chore(main): release jans-scim 1.0.15-SNAPSHOT (#5491) * chore(main): release jans-orm 1.0.15-SNAPSHOT (#5490) * chore(main): release jans-fido2 1.0.15-SNAPSHOT (#5489) * chore(main): release jans-eleven 1.0.15-SNAPSHOT (#5488) * chore(main): release jans-core 1.0.15-SNAPSHOT (#5494) * chore(main): release jans-scim 1.0.16-SNAPSHOT (#5733) * chore(main): release jans-fido2 1.0.16-SNAPSHOT (#5730) * chore(main): release jans-auth-server 1.0.16-SNAPSHOT (#5729) * chore(main): release jans-orm 1.0.16-SNAPSHOT (#5728) * chore(main): release agama 1.0.16-SNAPSHOT (#5727) * chore(main): release jans-bom 1.0.16-SNAPSHOT (#5725) * chore(main): release jans-eleven 1.0.16-SNAPSHOT (#5726) * chore(main): release jans-core 1.0.16-SNAPSHOT (#5732) * chore(main): release jans-config-api 1.0.16-SNAPSHOT (#5731) * chore(main): release jans-scim 1.0.17-SNAPSHOT (#6051) * chore(main): release jans-core 1.0.17-SNAPSHOT (#6049) * chore(main): release jans-bom 1.0.17-SNAPSHOT (#6048) * chore(main): release agama 1.0.17-SNAPSHOT (#6047) * chore(main): release jans-auth-server 1.0.17-SNAPSHOT (#6046) * chore(main): release jans-fido2 1.0.17-SNAPSHOT (#6045) * chore(main): release jans-config-api 1.0.17-SNAPSHOT (#6044) * chore(main): release jans-eleven 1.0.17-SNAPSHOT (#6043) * chore(main): release jans-orm 1.0.17-SNAPSHOT (#6050) * chore(main): release jans-orm 1.0.18-SNAPSHOT (#6115) * chore(main): release jans-bom 1.0.18-SNAPSHOT (#6113) * chore(main): release jans-config-api 1.0.18-SNAPSHOT (#6112) * chore(main): release jans-auth-server 1.0.18-SNAPSHOT (#6111) * chore(main): release jans-core 1.0.18-SNAPSHOT (#6110) * chore(main): release jans-fido2 1.0.18-SNAPSHOT (#6108) * chore(main): release agama 1.0.18-SNAPSHOT (#6109) * chore(main): release jans-eleven 1.0.18-SNAPSHOT (#6107) * chore(main): release jans-scim 1.0.18-SNAPSHOT (#6114) * chore(main): release jans-scim 1.0.19-SNAPSHOT (#6245) * chore(main): release jans-bom 1.0.19-SNAPSHOT (#6241) * chore(main): release jans-fido2 1.0.19-SNAPSHOT (#6240) * chore(main): release jans-auth-server 1.0.19-SNAPSHOT (#6239) * chore(main): release jans-config-api 1.0.19-SNAPSHOT (#6238) * chore(main): release agama 1.0.19-SNAPSHOT (#6236) * chore(main): release jans-eleven 1.0.19-SNAPSHOT (#6235) * chore(main): release jans-orm 1.0.19-SNAPSHOT (#6244) * chore(main): release jans-scim 1.0.20-SNAPSHOT (#6485) * chore(main): release jans-core 1.0.20-SNAPSHOT (#6483) * chore(main): release jans-bom 1.0.20-SNAPSHOT (#6482) * chore(main): release jans-link 1.0.20-SNAPSHOT (#6481) * chore(main): release jans-fido2 1.0.20-SNAPSHOT (#6480) * chore(main): release jans-casa 1.0.20-SNAPSHOT (#6479) * chore(main): release jans-eleven 1.0.20-SNAPSHOT (#6478) * chore(main): release jans-config-api 1.0.20-SNAPSHOT (#6477) * chore(main): release agama 1.0.20-SNAPSHOT (#6476) * chore(main): release jans-auth-server 1.0.20-SNAPSHOT (#6475) * chore(main): release jans-orm 1.0.20-SNAPSHOT (#6484) * chore(main): release jans-orm 1.0.21-SNAPSHOT (#7022) * chore(main): release jans-scim 1.0.21-SNAPSHOT (#7020) * chore(main): release jans-auth-server 1.0.21-SNAPSHOT (#7019) * chore(main): release agama 1.0.21-SNAPSHOT (#7018) * chore(main): release jans-eleven 1.0.21-SNAPSHOT (#7017) * chore(main): release jans-fido2 1.0.21-SNAPSHOT (#7016) * chore(main): release jans-config-api 1.0.21-SNAPSHOT (#7015) * chore(main): release jans-bom 1.0.21-SNAPSHOT (#7014) * chore(main): release jans-core 1.0.21-SNAPSHOT (#7013) * chore(main): release jans-casa 1.0.21-SNAPSHOT (#7012) * chore(main): release jans-keycloak-link 1.0.21-SNAPSHOT (#7021) * chore(main): release jans-keycloak-link 1.0.22-SNAPSHOT (#7469) * chore(main): release jans-scim 1.0.22-SNAPSHOT (#7468) * chore(main): release jans-orm 1.0.22-SNAPSHOT (#7467) * chore(main): release jans-lock 1.0.22-SNAPSHOT (#7466) * chore(main): release jans-link 1.0.22-SNAPSHOT (#7465) * chore(main): release jans-fido2 1.0.22-SNAPSHOT (#7464) * chore(main): release jans-eleven 1.0.22-SNAPSHOT (#7463) * chore(main): release jans-config-api 1.0.22-SNAPSHOT (#7462) * chore(main): release jans-core 1.0.22-SNAPSHOT (#7461) * chore(main): release jans-casa 1.0.22-SNAPSHOT (#7460) * chore(main): release agama 1.0.22-SNAPSHOT (#7459) * chore(main): release jans-bom 1.0.22-SNAPSHOT (#7458) * chore(main): release jans-auth-server 1.0.22-SNAPSHOT (#7457) * fix(jans-keycloak-integration): security bugfixes #8954 (#8962) * fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8954 * bumped nimbus oidc sdk version Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8954 * removed old metadata parser and entityidhandler from `jans-core-saml` Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8954 * further removed old saml related code Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8654 * removed unused dependencies in jans-core-saml Signed-off-by: Rolain Djeumen <uprightech@gmail.com> --------- Signed-off-by: Rolain Djeumen <uprightech@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * feat: Minimum support ES256, RS1, RS256, ED25519 (#9086) * feat: Minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: using SHA512 for Ed25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> --------- Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: refactor Assertion/Attestation to Jackson ObjectMapper (#9023) * feat: refactor Assertion/Attestation to Jackson ObjectMapper Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> --------- Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * fix(jans-fido2): removing safetynet and android #8901 * fix(jans-fido2): Removing multiple Assertion processors #8902 * feat: add support for BS / BE flags in AuthData #8903 (#8968) * feat: add support for BS / BE flags in AuthData #8903 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding comments Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding comments Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> --------- Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Ackermann Yuriy <1636116+yackermann@users.noreply.github.com> * fix(jans-fido2): #8906, Basic simplification and refactoring of Attestation and Assertion Response * Issue 8908 (#9241) * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): #8908 delete unused file Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> --------- Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix(jans-fido2): Attestation #8906 * Issue 9111 (#9276) * feat(jans-fido): refactor mds3 codebase and server config Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): revert rename from docker file #9111 Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): add metadatarefreshinterval #9111 Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): changes to refactor metadataservers #9111 Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> --------- Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): changes to refactor requestedParties #9111 (#9329) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix(jans-fido2): resolve failing test case in `FetchMdsProviderServiceTest` (#9299) fix(jans-fido2): resolve failing test case in FetchMdsProviderServiceTest Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * docs(customization): updates to customization document to align with custom assets feature (#9106) * docs(customize): add intro and management sections Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(customization): add location details Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(customization): add web customization instructions Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(customization): fix proofreading issues Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * fix(jans-fido2): removed legacy SuperGluu support #9453 (#9468) Signed-off-by: Madhumita <madhu@gluu.org> * feat(jans-fido2): add support for isEnterpriseAttestation in local me… (#9521) * feat(jans-fido2): add support for isEnterpriseAttestation in local metadata retrieval Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): add new unit test for isEnterpriseAttestation Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * Jans fido2 attestation mode 9332 (#9463) * docs(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestationMode Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestation mode Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): update the full flow unit test with monitor attestation mode Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): adding missing imports Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): #9248 Renaming domain to origin and application id to RpId Signed-off-by: Madhumita <madhu@gluu.org> * fix(jans-fido2): #9248 * fix(jans-fido2): resolved build failure issues Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * Jans fido2 replace requested parties 9248 (#9586) * feat(jans-fido2): changed function type to be accessible and replaced requestParties name and domain with id and origins Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): add test cases for createRpDomain function in AttestationServiceTest Class Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): #9642 * fix(jans-fido2): convert attestationMode from enum to sting Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido): move fidoconfig folder properties to db #9369 (#9611) * feat(jans-fido): move fidoconfig folder properties to db #9369 Signed-off-by: shekhar16 shekharlaad1609@gmail.com * feat(jans-fido): added specialized exception #9369 Signed-off-by: shekhar16 shekharlaad1609@gmail.com --------- Signed-off-by: shekhar16 shekharlaad1609@gmail.com Co-authored-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * fix(jans-fido2): #9642 Signed-off-by: Madhumita Subramaniam <madhu@gluu.org> * Reflect Authenicator Name with Passkeys (#9716) * feat(jans-fido2): reflect authenticator name with passkeys Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): handle test cases for authenticator name Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagge… (#9624) fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagger and ConfigurationControllerTest Signed-off-by: imran-ishaq <imranishaq024@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps): bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M12 to 4.0.0-M16 in /jans-scim (#9010) chore(deps): bump org.apache.maven.plugins:maven-site-plugin Bumps [org.apache.maven.plugins:maven-site-plugin](https://github.com/apache/maven-site-plugin) from 4.0.0-M12 to 4.0.0-M16. - [Commits](apache/maven-site-plugin@maven-site-plugin-4.0.0-M12...maven-site-plugin-4.0.0-M16) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-site-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jose Gonzalez <bonustrack310@gmail.com> * fix(jans-casa): fix issue caused by refactoring (#9838) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix(jans-fido2): fix document refactoring issue (#9918) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * Add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 (#9974) * feat(jans-fido2): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * refactor(docs): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): handle origin if http or https is missing #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(docs): #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-linux-setup): move fidoconfig folder properties to db Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(jans-fido2): fix issues due unused injects (#10035) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix: fido2 build * fix(ProjectPasskeys) : #9981 added rawId, authenticatorData, publicKey, publicKeyAlgorithm, publicKeyId, transport to the newly created cred object. * fix(jans-ido2): #10101 Update dynamic-conf.json #10101 property name changed and not reflected in the template Signed-off-by: Madhumita Subramaniam <madhu@gluu.org> * fix(jans-linux-setup): use sqlconnection instead of mysqlconnection Signed-off-by: Mustafa Baser <mbaser@mail.com> * Jans fido Review Configs #10101 (#10204) * Make CommonVerifiersTest class test cases functational (#10209) * fix(jans-fido2): #9642 * fix(jans-fido2): Make AppleAttestationProcessorTest,PackedAttestationProcessorTest,TPMProcessorTest and U2FAttestationProcessorTest test cases functational Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): support for ECC added #10317 * fix(ProjectPasskeys): #9765 --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Signed-off-by: Rolain Djeumen <uprightech@gmail.com> Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> Signed-off-by: Madhumita <madhu@gluu.org> Signed-off-by: imran-ishaq <imranishaq024@gmail.com> Signed-off-by: shekhar16 shekharlaad1609@gmail.com Signed-off-by: Mustafa Baser <mbaser@mail.com> Signed-off-by: Madhumita Subramaniam <madhu@gluu.org> Signed-off-by: Devrim <devrimyatar@gluu.org> Co-authored-by: mo-auto <54212639+mo-auto@users.noreply.github.com> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pujavs <43700552+pujavs@users.noreply.github.com> Co-authored-by: Madhumita Subramaniam <madhu@gluu.org> Co-authored-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> Co-authored-by: Dhaval D <343411+ossdhaval@users.noreply.github.com> Co-authored-by: Djeumen Rolain Bonaventure <uprightech@gmail.com> Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Ackermann Yuriy <1636116+yackermann@users.noreply.github.com> Co-authored-by: shekhar16 <shekhar16@users.noreply.github.com> Co-authored-by: Imran <78725662+imran-ishaq@users.noreply.github.com> Co-authored-by: imran-ishaq <imranishaq024@gmail.com> Co-authored-by: Jose Gonzalez <bonustrack310@gmail.com> Co-authored-by: Mustafa Baser <mbaser@mail.com> Co-authored-by: Devrim <devrimyatar@gluu.org>

… array list (#10339) * chore(main): release jans-orm 1.0.1-SNAPSHOT (#1713) * chore(main): release jans-fido2 1.0.1-SNAPSHOT (#1712) * chore(main): release jans-auth-server 1.0.1-SNAPSHOT (#1711) * chore(main): release jans-core 1.0.1-SNAPSHOT (#1710) * chore(main): release jans-scim 1.0.1-SNAPSHOT (#1709) * chore(main): release jans-notify 1.0.1-SNAPSHOT (#1708) * chore(main): release agama 1.0.1-SNAPSHOT (#1707) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#2466) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2471) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * build(deps): bump commons-text from 1.9 to 1.10.0 in /jans-bom (#2679) Bumps commons-text from 1.9 to 1.10.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-text dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2676) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3037311 * fix: jans-config-api/plugins/sample/helloworld/pom.xml to reduce vulnerabilities (#972) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1009963 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1058913 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1085989 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1303102 Co-authored-by: pujavs <43700552+pujavs@users.noreply.github.com> * fix: jans-config-api/pom.xml to reduce vulnerabilities (#1746) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452 Co-authored-by: pujavs <43700552+pujavs@users.noreply.github.com> * docs: update README.md (#2367) * chore(main): release jans-core 1.0.5-SNAPSHOT (#3143) * chore(main): release jans-config-api 1.0.5-SNAPSHOT (#3142) * chore(main): release jans-auth-server 1.0.5-SNAPSHOT (#3141) * chore(main): release jans-notify 1.0.5-SNAPSHOT (#3140) * chore(main): release jans-orm 1.0.5-SNAPSHOT (#3139) * chore(main): release jans-eleven 1.0.5-SNAPSHOT (#3138) * chore(main): release jans-fido2 1.0.5-SNAPSHOT (#3137) * chore(main): release jans-bom 1.0.5-SNAPSHOT (#3136) * chore: add owner to jans-config-api (#3283) * build(deps): bump postgresql from 42.5.0 to 42.5.1 in /jans-bom (#3068) Bumps [postgresql](https://github.com/pgjdbc/pgjdbc) from 42.5.0 to 42.5.1. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.5.0...REL42.5.1) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#3315) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#3314) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(main): release jans-eleven 1.0.6-SNAPSHOT (#3538) * chore(main): release jans-bom 1.0.6-SNAPSHOT (#3539) * chore(main): release jans-notify 1.0.6-SNAPSHOT (#3540) * chore(main): release jans-config-api 1.0.6-SNAPSHOT (#3541) * chore(main): release jans-orm 1.0.6-SNAPSHOT (#3542) * chore(main): release jans-scim 1.0.6-SNAPSHOT (#3543) * chore(main): release jans-auth-server 1.0.6-SNAPSHOT (#3544) * chore(main): release jans-fido2 1.0.6-SNAPSHOT (#3545) * chore(main): release jans-core 1.0.6-SNAPSHOT (#3546) * fix: cbor data stream lenght calculatro return wrong lengh #3614 (#3615) * chore(main): release jans-core 1.0.7-SNAPSHOT (#3919) * chore(main): release jans-scim 1.0.7-SNAPSHOT (#3918) * chore(main): release jans-notify 1.0.7-SNAPSHOT (#3917) * chore(main): release jans-auth-server 1.0.7-SNAPSHOT (#3916) * chore(main): release jans-bom 1.0.7-SNAPSHOT (#3915) * chore(main): release jans-orm 1.0.7-SNAPSHOT (#3914) * chore(main): release agama 1.0.7-SNAPSHOT (#3913) * chore(main): release jans-eleven 1.0.7-SNAPSHOT (#3912) * chore(main): release jans-config-api 1.0.7-SNAPSHOT (#3911) * chore(main): release jans-fido2 1.0.7-SNAPSHOT (#3910) * chore(main): release jans-notify 1.0.8-SNAPSHOT (#4008) * chore(main): release jans-auth-server 1.0.8-SNAPSHOT (#4007) * chore(main): release jans-config-api 1.0.8-SNAPSHOT (#4006) * chore(main): release jans-scim 1.0.8-SNAPSHOT (#4004) * chore(main): release jans-fido2 1.0.8-SNAPSHOT (#4005) * chore(main): release jans-bom 1.0.8-SNAPSHOT (#4003) * chore(main): release jans-core 1.0.8-SNAPSHOT (#4002) * chore(main): release jans-orm 1.0.8-SNAPSHOT (#4001) * chore(main): release jans-eleven 1.0.8-SNAPSHOT (#4000) * chore(main): release agama 1.0.8-SNAPSHOT (#3999) * chore(main): release jans-auth-server 1.0.9-SNAPSHOT (#4064) * chore(main): release jans-fido2 1.0.9-SNAPSHOT (#4062) * chore(main): release jans-auth-server 1.0.10-SNAPSHOT (#4175) * chore(main): release jans-fido2 1.0.10-SNAPSHOT (#4173) * chore(main): release jans-eleven 1.0.10-SNAPSHOT (#4172) * chore(main): release jans-orm 1.0.10-SNAPSHOT (#4171) * chore(main): release jans-notify 1.0.10-SNAPSHOT (#4170) * chore(main): release jans-config-api 1.0.10-SNAPSHOT (#4169) * chore(main): release jans-core 1.0.10-SNAPSHOT (#4168) * chore(main): release jans-bom 1.0.10-SNAPSHOT (#4167) * chore(main): release agama 1.0.10-SNAPSHOT (#4166) * chore(main): release jans-eleven 1.0.11-SNAPSHOT (#4473) * chore(main): release jans-core 1.0.11-SNAPSHOT (#4472) * chore(main): release jans-notify 1.0.11-SNAPSHOT (#4471) * chore(main): release jans-auth-server 1.0.11-SNAPSHOT (#4470) * chore(main): release jans-fido2 1.0.11-SNAPSHOT (#4469) * chore(main): release jans-bom 1.0.11-SNAPSHOT (#4467) * chore(main): release agama 1.0.11-SNAPSHOT (#4466) * chore(main): release jans-orm 1.0.11-SNAPSHOT (#4465) * chore(main): release jans-config-api 1.0.11-SNAPSHOT (#4464) * chore(main): release jans-orm 1.0.12-SNAPSHOT (#4638) * chore(main): release jans-bom 1.0.12-SNAPSHOT (#4636) * chore(main): release jans-core 1.0.12-SNAPSHOT (#4637) * chore(main): release jans-notify 1.0.12-SNAPSHOT (#4634) * chore(main): release jans-config-api 1.0.12-SNAPSHOT (#4633) * chore(main): release jans-auth-server 1.0.12-SNAPSHOT (#4632) * chore(main): release jans-eleven 1.0.12-SNAPSHOT (#4631) * chore(main): release agama 1.0.12-SNAPSHOT (#4630) * chore(main): release jans-scim 1.0.12-SNAPSHOT (#4629) * chore(main): release jans-fido2 1.0.12-SNAPSHOT (#4635) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#4271) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3367610 * chore(deps): bump jettison from 1.5.2 to 1.5.4 in /jans-auth-server (#4275) Bumps [jettison](https://github.com/jettison-json/jettison) from 1.5.2 to 1.5.4. - [Release notes](https://github.com/jettison-json/jettison/releases) - [Commits](jettison-json/jettison@jettison-1.5.2...jettison-1.5.4) --- updated-dependencies: - dependency-name: org.codehaus.jettison:jettison dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(main): release jans-config-api 1.0.13-SNAPSHOT (#4920) * chore(main): release jans-notify 1.0.13-SNAPSHOT (#4917) * chore(main): release jans-auth-server 1.0.13-SNAPSHOT (#4918) * chore(main): release jans-orm 1.0.13-SNAPSHOT (#4916) * chore(main): release agama 1.0.13-SNAPSHOT (#4915) * chore(main): release jans-bom 1.0.13-SNAPSHOT (#4913) * chore(main): release jans-core 1.0.13-SNAPSHOT (#4914) * chore(main): release jans-scim 1.0.13-SNAPSHOT (#4912) * chore(main): release jans-eleven 1.0.13-SNAPSHOT (#4911) * chore(main): release jans-fido2 1.0.13-SNAPSHOT (#4919) * docs: write topic overview pages for properties, feature flags and endpoint sections (#5147) * docs(scripts): endpoint section README.md Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(scripts): property section readme Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(scripts): add how to set properties Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(scripts): add details to feature flag readme Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * chore(main): release jans-bom 1.0.14-SNAPSHOT (#5211) * chore(main): release jans-config-api 1.0.14-SNAPSHOT (#5209) * chore(main): release jans-scim 1.0.14-SNAPSHOT (#5208) * chore(main): release jans-eleven 1.0.14-SNAPSHOT (#5207) * chore(main): release agama 1.0.14-SNAPSHOT (#5206) * chore(main): release jans-orm 1.0.14-SNAPSHOT (#5205) * chore(main): release jans-fido2 1.0.14-SNAPSHOT (#5204) * chore(main): release jans-core 1.0.14-SNAPSHOT (#5203) * chore(main): release jans-config-api 1.0.15-SNAPSHOT (#5495) * chore(main): release jans-bom 1.0.15-SNAPSHOT (#5493) * chore(main): release agama 1.0.15-SNAPSHOT (#5492) * chore(main): release jans-scim 1.0.15-SNAPSHOT (#5491) * chore(main): release jans-orm 1.0.15-SNAPSHOT (#5490) * chore(main): release jans-fido2 1.0.15-SNAPSHOT (#5489) * chore(main): release jans-eleven 1.0.15-SNAPSHOT (#5488) * chore(main): release jans-core 1.0.15-SNAPSHOT (#5494) * chore(main): release jans-scim 1.0.16-SNAPSHOT (#5733) * chore(main): release jans-fido2 1.0.16-SNAPSHOT (#5730) * chore(main): release jans-auth-server 1.0.16-SNAPSHOT (#5729) * chore(main): release jans-orm 1.0.16-SNAPSHOT (#5728) * chore(main): release agama 1.0.16-SNAPSHOT (#5727) * chore(main): release jans-bom 1.0.16-SNAPSHOT (#5725) * chore(main): release jans-eleven 1.0.16-SNAPSHOT (#5726) * chore(main): release jans-core 1.0.16-SNAPSHOT (#5732) * chore(main): release jans-config-api 1.0.16-SNAPSHOT (#5731) * chore(main): release jans-scim 1.0.17-SNAPSHOT (#6051) * chore(main): release jans-core 1.0.17-SNAPSHOT (#6049) * chore(main): release jans-bom 1.0.17-SNAPSHOT (#6048) * chore(main): release agama 1.0.17-SNAPSHOT (#6047) * chore(main): release jans-auth-server 1.0.17-SNAPSHOT (#6046) * chore(main): release jans-fido2 1.0.17-SNAPSHOT (#6045) * chore(main): release jans-config-api 1.0.17-SNAPSHOT (#6044) * chore(main): release jans-eleven 1.0.17-SNAPSHOT (#6043) * chore(main): release jans-orm 1.0.17-SNAPSHOT (#6050) * chore(main): release jans-orm 1.0.18-SNAPSHOT (#6115) * chore(main): release jans-bom 1.0.18-SNAPSHOT (#6113) * chore(main): release jans-config-api 1.0.18-SNAPSHOT (#6112) * chore(main): release jans-auth-server 1.0.18-SNAPSHOT (#6111) * chore(main): release jans-core 1.0.18-SNAPSHOT (#6110) * chore(main): release jans-fido2 1.0.18-SNAPSHOT (#6108) * chore(main): release agama 1.0.18-SNAPSHOT (#6109) * chore(main): release jans-eleven 1.0.18-SNAPSHOT (#6107) * chore(main): release jans-scim 1.0.18-SNAPSHOT (#6114) * chore(main): release jans-scim 1.0.19-SNAPSHOT (#6245) * chore(main): release jans-bom 1.0.19-SNAPSHOT (#6241) * chore(main): release jans-fido2 1.0.19-SNAPSHOT (#6240) * chore(main): release jans-auth-server 1.0.19-SNAPSHOT (#6239) * chore(main): release jans-config-api 1.0.19-SNAPSHOT (#6238) * chore(main): release agama 1.0.19-SNAPSHOT (#6236) * chore(main): release jans-eleven 1.0.19-SNAPSHOT (#6235) * chore(main): release jans-orm 1.0.19-SNAPSHOT (#6244) * chore(main): release jans-scim 1.0.20-SNAPSHOT (#6485) * chore(main): release jans-core 1.0.20-SNAPSHOT (#6483) * chore(main): release jans-bom 1.0.20-SNAPSHOT (#6482) * chore(main): release jans-link 1.0.20-SNAPSHOT (#6481) * chore(main): release jans-fido2 1.0.20-SNAPSHOT (#6480) * chore(main): release jans-casa 1.0.20-SNAPSHOT (#6479) * chore(main): release jans-eleven 1.0.20-SNAPSHOT (#6478) * chore(main): release jans-config-api 1.0.20-SNAPSHOT (#6477) * chore(main): release agama 1.0.20-SNAPSHOT (#6476) * chore(main): release jans-auth-server 1.0.20-SNAPSHOT (#6475) * chore(main): release jans-orm 1.0.20-SNAPSHOT (#6484) * chore(main): release jans-orm 1.0.21-SNAPSHOT (#7022) * chore(main): release jans-scim 1.0.21-SNAPSHOT (#7020) * chore(main): release jans-auth-server 1.0.21-SNAPSHOT (#7019) * chore(main): release agama 1.0.21-SNAPSHOT (#7018) * chore(main): release jans-eleven 1.0.21-SNAPSHOT (#7017) * chore(main): release jans-fido2 1.0.21-SNAPSHOT (#7016) * chore(main): release jans-config-api 1.0.21-SNAPSHOT (#7015) * chore(main): release jans-bom 1.0.21-SNAPSHOT (#7014) * chore(main): release jans-core 1.0.21-SNAPSHOT (#7013) * chore(main): release jans-casa 1.0.21-SNAPSHOT (#7012) * chore(main): release jans-keycloak-link 1.0.21-SNAPSHOT (#7021) * chore(main): release jans-keycloak-link 1.0.22-SNAPSHOT (#7469) * chore(main): release jans-scim 1.0.22-SNAPSHOT (#7468) * chore(main): release jans-orm 1.0.22-SNAPSHOT (#7467) * chore(main): release jans-lock 1.0.22-SNAPSHOT (#7466) * chore(main): release jans-link 1.0.22-SNAPSHOT (#7465) * chore(main): release jans-fido2 1.0.22-SNAPSHOT (#7464) * chore(main): release jans-eleven 1.0.22-SNAPSHOT (#7463) * chore(main): release jans-config-api 1.0.22-SNAPSHOT (#7462) * chore(main): release jans-core 1.0.22-SNAPSHOT (#7461) * chore(main): release jans-casa 1.0.22-SNAPSHOT (#7460) * chore(main): release agama 1.0.22-SNAPSHOT (#7459) * chore(main): release jans-bom 1.0.22-SNAPSHOT (#7458) * chore(main): release jans-auth-server 1.0.22-SNAPSHOT (#7457) * fix(jans-keycloak-integration): security bugfixes #8954 (#8962) * fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8954 * bumped nimbus oidc sdk version Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8954 * removed old metadata parser and entityidhandler from `jans-core-saml` Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8954 * further removed old saml related code Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8654 * removed unused dependencies in jans-core-saml Signed-off-by: Rolain Djeumen <uprightech@gmail.com> --------- Signed-off-by: Rolain Djeumen <uprightech@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * feat: Minimum support ES256, RS1, RS256, ED25519 (#9086) * feat: Minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: using SHA512 for Ed25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> --------- Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: refactor Assertion/Attestation to Jackson ObjectMapper (#9023) * feat: refactor Assertion/Attestation to Jackson ObjectMapper Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> --------- Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * fix(jans-fido2): removing safetynet and android #8901 * fix(jans-fido2): Removing multiple Assertion processors #8902 * feat: add support for BS / BE flags in AuthData #8903 (#8968) * feat: add support for BS / BE flags in AuthData #8903 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding comments Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding comments Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> --------- Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Ackermann Yuriy <1636116+yackermann@users.noreply.github.com> * fix(jans-fido2): #8906, Basic simplification and refactoring of Attestation and Assertion Response * Issue 8908 (#9241) * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): #8908 delete unused file Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> --------- Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix(jans-fido2): Attestation #8906 * Issue 9111 (#9276) * feat(jans-fido): refactor mds3 codebase and server config Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): revert rename from docker file #9111 Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): add metadatarefreshinterval #9111 Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): changes to refactor metadataservers #9111 Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> --------- Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): changes to refactor requestedParties #9111 (#9329) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix(jans-fido2): resolve failing test case in `FetchMdsProviderServiceTest` (#9299) fix(jans-fido2): resolve failing test case in FetchMdsProviderServiceTest Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * docs(customization): updates to customization document to align with custom assets feature (#9106) * docs(customize): add intro and management sections Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(customization): add location details Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(customization): add web customization instructions Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(customization): fix proofreading issues Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * fix(jans-fido2): removed legacy SuperGluu support #9453 (#9468) Signed-off-by: Madhumita <madhu@gluu.org> * feat(jans-fido2): add support for isEnterpriseAttestation in local me… (#9521) * feat(jans-fido2): add support for isEnterpriseAttestation in local metadata retrieval Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): add new unit test for isEnterpriseAttestation Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * Jans fido2 attestation mode 9332 (#9463) * docs(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestationMode Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestation mode Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): update the full flow unit test with monitor attestation mode Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): adding missing imports Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): #9248 Renaming domain to origin and application id to RpId Signed-off-by: Madhumita <madhu@gluu.org> * fix(jans-fido2): #9248 * fix(jans-fido2): resolved build failure issues Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * Jans fido2 replace requested parties 9248 (#9586) * feat(jans-fido2): changed function type to be accessible and replaced requestParties name and domain with id and origins Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): add test cases for createRpDomain function in AttestationServiceTest Class Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): #9642 * fix(jans-fido2): convert attestationMode from enum to sting Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido): move fidoconfig folder properties to db #9369 (#9611) * feat(jans-fido): move fidoconfig folder properties to db #9369 Signed-off-by: shekhar16 shekharlaad1609@gmail.com * feat(jans-fido): added specialized exception #9369 Signed-off-by: shekhar16 shekharlaad1609@gmail.com --------- Signed-off-by: shekhar16 shekharlaad1609@gmail.com Co-authored-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * fix(jans-fido2): #9642 Signed-off-by: Madhumita Subramaniam <madhu@gluu.org> * Reflect Authenicator Name with Passkeys (#9716) * feat(jans-fido2): reflect authenticator name with passkeys Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): handle test cases for authenticator name Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagge… (#9624) fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagger and ConfigurationControllerTest Signed-off-by: imran-ishaq <imranishaq024@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps): bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M12 to 4.0.0-M16 in /jans-scim (#9010) chore(deps): bump org.apache.maven.plugins:maven-site-plugin Bumps [org.apache.maven.plugins:maven-site-plugin](https://github.com/apache/maven-site-plugin) from 4.0.0-M12 to 4.0.0-M16. - [Commits](apache/maven-site-plugin@maven-site-plugin-4.0.0-M12...maven-site-plugin-4.0.0-M16) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-site-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jose Gonzalez <bonustrack310@gmail.com> * fix(jans-casa): fix issue caused by refactoring (#9838) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix(jans-fido2): fix document refactoring issue (#9918) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * Add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 (#9974) * feat(jans-fido2): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * refactor(docs): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): handle origin if http or https is missing #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(docs): #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-linux-setup): move fidoconfig folder properties to db Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(jans-fido2): fix issues due unused injects (#10035) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix: fido2 build * fix(ProjectPasskeys) : #9981 added rawId, authenticatorData, publicKey, publicKeyAlgorithm, publicKeyId, transport to the newly created cred object. * fix(jans-ido2): #10101 Update dynamic-conf.json #10101 property name changed and not reflected in the template Signed-off-by: Madhumita Subramaniam <madhu@gluu.org> * fix(jans-linux-setup): use sqlconnection instead of mysqlconnection Signed-off-by: Mustafa Baser <mbaser@mail.com> * Jans fido Review Configs #10101 (#10204) * Make CommonVerifiersTest class test cases functational (#10209) * fix(jans-fido2): #9642 * fix(jans-fido2): Make AppleAttestationProcessorTest,PackedAttestationProcessorTest,TPMProcessorTest and U2FAttestationProcessorTest test cases functational Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): support for ECC added #10317 * feat(jans-fido2): create new WebAuthn configuration controller that returns an origins array list #10245 * feat(jans-linux-setup): apache proxy pass for .well-known/webauthn Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(ProjectPasskeys): #9765 * fix(docs): update jans fido docs #10245 --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Signed-off-by: Rolain Djeumen <uprightech@gmail.com> Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> Signed-off-by: Madhumita <madhu@gluu.org> Signed-off-by: imran-ishaq <imranishaq024@gmail.com> Signed-off-by: shekhar16 shekharlaad1609@gmail.com Signed-off-by: Mustafa Baser <mbaser@mail.com> Signed-off-by: Madhumita Subramaniam <madhu@gluu.org> Signed-off-by: Devrim <devrimyatar@gluu.org> Signed-off-by: Imran <78725662+imran-ishaq@users.noreply.github.com> Co-authored-by: mo-auto <54212639+mo-auto@users.noreply.github.com> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pujavs <43700552+pujavs@users.noreply.github.com> Co-authored-by: Madhumita Subramaniam <madhu@gluu.org> Co-authored-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> Co-authored-by: Dhaval D <343411+ossdhaval@users.noreply.github.com> Co-authored-by: Djeumen Rolain Bonaventure <uprightech@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Ackermann Yuriy <1636116+yackermann@users.noreply.github.com> Co-authored-by: shekhar16 <shekhar16@users.noreply.github.com> Co-authored-by: Jose Gonzalez <bonustrack310@gmail.com> Co-authored-by: Mustafa Baser <mbaser@mail.com> Co-authored-by: Devrim <devrimyatar@gluu.org>

…0080) * chore(main): release jans-orm 1.0.1-SNAPSHOT (#1713) * chore(main): release jans-fido2 1.0.1-SNAPSHOT (#1712) * chore(main): release jans-auth-server 1.0.1-SNAPSHOT (#1711) * chore(main): release jans-core 1.0.1-SNAPSHOT (#1710) * chore(main): release jans-scim 1.0.1-SNAPSHOT (#1709) * chore(main): release jans-notify 1.0.1-SNAPSHOT (#1708) * chore(main): release agama 1.0.1-SNAPSHOT (#1707) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#2466) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2471) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * build(deps): bump commons-text from 1.9 to 1.10.0 in /jans-bom (#2679) Bumps commons-text from 1.9 to 1.10.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-text dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2676) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3037311 * fix: jans-config-api/plugins/sample/helloworld/pom.xml to reduce vulnerabilities (#972) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1009963 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1058913 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1085989 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1303102 Co-authored-by: pujavs <43700552+pujavs@users.noreply.github.com> * fix: jans-config-api/pom.xml to reduce vulnerabilities (#1746) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452 Co-authored-by: pujavs <43700552+pujavs@users.noreply.github.com> * docs: update README.md (#2367) * chore(main): release jans-core 1.0.5-SNAPSHOT (#3143) * chore(main): release jans-config-api 1.0.5-SNAPSHOT (#3142) * chore(main): release jans-auth-server 1.0.5-SNAPSHOT (#3141) * chore(main): release jans-notify 1.0.5-SNAPSHOT (#3140) * chore(main): release jans-orm 1.0.5-SNAPSHOT (#3139) * chore(main): release jans-eleven 1.0.5-SNAPSHOT (#3138) * chore(main): release jans-fido2 1.0.5-SNAPSHOT (#3137) * chore(main): release jans-bom 1.0.5-SNAPSHOT (#3136) * chore: add owner to jans-config-api (#3283) * build(deps): bump postgresql from 42.5.0 to 42.5.1 in /jans-bom (#3068) Bumps [postgresql](https://github.com/pgjdbc/pgjdbc) from 42.5.0 to 42.5.1. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.5.0...REL42.5.1) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#3315) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#3314) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(main): release jans-eleven 1.0.6-SNAPSHOT (#3538) * chore(main): release jans-bom 1.0.6-SNAPSHOT (#3539) * chore(main): release jans-notify 1.0.6-SNAPSHOT (#3540) * chore(main): release jans-config-api 1.0.6-SNAPSHOT (#3541) * chore(main): release jans-orm 1.0.6-SNAPSHOT (#3542) * chore(main): release jans-scim 1.0.6-SNAPSHOT (#3543) * chore(main): release jans-auth-server 1.0.6-SNAPSHOT (#3544) * chore(main): release jans-fido2 1.0.6-SNAPSHOT (#3545) * chore(main): release jans-core 1.0.6-SNAPSHOT (#3546) * fix: cbor data stream lenght calculatro return wrong lengh #3614 (#3615) * chore(main): release jans-core 1.0.7-SNAPSHOT (#3919) * chore(main): release jans-scim 1.0.7-SNAPSHOT (#3918) * chore(main): release jans-notify 1.0.7-SNAPSHOT (#3917) * chore(main): release jans-auth-server 1.0.7-SNAPSHOT (#3916) * chore(main): release jans-bom 1.0.7-SNAPSHOT (#3915) * chore(main): release jans-orm 1.0.7-SNAPSHOT (#3914) * chore(main): release agama 1.0.7-SNAPSHOT (#3913) * chore(main): release jans-eleven 1.0.7-SNAPSHOT (#3912) * chore(main): release jans-config-api 1.0.7-SNAPSHOT (#3911) * chore(main): release jans-fido2 1.0.7-SNAPSHOT (#3910) * chore(main): release jans-notify 1.0.8-SNAPSHOT (#4008) * chore(main): release jans-auth-server 1.0.8-SNAPSHOT (#4007) * chore(main): release jans-config-api 1.0.8-SNAPSHOT (#4006) * chore(main): release jans-scim 1.0.8-SNAPSHOT (#4004) * chore(main): release jans-fido2 1.0.8-SNAPSHOT (#4005) * chore(main): release jans-bom 1.0.8-SNAPSHOT (#4003) * chore(main): release jans-core 1.0.8-SNAPSHOT (#4002) * chore(main): release jans-orm 1.0.8-SNAPSHOT (#4001) * chore(main): release jans-eleven 1.0.8-SNAPSHOT (#4000) * chore(main): release agama 1.0.8-SNAPSHOT (#3999) * chore(main): release jans-auth-server 1.0.9-SNAPSHOT (#4064) * chore(main): release jans-fido2 1.0.9-SNAPSHOT (#4062) * chore(main): release jans-auth-server 1.0.10-SNAPSHOT (#4175) * chore(main): release jans-fido2 1.0.10-SNAPSHOT (#4173) * chore(main): release jans-eleven 1.0.10-SNAPSHOT (#4172) * chore(main): release jans-orm 1.0.10-SNAPSHOT (#4171) * chore(main): release jans-notify 1.0.10-SNAPSHOT (#4170) * chore(main): release jans-config-api 1.0.10-SNAPSHOT (#4169) * chore(main): release jans-core 1.0.10-SNAPSHOT (#4168) * chore(main): release jans-bom 1.0.10-SNAPSHOT (#4167) * chore(main): release agama 1.0.10-SNAPSHOT (#4166) * chore(main): release jans-eleven 1.0.11-SNAPSHOT (#4473) * chore(main): release jans-core 1.0.11-SNAPSHOT (#4472) * chore(main): release jans-notify 1.0.11-SNAPSHOT (#4471) * chore(main): release jans-auth-server 1.0.11-SNAPSHOT (#4470) * chore(main): release jans-fido2 1.0.11-SNAPSHOT (#4469) * chore(main): release jans-bom 1.0.11-SNAPSHOT (#4467) * chore(main): release agama 1.0.11-SNAPSHOT (#4466) * chore(main): release jans-orm 1.0.11-SNAPSHOT (#4465) * chore(main): release jans-config-api 1.0.11-SNAPSHOT (#4464) * chore(main): release jans-orm 1.0.12-SNAPSHOT (#4638) * chore(main): release jans-bom 1.0.12-SNAPSHOT (#4636) * chore(main): release jans-core 1.0.12-SNAPSHOT (#4637) * chore(main): release jans-notify 1.0.12-SNAPSHOT (#4634) * chore(main): release jans-config-api 1.0.12-SNAPSHOT (#4633) * chore(main): release jans-auth-server 1.0.12-SNAPSHOT (#4632) * chore(main): release jans-eleven 1.0.12-SNAPSHOT (#4631) * chore(main): release agama 1.0.12-SNAPSHOT (#4630) * chore(main): release jans-scim 1.0.12-SNAPSHOT (#4629) * chore(main): release jans-fido2 1.0.12-SNAPSHOT (#4635) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#4271) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3367610 * chore(deps): bump jettison from 1.5.2 to 1.5.4 in /jans-auth-server (#4275) Bumps [jettison](https://github.com/jettison-json/jettison) from 1.5.2 to 1.5.4. - [Release notes](https://github.com/jettison-json/jettison/releases) - [Commits](jettison-json/jettison@jettison-1.5.2...jettison-1.5.4) --- updated-dependencies: - dependency-name: org.codehaus.jettison:jettison dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(main): release jans-config-api 1.0.13-SNAPSHOT (#4920) * chore(main): release jans-notify 1.0.13-SNAPSHOT (#4917) * chore(main): release jans-auth-server 1.0.13-SNAPSHOT (#4918) * chore(main): release jans-orm 1.0.13-SNAPSHOT (#4916) * chore(main): release agama 1.0.13-SNAPSHOT (#4915) * chore(main): release jans-bom 1.0.13-SNAPSHOT (#4913) * chore(main): release jans-core 1.0.13-SNAPSHOT (#4914) * chore(main): release jans-scim 1.0.13-SNAPSHOT (#4912) * chore(main): release jans-eleven 1.0.13-SNAPSHOT (#4911) * chore(main): release jans-fido2 1.0.13-SNAPSHOT (#4919) * docs: write topic overview pages for properties, feature flags and endpoint sections (#5147) * docs(scripts): endpoint section README.md Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(scripts): property section readme Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(scripts): add how to set properties Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(scripts): add details to feature flag readme Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * chore(main): release jans-bom 1.0.14-SNAPSHOT (#5211) * chore(main): release jans-config-api 1.0.14-SNAPSHOT (#5209) * chore(main): release jans-scim 1.0.14-SNAPSHOT (#5208) * chore(main): release jans-eleven 1.0.14-SNAPSHOT (#5207) * chore(main): release agama 1.0.14-SNAPSHOT (#5206) * chore(main): release jans-orm 1.0.14-SNAPSHOT (#5205) * chore(main): release jans-fido2 1.0.14-SNAPSHOT (#5204) * chore(main): release jans-core 1.0.14-SNAPSHOT (#5203) * chore(main): release jans-config-api 1.0.15-SNAPSHOT (#5495) * chore(main): release jans-bom 1.0.15-SNAPSHOT (#5493) * chore(main): release agama 1.0.15-SNAPSHOT (#5492) * chore(main): release jans-scim 1.0.15-SNAPSHOT (#5491) * chore(main): release jans-orm 1.0.15-SNAPSHOT (#5490) * chore(main): release jans-fido2 1.0.15-SNAPSHOT (#5489) * chore(main): release jans-eleven 1.0.15-SNAPSHOT (#5488) * chore(main): release jans-core 1.0.15-SNAPSHOT (#5494) * chore(main): release jans-scim 1.0.16-SNAPSHOT (#5733) * chore(main): release jans-fido2 1.0.16-SNAPSHOT (#5730) * chore(main): release jans-auth-server 1.0.16-SNAPSHOT (#5729) * chore(main): release jans-orm 1.0.16-SNAPSHOT (#5728) * chore(main): release agama 1.0.16-SNAPSHOT (#5727) * chore(main): release jans-bom 1.0.16-SNAPSHOT (#5725) * chore(main): release jans-eleven 1.0.16-SNAPSHOT (#5726) * chore(main): release jans-core 1.0.16-SNAPSHOT (#5732) * chore(main): release jans-config-api 1.0.16-SNAPSHOT (#5731) * chore(main): release jans-scim 1.0.17-SNAPSHOT (#6051) * chore(main): release jans-core 1.0.17-SNAPSHOT (#6049) * chore(main): release jans-bom 1.0.17-SNAPSHOT (#6048) * chore(main): release agama 1.0.17-SNAPSHOT (#6047) * chore(main): release jans-auth-server 1.0.17-SNAPSHOT (#6046) * chore(main): release jans-fido2 1.0.17-SNAPSHOT (#6045) * chore(main): release jans-config-api 1.0.17-SNAPSHOT (#6044) * chore(main): release jans-eleven 1.0.17-SNAPSHOT (#6043) * chore(main): release jans-orm 1.0.17-SNAPSHOT (#6050) * chore(main): release jans-orm 1.0.18-SNAPSHOT (#6115) * chore(main): release jans-bom 1.0.18-SNAPSHOT (#6113) * chore(main): release jans-config-api 1.0.18-SNAPSHOT (#6112) * chore(main): release jans-auth-server 1.0.18-SNAPSHOT (#6111) * chore(main): release jans-core 1.0.18-SNAPSHOT (#6110) * chore(main): release jans-fido2 1.0.18-SNAPSHOT (#6108) * chore(main): release agama 1.0.18-SNAPSHOT (#6109) * chore(main): release jans-eleven 1.0.18-SNAPSHOT (#6107) * chore(main): release jans-scim 1.0.18-SNAPSHOT (#6114) * chore(main): release jans-scim 1.0.19-SNAPSHOT (#6245) * chore(main): release jans-bom 1.0.19-SNAPSHOT (#6241) * chore(main): release jans-fido2 1.0.19-SNAPSHOT (#6240) * chore(main): release jans-auth-server 1.0.19-SNAPSHOT (#6239) * chore(main): release jans-config-api 1.0.19-SNAPSHOT (#6238) * chore(main): release agama 1.0.19-SNAPSHOT (#6236) * chore(main): release jans-eleven 1.0.19-SNAPSHOT (#6235) * chore(main): release jans-orm 1.0.19-SNAPSHOT (#6244) * chore(main): release jans-scim 1.0.20-SNAPSHOT (#6485) * chore(main): release jans-core 1.0.20-SNAPSHOT (#6483) * chore(main): release jans-bom 1.0.20-SNAPSHOT (#6482) * chore(main): release jans-link 1.0.20-SNAPSHOT (#6481) * chore(main): release jans-fido2 1.0.20-SNAPSHOT (#6480) * chore(main): release jans-casa 1.0.20-SNAPSHOT (#6479) * chore(main): release jans-eleven 1.0.20-SNAPSHOT (#6478) * chore(main): release jans-config-api 1.0.20-SNAPSHOT (#6477) * chore(main): release agama 1.0.20-SNAPSHOT (#6476) * chore(main): release jans-auth-server 1.0.20-SNAPSHOT (#6475) * chore(main): release jans-orm 1.0.20-SNAPSHOT (#6484) * chore(main): release jans-orm 1.0.21-SNAPSHOT (#7022) * chore(main): release jans-scim 1.0.21-SNAPSHOT (#7020) * chore(main): release jans-auth-server 1.0.21-SNAPSHOT (#7019) * chore(main): release agama 1.0.21-SNAPSHOT (#7018) * chore(main): release jans-eleven 1.0.21-SNAPSHOT (#7017) * chore(main): release jans-fido2 1.0.21-SNAPSHOT (#7016) * chore(main): release jans-config-api 1.0.21-SNAPSHOT (#7015) * chore(main): release jans-bom 1.0.21-SNAPSHOT (#7014) * chore(main): release jans-core 1.0.21-SNAPSHOT (#7013) * chore(main): release jans-casa 1.0.21-SNAPSHOT (#7012) * chore(main): release jans-keycloak-link 1.0.21-SNAPSHOT (#7021) * chore(main): release jans-keycloak-link 1.0.22-SNAPSHOT (#7469) * chore(main): release jans-scim 1.0.22-SNAPSHOT (#7468) * chore(main): release jans-orm 1.0.22-SNAPSHOT (#7467) * chore(main): release jans-lock 1.0.22-SNAPSHOT (#7466) * chore(main): release jans-link 1.0.22-SNAPSHOT (#7465) * chore(main): release jans-fido2 1.0.22-SNAPSHOT (#7464) * chore(main): release jans-eleven 1.0.22-SNAPSHOT (#7463) * chore(main): release jans-config-api 1.0.22-SNAPSHOT (#7462) * chore(main): release jans-core 1.0.22-SNAPSHOT (#7461) * chore(main): release jans-casa 1.0.22-SNAPSHOT (#7460) * chore(main): release agama 1.0.22-SNAPSHOT (#7459) * chore(main): release jans-bom 1.0.22-SNAPSHOT (#7458) * chore(main): release jans-auth-server 1.0.22-SNAPSHOT (#7457) * fix(jans-keycloak-integration): security bugfixes #8954 (#8962) * fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8954 * bumped nimbus oidc sdk version Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8954 * removed old metadata parser and entityidhandler from `jans-core-saml` Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8954 * further removed old saml related code Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8654 * removed unused dependencies in jans-core-saml Signed-off-by: Rolain Djeumen <uprightech@gmail.com> --------- Signed-off-by: Rolain Djeumen <uprightech@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * feat: Minimum support ES256, RS1, RS256, ED25519 (#9086) * feat: Minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: using SHA512 for Ed25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> --------- Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: refactor Assertion/Attestation to Jackson ObjectMapper (#9023) * feat: refactor Assertion/Attestation to Jackson ObjectMapper Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> --------- Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * fix(jans-fido2): removing safetynet and android #8901 * fix(jans-fido2): Removing multiple Assertion processors #8902 * feat: add support for BS / BE flags in AuthData #8903 (#8968) * feat: add support for BS / BE flags in AuthData #8903 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding comments Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding comments Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> --------- Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Ackermann Yuriy <1636116+yackermann@users.noreply.github.com> * fix(jans-fido2): #8906, Basic simplification and refactoring of Attestation and Assertion Response * Issue 8908 (#9241) * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): #8908 delete unused file Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> --------- Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix(jans-fido2): Attestation #8906 * Issue 9111 (#9276) * feat(jans-fido): refactor mds3 codebase and server config Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): revert rename from docker file #9111 Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): add metadatarefreshinterval #9111 Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): changes to refactor metadataservers #9111 Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> --------- Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): changes to refactor requestedParties #9111 (#9329) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix(jans-fido2): resolve failing test case in `FetchMdsProviderServiceTest` (#9299) fix(jans-fido2): resolve failing test case in FetchMdsProviderServiceTest Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * docs(customization): updates to customization document to align with custom assets feature (#9106) * docs(customize): add intro and management sections Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(customization): add location details Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(customization): add web customization instructions Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(customization): fix proofreading issues Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * fix(jans-fido2): removed legacy SuperGluu support #9453 (#9468) Signed-off-by: Madhumita <madhu@gluu.org> * feat(jans-fido2): add support for isEnterpriseAttestation in local me… (#9521) * feat(jans-fido2): add support for isEnterpriseAttestation in local metadata retrieval Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): add new unit test for isEnterpriseAttestation Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * Jans fido2 attestation mode 9332 (#9463) * docs(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestationMode Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestation mode Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): update the full flow unit test with monitor attestation mode Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): adding missing imports Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): #9248 Renaming domain to origin and application id to RpId Signed-off-by: Madhumita <madhu@gluu.org> * fix(jans-fido2): #9248 * fix(jans-fido2): resolved build failure issues Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * Jans fido2 replace requested parties 9248 (#9586) * feat(jans-fido2): changed function type to be accessible and replaced requestParties name and domain with id and origins Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): add test cases for createRpDomain function in AttestationServiceTest Class Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): #9642 * fix(jans-fido2): convert attestationMode from enum to sting Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido): move fidoconfig folder properties to db #9369 (#9611) * feat(jans-fido): move fidoconfig folder properties to db #9369 Signed-off-by: shekhar16 shekharlaad1609@gmail.com * feat(jans-fido): added specialized exception #9369 Signed-off-by: shekhar16 shekharlaad1609@gmail.com --------- Signed-off-by: shekhar16 shekharlaad1609@gmail.com Co-authored-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * fix(jans-fido2): #9642 Signed-off-by: Madhumita Subramaniam <madhu@gluu.org> * Reflect Authenicator Name with Passkeys (#9716) * feat(jans-fido2): reflect authenticator name with passkeys Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): handle test cases for authenticator name Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagge… (#9624) fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagger and ConfigurationControllerTest Signed-off-by: imran-ishaq <imranishaq024@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps): bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M12 to 4.0.0-M16 in /jans-scim (#9010) chore(deps): bump org.apache.maven.plugins:maven-site-plugin Bumps [org.apache.maven.plugins:maven-site-plugin](https://github.com/apache/maven-site-plugin) from 4.0.0-M12 to 4.0.0-M16. - [Commits](apache/maven-site-plugin@maven-site-plugin-4.0.0-M12...maven-site-plugin-4.0.0-M16) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-site-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jose Gonzalez <bonustrack310@gmail.com> * fix(jans-casa): fix issue caused by refactoring (#9838) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix(jans-fido2): fix document refactoring issue (#9918) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * Add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 (#9974) * feat(jans-fido2): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * refactor(docs): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): handle origin if http or https is missing #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(docs): #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-linux-setup): move fidoconfig folder properties to db Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(jans-fido2): fix issues due unused injects (#10035) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix: fido2 build * fix(ProjectPasskeys) : #9981 added rawId, authenticatorData, publicKey, publicKeyAlgorithm, publicKeyId, transport to the newly created cred object. * fix(jans-ido2): #10101 Update dynamic-conf.json #10101 property name changed and not reflected in the template Signed-off-by: Madhumita Subramaniam <madhu@gluu.org> * fix(jans-linux-setup): use sqlconnection instead of mysqlconnection Signed-off-by: Mustafa Baser <mbaser@mail.com> * Jans fido Review Configs #10101 (#10204) * Make CommonVerifiersTest class test cases functational (#10209) * fix(jans-fido2): #9642 * fix(jans-fido2): Make AppleAttestationProcessorTest,PackedAttestationProcessorTest,TPMProcessorTest and U2FAttestationProcessorTest test cases functational Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): support for ECC added #10317 * fix(ProjectPasskeys): #9765 --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Signed-off-by: Rolain Djeumen <uprightech@gmail.com> Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> Signed-off-by: Madhumita <madhu@gluu.org> Signed-off-by: imran-ishaq <imranishaq024@gmail.com> Signed-off-by: shekhar16 shekharlaad1609@gmail.com Signed-off-by: Mustafa Baser <mbaser@mail.com> Signed-off-by: Madhumita Subramaniam <madhu@gluu.org> Signed-off-by: Devrim <devrimyatar@gluu.org> Co-authored-by: mo-auto <54212639+mo-auto@users.noreply.github.com> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pujavs <43700552+pujavs@users.noreply.github.com> Co-authored-by: Madhumita Subramaniam <madhu@gluu.org> Co-authored-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> Co-authored-by: Dhaval D <343411+ossdhaval@users.noreply.github.com> Co-authored-by: Djeumen Rolain Bonaventure <uprightech@gmail.com> Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Ackermann Yuriy <1636116+yackermann@users.noreply.github.com> Co-authored-by: shekhar16 <shekhar16@users.noreply.github.com> Co-authored-by: Imran <78725662+imran-ishaq@users.noreply.github.com> Co-authored-by: imran-ishaq <imranishaq024@gmail.com> Co-authored-by: Jose Gonzalez <bonustrack310@gmail.com> Co-authored-by: Mustafa Baser <mbaser@mail.com> Co-authored-by: Devrim <devrimyatar@gluu.org>

… array list (#10339) * chore(main): release jans-orm 1.0.1-SNAPSHOT (#1713) * chore(main): release jans-fido2 1.0.1-SNAPSHOT (#1712) * chore(main): release jans-auth-server 1.0.1-SNAPSHOT (#1711) * chore(main): release jans-core 1.0.1-SNAPSHOT (#1710) * chore(main): release jans-scim 1.0.1-SNAPSHOT (#1709) * chore(main): release jans-notify 1.0.1-SNAPSHOT (#1708) * chore(main): release agama 1.0.1-SNAPSHOT (#1707) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#2466) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2471) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * build(deps): bump commons-text from 1.9 to 1.10.0 in /jans-bom (#2679) Bumps commons-text from 1.9 to 1.10.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-text dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2676) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3037311 * fix: jans-config-api/plugins/sample/helloworld/pom.xml to reduce vulnerabilities (#972) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1009963 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1058913 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1085989 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1303102 Co-authored-by: pujavs <43700552+pujavs@users.noreply.github.com> * fix: jans-config-api/pom.xml to reduce vulnerabilities (#1746) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452 Co-authored-by: pujavs <43700552+pujavs@users.noreply.github.com> * docs: update README.md (#2367) * chore(main): release jans-core 1.0.5-SNAPSHOT (#3143) * chore(main): release jans-config-api 1.0.5-SNAPSHOT (#3142) * chore(main): release jans-auth-server 1.0.5-SNAPSHOT (#3141) * chore(main): release jans-notify 1.0.5-SNAPSHOT (#3140) * chore(main): release jans-orm 1.0.5-SNAPSHOT (#3139) * chore(main): release jans-eleven 1.0.5-SNAPSHOT (#3138) * chore(main): release jans-fido2 1.0.5-SNAPSHOT (#3137) * chore(main): release jans-bom 1.0.5-SNAPSHOT (#3136) * chore: add owner to jans-config-api (#3283) * build(deps): bump postgresql from 42.5.0 to 42.5.1 in /jans-bom (#3068) Bumps [postgresql](https://github.com/pgjdbc/pgjdbc) from 42.5.0 to 42.5.1. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.5.0...REL42.5.1) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#3315) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#3314) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <snyk-bot@snyk.io> * chore(main): release jans-eleven 1.0.6-SNAPSHOT (#3538) * chore(main): release jans-bom 1.0.6-SNAPSHOT (#3539) * chore(main): release jans-notify 1.0.6-SNAPSHOT (#3540) * chore(main): release jans-config-api 1.0.6-SNAPSHOT (#3541) * chore(main): release jans-orm 1.0.6-SNAPSHOT (#3542) * chore(main): release jans-scim 1.0.6-SNAPSHOT (#3543) * chore(main): release jans-auth-server 1.0.6-SNAPSHOT (#3544) * chore(main): release jans-fido2 1.0.6-SNAPSHOT (#3545) * chore(main): release jans-core 1.0.6-SNAPSHOT (#3546) * fix: cbor data stream lenght calculatro return wrong lengh #3614 (#3615) * chore(main): release jans-core 1.0.7-SNAPSHOT (#3919) * chore(main): release jans-scim 1.0.7-SNAPSHOT (#3918) * chore(main): release jans-notify 1.0.7-SNAPSHOT (#3917) * chore(main): release jans-auth-server 1.0.7-SNAPSHOT (#3916) * chore(main): release jans-bom 1.0.7-SNAPSHOT (#3915) * chore(main): release jans-orm 1.0.7-SNAPSHOT (#3914) * chore(main): release agama 1.0.7-SNAPSHOT (#3913) * chore(main): release jans-eleven 1.0.7-SNAPSHOT (#3912) * chore(main): release jans-config-api 1.0.7-SNAPSHOT (#3911) * chore(main): release jans-fido2 1.0.7-SNAPSHOT (#3910) * chore(main): release jans-notify 1.0.8-SNAPSHOT (#4008) * chore(main): release jans-auth-server 1.0.8-SNAPSHOT (#4007) * chore(main): release jans-config-api 1.0.8-SNAPSHOT (#4006) * chore(main): release jans-scim 1.0.8-SNAPSHOT (#4004) * chore(main): release jans-fido2 1.0.8-SNAPSHOT (#4005) * chore(main): release jans-bom 1.0.8-SNAPSHOT (#4003) * chore(main): release jans-core 1.0.8-SNAPSHOT (#4002) * chore(main): release jans-orm 1.0.8-SNAPSHOT (#4001) * chore(main): release jans-eleven 1.0.8-SNAPSHOT (#4000) * chore(main): release agama 1.0.8-SNAPSHOT (#3999) * chore(main): release jans-auth-server 1.0.9-SNAPSHOT (#4064) * chore(main): release jans-fido2 1.0.9-SNAPSHOT (#4062) * chore(main): release jans-auth-server 1.0.10-SNAPSHOT (#4175) * chore(main): release jans-fido2 1.0.10-SNAPSHOT (#4173) * chore(main): release jans-eleven 1.0.10-SNAPSHOT (#4172) * chore(main): release jans-orm 1.0.10-SNAPSHOT (#4171) * chore(main): release jans-notify 1.0.10-SNAPSHOT (#4170) * chore(main): release jans-config-api 1.0.10-SNAPSHOT (#4169) * chore(main): release jans-core 1.0.10-SNAPSHOT (#4168) * chore(main): release jans-bom 1.0.10-SNAPSHOT (#4167) * chore(main): release agama 1.0.10-SNAPSHOT (#4166) * chore(main): release jans-eleven 1.0.11-SNAPSHOT (#4473) * chore(main): release jans-core 1.0.11-SNAPSHOT (#4472) * chore(main): release jans-notify 1.0.11-SNAPSHOT (#4471) * chore(main): release jans-auth-server 1.0.11-SNAPSHOT (#4470) * chore(main): release jans-fido2 1.0.11-SNAPSHOT (#4469) * chore(main): release jans-bom 1.0.11-SNAPSHOT (#4467) * chore(main): release agama 1.0.11-SNAPSHOT (#4466) * chore(main): release jans-orm 1.0.11-SNAPSHOT (#4465) * chore(main): release jans-config-api 1.0.11-SNAPSHOT (#4464) * chore(main): release jans-orm 1.0.12-SNAPSHOT (#4638) * chore(main): release jans-bom 1.0.12-SNAPSHOT (#4636) * chore(main): release jans-core 1.0.12-SNAPSHOT (#4637) * chore(main): release jans-notify 1.0.12-SNAPSHOT (#4634) * chore(main): release jans-config-api 1.0.12-SNAPSHOT (#4633) * chore(main): release jans-auth-server 1.0.12-SNAPSHOT (#4632) * chore(main): release jans-eleven 1.0.12-SNAPSHOT (#4631) * chore(main): release agama 1.0.12-SNAPSHOT (#4630) * chore(main): release jans-scim 1.0.12-SNAPSHOT (#4629) * chore(main): release jans-fido2 1.0.12-SNAPSHOT (#4635) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#4271) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3367610 * chore(deps): bump jettison from 1.5.2 to 1.5.4 in /jans-auth-server (#4275) Bumps [jettison](https://github.com/jettison-json/jettison) from 1.5.2 to 1.5.4. - [Release notes](https://github.com/jettison-json/jettison/releases) - [Commits](jettison-json/jettison@jettison-1.5.2...jettison-1.5.4) --- updated-dependencies: - dependency-name: org.codehaus.jettison:jettison dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(main): release jans-config-api 1.0.13-SNAPSHOT (#4920) * chore(main): release jans-notify 1.0.13-SNAPSHOT (#4917) * chore(main): release jans-auth-server 1.0.13-SNAPSHOT (#4918) * chore(main): release jans-orm 1.0.13-SNAPSHOT (#4916) * chore(main): release agama 1.0.13-SNAPSHOT (#4915) * chore(main): release jans-bom 1.0.13-SNAPSHOT (#4913) * chore(main): release jans-core 1.0.13-SNAPSHOT (#4914) * chore(main): release jans-scim 1.0.13-SNAPSHOT (#4912) * chore(main): release jans-eleven 1.0.13-SNAPSHOT (#4911) * chore(main): release jans-fido2 1.0.13-SNAPSHOT (#4919) * docs: write topic overview pages for properties, feature flags and endpoint sections (#5147) * docs(scripts): endpoint section README.md Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(scripts): property section readme Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(scripts): add how to set properties Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(scripts): add details to feature flag readme Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * chore(main): release jans-bom 1.0.14-SNAPSHOT (#5211) * chore(main): release jans-config-api 1.0.14-SNAPSHOT (#5209) * chore(main): release jans-scim 1.0.14-SNAPSHOT (#5208) * chore(main): release jans-eleven 1.0.14-SNAPSHOT (#5207) * chore(main): release agama 1.0.14-SNAPSHOT (#5206) * chore(main): release jans-orm 1.0.14-SNAPSHOT (#5205) * chore(main): release jans-fido2 1.0.14-SNAPSHOT (#5204) * chore(main): release jans-core 1.0.14-SNAPSHOT (#5203) * chore(main): release jans-config-api 1.0.15-SNAPSHOT (#5495) * chore(main): release jans-bom 1.0.15-SNAPSHOT (#5493) * chore(main): release agama 1.0.15-SNAPSHOT (#5492) * chore(main): release jans-scim 1.0.15-SNAPSHOT (#5491) * chore(main): release jans-orm 1.0.15-SNAPSHOT (#5490) * chore(main): release jans-fido2 1.0.15-SNAPSHOT (#5489) * chore(main): release jans-eleven 1.0.15-SNAPSHOT (#5488) * chore(main): release jans-core 1.0.15-SNAPSHOT (#5494) * chore(main): release jans-scim 1.0.16-SNAPSHOT (#5733) * chore(main): release jans-fido2 1.0.16-SNAPSHOT (#5730) * chore(main): release jans-auth-server 1.0.16-SNAPSHOT (#5729) * chore(main): release jans-orm 1.0.16-SNAPSHOT (#5728) * chore(main): release agama 1.0.16-SNAPSHOT (#5727) * chore(main): release jans-bom 1.0.16-SNAPSHOT (#5725) * chore(main): release jans-eleven 1.0.16-SNAPSHOT (#5726) * chore(main): release jans-core 1.0.16-SNAPSHOT (#5732) * chore(main): release jans-config-api 1.0.16-SNAPSHOT (#5731) * chore(main): release jans-scim 1.0.17-SNAPSHOT (#6051) * chore(main): release jans-core 1.0.17-SNAPSHOT (#6049) * chore(main): release jans-bom 1.0.17-SNAPSHOT (#6048) * chore(main): release agama 1.0.17-SNAPSHOT (#6047) * chore(main): release jans-auth-server 1.0.17-SNAPSHOT (#6046) * chore(main): release jans-fido2 1.0.17-SNAPSHOT (#6045) * chore(main): release jans-config-api 1.0.17-SNAPSHOT (#6044) * chore(main): release jans-eleven 1.0.17-SNAPSHOT (#6043) * chore(main): release jans-orm 1.0.17-SNAPSHOT (#6050) * chore(main): release jans-orm 1.0.18-SNAPSHOT (#6115) * chore(main): release jans-bom 1.0.18-SNAPSHOT (#6113) * chore(main): release jans-config-api 1.0.18-SNAPSHOT (#6112) * chore(main): release jans-auth-server 1.0.18-SNAPSHOT (#6111) * chore(main): release jans-core 1.0.18-SNAPSHOT (#6110) * chore(main): release jans-fido2 1.0.18-SNAPSHOT (#6108) * chore(main): release agama 1.0.18-SNAPSHOT (#6109) * chore(main): release jans-eleven 1.0.18-SNAPSHOT (#6107) * chore(main): release jans-scim 1.0.18-SNAPSHOT (#6114) * chore(main): release jans-scim 1.0.19-SNAPSHOT (#6245) * chore(main): release jans-bom 1.0.19-SNAPSHOT (#6241) * chore(main): release jans-fido2 1.0.19-SNAPSHOT (#6240) * chore(main): release jans-auth-server 1.0.19-SNAPSHOT (#6239) * chore(main): release jans-config-api 1.0.19-SNAPSHOT (#6238) * chore(main): release agama 1.0.19-SNAPSHOT (#6236) * chore(main): release jans-eleven 1.0.19-SNAPSHOT (#6235) * chore(main): release jans-orm 1.0.19-SNAPSHOT (#6244) * chore(main): release jans-scim 1.0.20-SNAPSHOT (#6485) * chore(main): release jans-core 1.0.20-SNAPSHOT (#6483) * chore(main): release jans-bom 1.0.20-SNAPSHOT (#6482) * chore(main): release jans-link 1.0.20-SNAPSHOT (#6481) * chore(main): release jans-fido2 1.0.20-SNAPSHOT (#6480) * chore(main): release jans-casa 1.0.20-SNAPSHOT (#6479) * chore(main): release jans-eleven 1.0.20-SNAPSHOT (#6478) * chore(main): release jans-config-api 1.0.20-SNAPSHOT (#6477) * chore(main): release agama 1.0.20-SNAPSHOT (#6476) * chore(main): release jans-auth-server 1.0.20-SNAPSHOT (#6475) * chore(main): release jans-orm 1.0.20-SNAPSHOT (#6484) * chore(main): release jans-orm 1.0.21-SNAPSHOT (#7022) * chore(main): release jans-scim 1.0.21-SNAPSHOT (#7020) * chore(main): release jans-auth-server 1.0.21-SNAPSHOT (#7019) * chore(main): release agama 1.0.21-SNAPSHOT (#7018) * chore(main): release jans-eleven 1.0.21-SNAPSHOT (#7017) * chore(main): release jans-fido2 1.0.21-SNAPSHOT (#7016) * chore(main): release jans-config-api 1.0.21-SNAPSHOT (#7015) * chore(main): release jans-bom 1.0.21-SNAPSHOT (#7014) * chore(main): release jans-core 1.0.21-SNAPSHOT (#7013) * chore(main): release jans-casa 1.0.21-SNAPSHOT (#7012) * chore(main): release jans-keycloak-link 1.0.21-SNAPSHOT (#7021) * chore(main): release jans-keycloak-link 1.0.22-SNAPSHOT (#7469) * chore(main): release jans-scim 1.0.22-SNAPSHOT (#7468) * chore(main): release jans-orm 1.0.22-SNAPSHOT (#7467) * chore(main): release jans-lock 1.0.22-SNAPSHOT (#7466) * chore(main): release jans-link 1.0.22-SNAPSHOT (#7465) * chore(main): release jans-fido2 1.0.22-SNAPSHOT (#7464) * chore(main): release jans-eleven 1.0.22-SNAPSHOT (#7463) * chore(main): release jans-config-api 1.0.22-SNAPSHOT (#7462) * chore(main): release jans-core 1.0.22-SNAPSHOT (#7461) * chore(main): release jans-casa 1.0.22-SNAPSHOT (#7460) * chore(main): release agama 1.0.22-SNAPSHOT (#7459) * chore(main): release jans-bom 1.0.22-SNAPSHOT (#7458) * chore(main): release jans-auth-server 1.0.22-SNAPSHOT (#7457) * fix(jans-keycloak-integration): security bugfixes #8954 (#8962) * fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8954 * bumped nimbus oidc sdk version Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8954 * removed old metadata parser and entityidhandler from `jans-core-saml` Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8954 * further removed old saml related code Signed-off-by: Rolain Djeumen <uprightech@gmail.com> * fix(jans-keycloak-integration): security bugfixes #8654 * removed unused dependencies in jans-core-saml Signed-off-by: Rolain Djeumen <uprightech@gmail.com> --------- Signed-off-by: Rolain Djeumen <uprightech@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * feat: Minimum support ES256, RS1, RS256, ED25519 (#9086) * feat: Minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: using SHA512 for Ed25519 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> --------- Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: refactor Assertion/Attestation to Jackson ObjectMapper (#9023) * feat: refactor Assertion/Attestation to Jackson ObjectMapper Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> --------- Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * fix(jans-fido2): removing safetynet and android #8901 * fix(jans-fido2): Removing multiple Assertion processors #8902 * feat: add support for BS / BE flags in AuthData #8903 (#8968) * feat: add support for BS / BE flags in AuthData #8903 Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding comments Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> * feat: adding comments Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> --------- Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Ackermann Yuriy <1636116+yackermann@users.noreply.github.com> * fix(jans-fido2): #8906, Basic simplification and refactoring of Attestation and Assertion Response * Issue 8908 (#9241) * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): #8908 delete unused file Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> --------- Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix(jans-fido2): Attestation #8906 * Issue 9111 (#9276) * feat(jans-fido): refactor mds3 codebase and server config Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): revert rename from docker file #9111 Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): add metadatarefreshinterval #9111 Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): changes to refactor metadataservers #9111 Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> --------- Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * feat(jans-fido): changes to refactor requestedParties #9111 (#9329) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix(jans-fido2): resolve failing test case in `FetchMdsProviderServiceTest` (#9299) fix(jans-fido2): resolve failing test case in FetchMdsProviderServiceTest Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * docs(customization): updates to customization document to align with custom assets feature (#9106) * docs(customize): add intro and management sections Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(customization): add location details Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(customization): add web customization instructions Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * docs(customization): fix proofreading issues Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> --------- Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> * fix(jans-fido2): removed legacy SuperGluu support #9453 (#9468) Signed-off-by: Madhumita <madhu@gluu.org> * feat(jans-fido2): add support for isEnterpriseAttestation in local me… (#9521) * feat(jans-fido2): add support for isEnterpriseAttestation in local metadata retrieval Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): add new unit test for isEnterpriseAttestation Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * Jans fido2 attestation mode 9332 (#9463) * docs(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestationMode Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestation mode Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): update the full flow unit test with monitor attestation mode Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): adding missing imports Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): #9248 Renaming domain to origin and application id to RpId Signed-off-by: Madhumita <madhu@gluu.org> * fix(jans-fido2): #9248 * fix(jans-fido2): resolved build failure issues Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * Jans fido2 replace requested parties 9248 (#9586) * feat(jans-fido2): changed function type to be accessible and replaced requestParties name and domain with id and origins Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido2): add test cases for createRpDomain function in AttestationServiceTest Class Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): #9642 * fix(jans-fido2): convert attestationMode from enum to sting Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-fido): move fidoconfig folder properties to db #9369 (#9611) * feat(jans-fido): move fidoconfig folder properties to db #9369 Signed-off-by: shekhar16 shekharlaad1609@gmail.com * feat(jans-fido): added specialized exception #9369 Signed-off-by: shekhar16 shekharlaad1609@gmail.com --------- Signed-off-by: shekhar16 shekharlaad1609@gmail.com Co-authored-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> * fix(jans-fido2): #9642 Signed-off-by: Madhumita Subramaniam <madhu@gluu.org> * Reflect Authenicator Name with Passkeys (#9716) * feat(jans-fido2): reflect authenticator name with passkeys Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): handle test cases for authenticator name Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagge… (#9624) fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagger and ConfigurationControllerTest Signed-off-by: imran-ishaq <imranishaq024@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps): bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M12 to 4.0.0-M16 in /jans-scim (#9010) chore(deps): bump org.apache.maven.plugins:maven-site-plugin Bumps [org.apache.maven.plugins:maven-site-plugin](https://github.com/apache/maven-site-plugin) from 4.0.0-M12 to 4.0.0-M16. - [Commits](apache/maven-site-plugin@maven-site-plugin-4.0.0-M12...maven-site-plugin-4.0.0-M16) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-site-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jose Gonzalez <bonustrack310@gmail.com> * fix(jans-casa): fix issue caused by refactoring (#9838) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix(jans-fido2): fix document refactoring issue (#9918) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * Add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 (#9974) * feat(jans-fido2): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * refactor(docs): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): handle origin if http or https is missing #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> --------- Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(docs): #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * feat(jans-linux-setup): move fidoconfig folder properties to db Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(jans-fido2): fix issues due unused injects (#10035) Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> * fix: fido2 build * fix(ProjectPasskeys) : #9981 added rawId, authenticatorData, publicKey, publicKeyAlgorithm, publicKeyId, transport to the newly created cred object. * fix(jans-ido2): #10101 Update dynamic-conf.json #10101 property name changed and not reflected in the template Signed-off-by: Madhumita Subramaniam <madhu@gluu.org> * fix(jans-linux-setup): use sqlconnection instead of mysqlconnection Signed-off-by: Mustafa Baser <mbaser@mail.com> * Jans fido Review Configs #10101 (#10204) * Make CommonVerifiersTest class test cases functational (#10209) * fix(jans-fido2): #9642 * fix(jans-fido2): Make AppleAttestationProcessorTest,PackedAttestationProcessorTest,TPMProcessorTest and U2FAttestationProcessorTest test cases functational Signed-off-by: imran-ishaq <imranishaq024@gmail.com> * fix(jans-fido2): support for ECC added #10317 * feat(jans-fido2): create new WebAuthn configuration controller that returns an origins array list #10245 * feat(jans-linux-setup): apache proxy pass for .well-known/webauthn Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(ProjectPasskeys): #9765 * fix(docs): update jans fido docs #10245 --------- Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: ossdhaval <343411+ossdhaval@users.noreply.github.com> Signed-off-by: Rolain Djeumen <uprightech@gmail.com> Signed-off-by: Arnab Dutta <arnab.bdutta@gmail.com> Signed-off-by: shekhar16 <shekharlaad1609@gmail.com> Signed-off-by: Madhumita <madhu@gluu.org> Signed-off-by: imran-ishaq <imranishaq024@gmail.com> Signed-off-by: shekhar16 shekharlaad1609@gmail.com Signed-off-by: Mustafa Baser <mbaser@mail.com> Signed-off-by: Madhumita Subramaniam <madhu@gluu.org> Signed-off-by: Devrim <devrimyatar@gluu.org> Signed-off-by: Imran <78725662+imran-ishaq@users.noreply.github.com> Co-authored-by: mo-auto <54212639+mo-auto@users.noreply.github.com> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pujavs <43700552+pujavs@users.noreply.github.com> Co-authored-by: Madhumita Subramaniam <madhu@gluu.org> Co-authored-by: Yuriy Movchan <Yuriy.Movchan@gmail.com> Co-authored-by: Dhaval D <343411+ossdhaval@users.noreply.github.com> Co-authored-by: Djeumen Rolain Bonaventure <uprightech@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Ackermann Yuriy <1636116+yackermann@users.noreply.github.com> Co-authored-by: shekhar16 <shekhar16@users.noreply.github.com> Co-authored-by: Jose Gonzalez <bonustrack310@gmail.com> Co-authored-by: Mustafa Baser <mbaser@mail.com> Co-authored-by: Devrim <devrimyatar@gluu.org>

imran-ishaq added 3 commits October 29, 2024 15:33

feat(jans-fido2): add origin parameter in Fido2ExternalAuthenticator …

0101b5d

…script for attestation and assertion API calls Signed-off-by: imran-ishaq <imranishaq024@gmail.com>

refactor(docs): add origin parameter in Fido2ExternalAuthenticator sc…

860260f

…ript for attestation and assertion API calls #9248 Signed-off-by: imran-ishaq <imranishaq024@gmail.com>

fix(jans-fido2): handle origin if http or https is missing #9248

c5c2a7a

Signed-off-by: imran-ishaq <imranishaq024@gmail.com>

imran-ishaq marked this pull request as ready for review October 29, 2024 13:29

imran-ishaq requested review from yurem and yackermann as code owners October 29, 2024 13:29

imran-ishaq requested a review from maduvena October 29, 2024 13:29

maduvena approved these changes Oct 29, 2024

View reviewed changes

imran-ishaq merged commit ba381a9 into passkeys-project Oct 30, 2024
11 checks passed

imran-ishaq deleted the jans-fido2-add-origin-parameter-in-Fido2ExternalAuthenticator_9248 branch October 30, 2024 11:40

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 #9974

Add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 #9974

imran-ishaq commented Oct 29, 2024 •

edited

Loading

dryrunsecurity bot commented Oct 29, 2024

Add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 #9974

Add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 #9974

Conversation

imran-ishaq commented Oct 29, 2024 • edited Loading

Prepare

Description

Target issue

Implementation Details

Test and Document the changes

dryrunsecurity bot commented Oct 29, 2024

DryRun Security Summary

Code Analysis

Riskiness

imran-ishaq commented Oct 29, 2024 •

edited

Loading