fix(jans-keycloak-integration): security bugfixes #8954 #8962

uprightech · 2024-07-15T13:59:56Z

Attemptive fix for security bugs in spi and kc-jans-scheduler in jans-keycloak-integration
Closes #8954

Prepare

Read PR guidelines
Read license information

Description

Target issue

closes #issue-number-here

Implementation Details

Test and Document the changes

Static code analysis has been run locally and issues have been fixed
Relevant unit and integration tests have been added/updated
Relevant documentation has been updated if any (i.e. user guides, installation and configuration guides, technical design docs etc)

Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with docs: to indicate documentation changes or if the below checklist is not selected.

I confirm that there is no impact on the docs due to the code changes in this PR.

* updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <[email protected]>

Signed-off-by: Rolain Djeumen <[email protected]>

* bumped nimbus oidc sdk version Signed-off-by: Rolain Djeumen <[email protected]>

* removed old metadata parser and entityidhandler from `jans-core-saml` Signed-off-by: Rolain Djeumen <[email protected]>

* further removed old saml related code Signed-off-by: Rolain Djeumen <[email protected]>

* removed unused dependencies in jans-core-saml Signed-off-by: Rolain Djeumen <[email protected]>

dryrunsecurity · 2024-07-15T14:00:10Z

DryRun Security Summary

The text indicates that there are no code changes or files provided, so the application security engineer cannot review or summarize any specific code changes.

Expand for full summary

Summary:

There are no code changes provided in the input, so I don't have any specific code to review or summarize. As an application security engineer, I would typically review any code changes to ensure they do not introduce any security vulnerabilities or unintended consequences. Without any code changes to analyze, I cannot provide a detailed summary. However, I am ready to review any future code changes that may be provided.

Files Changed:

There are no files changed in the provided input.

Code Analysis

We ran 9 analyzers against 0 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

sonarqubecloud · 2024-07-15T14:08:25Z

Quality Gate passed for 'keycloak-integration-parent'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud · 2024-07-15T14:33:44Z

Quality Gate passed for 'jans-linux-setup'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

sonarqubecloud · 2024-07-15T14:34:16Z

Quality Gate passed for 'jans-core'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

* fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <[email protected]> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * bumped nimbus oidc sdk version Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * removed old metadata parser and entityidhandler from `jans-core-saml` Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * further removed old saml related code Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8654 * removed unused dependencies in jans-core-saml Signed-off-by: Rolain Djeumen <[email protected]> --------- Signed-off-by: Rolain Djeumen <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]>

* fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <[email protected]> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * bumped nimbus oidc sdk version Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * removed old metadata parser and entityidhandler from `jans-core-saml` Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * further removed old saml related code Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8654 * removed unused dependencies in jans-core-saml Signed-off-by: Rolain Djeumen <[email protected]> --------- Signed-off-by: Rolain Djeumen <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> Former-commit-id: d40a949

* fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <[email protected]> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * bumped nimbus oidc sdk version Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * removed old metadata parser and entityidhandler from `jans-core-saml` Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * further removed old saml related code Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8654 * removed unused dependencies in jans-core-saml Signed-off-by: Rolain Djeumen <[email protected]> --------- Signed-off-by: Rolain Djeumen <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]>

…0080) * chore(main): release jans-orm 1.0.1-SNAPSHOT (#1713) * chore(main): release jans-fido2 1.0.1-SNAPSHOT (#1712) * chore(main): release jans-auth-server 1.0.1-SNAPSHOT (#1711) * chore(main): release jans-core 1.0.1-SNAPSHOT (#1710) * chore(main): release jans-scim 1.0.1-SNAPSHOT (#1709) * chore(main): release jans-notify 1.0.1-SNAPSHOT (#1708) * chore(main): release agama 1.0.1-SNAPSHOT (#1707) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#2466) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2471) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 Co-authored-by: snyk-bot <[email protected]> * build(deps): bump commons-text from 1.9 to 1.10.0 in /jans-bom (#2679) Bumps commons-text from 1.9 to 1.10.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-text dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2676) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3037311 * fix: jans-config-api/plugins/sample/helloworld/pom.xml to reduce vulnerabilities (#972) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1009963 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1058913 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1085989 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1303102 Co-authored-by: pujavs <[email protected]> * fix: jans-config-api/pom.xml to reduce vulnerabilities (#1746) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452 Co-authored-by: pujavs <[email protected]> * docs: update README.md (#2367) * chore(main): release jans-core 1.0.5-SNAPSHOT (#3143) * chore(main): release jans-config-api 1.0.5-SNAPSHOT (#3142) * chore(main): release jans-auth-server 1.0.5-SNAPSHOT (#3141) * chore(main): release jans-notify 1.0.5-SNAPSHOT (#3140) * chore(main): release jans-orm 1.0.5-SNAPSHOT (#3139) * chore(main): release jans-eleven 1.0.5-SNAPSHOT (#3138) * chore(main): release jans-fido2 1.0.5-SNAPSHOT (#3137) * chore(main): release jans-bom 1.0.5-SNAPSHOT (#3136) * chore: add owner to jans-config-api (#3283) * build(deps): bump postgresql from 42.5.0 to 42.5.1 in /jans-bom (#3068) Bumps [postgresql](https://github.com/pgjdbc/pgjdbc) from 42.5.0 to 42.5.1. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.5.0...REL42.5.1) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#3315) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <[email protected]> * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#3314) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <[email protected]> * chore(main): release jans-eleven 1.0.6-SNAPSHOT (#3538) * chore(main): release jans-bom 1.0.6-SNAPSHOT (#3539) * chore(main): release jans-notify 1.0.6-SNAPSHOT (#3540) * chore(main): release jans-config-api 1.0.6-SNAPSHOT (#3541) * chore(main): release jans-orm 1.0.6-SNAPSHOT (#3542) * chore(main): release jans-scim 1.0.6-SNAPSHOT (#3543) * chore(main): release jans-auth-server 1.0.6-SNAPSHOT (#3544) * chore(main): release jans-fido2 1.0.6-SNAPSHOT (#3545) * chore(main): release jans-core 1.0.6-SNAPSHOT (#3546) * fix: cbor data stream lenght calculatro return wrong lengh #3614 (#3615) * chore(main): release jans-core 1.0.7-SNAPSHOT (#3919) * chore(main): release jans-scim 1.0.7-SNAPSHOT (#3918) * chore(main): release jans-notify 1.0.7-SNAPSHOT (#3917) * chore(main): release jans-auth-server 1.0.7-SNAPSHOT (#3916) * chore(main): release jans-bom 1.0.7-SNAPSHOT (#3915) * chore(main): release jans-orm 1.0.7-SNAPSHOT (#3914) * chore(main): release agama 1.0.7-SNAPSHOT (#3913) * chore(main): release jans-eleven 1.0.7-SNAPSHOT (#3912) * chore(main): release jans-config-api 1.0.7-SNAPSHOT (#3911) * chore(main): release jans-fido2 1.0.7-SNAPSHOT (#3910) * chore(main): release jans-notify 1.0.8-SNAPSHOT (#4008) * chore(main): release jans-auth-server 1.0.8-SNAPSHOT (#4007) * chore(main): release jans-config-api 1.0.8-SNAPSHOT (#4006) * chore(main): release jans-scim 1.0.8-SNAPSHOT (#4004) * chore(main): release jans-fido2 1.0.8-SNAPSHOT (#4005) * chore(main): release jans-bom 1.0.8-SNAPSHOT (#4003) * chore(main): release jans-core 1.0.8-SNAPSHOT (#4002) * chore(main): release jans-orm 1.0.8-SNAPSHOT (#4001) * chore(main): release jans-eleven 1.0.8-SNAPSHOT (#4000) * chore(main): release agama 1.0.8-SNAPSHOT (#3999) * chore(main): release jans-auth-server 1.0.9-SNAPSHOT (#4064) * chore(main): release jans-fido2 1.0.9-SNAPSHOT (#4062) * chore(main): release jans-auth-server 1.0.10-SNAPSHOT (#4175) * chore(main): release jans-fido2 1.0.10-SNAPSHOT (#4173) * chore(main): release jans-eleven 1.0.10-SNAPSHOT (#4172) * chore(main): release jans-orm 1.0.10-SNAPSHOT (#4171) * chore(main): release jans-notify 1.0.10-SNAPSHOT (#4170) * chore(main): release jans-config-api 1.0.10-SNAPSHOT (#4169) * chore(main): release jans-core 1.0.10-SNAPSHOT (#4168) * chore(main): release jans-bom 1.0.10-SNAPSHOT (#4167) * chore(main): release agama 1.0.10-SNAPSHOT (#4166) * chore(main): release jans-eleven 1.0.11-SNAPSHOT (#4473) * chore(main): release jans-core 1.0.11-SNAPSHOT (#4472) * chore(main): release jans-notify 1.0.11-SNAPSHOT (#4471) * chore(main): release jans-auth-server 1.0.11-SNAPSHOT (#4470) * chore(main): release jans-fido2 1.0.11-SNAPSHOT (#4469) * chore(main): release jans-bom 1.0.11-SNAPSHOT (#4467) * chore(main): release agama 1.0.11-SNAPSHOT (#4466) * chore(main): release jans-orm 1.0.11-SNAPSHOT (#4465) * chore(main): release jans-config-api 1.0.11-SNAPSHOT (#4464) * chore(main): release jans-orm 1.0.12-SNAPSHOT (#4638) * chore(main): release jans-bom 1.0.12-SNAPSHOT (#4636) * chore(main): release jans-core 1.0.12-SNAPSHOT (#4637) * chore(main): release jans-notify 1.0.12-SNAPSHOT (#4634) * chore(main): release jans-config-api 1.0.12-SNAPSHOT (#4633) * chore(main): release jans-auth-server 1.0.12-SNAPSHOT (#4632) * chore(main): release jans-eleven 1.0.12-SNAPSHOT (#4631) * chore(main): release agama 1.0.12-SNAPSHOT (#4630) * chore(main): release jans-scim 1.0.12-SNAPSHOT (#4629) * chore(main): release jans-fido2 1.0.12-SNAPSHOT (#4635) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#4271) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3367610 * chore(deps): bump jettison from 1.5.2 to 1.5.4 in /jans-auth-server (#4275) Bumps [jettison](https://github.com/jettison-json/jettison) from 1.5.2 to 1.5.4. - [Release notes](https://github.com/jettison-json/jettison/releases) - [Commits](jettison-json/jettison@jettison-1.5.2...jettison-1.5.4) --- updated-dependencies: - dependency-name: org.codehaus.jettison:jettison dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(main): release jans-config-api 1.0.13-SNAPSHOT (#4920) * chore(main): release jans-notify 1.0.13-SNAPSHOT (#4917) * chore(main): release jans-auth-server 1.0.13-SNAPSHOT (#4918) * chore(main): release jans-orm 1.0.13-SNAPSHOT (#4916) * chore(main): release agama 1.0.13-SNAPSHOT (#4915) * chore(main): release jans-bom 1.0.13-SNAPSHOT (#4913) * chore(main): release jans-core 1.0.13-SNAPSHOT (#4914) * chore(main): release jans-scim 1.0.13-SNAPSHOT (#4912) * chore(main): release jans-eleven 1.0.13-SNAPSHOT (#4911) * chore(main): release jans-fido2 1.0.13-SNAPSHOT (#4919) * docs: write topic overview pages for properties, feature flags and endpoint sections (#5147) * docs(scripts): endpoint section README.md Signed-off-by: ossdhaval <[email protected]> * docs(scripts): property section readme Signed-off-by: ossdhaval <[email protected]> * docs(scripts): add how to set properties Signed-off-by: ossdhaval <[email protected]> * docs(scripts): add details to feature flag readme Signed-off-by: ossdhaval <[email protected]> --------- Signed-off-by: ossdhaval <[email protected]> * chore(main): release jans-bom 1.0.14-SNAPSHOT (#5211) * chore(main): release jans-config-api 1.0.14-SNAPSHOT (#5209) * chore(main): release jans-scim 1.0.14-SNAPSHOT (#5208) * chore(main): release jans-eleven 1.0.14-SNAPSHOT (#5207) * chore(main): release agama 1.0.14-SNAPSHOT (#5206) * chore(main): release jans-orm 1.0.14-SNAPSHOT (#5205) * chore(main): release jans-fido2 1.0.14-SNAPSHOT (#5204) * chore(main): release jans-core 1.0.14-SNAPSHOT (#5203) * chore(main): release jans-config-api 1.0.15-SNAPSHOT (#5495) * chore(main): release jans-bom 1.0.15-SNAPSHOT (#5493) * chore(main): release agama 1.0.15-SNAPSHOT (#5492) * chore(main): release jans-scim 1.0.15-SNAPSHOT (#5491) * chore(main): release jans-orm 1.0.15-SNAPSHOT (#5490) * chore(main): release jans-fido2 1.0.15-SNAPSHOT (#5489) * chore(main): release jans-eleven 1.0.15-SNAPSHOT (#5488) * chore(main): release jans-core 1.0.15-SNAPSHOT (#5494) * chore(main): release jans-scim 1.0.16-SNAPSHOT (#5733) * chore(main): release jans-fido2 1.0.16-SNAPSHOT (#5730) * chore(main): release jans-auth-server 1.0.16-SNAPSHOT (#5729) * chore(main): release jans-orm 1.0.16-SNAPSHOT (#5728) * chore(main): release agama 1.0.16-SNAPSHOT (#5727) * chore(main): release jans-bom 1.0.16-SNAPSHOT (#5725) * chore(main): release jans-eleven 1.0.16-SNAPSHOT (#5726) * chore(main): release jans-core 1.0.16-SNAPSHOT (#5732) * chore(main): release jans-config-api 1.0.16-SNAPSHOT (#5731) * chore(main): release jans-scim 1.0.17-SNAPSHOT (#6051) * chore(main): release jans-core 1.0.17-SNAPSHOT (#6049) * chore(main): release jans-bom 1.0.17-SNAPSHOT (#6048) * chore(main): release agama 1.0.17-SNAPSHOT (#6047) * chore(main): release jans-auth-server 1.0.17-SNAPSHOT (#6046) * chore(main): release jans-fido2 1.0.17-SNAPSHOT (#6045) * chore(main): release jans-config-api 1.0.17-SNAPSHOT (#6044) * chore(main): release jans-eleven 1.0.17-SNAPSHOT (#6043) * chore(main): release jans-orm 1.0.17-SNAPSHOT (#6050) * chore(main): release jans-orm 1.0.18-SNAPSHOT (#6115) * chore(main): release jans-bom 1.0.18-SNAPSHOT (#6113) * chore(main): release jans-config-api 1.0.18-SNAPSHOT (#6112) * chore(main): release jans-auth-server 1.0.18-SNAPSHOT (#6111) * chore(main): release jans-core 1.0.18-SNAPSHOT (#6110) * chore(main): release jans-fido2 1.0.18-SNAPSHOT (#6108) * chore(main): release agama 1.0.18-SNAPSHOT (#6109) * chore(main): release jans-eleven 1.0.18-SNAPSHOT (#6107) * chore(main): release jans-scim 1.0.18-SNAPSHOT (#6114) * chore(main): release jans-scim 1.0.19-SNAPSHOT (#6245) * chore(main): release jans-bom 1.0.19-SNAPSHOT (#6241) * chore(main): release jans-fido2 1.0.19-SNAPSHOT (#6240) * chore(main): release jans-auth-server 1.0.19-SNAPSHOT (#6239) * chore(main): release jans-config-api 1.0.19-SNAPSHOT (#6238) * chore(main): release agama 1.0.19-SNAPSHOT (#6236) * chore(main): release jans-eleven 1.0.19-SNAPSHOT (#6235) * chore(main): release jans-orm 1.0.19-SNAPSHOT (#6244) * chore(main): release jans-scim 1.0.20-SNAPSHOT (#6485) * chore(main): release jans-core 1.0.20-SNAPSHOT (#6483) * chore(main): release jans-bom 1.0.20-SNAPSHOT (#6482) * chore(main): release jans-link 1.0.20-SNAPSHOT (#6481) * chore(main): release jans-fido2 1.0.20-SNAPSHOT (#6480) * chore(main): release jans-casa 1.0.20-SNAPSHOT (#6479) * chore(main): release jans-eleven 1.0.20-SNAPSHOT (#6478) * chore(main): release jans-config-api 1.0.20-SNAPSHOT (#6477) * chore(main): release agama 1.0.20-SNAPSHOT (#6476) * chore(main): release jans-auth-server 1.0.20-SNAPSHOT (#6475) * chore(main): release jans-orm 1.0.20-SNAPSHOT (#6484) * chore(main): release jans-orm 1.0.21-SNAPSHOT (#7022) * chore(main): release jans-scim 1.0.21-SNAPSHOT (#7020) * chore(main): release jans-auth-server 1.0.21-SNAPSHOT (#7019) * chore(main): release agama 1.0.21-SNAPSHOT (#7018) * chore(main): release jans-eleven 1.0.21-SNAPSHOT (#7017) * chore(main): release jans-fido2 1.0.21-SNAPSHOT (#7016) * chore(main): release jans-config-api 1.0.21-SNAPSHOT (#7015) * chore(main): release jans-bom 1.0.21-SNAPSHOT (#7014) * chore(main): release jans-core 1.0.21-SNAPSHOT (#7013) * chore(main): release jans-casa 1.0.21-SNAPSHOT (#7012) * chore(main): release jans-keycloak-link 1.0.21-SNAPSHOT (#7021) * chore(main): release jans-keycloak-link 1.0.22-SNAPSHOT (#7469) * chore(main): release jans-scim 1.0.22-SNAPSHOT (#7468) * chore(main): release jans-orm 1.0.22-SNAPSHOT (#7467) * chore(main): release jans-lock 1.0.22-SNAPSHOT (#7466) * chore(main): release jans-link 1.0.22-SNAPSHOT (#7465) * chore(main): release jans-fido2 1.0.22-SNAPSHOT (#7464) * chore(main): release jans-eleven 1.0.22-SNAPSHOT (#7463) * chore(main): release jans-config-api 1.0.22-SNAPSHOT (#7462) * chore(main): release jans-core 1.0.22-SNAPSHOT (#7461) * chore(main): release jans-casa 1.0.22-SNAPSHOT (#7460) * chore(main): release agama 1.0.22-SNAPSHOT (#7459) * chore(main): release jans-bom 1.0.22-SNAPSHOT (#7458) * chore(main): release jans-auth-server 1.0.22-SNAPSHOT (#7457) * fix(jans-keycloak-integration): security bugfixes #8954 (#8962) * fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <[email protected]> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * bumped nimbus oidc sdk version Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * removed old metadata parser and entityidhandler from `jans-core-saml` Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * further removed old saml related code Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8654 * removed unused dependencies in jans-core-saml Signed-off-by: Rolain Djeumen <[email protected]> --------- Signed-off-by: Rolain Djeumen <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> * feat: Minimum support ES256, RS1, RS256, ED25519 (#9086) * feat: Minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <[email protected]> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <[email protected]> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <[email protected]> * feat: using SHA512 for Ed25519 Signed-off-by: Arnab Dutta <[email protected]> --------- Signed-off-by: Arnab Dutta <[email protected]> * feat: refactor Assertion/Attestation to Jackson ObjectMapper (#9023) * feat: refactor Assertion/Attestation to Jackson ObjectMapper Signed-off-by: Arnab Dutta <[email protected]> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <[email protected]> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <[email protected]> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <[email protected]> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <[email protected]> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <[email protected]> --------- Signed-off-by: Arnab Dutta <[email protected]> * fix(jans-fido2): removing safetynet and android #8901 * fix(jans-fido2): Removing multiple Assertion processors #8902 * feat: add support for BS / BE flags in AuthData #8903 (#8968) * feat: add support for BS / BE flags in AuthData #8903 Signed-off-by: Arnab Dutta <[email protected]> * feat: adding comments Signed-off-by: Arnab Dutta <[email protected]> * feat: adding comments Signed-off-by: Arnab Dutta <[email protected]> --------- Signed-off-by: Arnab Dutta <[email protected]> Co-authored-by: Ackermann Yuriy <[email protected]> * fix(jans-fido2): #8906, Basic simplification and refactoring of Attestation and Assertion Response * Issue 8908 (#9241) * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): #8908 delete unused file Signed-off-by: shekhar16 <[email protected]> --------- Signed-off-by: shekhar16 <[email protected]> * fix(jans-fido2): Attestation #8906 * Issue 9111 (#9276) * feat(jans-fido): refactor mds3 codebase and server config Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): revert rename from docker file #9111 Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): add metadatarefreshinterval #9111 Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): changes to refactor metadataservers #9111 Signed-off-by: shekhar16 <[email protected]> --------- Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): changes to refactor requestedParties #9111 (#9329) Signed-off-by: shekhar16 <[email protected]> * fix(jans-fido2): resolve failing test case in `FetchMdsProviderServiceTest` (#9299) fix(jans-fido2): resolve failing test case in FetchMdsProviderServiceTest Co-authored-by: Mohammad Abudayyeh <[email protected]> * docs(customization): updates to customization document to align with custom assets feature (#9106) * docs(customize): add intro and management sections Signed-off-by: ossdhaval <[email protected]> * docs(customization): add location details Signed-off-by: ossdhaval <[email protected]> * docs(customization): add web customization instructions Signed-off-by: ossdhaval <[email protected]> * docs(customization): fix proofreading issues Signed-off-by: ossdhaval <[email protected]> --------- Signed-off-by: ossdhaval <[email protected]> * fix(jans-fido2): removed legacy SuperGluu support #9453 (#9468) Signed-off-by: Madhumita <[email protected]> * feat(jans-fido2): add support for isEnterpriseAttestation in local me… (#9521) * feat(jans-fido2): add support for isEnterpriseAttestation in local metadata retrieval Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): add new unit test for isEnterpriseAttestation Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * Jans fido2 attestation mode 9332 (#9463) * docs(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestationMode Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestation mode Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): update the full flow unit test with monitor attestation mode Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): adding missing imports Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): #9248 Renaming domain to origin and application id to RpId Signed-off-by: Madhumita <[email protected]> * fix(jans-fido2): #9248 * fix(jans-fido2): resolved build failure issues Signed-off-by: imran-ishaq <[email protected]> * Jans fido2 replace requested parties 9248 (#9586) * feat(jans-fido2): changed function type to be accessible and replaced requestParties name and domain with id and origins Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): add test cases for createRpDomain function in AttestationServiceTest Class Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): #9642 * fix(jans-fido2): convert attestationMode from enum to sting Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido): move fidoconfig folder properties to db #9369 (#9611) * feat(jans-fido): move fidoconfig folder properties to db #9369 Signed-off-by: shekhar16 [email protected] * feat(jans-fido): added specialized exception #9369 Signed-off-by: shekhar16 [email protected] --------- Signed-off-by: shekhar16 [email protected] Co-authored-by: Yuriy Movchan <[email protected]> * fix(jans-fido2): #9642 Signed-off-by: Madhumita Subramaniam <[email protected]> * Reflect Authenicator Name with Passkeys (#9716) * feat(jans-fido2): reflect authenticator name with passkeys Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): handle test cases for authenticator name Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> * fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagge… (#9624) fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagger and ConfigurationControllerTest Signed-off-by: imran-ishaq <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> * chore(deps): bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M12 to 4.0.0-M16 in /jans-scim (#9010) chore(deps): bump org.apache.maven.plugins:maven-site-plugin Bumps [org.apache.maven.plugins:maven-site-plugin](https://github.com/apache/maven-site-plugin) from 4.0.0-M12 to 4.0.0-M16. - [Commits](apache/maven-site-plugin@maven-site-plugin-4.0.0-M12...maven-site-plugin-4.0.0-M16) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-site-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jose Gonzalez <[email protected]> * fix(jans-casa): fix issue caused by refactoring (#9838) Signed-off-by: shekhar16 <[email protected]> * fix(jans-fido2): fix document refactoring issue (#9918) Signed-off-by: shekhar16 <[email protected]> * Add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 (#9974) * feat(jans-fido2): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls Signed-off-by: imran-ishaq <[email protected]> * refactor(docs): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): handle origin if http or https is missing #9248 Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * fix(docs): #9248 Signed-off-by: imran-ishaq <[email protected]> * feat(jans-linux-setup): move fidoconfig folder properties to db Signed-off-by: Mustafa Baser <[email protected]> * fix(jans-fido2): fix issues due unused injects (#10035) Signed-off-by: shekhar16 <[email protected]> * fix: fido2 build * fix(ProjectPasskeys) : #9981 added rawId, authenticatorData, publicKey, publicKeyAlgorithm, publicKeyId, transport to the newly created cred object. * fix(jans-ido2): #10101 Update dynamic-conf.json #10101 property name changed and not reflected in the template Signed-off-by: Madhumita Subramaniam <[email protected]> * fix(jans-linux-setup): use sqlconnection instead of mysqlconnection Signed-off-by: Mustafa Baser <[email protected]> * Jans fido Review Configs #10101 (#10204) * Make CommonVerifiersTest class test cases functational (#10209) * fix(jans-fido2): #9642 * fix(jans-fido2): Make AppleAttestationProcessorTest,PackedAttestationProcessorTest,TPMProcessorTest and U2FAttestationProcessorTest test cases functational Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): support for ECC added #10317 * fix(ProjectPasskeys): #9765 --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: ossdhaval <[email protected]> Signed-off-by: Rolain Djeumen <[email protected]> Signed-off-by: Arnab Dutta <[email protected]> Signed-off-by: shekhar16 <[email protected]> Signed-off-by: Madhumita <[email protected]> Signed-off-by: imran-ishaq <[email protected]> Signed-off-by: shekhar16 [email protected] Signed-off-by: Mustafa Baser <[email protected]> Signed-off-by: Madhumita Subramaniam <[email protected]> Signed-off-by: Devrim <[email protected]> Co-authored-by: mo-auto <[email protected]> Co-authored-by: Snyk bot <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pujavs <[email protected]> Co-authored-by: Madhumita Subramaniam <[email protected]> Co-authored-by: Yuriy Movchan <[email protected]> Co-authored-by: Dhaval D <[email protected]> Co-authored-by: Djeumen Rolain Bonaventure <[email protected]> Co-authored-by: Arnab Dutta <[email protected]> Co-authored-by: Ackermann Yuriy <[email protected]> Co-authored-by: shekhar16 <[email protected]> Co-authored-by: Imran <[email protected]> Co-authored-by: imran-ishaq <[email protected]> Co-authored-by: Jose Gonzalez <[email protected]> Co-authored-by: Mustafa Baser <[email protected]> Co-authored-by: Devrim <[email protected]>

… array list (#10339) * chore(main): release jans-orm 1.0.1-SNAPSHOT (#1713) * chore(main): release jans-fido2 1.0.1-SNAPSHOT (#1712) * chore(main): release jans-auth-server 1.0.1-SNAPSHOT (#1711) * chore(main): release jans-core 1.0.1-SNAPSHOT (#1710) * chore(main): release jans-scim 1.0.1-SNAPSHOT (#1709) * chore(main): release jans-notify 1.0.1-SNAPSHOT (#1708) * chore(main): release agama 1.0.1-SNAPSHOT (#1707) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#2466) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2471) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 Co-authored-by: snyk-bot <[email protected]> * build(deps): bump commons-text from 1.9 to 1.10.0 in /jans-bom (#2679) Bumps commons-text from 1.9 to 1.10.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-text dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2676) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3037311 * fix: jans-config-api/plugins/sample/helloworld/pom.xml to reduce vulnerabilities (#972) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1009963 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1058913 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1085989 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1303102 Co-authored-by: pujavs <[email protected]> * fix: jans-config-api/pom.xml to reduce vulnerabilities (#1746) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452 Co-authored-by: pujavs <[email protected]> * docs: update README.md (#2367) * chore(main): release jans-core 1.0.5-SNAPSHOT (#3143) * chore(main): release jans-config-api 1.0.5-SNAPSHOT (#3142) * chore(main): release jans-auth-server 1.0.5-SNAPSHOT (#3141) * chore(main): release jans-notify 1.0.5-SNAPSHOT (#3140) * chore(main): release jans-orm 1.0.5-SNAPSHOT (#3139) * chore(main): release jans-eleven 1.0.5-SNAPSHOT (#3138) * chore(main): release jans-fido2 1.0.5-SNAPSHOT (#3137) * chore(main): release jans-bom 1.0.5-SNAPSHOT (#3136) * chore: add owner to jans-config-api (#3283) * build(deps): bump postgresql from 42.5.0 to 42.5.1 in /jans-bom (#3068) Bumps [postgresql](https://github.com/pgjdbc/pgjdbc) from 42.5.0 to 42.5.1. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.5.0...REL42.5.1) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#3315) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <[email protected]> * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#3314) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <[email protected]> * chore(main): release jans-eleven 1.0.6-SNAPSHOT (#3538) * chore(main): release jans-bom 1.0.6-SNAPSHOT (#3539) * chore(main): release jans-notify 1.0.6-SNAPSHOT (#3540) * chore(main): release jans-config-api 1.0.6-SNAPSHOT (#3541) * chore(main): release jans-orm 1.0.6-SNAPSHOT (#3542) * chore(main): release jans-scim 1.0.6-SNAPSHOT (#3543) * chore(main): release jans-auth-server 1.0.6-SNAPSHOT (#3544) * chore(main): release jans-fido2 1.0.6-SNAPSHOT (#3545) * chore(main): release jans-core 1.0.6-SNAPSHOT (#3546) * fix: cbor data stream lenght calculatro return wrong lengh #3614 (#3615) * chore(main): release jans-core 1.0.7-SNAPSHOT (#3919) * chore(main): release jans-scim 1.0.7-SNAPSHOT (#3918) * chore(main): release jans-notify 1.0.7-SNAPSHOT (#3917) * chore(main): release jans-auth-server 1.0.7-SNAPSHOT (#3916) * chore(main): release jans-bom 1.0.7-SNAPSHOT (#3915) * chore(main): release jans-orm 1.0.7-SNAPSHOT (#3914) * chore(main): release agama 1.0.7-SNAPSHOT (#3913) * chore(main): release jans-eleven 1.0.7-SNAPSHOT (#3912) * chore(main): release jans-config-api 1.0.7-SNAPSHOT (#3911) * chore(main): release jans-fido2 1.0.7-SNAPSHOT (#3910) * chore(main): release jans-notify 1.0.8-SNAPSHOT (#4008) * chore(main): release jans-auth-server 1.0.8-SNAPSHOT (#4007) * chore(main): release jans-config-api 1.0.8-SNAPSHOT (#4006) * chore(main): release jans-scim 1.0.8-SNAPSHOT (#4004) * chore(main): release jans-fido2 1.0.8-SNAPSHOT (#4005) * chore(main): release jans-bom 1.0.8-SNAPSHOT (#4003) * chore(main): release jans-core 1.0.8-SNAPSHOT (#4002) * chore(main): release jans-orm 1.0.8-SNAPSHOT (#4001) * chore(main): release jans-eleven 1.0.8-SNAPSHOT (#4000) * chore(main): release agama 1.0.8-SNAPSHOT (#3999) * chore(main): release jans-auth-server 1.0.9-SNAPSHOT (#4064) * chore(main): release jans-fido2 1.0.9-SNAPSHOT (#4062) * chore(main): release jans-auth-server 1.0.10-SNAPSHOT (#4175) * chore(main): release jans-fido2 1.0.10-SNAPSHOT (#4173) * chore(main): release jans-eleven 1.0.10-SNAPSHOT (#4172) * chore(main): release jans-orm 1.0.10-SNAPSHOT (#4171) * chore(main): release jans-notify 1.0.10-SNAPSHOT (#4170) * chore(main): release jans-config-api 1.0.10-SNAPSHOT (#4169) * chore(main): release jans-core 1.0.10-SNAPSHOT (#4168) * chore(main): release jans-bom 1.0.10-SNAPSHOT (#4167) * chore(main): release agama 1.0.10-SNAPSHOT (#4166) * chore(main): release jans-eleven 1.0.11-SNAPSHOT (#4473) * chore(main): release jans-core 1.0.11-SNAPSHOT (#4472) * chore(main): release jans-notify 1.0.11-SNAPSHOT (#4471) * chore(main): release jans-auth-server 1.0.11-SNAPSHOT (#4470) * chore(main): release jans-fido2 1.0.11-SNAPSHOT (#4469) * chore(main): release jans-bom 1.0.11-SNAPSHOT (#4467) * chore(main): release agama 1.0.11-SNAPSHOT (#4466) * chore(main): release jans-orm 1.0.11-SNAPSHOT (#4465) * chore(main): release jans-config-api 1.0.11-SNAPSHOT (#4464) * chore(main): release jans-orm 1.0.12-SNAPSHOT (#4638) * chore(main): release jans-bom 1.0.12-SNAPSHOT (#4636) * chore(main): release jans-core 1.0.12-SNAPSHOT (#4637) * chore(main): release jans-notify 1.0.12-SNAPSHOT (#4634) * chore(main): release jans-config-api 1.0.12-SNAPSHOT (#4633) * chore(main): release jans-auth-server 1.0.12-SNAPSHOT (#4632) * chore(main): release jans-eleven 1.0.12-SNAPSHOT (#4631) * chore(main): release agama 1.0.12-SNAPSHOT (#4630) * chore(main): release jans-scim 1.0.12-SNAPSHOT (#4629) * chore(main): release jans-fido2 1.0.12-SNAPSHOT (#4635) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#4271) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3367610 * chore(deps): bump jettison from 1.5.2 to 1.5.4 in /jans-auth-server (#4275) Bumps [jettison](https://github.com/jettison-json/jettison) from 1.5.2 to 1.5.4. - [Release notes](https://github.com/jettison-json/jettison/releases) - [Commits](jettison-json/jettison@jettison-1.5.2...jettison-1.5.4) --- updated-dependencies: - dependency-name: org.codehaus.jettison:jettison dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(main): release jans-config-api 1.0.13-SNAPSHOT (#4920) * chore(main): release jans-notify 1.0.13-SNAPSHOT (#4917) * chore(main): release jans-auth-server 1.0.13-SNAPSHOT (#4918) * chore(main): release jans-orm 1.0.13-SNAPSHOT (#4916) * chore(main): release agama 1.0.13-SNAPSHOT (#4915) * chore(main): release jans-bom 1.0.13-SNAPSHOT (#4913) * chore(main): release jans-core 1.0.13-SNAPSHOT (#4914) * chore(main): release jans-scim 1.0.13-SNAPSHOT (#4912) * chore(main): release jans-eleven 1.0.13-SNAPSHOT (#4911) * chore(main): release jans-fido2 1.0.13-SNAPSHOT (#4919) * docs: write topic overview pages for properties, feature flags and endpoint sections (#5147) * docs(scripts): endpoint section README.md Signed-off-by: ossdhaval <[email protected]> * docs(scripts): property section readme Signed-off-by: ossdhaval <[email protected]> * docs(scripts): add how to set properties Signed-off-by: ossdhaval <[email protected]> * docs(scripts): add details to feature flag readme Signed-off-by: ossdhaval <[email protected]> --------- Signed-off-by: ossdhaval <[email protected]> * chore(main): release jans-bom 1.0.14-SNAPSHOT (#5211) * chore(main): release jans-config-api 1.0.14-SNAPSHOT (#5209) * chore(main): release jans-scim 1.0.14-SNAPSHOT (#5208) * chore(main): release jans-eleven 1.0.14-SNAPSHOT (#5207) * chore(main): release agama 1.0.14-SNAPSHOT (#5206) * chore(main): release jans-orm 1.0.14-SNAPSHOT (#5205) * chore(main): release jans-fido2 1.0.14-SNAPSHOT (#5204) * chore(main): release jans-core 1.0.14-SNAPSHOT (#5203) * chore(main): release jans-config-api 1.0.15-SNAPSHOT (#5495) * chore(main): release jans-bom 1.0.15-SNAPSHOT (#5493) * chore(main): release agama 1.0.15-SNAPSHOT (#5492) * chore(main): release jans-scim 1.0.15-SNAPSHOT (#5491) * chore(main): release jans-orm 1.0.15-SNAPSHOT (#5490) * chore(main): release jans-fido2 1.0.15-SNAPSHOT (#5489) * chore(main): release jans-eleven 1.0.15-SNAPSHOT (#5488) * chore(main): release jans-core 1.0.15-SNAPSHOT (#5494) * chore(main): release jans-scim 1.0.16-SNAPSHOT (#5733) * chore(main): release jans-fido2 1.0.16-SNAPSHOT (#5730) * chore(main): release jans-auth-server 1.0.16-SNAPSHOT (#5729) * chore(main): release jans-orm 1.0.16-SNAPSHOT (#5728) * chore(main): release agama 1.0.16-SNAPSHOT (#5727) * chore(main): release jans-bom 1.0.16-SNAPSHOT (#5725) * chore(main): release jans-eleven 1.0.16-SNAPSHOT (#5726) * chore(main): release jans-core 1.0.16-SNAPSHOT (#5732) * chore(main): release jans-config-api 1.0.16-SNAPSHOT (#5731) * chore(main): release jans-scim 1.0.17-SNAPSHOT (#6051) * chore(main): release jans-core 1.0.17-SNAPSHOT (#6049) * chore(main): release jans-bom 1.0.17-SNAPSHOT (#6048) * chore(main): release agama 1.0.17-SNAPSHOT (#6047) * chore(main): release jans-auth-server 1.0.17-SNAPSHOT (#6046) * chore(main): release jans-fido2 1.0.17-SNAPSHOT (#6045) * chore(main): release jans-config-api 1.0.17-SNAPSHOT (#6044) * chore(main): release jans-eleven 1.0.17-SNAPSHOT (#6043) * chore(main): release jans-orm 1.0.17-SNAPSHOT (#6050) * chore(main): release jans-orm 1.0.18-SNAPSHOT (#6115) * chore(main): release jans-bom 1.0.18-SNAPSHOT (#6113) * chore(main): release jans-config-api 1.0.18-SNAPSHOT (#6112) * chore(main): release jans-auth-server 1.0.18-SNAPSHOT (#6111) * chore(main): release jans-core 1.0.18-SNAPSHOT (#6110) * chore(main): release jans-fido2 1.0.18-SNAPSHOT (#6108) * chore(main): release agama 1.0.18-SNAPSHOT (#6109) * chore(main): release jans-eleven 1.0.18-SNAPSHOT (#6107) * chore(main): release jans-scim 1.0.18-SNAPSHOT (#6114) * chore(main): release jans-scim 1.0.19-SNAPSHOT (#6245) * chore(main): release jans-bom 1.0.19-SNAPSHOT (#6241) * chore(main): release jans-fido2 1.0.19-SNAPSHOT (#6240) * chore(main): release jans-auth-server 1.0.19-SNAPSHOT (#6239) * chore(main): release jans-config-api 1.0.19-SNAPSHOT (#6238) * chore(main): release agama 1.0.19-SNAPSHOT (#6236) * chore(main): release jans-eleven 1.0.19-SNAPSHOT (#6235) * chore(main): release jans-orm 1.0.19-SNAPSHOT (#6244) * chore(main): release jans-scim 1.0.20-SNAPSHOT (#6485) * chore(main): release jans-core 1.0.20-SNAPSHOT (#6483) * chore(main): release jans-bom 1.0.20-SNAPSHOT (#6482) * chore(main): release jans-link 1.0.20-SNAPSHOT (#6481) * chore(main): release jans-fido2 1.0.20-SNAPSHOT (#6480) * chore(main): release jans-casa 1.0.20-SNAPSHOT (#6479) * chore(main): release jans-eleven 1.0.20-SNAPSHOT (#6478) * chore(main): release jans-config-api 1.0.20-SNAPSHOT (#6477) * chore(main): release agama 1.0.20-SNAPSHOT (#6476) * chore(main): release jans-auth-server 1.0.20-SNAPSHOT (#6475) * chore(main): release jans-orm 1.0.20-SNAPSHOT (#6484) * chore(main): release jans-orm 1.0.21-SNAPSHOT (#7022) * chore(main): release jans-scim 1.0.21-SNAPSHOT (#7020) * chore(main): release jans-auth-server 1.0.21-SNAPSHOT (#7019) * chore(main): release agama 1.0.21-SNAPSHOT (#7018) * chore(main): release jans-eleven 1.0.21-SNAPSHOT (#7017) * chore(main): release jans-fido2 1.0.21-SNAPSHOT (#7016) * chore(main): release jans-config-api 1.0.21-SNAPSHOT (#7015) * chore(main): release jans-bom 1.0.21-SNAPSHOT (#7014) * chore(main): release jans-core 1.0.21-SNAPSHOT (#7013) * chore(main): release jans-casa 1.0.21-SNAPSHOT (#7012) * chore(main): release jans-keycloak-link 1.0.21-SNAPSHOT (#7021) * chore(main): release jans-keycloak-link 1.0.22-SNAPSHOT (#7469) * chore(main): release jans-scim 1.0.22-SNAPSHOT (#7468) * chore(main): release jans-orm 1.0.22-SNAPSHOT (#7467) * chore(main): release jans-lock 1.0.22-SNAPSHOT (#7466) * chore(main): release jans-link 1.0.22-SNAPSHOT (#7465) * chore(main): release jans-fido2 1.0.22-SNAPSHOT (#7464) * chore(main): release jans-eleven 1.0.22-SNAPSHOT (#7463) * chore(main): release jans-config-api 1.0.22-SNAPSHOT (#7462) * chore(main): release jans-core 1.0.22-SNAPSHOT (#7461) * chore(main): release jans-casa 1.0.22-SNAPSHOT (#7460) * chore(main): release agama 1.0.22-SNAPSHOT (#7459) * chore(main): release jans-bom 1.0.22-SNAPSHOT (#7458) * chore(main): release jans-auth-server 1.0.22-SNAPSHOT (#7457) * fix(jans-keycloak-integration): security bugfixes #8954 (#8962) * fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <[email protected]> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * bumped nimbus oidc sdk version Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * removed old metadata parser and entityidhandler from `jans-core-saml` Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * further removed old saml related code Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8654 * removed unused dependencies in jans-core-saml Signed-off-by: Rolain Djeumen <[email protected]> --------- Signed-off-by: Rolain Djeumen <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> * feat: Minimum support ES256, RS1, RS256, ED25519 (#9086) * feat: Minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <[email protected]> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <[email protected]> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <[email protected]> * feat: using SHA512 for Ed25519 Signed-off-by: Arnab Dutta <[email protected]> --------- Signed-off-by: Arnab Dutta <[email protected]> * feat: refactor Assertion/Attestation to Jackson ObjectMapper (#9023) * feat: refactor Assertion/Attestation to Jackson ObjectMapper Signed-off-by: Arnab Dutta <[email protected]> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <[email protected]> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <[email protected]> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <[email protected]> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <[email protected]> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <[email protected]> --------- Signed-off-by: Arnab Dutta <[email protected]> * fix(jans-fido2): removing safetynet and android #8901 * fix(jans-fido2): Removing multiple Assertion processors #8902 * feat: add support for BS / BE flags in AuthData #8903 (#8968) * feat: add support for BS / BE flags in AuthData #8903 Signed-off-by: Arnab Dutta <[email protected]> * feat: adding comments Signed-off-by: Arnab Dutta <[email protected]> * feat: adding comments Signed-off-by: Arnab Dutta <[email protected]> --------- Signed-off-by: Arnab Dutta <[email protected]> Co-authored-by: Ackermann Yuriy <[email protected]> * fix(jans-fido2): #8906, Basic simplification and refactoring of Attestation and Assertion Response * Issue 8908 (#9241) * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): #8908 delete unused file Signed-off-by: shekhar16 <[email protected]> --------- Signed-off-by: shekhar16 <[email protected]> * fix(jans-fido2): Attestation #8906 * Issue 9111 (#9276) * feat(jans-fido): refactor mds3 codebase and server config Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): revert rename from docker file #9111 Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): add metadatarefreshinterval #9111 Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): changes to refactor metadataservers #9111 Signed-off-by: shekhar16 <[email protected]> --------- Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): changes to refactor requestedParties #9111 (#9329) Signed-off-by: shekhar16 <[email protected]> * fix(jans-fido2): resolve failing test case in `FetchMdsProviderServiceTest` (#9299) fix(jans-fido2): resolve failing test case in FetchMdsProviderServiceTest Co-authored-by: Mohammad Abudayyeh <[email protected]> * docs(customization): updates to customization document to align with custom assets feature (#9106) * docs(customize): add intro and management sections Signed-off-by: ossdhaval <[email protected]> * docs(customization): add location details Signed-off-by: ossdhaval <[email protected]> * docs(customization): add web customization instructions Signed-off-by: ossdhaval <[email protected]> * docs(customization): fix proofreading issues Signed-off-by: ossdhaval <[email protected]> --------- Signed-off-by: ossdhaval <[email protected]> * fix(jans-fido2): removed legacy SuperGluu support #9453 (#9468) Signed-off-by: Madhumita <[email protected]> * feat(jans-fido2): add support for isEnterpriseAttestation in local me… (#9521) * feat(jans-fido2): add support for isEnterpriseAttestation in local metadata retrieval Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): add new unit test for isEnterpriseAttestation Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * Jans fido2 attestation mode 9332 (#9463) * docs(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestationMode Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestation mode Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): update the full flow unit test with monitor attestation mode Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): adding missing imports Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): #9248 Renaming domain to origin and application id to RpId Signed-off-by: Madhumita <[email protected]> * fix(jans-fido2): #9248 * fix(jans-fido2): resolved build failure issues Signed-off-by: imran-ishaq <[email protected]> * Jans fido2 replace requested parties 9248 (#9586) * feat(jans-fido2): changed function type to be accessible and replaced requestParties name and domain with id and origins Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): add test cases for createRpDomain function in AttestationServiceTest Class Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): #9642 * fix(jans-fido2): convert attestationMode from enum to sting Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido): move fidoconfig folder properties to db #9369 (#9611) * feat(jans-fido): move fidoconfig folder properties to db #9369 Signed-off-by: shekhar16 [email protected] * feat(jans-fido): added specialized exception #9369 Signed-off-by: shekhar16 [email protected] --------- Signed-off-by: shekhar16 [email protected] Co-authored-by: Yuriy Movchan <[email protected]> * fix(jans-fido2): #9642 Signed-off-by: Madhumita Subramaniam <[email protected]> * Reflect Authenicator Name with Passkeys (#9716) * feat(jans-fido2): reflect authenticator name with passkeys Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): handle test cases for authenticator name Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> * fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagge… (#9624) fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagger and ConfigurationControllerTest Signed-off-by: imran-ishaq <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> * chore(deps): bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M12 to 4.0.0-M16 in /jans-scim (#9010) chore(deps): bump org.apache.maven.plugins:maven-site-plugin Bumps [org.apache.maven.plugins:maven-site-plugin](https://github.com/apache/maven-site-plugin) from 4.0.0-M12 to 4.0.0-M16. - [Commits](apache/maven-site-plugin@maven-site-plugin-4.0.0-M12...maven-site-plugin-4.0.0-M16) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-site-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jose Gonzalez <[email protected]> * fix(jans-casa): fix issue caused by refactoring (#9838) Signed-off-by: shekhar16 <[email protected]> * fix(jans-fido2): fix document refactoring issue (#9918) Signed-off-by: shekhar16 <[email protected]> * Add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 (#9974) * feat(jans-fido2): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls Signed-off-by: imran-ishaq <[email protected]> * refactor(docs): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): handle origin if http or https is missing #9248 Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * fix(docs): #9248 Signed-off-by: imran-ishaq <[email protected]> * feat(jans-linux-setup): move fidoconfig folder properties to db Signed-off-by: Mustafa Baser <[email protected]> * fix(jans-fido2): fix issues due unused injects (#10035) Signed-off-by: shekhar16 <[email protected]> * fix: fido2 build * fix(ProjectPasskeys) : #9981 added rawId, authenticatorData, publicKey, publicKeyAlgorithm, publicKeyId, transport to the newly created cred object. * fix(jans-ido2): #10101 Update dynamic-conf.json #10101 property name changed and not reflected in the template Signed-off-by: Madhumita Subramaniam <[email protected]> * fix(jans-linux-setup): use sqlconnection instead of mysqlconnection Signed-off-by: Mustafa Baser <[email protected]> * Jans fido Review Configs #10101 (#10204) * Make CommonVerifiersTest class test cases functational (#10209) * fix(jans-fido2): #9642 * fix(jans-fido2): Make AppleAttestationProcessorTest,PackedAttestationProcessorTest,TPMProcessorTest and U2FAttestationProcessorTest test cases functational Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): support for ECC added #10317 * feat(jans-fido2): create new WebAuthn configuration controller that returns an origins array list #10245 * feat(jans-linux-setup): apache proxy pass for .well-known/webauthn Signed-off-by: Mustafa Baser <[email protected]> * fix(ProjectPasskeys): #9765 * fix(docs): update jans fido docs #10245 --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: ossdhaval <[email protected]> Signed-off-by: Rolain Djeumen <[email protected]> Signed-off-by: Arnab Dutta <[email protected]> Signed-off-by: shekhar16 <[email protected]> Signed-off-by: Madhumita <[email protected]> Signed-off-by: imran-ishaq <[email protected]> Signed-off-by: shekhar16 [email protected] Signed-off-by: Mustafa Baser <[email protected]> Signed-off-by: Madhumita Subramaniam <[email protected]> Signed-off-by: Devrim <[email protected]> Signed-off-by: Imran <[email protected]> Co-authored-by: mo-auto <[email protected]> Co-authored-by: Snyk bot <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pujavs <[email protected]> Co-authored-by: Madhumita Subramaniam <[email protected]> Co-authored-by: Yuriy Movchan <[email protected]> Co-authored-by: Dhaval D <[email protected]> Co-authored-by: Djeumen Rolain Bonaventure <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> Co-authored-by: Arnab Dutta <[email protected]> Co-authored-by: Ackermann Yuriy <[email protected]> Co-authored-by: shekhar16 <[email protected]> Co-authored-by: Jose Gonzalez <[email protected]> Co-authored-by: Mustafa Baser <[email protected]> Co-authored-by: Devrim <[email protected]>

…0080) * chore(main): release jans-orm 1.0.1-SNAPSHOT (#1713) * chore(main): release jans-fido2 1.0.1-SNAPSHOT (#1712) * chore(main): release jans-auth-server 1.0.1-SNAPSHOT (#1711) * chore(main): release jans-core 1.0.1-SNAPSHOT (#1710) * chore(main): release jans-scim 1.0.1-SNAPSHOT (#1709) * chore(main): release jans-notify 1.0.1-SNAPSHOT (#1708) * chore(main): release agama 1.0.1-SNAPSHOT (#1707) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#2466) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2471) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 Co-authored-by: snyk-bot <[email protected]> * build(deps): bump commons-text from 1.9 to 1.10.0 in /jans-bom (#2679) Bumps commons-text from 1.9 to 1.10.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-text dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2676) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3037311 * fix: jans-config-api/plugins/sample/helloworld/pom.xml to reduce vulnerabilities (#972) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1009963 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1058913 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1085989 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1303102 Co-authored-by: pujavs <[email protected]> * fix: jans-config-api/pom.xml to reduce vulnerabilities (#1746) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452 Co-authored-by: pujavs <[email protected]> * docs: update README.md (#2367) * chore(main): release jans-core 1.0.5-SNAPSHOT (#3143) * chore(main): release jans-config-api 1.0.5-SNAPSHOT (#3142) * chore(main): release jans-auth-server 1.0.5-SNAPSHOT (#3141) * chore(main): release jans-notify 1.0.5-SNAPSHOT (#3140) * chore(main): release jans-orm 1.0.5-SNAPSHOT (#3139) * chore(main): release jans-eleven 1.0.5-SNAPSHOT (#3138) * chore(main): release jans-fido2 1.0.5-SNAPSHOT (#3137) * chore(main): release jans-bom 1.0.5-SNAPSHOT (#3136) * chore: add owner to jans-config-api (#3283) * build(deps): bump postgresql from 42.5.0 to 42.5.1 in /jans-bom (#3068) Bumps [postgresql](https://github.com/pgjdbc/pgjdbc) from 42.5.0 to 42.5.1. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.5.0...REL42.5.1) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#3315) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <[email protected]> * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#3314) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <[email protected]> * chore(main): release jans-eleven 1.0.6-SNAPSHOT (#3538) * chore(main): release jans-bom 1.0.6-SNAPSHOT (#3539) * chore(main): release jans-notify 1.0.6-SNAPSHOT (#3540) * chore(main): release jans-config-api 1.0.6-SNAPSHOT (#3541) * chore(main): release jans-orm 1.0.6-SNAPSHOT (#3542) * chore(main): release jans-scim 1.0.6-SNAPSHOT (#3543) * chore(main): release jans-auth-server 1.0.6-SNAPSHOT (#3544) * chore(main): release jans-fido2 1.0.6-SNAPSHOT (#3545) * chore(main): release jans-core 1.0.6-SNAPSHOT (#3546) * fix: cbor data stream lenght calculatro return wrong lengh #3614 (#3615) * chore(main): release jans-core 1.0.7-SNAPSHOT (#3919) * chore(main): release jans-scim 1.0.7-SNAPSHOT (#3918) * chore(main): release jans-notify 1.0.7-SNAPSHOT (#3917) * chore(main): release jans-auth-server 1.0.7-SNAPSHOT (#3916) * chore(main): release jans-bom 1.0.7-SNAPSHOT (#3915) * chore(main): release jans-orm 1.0.7-SNAPSHOT (#3914) * chore(main): release agama 1.0.7-SNAPSHOT (#3913) * chore(main): release jans-eleven 1.0.7-SNAPSHOT (#3912) * chore(main): release jans-config-api 1.0.7-SNAPSHOT (#3911) * chore(main): release jans-fido2 1.0.7-SNAPSHOT (#3910) * chore(main): release jans-notify 1.0.8-SNAPSHOT (#4008) * chore(main): release jans-auth-server 1.0.8-SNAPSHOT (#4007) * chore(main): release jans-config-api 1.0.8-SNAPSHOT (#4006) * chore(main): release jans-scim 1.0.8-SNAPSHOT (#4004) * chore(main): release jans-fido2 1.0.8-SNAPSHOT (#4005) * chore(main): release jans-bom 1.0.8-SNAPSHOT (#4003) * chore(main): release jans-core 1.0.8-SNAPSHOT (#4002) * chore(main): release jans-orm 1.0.8-SNAPSHOT (#4001) * chore(main): release jans-eleven 1.0.8-SNAPSHOT (#4000) * chore(main): release agama 1.0.8-SNAPSHOT (#3999) * chore(main): release jans-auth-server 1.0.9-SNAPSHOT (#4064) * chore(main): release jans-fido2 1.0.9-SNAPSHOT (#4062) * chore(main): release jans-auth-server 1.0.10-SNAPSHOT (#4175) * chore(main): release jans-fido2 1.0.10-SNAPSHOT (#4173) * chore(main): release jans-eleven 1.0.10-SNAPSHOT (#4172) * chore(main): release jans-orm 1.0.10-SNAPSHOT (#4171) * chore(main): release jans-notify 1.0.10-SNAPSHOT (#4170) * chore(main): release jans-config-api 1.0.10-SNAPSHOT (#4169) * chore(main): release jans-core 1.0.10-SNAPSHOT (#4168) * chore(main): release jans-bom 1.0.10-SNAPSHOT (#4167) * chore(main): release agama 1.0.10-SNAPSHOT (#4166) * chore(main): release jans-eleven 1.0.11-SNAPSHOT (#4473) * chore(main): release jans-core 1.0.11-SNAPSHOT (#4472) * chore(main): release jans-notify 1.0.11-SNAPSHOT (#4471) * chore(main): release jans-auth-server 1.0.11-SNAPSHOT (#4470) * chore(main): release jans-fido2 1.0.11-SNAPSHOT (#4469) * chore(main): release jans-bom 1.0.11-SNAPSHOT (#4467) * chore(main): release agama 1.0.11-SNAPSHOT (#4466) * chore(main): release jans-orm 1.0.11-SNAPSHOT (#4465) * chore(main): release jans-config-api 1.0.11-SNAPSHOT (#4464) * chore(main): release jans-orm 1.0.12-SNAPSHOT (#4638) * chore(main): release jans-bom 1.0.12-SNAPSHOT (#4636) * chore(main): release jans-core 1.0.12-SNAPSHOT (#4637) * chore(main): release jans-notify 1.0.12-SNAPSHOT (#4634) * chore(main): release jans-config-api 1.0.12-SNAPSHOT (#4633) * chore(main): release jans-auth-server 1.0.12-SNAPSHOT (#4632) * chore(main): release jans-eleven 1.0.12-SNAPSHOT (#4631) * chore(main): release agama 1.0.12-SNAPSHOT (#4630) * chore(main): release jans-scim 1.0.12-SNAPSHOT (#4629) * chore(main): release jans-fido2 1.0.12-SNAPSHOT (#4635) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#4271) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3367610 * chore(deps): bump jettison from 1.5.2 to 1.5.4 in /jans-auth-server (#4275) Bumps [jettison](https://github.com/jettison-json/jettison) from 1.5.2 to 1.5.4. - [Release notes](https://github.com/jettison-json/jettison/releases) - [Commits](jettison-json/jettison@jettison-1.5.2...jettison-1.5.4) --- updated-dependencies: - dependency-name: org.codehaus.jettison:jettison dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(main): release jans-config-api 1.0.13-SNAPSHOT (#4920) * chore(main): release jans-notify 1.0.13-SNAPSHOT (#4917) * chore(main): release jans-auth-server 1.0.13-SNAPSHOT (#4918) * chore(main): release jans-orm 1.0.13-SNAPSHOT (#4916) * chore(main): release agama 1.0.13-SNAPSHOT (#4915) * chore(main): release jans-bom 1.0.13-SNAPSHOT (#4913) * chore(main): release jans-core 1.0.13-SNAPSHOT (#4914) * chore(main): release jans-scim 1.0.13-SNAPSHOT (#4912) * chore(main): release jans-eleven 1.0.13-SNAPSHOT (#4911) * chore(main): release jans-fido2 1.0.13-SNAPSHOT (#4919) * docs: write topic overview pages for properties, feature flags and endpoint sections (#5147) * docs(scripts): endpoint section README.md Signed-off-by: ossdhaval <[email protected]> * docs(scripts): property section readme Signed-off-by: ossdhaval <[email protected]> * docs(scripts): add how to set properties Signed-off-by: ossdhaval <[email protected]> * docs(scripts): add details to feature flag readme Signed-off-by: ossdhaval <[email protected]> --------- Signed-off-by: ossdhaval <[email protected]> * chore(main): release jans-bom 1.0.14-SNAPSHOT (#5211) * chore(main): release jans-config-api 1.0.14-SNAPSHOT (#5209) * chore(main): release jans-scim 1.0.14-SNAPSHOT (#5208) * chore(main): release jans-eleven 1.0.14-SNAPSHOT (#5207) * chore(main): release agama 1.0.14-SNAPSHOT (#5206) * chore(main): release jans-orm 1.0.14-SNAPSHOT (#5205) * chore(main): release jans-fido2 1.0.14-SNAPSHOT (#5204) * chore(main): release jans-core 1.0.14-SNAPSHOT (#5203) * chore(main): release jans-config-api 1.0.15-SNAPSHOT (#5495) * chore(main): release jans-bom 1.0.15-SNAPSHOT (#5493) * chore(main): release agama 1.0.15-SNAPSHOT (#5492) * chore(main): release jans-scim 1.0.15-SNAPSHOT (#5491) * chore(main): release jans-orm 1.0.15-SNAPSHOT (#5490) * chore(main): release jans-fido2 1.0.15-SNAPSHOT (#5489) * chore(main): release jans-eleven 1.0.15-SNAPSHOT (#5488) * chore(main): release jans-core 1.0.15-SNAPSHOT (#5494) * chore(main): release jans-scim 1.0.16-SNAPSHOT (#5733) * chore(main): release jans-fido2 1.0.16-SNAPSHOT (#5730) * chore(main): release jans-auth-server 1.0.16-SNAPSHOT (#5729) * chore(main): release jans-orm 1.0.16-SNAPSHOT (#5728) * chore(main): release agama 1.0.16-SNAPSHOT (#5727) * chore(main): release jans-bom 1.0.16-SNAPSHOT (#5725) * chore(main): release jans-eleven 1.0.16-SNAPSHOT (#5726) * chore(main): release jans-core 1.0.16-SNAPSHOT (#5732) * chore(main): release jans-config-api 1.0.16-SNAPSHOT (#5731) * chore(main): release jans-scim 1.0.17-SNAPSHOT (#6051) * chore(main): release jans-core 1.0.17-SNAPSHOT (#6049) * chore(main): release jans-bom 1.0.17-SNAPSHOT (#6048) * chore(main): release agama 1.0.17-SNAPSHOT (#6047) * chore(main): release jans-auth-server 1.0.17-SNAPSHOT (#6046) * chore(main): release jans-fido2 1.0.17-SNAPSHOT (#6045) * chore(main): release jans-config-api 1.0.17-SNAPSHOT (#6044) * chore(main): release jans-eleven 1.0.17-SNAPSHOT (#6043) * chore(main): release jans-orm 1.0.17-SNAPSHOT (#6050) * chore(main): release jans-orm 1.0.18-SNAPSHOT (#6115) * chore(main): release jans-bom 1.0.18-SNAPSHOT (#6113) * chore(main): release jans-config-api 1.0.18-SNAPSHOT (#6112) * chore(main): release jans-auth-server 1.0.18-SNAPSHOT (#6111) * chore(main): release jans-core 1.0.18-SNAPSHOT (#6110) * chore(main): release jans-fido2 1.0.18-SNAPSHOT (#6108) * chore(main): release agama 1.0.18-SNAPSHOT (#6109) * chore(main): release jans-eleven 1.0.18-SNAPSHOT (#6107) * chore(main): release jans-scim 1.0.18-SNAPSHOT (#6114) * chore(main): release jans-scim 1.0.19-SNAPSHOT (#6245) * chore(main): release jans-bom 1.0.19-SNAPSHOT (#6241) * chore(main): release jans-fido2 1.0.19-SNAPSHOT (#6240) * chore(main): release jans-auth-server 1.0.19-SNAPSHOT (#6239) * chore(main): release jans-config-api 1.0.19-SNAPSHOT (#6238) * chore(main): release agama 1.0.19-SNAPSHOT (#6236) * chore(main): release jans-eleven 1.0.19-SNAPSHOT (#6235) * chore(main): release jans-orm 1.0.19-SNAPSHOT (#6244) * chore(main): release jans-scim 1.0.20-SNAPSHOT (#6485) * chore(main): release jans-core 1.0.20-SNAPSHOT (#6483) * chore(main): release jans-bom 1.0.20-SNAPSHOT (#6482) * chore(main): release jans-link 1.0.20-SNAPSHOT (#6481) * chore(main): release jans-fido2 1.0.20-SNAPSHOT (#6480) * chore(main): release jans-casa 1.0.20-SNAPSHOT (#6479) * chore(main): release jans-eleven 1.0.20-SNAPSHOT (#6478) * chore(main): release jans-config-api 1.0.20-SNAPSHOT (#6477) * chore(main): release agama 1.0.20-SNAPSHOT (#6476) * chore(main): release jans-auth-server 1.0.20-SNAPSHOT (#6475) * chore(main): release jans-orm 1.0.20-SNAPSHOT (#6484) * chore(main): release jans-orm 1.0.21-SNAPSHOT (#7022) * chore(main): release jans-scim 1.0.21-SNAPSHOT (#7020) * chore(main): release jans-auth-server 1.0.21-SNAPSHOT (#7019) * chore(main): release agama 1.0.21-SNAPSHOT (#7018) * chore(main): release jans-eleven 1.0.21-SNAPSHOT (#7017) * chore(main): release jans-fido2 1.0.21-SNAPSHOT (#7016) * chore(main): release jans-config-api 1.0.21-SNAPSHOT (#7015) * chore(main): release jans-bom 1.0.21-SNAPSHOT (#7014) * chore(main): release jans-core 1.0.21-SNAPSHOT (#7013) * chore(main): release jans-casa 1.0.21-SNAPSHOT (#7012) * chore(main): release jans-keycloak-link 1.0.21-SNAPSHOT (#7021) * chore(main): release jans-keycloak-link 1.0.22-SNAPSHOT (#7469) * chore(main): release jans-scim 1.0.22-SNAPSHOT (#7468) * chore(main): release jans-orm 1.0.22-SNAPSHOT (#7467) * chore(main): release jans-lock 1.0.22-SNAPSHOT (#7466) * chore(main): release jans-link 1.0.22-SNAPSHOT (#7465) * chore(main): release jans-fido2 1.0.22-SNAPSHOT (#7464) * chore(main): release jans-eleven 1.0.22-SNAPSHOT (#7463) * chore(main): release jans-config-api 1.0.22-SNAPSHOT (#7462) * chore(main): release jans-core 1.0.22-SNAPSHOT (#7461) * chore(main): release jans-casa 1.0.22-SNAPSHOT (#7460) * chore(main): release agama 1.0.22-SNAPSHOT (#7459) * chore(main): release jans-bom 1.0.22-SNAPSHOT (#7458) * chore(main): release jans-auth-server 1.0.22-SNAPSHOT (#7457) * fix(jans-keycloak-integration): security bugfixes #8954 (#8962) * fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <[email protected]> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * bumped nimbus oidc sdk version Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * removed old metadata parser and entityidhandler from `jans-core-saml` Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * further removed old saml related code Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8654 * removed unused dependencies in jans-core-saml Signed-off-by: Rolain Djeumen <[email protected]> --------- Signed-off-by: Rolain Djeumen <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> * feat: Minimum support ES256, RS1, RS256, ED25519 (#9086) * feat: Minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <[email protected]> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <[email protected]> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <[email protected]> * feat: using SHA512 for Ed25519 Signed-off-by: Arnab Dutta <[email protected]> --------- Signed-off-by: Arnab Dutta <[email protected]> * feat: refactor Assertion/Attestation to Jackson ObjectMapper (#9023) * feat: refactor Assertion/Attestation to Jackson ObjectMapper Signed-off-by: Arnab Dutta <[email protected]> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <[email protected]> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <[email protected]> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <[email protected]> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <[email protected]> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <[email protected]> --------- Signed-off-by: Arnab Dutta <[email protected]> * fix(jans-fido2): removing safetynet and android #8901 * fix(jans-fido2): Removing multiple Assertion processors #8902 * feat: add support for BS / BE flags in AuthData #8903 (#8968) * feat: add support for BS / BE flags in AuthData #8903 Signed-off-by: Arnab Dutta <[email protected]> * feat: adding comments Signed-off-by: Arnab Dutta <[email protected]> * feat: adding comments Signed-off-by: Arnab Dutta <[email protected]> --------- Signed-off-by: Arnab Dutta <[email protected]> Co-authored-by: Ackermann Yuriy <[email protected]> * fix(jans-fido2): #8906, Basic simplification and refactoring of Attestation and Assertion Response * Issue 8908 (#9241) * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): #8908 delete unused file Signed-off-by: shekhar16 <[email protected]> --------- Signed-off-by: shekhar16 <[email protected]> * fix(jans-fido2): Attestation #8906 * Issue 9111 (#9276) * feat(jans-fido): refactor mds3 codebase and server config Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): revert rename from docker file #9111 Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): add metadatarefreshinterval #9111 Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): changes to refactor metadataservers #9111 Signed-off-by: shekhar16 <[email protected]> --------- Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): changes to refactor requestedParties #9111 (#9329) Signed-off-by: shekhar16 <[email protected]> * fix(jans-fido2): resolve failing test case in `FetchMdsProviderServiceTest` (#9299) fix(jans-fido2): resolve failing test case in FetchMdsProviderServiceTest Co-authored-by: Mohammad Abudayyeh <[email protected]> * docs(customization): updates to customization document to align with custom assets feature (#9106) * docs(customize): add intro and management sections Signed-off-by: ossdhaval <[email protected]> * docs(customization): add location details Signed-off-by: ossdhaval <[email protected]> * docs(customization): add web customization instructions Signed-off-by: ossdhaval <[email protected]> * docs(customization): fix proofreading issues Signed-off-by: ossdhaval <[email protected]> --------- Signed-off-by: ossdhaval <[email protected]> * fix(jans-fido2): removed legacy SuperGluu support #9453 (#9468) Signed-off-by: Madhumita <[email protected]> * feat(jans-fido2): add support for isEnterpriseAttestation in local me… (#9521) * feat(jans-fido2): add support for isEnterpriseAttestation in local metadata retrieval Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): add new unit test for isEnterpriseAttestation Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * Jans fido2 attestation mode 9332 (#9463) * docs(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestationMode Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestation mode Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): update the full flow unit test with monitor attestation mode Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): adding missing imports Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): #9248 Renaming domain to origin and application id to RpId Signed-off-by: Madhumita <[email protected]> * fix(jans-fido2): #9248 * fix(jans-fido2): resolved build failure issues Signed-off-by: imran-ishaq <[email protected]> * Jans fido2 replace requested parties 9248 (#9586) * feat(jans-fido2): changed function type to be accessible and replaced requestParties name and domain with id and origins Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): add test cases for createRpDomain function in AttestationServiceTest Class Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): #9642 * fix(jans-fido2): convert attestationMode from enum to sting Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido): move fidoconfig folder properties to db #9369 (#9611) * feat(jans-fido): move fidoconfig folder properties to db #9369 Signed-off-by: shekhar16 [email protected] * feat(jans-fido): added specialized exception #9369 Signed-off-by: shekhar16 [email protected] --------- Signed-off-by: shekhar16 [email protected] Co-authored-by: Yuriy Movchan <[email protected]> * fix(jans-fido2): #9642 Signed-off-by: Madhumita Subramaniam <[email protected]> * Reflect Authenicator Name with Passkeys (#9716) * feat(jans-fido2): reflect authenticator name with passkeys Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): handle test cases for authenticator name Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> * fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagge… (#9624) fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagger and ConfigurationControllerTest Signed-off-by: imran-ishaq <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> * chore(deps): bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M12 to 4.0.0-M16 in /jans-scim (#9010) chore(deps): bump org.apache.maven.plugins:maven-site-plugin Bumps [org.apache.maven.plugins:maven-site-plugin](https://github.com/apache/maven-site-plugin) from 4.0.0-M12 to 4.0.0-M16. - [Commits](apache/maven-site-plugin@maven-site-plugin-4.0.0-M12...maven-site-plugin-4.0.0-M16) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-site-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jose Gonzalez <[email protected]> * fix(jans-casa): fix issue caused by refactoring (#9838) Signed-off-by: shekhar16 <[email protected]> * fix(jans-fido2): fix document refactoring issue (#9918) Signed-off-by: shekhar16 <[email protected]> * Add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 (#9974) * feat(jans-fido2): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls Signed-off-by: imran-ishaq <[email protected]> * refactor(docs): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): handle origin if http or https is missing #9248 Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * fix(docs): #9248 Signed-off-by: imran-ishaq <[email protected]> * feat(jans-linux-setup): move fidoconfig folder properties to db Signed-off-by: Mustafa Baser <[email protected]> * fix(jans-fido2): fix issues due unused injects (#10035) Signed-off-by: shekhar16 <[email protected]> * fix: fido2 build * fix(ProjectPasskeys) : #9981 added rawId, authenticatorData, publicKey, publicKeyAlgorithm, publicKeyId, transport to the newly created cred object. * fix(jans-ido2): #10101 Update dynamic-conf.json #10101 property name changed and not reflected in the template Signed-off-by: Madhumita Subramaniam <[email protected]> * fix(jans-linux-setup): use sqlconnection instead of mysqlconnection Signed-off-by: Mustafa Baser <[email protected]> * Jans fido Review Configs #10101 (#10204) * Make CommonVerifiersTest class test cases functational (#10209) * fix(jans-fido2): #9642 * fix(jans-fido2): Make AppleAttestationProcessorTest,PackedAttestationProcessorTest,TPMProcessorTest and U2FAttestationProcessorTest test cases functational Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): support for ECC added #10317 * fix(ProjectPasskeys): #9765 --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: ossdhaval <[email protected]> Signed-off-by: Rolain Djeumen <[email protected]> Signed-off-by: Arnab Dutta <[email protected]> Signed-off-by: shekhar16 <[email protected]> Signed-off-by: Madhumita <[email protected]> Signed-off-by: imran-ishaq <[email protected]> Signed-off-by: shekhar16 [email protected] Signed-off-by: Mustafa Baser <[email protected]> Signed-off-by: Madhumita Subramaniam <[email protected]> Signed-off-by: Devrim <[email protected]> Co-authored-by: mo-auto <[email protected]> Co-authored-by: Snyk bot <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pujavs <[email protected]> Co-authored-by: Madhumita Subramaniam <[email protected]> Co-authored-by: Yuriy Movchan <[email protected]> Co-authored-by: Dhaval D <[email protected]> Co-authored-by: Djeumen Rolain Bonaventure <[email protected]> Co-authored-by: Arnab Dutta <[email protected]> Co-authored-by: Ackermann Yuriy <[email protected]> Co-authored-by: shekhar16 <[email protected]> Co-authored-by: Imran <[email protected]> Co-authored-by: imran-ishaq <[email protected]> Co-authored-by: Jose Gonzalez <[email protected]> Co-authored-by: Mustafa Baser <[email protected]> Co-authored-by: Devrim <[email protected]>

… array list (#10339) * chore(main): release jans-orm 1.0.1-SNAPSHOT (#1713) * chore(main): release jans-fido2 1.0.1-SNAPSHOT (#1712) * chore(main): release jans-auth-server 1.0.1-SNAPSHOT (#1711) * chore(main): release jans-core 1.0.1-SNAPSHOT (#1710) * chore(main): release jans-scim 1.0.1-SNAPSHOT (#1709) * chore(main): release jans-notify 1.0.1-SNAPSHOT (#1708) * chore(main): release agama 1.0.1-SNAPSHOT (#1707) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#2466) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2471) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 Co-authored-by: snyk-bot <[email protected]> * build(deps): bump commons-text from 1.9 to 1.10.0 in /jans-bom (#2679) Bumps commons-text from 1.9 to 1.10.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-text dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#2676) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3033152 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3037311 * fix: jans-config-api/plugins/sample/helloworld/pom.xml to reduce vulnerabilities (#972) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1009963 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1058913 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1085989 - https://snyk.io/vuln/SNYK-JAVA-ORGJBOSSRESTEASY-1303102 Co-authored-by: pujavs <[email protected]> * fix: jans-config-api/pom.xml to reduce vulnerabilities (#1746) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTY-2945452 Co-authored-by: pujavs <[email protected]> * docs: update README.md (#2367) * chore(main): release jans-core 1.0.5-SNAPSHOT (#3143) * chore(main): release jans-config-api 1.0.5-SNAPSHOT (#3142) * chore(main): release jans-auth-server 1.0.5-SNAPSHOT (#3141) * chore(main): release jans-notify 1.0.5-SNAPSHOT (#3140) * chore(main): release jans-orm 1.0.5-SNAPSHOT (#3139) * chore(main): release jans-eleven 1.0.5-SNAPSHOT (#3138) * chore(main): release jans-fido2 1.0.5-SNAPSHOT (#3137) * chore(main): release jans-bom 1.0.5-SNAPSHOT (#3136) * chore: add owner to jans-config-api (#3283) * build(deps): bump postgresql from 42.5.0 to 42.5.1 in /jans-bom (#3068) Bumps [postgresql](https://github.com/pgjdbc/pgjdbc) from 42.5.0 to 42.5.1. - [Release notes](https://github.com/pgjdbc/pgjdbc/releases) - [Changelog](https://github.com/pgjdbc/pgjdbc/blob/master/CHANGELOG.md) - [Commits](pgjdbc/pgjdbc@REL42.5.0...REL42.5.1) --- updated-dependencies: - dependency-name: org.postgresql:postgresql dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix: jans-eleven/pom.xml to reduce vulnerabilities (#3315) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <[email protected]> * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#3314) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168084 - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3168085 Co-authored-by: snyk-bot <[email protected]> * chore(main): release jans-eleven 1.0.6-SNAPSHOT (#3538) * chore(main): release jans-bom 1.0.6-SNAPSHOT (#3539) * chore(main): release jans-notify 1.0.6-SNAPSHOT (#3540) * chore(main): release jans-config-api 1.0.6-SNAPSHOT (#3541) * chore(main): release jans-orm 1.0.6-SNAPSHOT (#3542) * chore(main): release jans-scim 1.0.6-SNAPSHOT (#3543) * chore(main): release jans-auth-server 1.0.6-SNAPSHOT (#3544) * chore(main): release jans-fido2 1.0.6-SNAPSHOT (#3545) * chore(main): release jans-core 1.0.6-SNAPSHOT (#3546) * fix: cbor data stream lenght calculatro return wrong lengh #3614 (#3615) * chore(main): release jans-core 1.0.7-SNAPSHOT (#3919) * chore(main): release jans-scim 1.0.7-SNAPSHOT (#3918) * chore(main): release jans-notify 1.0.7-SNAPSHOT (#3917) * chore(main): release jans-auth-server 1.0.7-SNAPSHOT (#3916) * chore(main): release jans-bom 1.0.7-SNAPSHOT (#3915) * chore(main): release jans-orm 1.0.7-SNAPSHOT (#3914) * chore(main): release agama 1.0.7-SNAPSHOT (#3913) * chore(main): release jans-eleven 1.0.7-SNAPSHOT (#3912) * chore(main): release jans-config-api 1.0.7-SNAPSHOT (#3911) * chore(main): release jans-fido2 1.0.7-SNAPSHOT (#3910) * chore(main): release jans-notify 1.0.8-SNAPSHOT (#4008) * chore(main): release jans-auth-server 1.0.8-SNAPSHOT (#4007) * chore(main): release jans-config-api 1.0.8-SNAPSHOT (#4006) * chore(main): release jans-scim 1.0.8-SNAPSHOT (#4004) * chore(main): release jans-fido2 1.0.8-SNAPSHOT (#4005) * chore(main): release jans-bom 1.0.8-SNAPSHOT (#4003) * chore(main): release jans-core 1.0.8-SNAPSHOT (#4002) * chore(main): release jans-orm 1.0.8-SNAPSHOT (#4001) * chore(main): release jans-eleven 1.0.8-SNAPSHOT (#4000) * chore(main): release agama 1.0.8-SNAPSHOT (#3999) * chore(main): release jans-auth-server 1.0.9-SNAPSHOT (#4064) * chore(main): release jans-fido2 1.0.9-SNAPSHOT (#4062) * chore(main): release jans-auth-server 1.0.10-SNAPSHOT (#4175) * chore(main): release jans-fido2 1.0.10-SNAPSHOT (#4173) * chore(main): release jans-eleven 1.0.10-SNAPSHOT (#4172) * chore(main): release jans-orm 1.0.10-SNAPSHOT (#4171) * chore(main): release jans-notify 1.0.10-SNAPSHOT (#4170) * chore(main): release jans-config-api 1.0.10-SNAPSHOT (#4169) * chore(main): release jans-core 1.0.10-SNAPSHOT (#4168) * chore(main): release jans-bom 1.0.10-SNAPSHOT (#4167) * chore(main): release agama 1.0.10-SNAPSHOT (#4166) * chore(main): release jans-eleven 1.0.11-SNAPSHOT (#4473) * chore(main): release jans-core 1.0.11-SNAPSHOT (#4472) * chore(main): release jans-notify 1.0.11-SNAPSHOT (#4471) * chore(main): release jans-auth-server 1.0.11-SNAPSHOT (#4470) * chore(main): release jans-fido2 1.0.11-SNAPSHOT (#4469) * chore(main): release jans-bom 1.0.11-SNAPSHOT (#4467) * chore(main): release agama 1.0.11-SNAPSHOT (#4466) * chore(main): release jans-orm 1.0.11-SNAPSHOT (#4465) * chore(main): release jans-config-api 1.0.11-SNAPSHOT (#4464) * chore(main): release jans-orm 1.0.12-SNAPSHOT (#4638) * chore(main): release jans-bom 1.0.12-SNAPSHOT (#4636) * chore(main): release jans-core 1.0.12-SNAPSHOT (#4637) * chore(main): release jans-notify 1.0.12-SNAPSHOT (#4634) * chore(main): release jans-config-api 1.0.12-SNAPSHOT (#4633) * chore(main): release jans-auth-server 1.0.12-SNAPSHOT (#4632) * chore(main): release jans-eleven 1.0.12-SNAPSHOT (#4631) * chore(main): release agama 1.0.12-SNAPSHOT (#4630) * chore(main): release jans-scim 1.0.12-SNAPSHOT (#4629) * chore(main): release jans-fido2 1.0.12-SNAPSHOT (#4635) * fix: jans-auth-server/pom.xml to reduce vulnerabilities (#4271) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSJETTISON-3367610 * chore(deps): bump jettison from 1.5.2 to 1.5.4 in /jans-auth-server (#4275) Bumps [jettison](https://github.com/jettison-json/jettison) from 1.5.2 to 1.5.4. - [Release notes](https://github.com/jettison-json/jettison/releases) - [Commits](jettison-json/jettison@jettison-1.5.2...jettison-1.5.4) --- updated-dependencies: - dependency-name: org.codehaus.jettison:jettison dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(main): release jans-config-api 1.0.13-SNAPSHOT (#4920) * chore(main): release jans-notify 1.0.13-SNAPSHOT (#4917) * chore(main): release jans-auth-server 1.0.13-SNAPSHOT (#4918) * chore(main): release jans-orm 1.0.13-SNAPSHOT (#4916) * chore(main): release agama 1.0.13-SNAPSHOT (#4915) * chore(main): release jans-bom 1.0.13-SNAPSHOT (#4913) * chore(main): release jans-core 1.0.13-SNAPSHOT (#4914) * chore(main): release jans-scim 1.0.13-SNAPSHOT (#4912) * chore(main): release jans-eleven 1.0.13-SNAPSHOT (#4911) * chore(main): release jans-fido2 1.0.13-SNAPSHOT (#4919) * docs: write topic overview pages for properties, feature flags and endpoint sections (#5147) * docs(scripts): endpoint section README.md Signed-off-by: ossdhaval <[email protected]> * docs(scripts): property section readme Signed-off-by: ossdhaval <[email protected]> * docs(scripts): add how to set properties Signed-off-by: ossdhaval <[email protected]> * docs(scripts): add details to feature flag readme Signed-off-by: ossdhaval <[email protected]> --------- Signed-off-by: ossdhaval <[email protected]> * chore(main): release jans-bom 1.0.14-SNAPSHOT (#5211) * chore(main): release jans-config-api 1.0.14-SNAPSHOT (#5209) * chore(main): release jans-scim 1.0.14-SNAPSHOT (#5208) * chore(main): release jans-eleven 1.0.14-SNAPSHOT (#5207) * chore(main): release agama 1.0.14-SNAPSHOT (#5206) * chore(main): release jans-orm 1.0.14-SNAPSHOT (#5205) * chore(main): release jans-fido2 1.0.14-SNAPSHOT (#5204) * chore(main): release jans-core 1.0.14-SNAPSHOT (#5203) * chore(main): release jans-config-api 1.0.15-SNAPSHOT (#5495) * chore(main): release jans-bom 1.0.15-SNAPSHOT (#5493) * chore(main): release agama 1.0.15-SNAPSHOT (#5492) * chore(main): release jans-scim 1.0.15-SNAPSHOT (#5491) * chore(main): release jans-orm 1.0.15-SNAPSHOT (#5490) * chore(main): release jans-fido2 1.0.15-SNAPSHOT (#5489) * chore(main): release jans-eleven 1.0.15-SNAPSHOT (#5488) * chore(main): release jans-core 1.0.15-SNAPSHOT (#5494) * chore(main): release jans-scim 1.0.16-SNAPSHOT (#5733) * chore(main): release jans-fido2 1.0.16-SNAPSHOT (#5730) * chore(main): release jans-auth-server 1.0.16-SNAPSHOT (#5729) * chore(main): release jans-orm 1.0.16-SNAPSHOT (#5728) * chore(main): release agama 1.0.16-SNAPSHOT (#5727) * chore(main): release jans-bom 1.0.16-SNAPSHOT (#5725) * chore(main): release jans-eleven 1.0.16-SNAPSHOT (#5726) * chore(main): release jans-core 1.0.16-SNAPSHOT (#5732) * chore(main): release jans-config-api 1.0.16-SNAPSHOT (#5731) * chore(main): release jans-scim 1.0.17-SNAPSHOT (#6051) * chore(main): release jans-core 1.0.17-SNAPSHOT (#6049) * chore(main): release jans-bom 1.0.17-SNAPSHOT (#6048) * chore(main): release agama 1.0.17-SNAPSHOT (#6047) * chore(main): release jans-auth-server 1.0.17-SNAPSHOT (#6046) * chore(main): release jans-fido2 1.0.17-SNAPSHOT (#6045) * chore(main): release jans-config-api 1.0.17-SNAPSHOT (#6044) * chore(main): release jans-eleven 1.0.17-SNAPSHOT (#6043) * chore(main): release jans-orm 1.0.17-SNAPSHOT (#6050) * chore(main): release jans-orm 1.0.18-SNAPSHOT (#6115) * chore(main): release jans-bom 1.0.18-SNAPSHOT (#6113) * chore(main): release jans-config-api 1.0.18-SNAPSHOT (#6112) * chore(main): release jans-auth-server 1.0.18-SNAPSHOT (#6111) * chore(main): release jans-core 1.0.18-SNAPSHOT (#6110) * chore(main): release jans-fido2 1.0.18-SNAPSHOT (#6108) * chore(main): release agama 1.0.18-SNAPSHOT (#6109) * chore(main): release jans-eleven 1.0.18-SNAPSHOT (#6107) * chore(main): release jans-scim 1.0.18-SNAPSHOT (#6114) * chore(main): release jans-scim 1.0.19-SNAPSHOT (#6245) * chore(main): release jans-bom 1.0.19-SNAPSHOT (#6241) * chore(main): release jans-fido2 1.0.19-SNAPSHOT (#6240) * chore(main): release jans-auth-server 1.0.19-SNAPSHOT (#6239) * chore(main): release jans-config-api 1.0.19-SNAPSHOT (#6238) * chore(main): release agama 1.0.19-SNAPSHOT (#6236) * chore(main): release jans-eleven 1.0.19-SNAPSHOT (#6235) * chore(main): release jans-orm 1.0.19-SNAPSHOT (#6244) * chore(main): release jans-scim 1.0.20-SNAPSHOT (#6485) * chore(main): release jans-core 1.0.20-SNAPSHOT (#6483) * chore(main): release jans-bom 1.0.20-SNAPSHOT (#6482) * chore(main): release jans-link 1.0.20-SNAPSHOT (#6481) * chore(main): release jans-fido2 1.0.20-SNAPSHOT (#6480) * chore(main): release jans-casa 1.0.20-SNAPSHOT (#6479) * chore(main): release jans-eleven 1.0.20-SNAPSHOT (#6478) * chore(main): release jans-config-api 1.0.20-SNAPSHOT (#6477) * chore(main): release agama 1.0.20-SNAPSHOT (#6476) * chore(main): release jans-auth-server 1.0.20-SNAPSHOT (#6475) * chore(main): release jans-orm 1.0.20-SNAPSHOT (#6484) * chore(main): release jans-orm 1.0.21-SNAPSHOT (#7022) * chore(main): release jans-scim 1.0.21-SNAPSHOT (#7020) * chore(main): release jans-auth-server 1.0.21-SNAPSHOT (#7019) * chore(main): release agama 1.0.21-SNAPSHOT (#7018) * chore(main): release jans-eleven 1.0.21-SNAPSHOT (#7017) * chore(main): release jans-fido2 1.0.21-SNAPSHOT (#7016) * chore(main): release jans-config-api 1.0.21-SNAPSHOT (#7015) * chore(main): release jans-bom 1.0.21-SNAPSHOT (#7014) * chore(main): release jans-core 1.0.21-SNAPSHOT (#7013) * chore(main): release jans-casa 1.0.21-SNAPSHOT (#7012) * chore(main): release jans-keycloak-link 1.0.21-SNAPSHOT (#7021) * chore(main): release jans-keycloak-link 1.0.22-SNAPSHOT (#7469) * chore(main): release jans-scim 1.0.22-SNAPSHOT (#7468) * chore(main): release jans-orm 1.0.22-SNAPSHOT (#7467) * chore(main): release jans-lock 1.0.22-SNAPSHOT (#7466) * chore(main): release jans-link 1.0.22-SNAPSHOT (#7465) * chore(main): release jans-fido2 1.0.22-SNAPSHOT (#7464) * chore(main): release jans-eleven 1.0.22-SNAPSHOT (#7463) * chore(main): release jans-config-api 1.0.22-SNAPSHOT (#7462) * chore(main): release jans-core 1.0.22-SNAPSHOT (#7461) * chore(main): release jans-casa 1.0.22-SNAPSHOT (#7460) * chore(main): release agama 1.0.22-SNAPSHOT (#7459) * chore(main): release jans-bom 1.0.22-SNAPSHOT (#7458) * chore(main): release jans-auth-server 1.0.22-SNAPSHOT (#7457) * fix(jans-keycloak-integration): security bugfixes #8954 (#8962) * fix(jans-linux-setup): improper scim configuration for jans kc #8210 * updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <[email protected]> * chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315 Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * bumped nimbus oidc sdk version Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * removed old metadata parser and entityidhandler from `jans-core-saml` Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8954 * further removed old saml related code Signed-off-by: Rolain Djeumen <[email protected]> * fix(jans-keycloak-integration): security bugfixes #8654 * removed unused dependencies in jans-core-saml Signed-off-by: Rolain Djeumen <[email protected]> --------- Signed-off-by: Rolain Djeumen <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> * feat: Minimum support ES256, RS1, RS256, ED25519 (#9086) * feat: Minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <[email protected]> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <[email protected]> * feat: minimum support ES256, RS1, RS256, ED25519 Signed-off-by: Arnab Dutta <[email protected]> * feat: using SHA512 for Ed25519 Signed-off-by: Arnab Dutta <[email protected]> --------- Signed-off-by: Arnab Dutta <[email protected]> * feat: refactor Assertion/Attestation to Jackson ObjectMapper (#9023) * feat: refactor Assertion/Attestation to Jackson ObjectMapper Signed-off-by: Arnab Dutta <[email protected]> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <[email protected]> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <[email protected]> * feat: fixing sonar issues Signed-off-by: Arnab Dutta <[email protected]> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <[email protected]> * feat: addressing PR reviews Signed-off-by: Arnab Dutta <[email protected]> --------- Signed-off-by: Arnab Dutta <[email protected]> * fix(jans-fido2): removing safetynet and android #8901 * fix(jans-fido2): Removing multiple Assertion processors #8902 * feat: add support for BS / BE flags in AuthData #8903 (#8968) * feat: add support for BS / BE flags in AuthData #8903 Signed-off-by: Arnab Dutta <[email protected]> * feat: adding comments Signed-off-by: Arnab Dutta <[email protected]> * feat: adding comments Signed-off-by: Arnab Dutta <[email protected]> --------- Signed-off-by: Arnab Dutta <[email protected]> Co-authored-by: Ackermann Yuriy <[email protected]> * fix(jans-fido2): #8906, Basic simplification and refactoring of Attestation and Assertion Response * Issue 8908 (#9241) * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): #8908 add support for webauthn hints Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): #8908 delete unused file Signed-off-by: shekhar16 <[email protected]> --------- Signed-off-by: shekhar16 <[email protected]> * fix(jans-fido2): Attestation #8906 * Issue 9111 (#9276) * feat(jans-fido): refactor mds3 codebase and server config Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): revert rename from docker file #9111 Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): add metadatarefreshinterval #9111 Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): changes to refactor metadataservers #9111 Signed-off-by: shekhar16 <[email protected]> --------- Signed-off-by: shekhar16 <[email protected]> * feat(jans-fido): changes to refactor requestedParties #9111 (#9329) Signed-off-by: shekhar16 <[email protected]> * fix(jans-fido2): resolve failing test case in `FetchMdsProviderServiceTest` (#9299) fix(jans-fido2): resolve failing test case in FetchMdsProviderServiceTest Co-authored-by: Mohammad Abudayyeh <[email protected]> * docs(customization): updates to customization document to align with custom assets feature (#9106) * docs(customize): add intro and management sections Signed-off-by: ossdhaval <[email protected]> * docs(customization): add location details Signed-off-by: ossdhaval <[email protected]> * docs(customization): add web customization instructions Signed-off-by: ossdhaval <[email protected]> * docs(customization): fix proofreading issues Signed-off-by: ossdhaval <[email protected]> --------- Signed-off-by: ossdhaval <[email protected]> * fix(jans-fido2): removed legacy SuperGluu support #9453 (#9468) Signed-off-by: Madhumita <[email protected]> * feat(jans-fido2): add support for isEnterpriseAttestation in local me… (#9521) * feat(jans-fido2): add support for isEnterpriseAttestation in local metadata retrieval Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): add new unit test for isEnterpriseAttestation Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * Jans fido2 attestation mode 9332 (#9463) * docs(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestationMode Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): replaced skipValidateMdsInAttestationEnabled && skipAttestation with attestation mode Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): update the full flow unit test with monitor attestation mode Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): adding missing imports Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): #9248 Renaming domain to origin and application id to RpId Signed-off-by: Madhumita <[email protected]> * fix(jans-fido2): #9248 * fix(jans-fido2): resolved build failure issues Signed-off-by: imran-ishaq <[email protected]> * Jans fido2 replace requested parties 9248 (#9586) * feat(jans-fido2): changed function type to be accessible and replaced requestParties name and domain with id and origins Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido2): add test cases for createRpDomain function in AttestationServiceTest Class Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): #9642 * fix(jans-fido2): convert attestationMode from enum to sting Signed-off-by: imran-ishaq <[email protected]> * feat(jans-fido): move fidoconfig folder properties to db #9369 (#9611) * feat(jans-fido): move fidoconfig folder properties to db #9369 Signed-off-by: shekhar16 [email protected] * feat(jans-fido): added specialized exception #9369 Signed-off-by: shekhar16 [email protected] --------- Signed-off-by: shekhar16 [email protected] Co-authored-by: Yuriy Movchan <[email protected]> * fix(jans-fido2): #9642 Signed-off-by: Madhumita Subramaniam <[email protected]> * Reflect Authenicator Name with Passkeys (#9716) * feat(jans-fido2): reflect authenticator name with passkeys Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): handle test cases for authenticator name Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> * fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagge… (#9624) fix(jans-fido2): remove superGluu-related endpoints from FIDO2 Swagger and ConfigurationControllerTest Signed-off-by: imran-ishaq <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> * chore(deps): bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M12 to 4.0.0-M16 in /jans-scim (#9010) chore(deps): bump org.apache.maven.plugins:maven-site-plugin Bumps [org.apache.maven.plugins:maven-site-plugin](https://github.com/apache/maven-site-plugin) from 4.0.0-M12 to 4.0.0-M16. - [Commits](apache/maven-site-plugin@maven-site-plugin-4.0.0-M12...maven-site-plugin-4.0.0-M16) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-site-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jose Gonzalez <[email protected]> * fix(jans-casa): fix issue caused by refactoring (#9838) Signed-off-by: shekhar16 <[email protected]> * fix(jans-fido2): fix document refactoring issue (#9918) Signed-off-by: shekhar16 <[email protected]> * Add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 (#9974) * feat(jans-fido2): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls Signed-off-by: imran-ishaq <[email protected]> * refactor(docs): add origin parameter in Fido2ExternalAuthenticator script for attestation and assertion API calls #9248 Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): handle origin if http or https is missing #9248 Signed-off-by: imran-ishaq <[email protected]> --------- Signed-off-by: imran-ishaq <[email protected]> * fix(docs): #9248 Signed-off-by: imran-ishaq <[email protected]> * feat(jans-linux-setup): move fidoconfig folder properties to db Signed-off-by: Mustafa Baser <[email protected]> * fix(jans-fido2): fix issues due unused injects (#10035) Signed-off-by: shekhar16 <[email protected]> * fix: fido2 build * fix(ProjectPasskeys) : #9981 added rawId, authenticatorData, publicKey, publicKeyAlgorithm, publicKeyId, transport to the newly created cred object. * fix(jans-ido2): #10101 Update dynamic-conf.json #10101 property name changed and not reflected in the template Signed-off-by: Madhumita Subramaniam <[email protected]> * fix(jans-linux-setup): use sqlconnection instead of mysqlconnection Signed-off-by: Mustafa Baser <[email protected]> * Jans fido Review Configs #10101 (#10204) * Make CommonVerifiersTest class test cases functational (#10209) * fix(jans-fido2): #9642 * fix(jans-fido2): Make AppleAttestationProcessorTest,PackedAttestationProcessorTest,TPMProcessorTest and U2FAttestationProcessorTest test cases functational Signed-off-by: imran-ishaq <[email protected]> * fix(jans-fido2): support for ECC added #10317 * feat(jans-fido2): create new WebAuthn configuration controller that returns an origins array list #10245 * feat(jans-linux-setup): apache proxy pass for .well-known/webauthn Signed-off-by: Mustafa Baser <[email protected]> * fix(ProjectPasskeys): #9765 * fix(docs): update jans fido docs #10245 --------- Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: ossdhaval <[email protected]> Signed-off-by: Rolain Djeumen <[email protected]> Signed-off-by: Arnab Dutta <[email protected]> Signed-off-by: shekhar16 <[email protected]> Signed-off-by: Madhumita <[email protected]> Signed-off-by: imran-ishaq <[email protected]> Signed-off-by: shekhar16 [email protected] Signed-off-by: Mustafa Baser <[email protected]> Signed-off-by: Madhumita Subramaniam <[email protected]> Signed-off-by: Devrim <[email protected]> Signed-off-by: Imran <[email protected]> Co-authored-by: mo-auto <[email protected]> Co-authored-by: Snyk bot <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: pujavs <[email protected]> Co-authored-by: Madhumita Subramaniam <[email protected]> Co-authored-by: Yuriy Movchan <[email protected]> Co-authored-by: Dhaval D <[email protected]> Co-authored-by: Djeumen Rolain Bonaventure <[email protected]> Co-authored-by: Mohammad Abudayyeh <[email protected]> Co-authored-by: Arnab Dutta <[email protected]> Co-authored-by: Ackermann Yuriy <[email protected]> Co-authored-by: shekhar16 <[email protected]> Co-authored-by: Jose Gonzalez <[email protected]> Co-authored-by: Mustafa Baser <[email protected]> Co-authored-by: Devrim <[email protected]>

uprightech added 14 commits April 3, 2024 12:04

fix(jans-linux-setup): improper scim configuration for jans kc #8210

ffe3dbe

* updated the keycloak configuration file to reflect the configuration for the storage-spi Signed-off-by: Rolain Djeumen <[email protected]>

Merge remote-tracking branch 'origin/main'

76e0414

Merge remote-tracking branch 'origin/main'

97f3c02

chore(jans-keycloak-integration): bump kc version to 24.0.0 #8315

fadf1f2

Signed-off-by: Rolain Djeumen <[email protected]>

Merge remote-tracking branch 'origin/main'

e5d4afb

Signed-off-by: Rolain Djeumen <[email protected]>

Merge remote-tracking branch 'origin/main'

9790b10

Merge remote-tracking branch 'origin/main'

8b77454

Merge remote-tracking branch 'origin/main'

2e0cd48

Merge remote-tracking branch 'origin/main'

f6cf31b

Merge remote-tracking branch 'origin/main'

3c80ffb

fix(jans-keycloak-integration): security bugfixes #8954

1c17941

* bumped nimbus oidc sdk version Signed-off-by: Rolain Djeumen <[email protected]>

fix(jans-keycloak-integration): security bugfixes #8954

121311c

* removed old metadata parser and entityidhandler from `jans-core-saml` Signed-off-by: Rolain Djeumen <[email protected]>

fix(jans-keycloak-integration): security bugfixes #8954

bf5f032

* further removed old saml related code Signed-off-by: Rolain Djeumen <[email protected]>

fix(jans-keycloak-integration): security bugfixes #8654

53cc82a

* removed unused dependencies in jans-core-saml Signed-off-by: Rolain Djeumen <[email protected]>

uprightech requested a review from moabu July 15, 2024 13:59

uprightech requested review from yurem, yuriyz and yuriyzz as code owners July 15, 2024 13:59

mo-auto added comp-jans-core Component affected by issue or PR kind-bug Issue or PR is a bug in existing functionality labels Jul 15, 2024

Merge branch 'main' into issue_8954

cd31937

moabu approved these changes Jul 18, 2024

View reviewed changes

Merge branch 'main' into issue_8954

519cdbf

moabu merged commit d40a949 into main Jul 18, 2024
10 of 11 checks passed

moabu deleted the issue_8954 branch July 18, 2024 08:56

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(jans-keycloak-integration): security bugfixes #8954 #8962

fix(jans-keycloak-integration): security bugfixes #8954 #8962

uprightech commented Jul 15, 2024 •

edited

Loading

dryrunsecurity bot commented Jul 15, 2024 •

edited

Loading

sonarqubecloud bot commented Jul 15, 2024

sonarqubecloud bot commented Jul 15, 2024

sonarqubecloud bot commented Jul 15, 2024

fix(jans-keycloak-integration): security bugfixes #8954 #8962

fix(jans-keycloak-integration): security bugfixes #8954 #8962

Conversation

uprightech commented Jul 15, 2024 • edited Loading

Prepare

Description

Target issue

Implementation Details

Test and Document the changes

dryrunsecurity bot commented Jul 15, 2024 • edited Loading

DryRun Security Summary

Code Analysis

Riskiness

sonarqubecloud bot commented Jul 15, 2024

Quality Gate passed for 'keycloak-integration-parent'

sonarqubecloud bot commented Jul 15, 2024

Quality Gate passed for 'jans-linux-setup'

sonarqubecloud bot commented Jul 15, 2024

Quality Gate passed for 'jans-core'

uprightech commented Jul 15, 2024 •

edited

Loading

dryrunsecurity bot commented Jul 15, 2024 •

edited

Loading