25 Jun, 2014
1 commit
-
DAS now supports goto URL validation. Changes: * The valid goto URL domain setting has been moved to a new service called validationService, the new property name is "openam-auth-valid-goto-resources" * A new delegation policy has been created that allows agent accounts to read the validationService settings * The necessary upgrade step has been implemented that should migrate existing valid goto domains to the new service (also removes the old ones), which also ensures that the new delegation policy is added to the system. * The Goto URL validation logic has been extracted out to a separate class called GotoUrlValidator, which is now can be used from both openam-core and openam-federation-library (for Relaystate evaluations). git-svn-id: https://svn.forgerock.org/openam/trunk@9424 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
04 Jun, 2014
1 commit
-
…am-federation-library git-svn-id: https://svn.forgerock.org/openam/trunk@9122 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
13 May, 2014
3 commits
-
TransformerFactory objects are now also cached using the PerThreadCache solution. git-svn-id: https://svn.forgerock.org/openam/trunk@8945 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
-
Populating user attributes for dynamic account generation when OpenAM acts as a hosted SP. git-svn-id: https://svn.forgerock.org/openam/trunk@8944 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
-
Using HttpURLConnectionManager wherever possible to ensure timeouts are always properly configured. git-svn-id: https://svn.forgerock.org/openam/trunk@8943 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
29 Apr, 2014
1 commit
-
git-svn-id: https://svn.forgerock.org/openam/trunk@8802 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
15 Apr, 2014
1 commit
-
git-svn-id: https://svn.forgerock.org/openam/trunk@8672 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
14 Apr, 2014
2 commits
-
Enhanced the default IDP Finder implementation to handle the case when the remote SP does not request a specific AuthnContextClassRef. git-svn-id: https://svn.forgerock.org/openam/trunk@8642 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
-
The hosted IdP should always use a supported SLO binding when sending the final logout response to the initiator SP. git-svn-id: https://svn.forgerock.org/openam/trunk@8641 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
02 Apr, 2014
1 commit
-
AttributeQueryUtil now utilizes the configured SP attribute mapper to map received attributes the same way as they would come as part of an assertion. git-svn-id: https://svn.forgerock.org/openam/trunk@8561 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
27 Mar, 2014
1 commit
-
git-svn-id: https://svn.forgerock.org/openam/trunk@8508 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
23 Mar, 2014
1 commit
-
… reloaded in rare condition(CR-3216) git-svn-id: https://svn.forgerock.org/openam/trunk@8468 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
02 Mar, 2014
1 commit
-
Adding extra emptiness check to ensure we don't try to retrieve affiliationDescriptor for "". git-svn-id: https://svn.forgerock.org/openam/trunk@8269 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
26 Feb, 2014
1 commit
-
Simple encoding of the character in the authentication method URI. git-svn-id: https://svn.forgerock.org/openam/trunk@8231 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
23 Feb, 2014
1 commit
-
git-svn-id: https://svn.forgerock.org/openam/trunk@8188 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
20 Feb, 2014
2 commits
-
Better handling for null/empty SPNameQualifier git-svn-id: https://svn.forgerock.org/openam/trunk@8157 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
-
git-svn-id: https://svn.forgerock.org/openam/trunk@8152 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
04 Feb, 2014
2 commits
-
Resolving NPE which can occur if the incoming AuthnRequest does not include isPassive attribute. git-svn-id: https://svn.forgerock.org/openam/trunk@7972 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
-
Modified relaystate validation logic for SLO cases to handle the scenario when the metaAlias is not available in the URL. git-svn-id: https://svn.forgerock.org/openam/trunk@7971 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
07 Jan, 2014
2 commits
-
Escaping the Recipient attribute's value in a SAML 1.x response. git-svn-id: https://svn.forgerock.org/openam/trunk@7709 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
-
git-svn-id: https://svn.forgerock.org/openam/trunk@7698 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
14 Dec, 2013
1 commit
-
Modified the NameIdentifierMapper interface so it now receives the NameIDFormat value directly instead of using a session property as transport. git-svn-id: https://svn.forgerock.org/openam/trunk@7573 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
06 Dec, 2013
1 commit
-
git-svn-id: https://svn.forgerock.org/openam/trunk@7478 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
04 Dec, 2013
4 commits
-
…e (additional fix against build error, ...my mistake) git-svn-id: https://svn.forgerock.org/openam/trunk@7433 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
-
…e (additional fix against build error, ...my mistake) git-svn-id: https://svn.forgerock.org/openam/trunk@7432 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
-
git-svn-id: https://svn.forgerock.org/openam/trunk@7431 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
-
git-svn-id: https://svn.forgerock.org/openam/trunk@7428 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
21 Nov, 2013
1 commit
-
git-svn-id: https://svn.forgerock.org/openam/trunk@7371 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
20 Nov, 2013
1 commit
-
For SAML logins the LoginServlet should detect the authentication session from the query string rather than using any existing cookies, that way we can make sure that the SAML authentication flow will stay on the server that stores the necessary request data to finish the SAML. git-svn-id: https://svn.forgerock.org/openam/trunk@7351 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
19 Nov, 2013
1 commit
-
git-svn-id: https://svn.forgerock.org/openam/trunk@7345 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
13 Nov, 2013
4 commits
-
SP Adapter is now invoked when the IdP Proxy sends the proxied SAML request. git-svn-id: https://svn.forgerock.org/openam/trunk@7280 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
-
New extension point for IdPAdapter that makes it possible to modify the SAML response before it's sent out. git-svn-id: https://svn.forgerock.org/openam/trunk@7278 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
-
The SLO code has been adjusted to cope with situations of having different sets of supported SLO bindings, and also handle the case when there is no "appropriate" binding for the current SLO process. git-svn-id: https://svn.forgerock.org/openam/trunk@7274 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
-
The SP initiated SLO process has been modified to only try to send SLO request with the SP the session is currently associated with. Also made a small adjustment to the code so failing to invalidate the local session no longer results in a logout error. git-svn-id: https://svn.forgerock.org/openam/trunk@7271 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
11 Oct, 2013
1 commit
-
git-svn-id: https://svn.forgerock.org/openam/trunk@6919 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
02 Oct, 2013
1 commit
-
This one turned out to be issue with the input data. The SAMLAdapter expected the expiration date in _seconds_, but instead milliseconds were provided, and this resulted in quite a time difference. git-svn-id: https://svn.forgerock.org/openam/trunk@6751 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
25 Sep, 2013
2 commits
-
…es. Better logging in SAML2ConfigService. Bug fix in ServiceConfigManagerImpl to no longer return stale cache entries for global attributes (mimic semantics for organizational attributes). git-svn-id: https://svn.forgerock.org/openam/trunk@6660 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
-
…x or in an external Directory store. AME-2291 CR-2319 The CTS expired tokens deletion feature was too slow, this has now been improved. git-svn-id: https://svn.forgerock.org/openam/trunk@6647 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
15 Sep, 2013
1 commit
-
git-svn-id: https://svn.forgerock.org/openam/trunk@6551 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d
19 Aug, 2013
1 commit
-
git-svn-id: https://svn.forgerock.org/openam/trunk@6320 0f4defcf-c51a-4c67-9f44-6fb5eba73c5d