20 Jun, 2014
1 commit
-
Retool the way the preliminary security context gets passed to the augmentation script and how the updated context from the script gets repersisted in MessageInfo's context map. Replaces implementation from CR-3752. git-svn-id: https://svn.forgerock.org/openidm/trunk@3430 d98387aa-ee2c-4292-a9e6-504d2a719fd3
19 Jun, 2014
1 commit
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3423 d98387aa-ee2c-4292-a9e6-504d2a719fd3
18 Jun, 2014
3 commits
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3417 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3416 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3415 d98387aa-ee2c-4292-a9e6-504d2a719fd3
17 Jun, 2014
3 commits
-
Disabling MANAGED_USER auth module for several samples, in favor of PASSTHROUGH to system/ldap/account Just toggled a boolean config value; no review necessary. Rationale for change: Previously, we attempted to authenticate using MANAGED_USER first, followed by a few others and then finally PASSTHROUGH. The reason it was first created it this way was so that if there was a fully- populated managed/user entry, it would not need to query the remote system. This works fine if you are syncing passwords between managed/user and the remote backend, but as mentioned in OPENIDM-1953, that isn't always the case. To compound this problem, there is also the new function around role calculation; this is per-auth module, and so if you want to calculate roles for a given user you would need to do it for both MANAGED_USER and PASSTHROUGH, if they were both enabled. This redundancy is annoying and a likely source of confusion. So, this change is to just disable the MANAGED_USER auth module, and always use the PASSTHROUGH config. git-svn-id: https://svn.forgerock.org/openidm/trunk@3404 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3403 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3401 d98387aa-ee2c-4292-a9e6-504d2a719fd3
12 Jun, 2014
2 commits
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3384 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3383 d98387aa-ee2c-4292-a9e6-504d2a719fd3
11 Jun, 2014
1 commit
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3369 d98387aa-ee2c-4292-a9e6-504d2a719fd3
10 Jun, 2014
1 commit
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3355 d98387aa-ee2c-4292-a9e6-504d2a719fd3
09 Jun, 2014
3 commits
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3348 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3347 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3342 d98387aa-ee2c-4292-a9e6-504d2a719fd3
05 Jun, 2014
1 commit
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3332 d98387aa-ee2c-4292-a9e6-504d2a719fd3
04 Jun, 2014
4 commits
-
…c.json "assignments" field to be named "assignmentsToMap" git-svn-id: https://svn.forgerock.org/openidm/trunk@3326 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3325 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3319 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3315 d98387aa-ee2c-4292-a9e6-504d2a719fd3
03 Jun, 2014
3 commits
-
Update custom endpoint samples. git-svn-id: https://svn.forgerock.org/openidm/trunk@3311 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
Deprecate external/email input parameters use of underscores for post-body keys. Still supported as fallback. git-svn-id: https://svn.forgerock.org/openidm/trunk@3309 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3307 d98387aa-ee2c-4292-a9e6-504d2a719fd3
02 Jun, 2014
2 commits
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3298 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3293 d98387aa-ee2c-4292-a9e6-504d2a719fd3
30 May, 2014
1 commit
-
Support reauth for any auth module configured in authentication.json. * AuthenticationService now handles requests on /authentication, replaciing AuthFilter which was not a filter, and did not fully handle reauth. * Authenticators are used from both JASPI auth modules and AuthenticationService to provide the authentication--either with Http headers in the case of the auth modules, or from the authcid in the HttpContext and the reauth header in the case of reauthentication. * AuthenticationService now satisfies the AuthenticationConfig service for the purposes of OSGiAuthFilterBuilder's access to the config to build the JASPI CAF. * The duplicative managed/user config at the top of the sample authentication.json files are now removed, thus satisfying OPENIDM-1781. git-svn-id: https://svn.forgerock.org/openidm/trunk@3282 d98387aa-ee2c-4292-a9e6-504d2a719fd3
29 May, 2014
2 commits
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3278 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
…trigger unassignmentOperations when assignment has been unassigned, update removeFromTarget to set String values to null. git-svn-id: https://svn.forgerock.org/openidm/trunk@3275 d98387aa-ee2c-4292-a9e6-504d2a719fd3
28 May, 2014
2 commits
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3268 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3266 d98387aa-ee2c-4292-a9e6-504d2a719fd3
27 May, 2014
3 commits
-
Additional decoupling of auth module role calculation and security context population from auth module validation code. Notably: * factor out basic auth code to allow PassthroughModule to support both basic auth and X-OpenIDM- header auth. * remove IWAPassthroughModule in favor of using auth module configuration to control order of execution * separate client cert auth into its own module, supporting an list of "allowedAuthenticationIdPatterns" to compare against the subject DN * remove static dependency on OSGIAuthnFilterBuilder for injection of OSGi artifacts - improves testability git-svn-id: https://svn.forgerock.org/openidm/trunk@3261 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
…ct - reviewed by Andi via Skype git-svn-id: https://svn.forgerock.org/openidm/trunk@3260 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3253 d98387aa-ee2c-4292-a9e6-504d2a719fd3
26 May, 2014
1 commit
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3251 d98387aa-ee2c-4292-a9e6-504d2a719fd3
23 May, 2014
2 commits
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3250 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
Update "make LDAP unavailable" instruction to rename file as chmod may not be sufficient for root-running openidm. git-svn-id: https://svn.forgerock.org/openidm/trunk@3249 d98387aa-ee2c-4292-a9e6-504d2a719fd3
22 May, 2014
1 commit
-
Add sample5b to demonstrate all-or-nothing compensation support. git-svn-id: https://svn.forgerock.org/openidm/trunk@3242 d98387aa-ee2c-4292-a9e6-504d2a719fd3
21 May, 2014
3 commits
-
…s" of duplicate assignments across roles. git-svn-id: https://svn.forgerock.org/openidm/trunk@3234 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3230 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3228 d98387aa-ee2c-4292-a9e6-504d2a719fd3