18 Jun, 2014
1 commit
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3415 d98387aa-ee2c-4292-a9e6-504d2a719fd3
17 Jun, 2014
3 commits
-
Disabling MANAGED_USER auth module for several samples, in favor of PASSTHROUGH to system/ldap/account Just toggled a boolean config value; no review necessary. Rationale for change: Previously, we attempted to authenticate using MANAGED_USER first, followed by a few others and then finally PASSTHROUGH. The reason it was first created it this way was so that if there was a fully- populated managed/user entry, it would not need to query the remote system. This works fine if you are syncing passwords between managed/user and the remote backend, but as mentioned in OPENIDM-1953, that isn't always the case. To compound this problem, there is also the new function around role calculation; this is per-auth module, and so if you want to calculate roles for a given user you would need to do it for both MANAGED_USER and PASSTHROUGH, if they were both enabled. This redundancy is annoying and a likely source of confusion. So, this change is to just disable the MANAGED_USER auth module, and always use the PASSTHROUGH config. git-svn-id: https://svn.forgerock.org/openidm/trunk@3404 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3403 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3401 d98387aa-ee2c-4292-a9e6-504d2a719fd3
12 Jun, 2014
2 commits
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3384 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3383 d98387aa-ee2c-4292-a9e6-504d2a719fd3
11 Jun, 2014
1 commit
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3369 d98387aa-ee2c-4292-a9e6-504d2a719fd3
10 Jun, 2014
1 commit
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3355 d98387aa-ee2c-4292-a9e6-504d2a719fd3
09 Jun, 2014
3 commits
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3348 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3347 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3342 d98387aa-ee2c-4292-a9e6-504d2a719fd3
05 Jun, 2014
1 commit
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3332 d98387aa-ee2c-4292-a9e6-504d2a719fd3
04 Jun, 2014
4 commits
-
…c.json "assignments" field to be named "assignmentsToMap" git-svn-id: https://svn.forgerock.org/openidm/trunk@3326 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3325 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3319 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3315 d98387aa-ee2c-4292-a9e6-504d2a719fd3
03 Jun, 2014
3 commits
-
Update custom endpoint samples. git-svn-id: https://svn.forgerock.org/openidm/trunk@3311 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
Deprecate external/email input parameters use of underscores for post-body keys. Still supported as fallback. git-svn-id: https://svn.forgerock.org/openidm/trunk@3309 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3307 d98387aa-ee2c-4292-a9e6-504d2a719fd3
02 Jun, 2014
2 commits
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3298 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3293 d98387aa-ee2c-4292-a9e6-504d2a719fd3
30 May, 2014
1 commit
-
Support reauth for any auth module configured in authentication.json. * AuthenticationService now handles requests on /authentication, replaciing AuthFilter which was not a filter, and did not fully handle reauth. * Authenticators are used from both JASPI auth modules and AuthenticationService to provide the authentication--either with Http headers in the case of the auth modules, or from the authcid in the HttpContext and the reauth header in the case of reauthentication. * AuthenticationService now satisfies the AuthenticationConfig service for the purposes of OSGiAuthFilterBuilder's access to the config to build the JASPI CAF. * The duplicative managed/user config at the top of the sample authentication.json files are now removed, thus satisfying OPENIDM-1781. git-svn-id: https://svn.forgerock.org/openidm/trunk@3282 d98387aa-ee2c-4292-a9e6-504d2a719fd3
29 May, 2014
2 commits
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3278 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
…trigger unassignmentOperations when assignment has been unassigned, update removeFromTarget to set String values to null. git-svn-id: https://svn.forgerock.org/openidm/trunk@3275 d98387aa-ee2c-4292-a9e6-504d2a719fd3
28 May, 2014
2 commits
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3268 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3266 d98387aa-ee2c-4292-a9e6-504d2a719fd3
27 May, 2014
3 commits
-
Additional decoupling of auth module role calculation and security context population from auth module validation code. Notably: * factor out basic auth code to allow PassthroughModule to support both basic auth and X-OpenIDM- header auth. * remove IWAPassthroughModule in favor of using auth module configuration to control order of execution * separate client cert auth into its own module, supporting an list of "allowedAuthenticationIdPatterns" to compare against the subject DN * remove static dependency on OSGIAuthnFilterBuilder for injection of OSGi artifacts - improves testability git-svn-id: https://svn.forgerock.org/openidm/trunk@3261 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
…ct - reviewed by Andi via Skype git-svn-id: https://svn.forgerock.org/openidm/trunk@3260 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3253 d98387aa-ee2c-4292-a9e6-504d2a719fd3
26 May, 2014
1 commit
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3251 d98387aa-ee2c-4292-a9e6-504d2a719fd3
23 May, 2014
2 commits
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3250 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
Update "make LDAP unavailable" instruction to rename file as chmod may not be sufficient for root-running openidm. git-svn-id: https://svn.forgerock.org/openidm/trunk@3249 d98387aa-ee2c-4292-a9e6-504d2a719fd3
22 May, 2014
1 commit
-
Add sample5b to demonstrate all-or-nothing compensation support. git-svn-id: https://svn.forgerock.org/openidm/trunk@3242 d98387aa-ee2c-4292-a9e6-504d2a719fd3
21 May, 2014
3 commits
-
…s" of duplicate assignments across roles. git-svn-id: https://svn.forgerock.org/openidm/trunk@3234 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3230 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3228 d98387aa-ee2c-4292-a9e6-504d2a719fd3
20 May, 2014
1 commit
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3218 d98387aa-ee2c-4292-a9e6-504d2a719fd3
16 May, 2014
1 commit
-
co-reviewed with Mike git-svn-id: https://svn.forgerock.org/openidm/trunk@3212 d98387aa-ee2c-4292-a9e6-504d2a719fd3
14 May, 2014
2 commits
-
…sword values. This is no longer necessary, as encrypted values are now being automatically decrypted as part of a sync. git-svn-id: https://svn.forgerock.org/openidm/trunk@3210 d98387aa-ee2c-4292-a9e6-504d2a719fd3
-
git-svn-id: https://svn.forgerock.org/openidm/trunk@3209 d98387aa-ee2c-4292-a9e6-504d2a719fd3