org.forgerock / org.forgerock.openig

28 Nov, 2014

4 commits

6d7ec122 OPENIG-385 Mention audit features in the release notes ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@765 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-28 16:32:41 +0000
e0d3a992 CR-5512 OPENIG-385: Document new auditing capabilities ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@764 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-28 16:13:35 +0000
f1ef6b96 Typo/missing capture decoration ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@763 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-28 14:29:53 +0000
13db39c1 List Filters alphabetically in the Reference ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@762 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-28 13:39:29 +0000

26 Nov, 2014

1 commit

072f2833 OPENIG-403 Doc use of unique session field names for SAML SPs ... Browse Dir »

Additional fix suggested and reviewed by Guillaume over IM

git-svn-id: https://svn.forgerock.org/openig/trunk@752 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-26 09:14:44 +0000

25 Nov, 2014

5 commits

79b6c965 CR-5446 OPENIG-390 Move DumpExchange.groovy out of docs ... Browse Dir »

Now that we have a CaptureDecorator to capture the exchange,
we do not need to document a script for doing the same thing.

In working on this issue, it also became apparent
that these examples did not call for dumping the exchange anyway.


git-svn-id: https://svn.forgerock.org/openig/trunk@751 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-25 16:56:06 +0000

77dd58c6 CR-5444 OPENIG-403 Doc use of unique session field names for SAML SPs ... Browse Dir »

A SamlFederationHandler maps data from the assertion
into the exchange.session object.

With multiple SP configurations, it is important to use unique field names
for mapped data to avoid one handler from overwriting another's session data.

This patch fixes the doc to account for that requirement.

git-svn-id: https://svn.forgerock.org/openig/trunk@750 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-25 15:41:01 +0000

6ea2e38d CR-5426 OPENIG-402 Update DESKEY gen steps for OpenAM 12 ... Browse Dir »

This patch anticipates the release of OpenAM 12.
I'm hoping that
http://sources.forgerock.org/browse/openam/trunk/openam/pom.xml?hb=true#to123
does not change before release. 


git-svn-id: https://svn.forgerock.org/openig/trunk@749 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-25 11:23:15 +0000

e0cab7fd CR-5424 OPENIG-396 Correct doc for logSink used by a TimerDecorator ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@748 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-25 11:20:42 +0000
4c9435d5 CR-5423 OPENIG-392 Document exchange.originalUri ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@747 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-25 11:18:30 +0000

24 Nov, 2014

1 commit

2c656823 Reformat XML without material changes to content ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@746 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-24 16:48:53 +0000

22 Nov, 2014

1 commit

e9c0ea30 CR-5398 OPENIG-388 Document that empty heap is optional ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@745 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-22 05:11:47 +0000

21 Nov, 2014

1 commit

845e23c0 CR-5379 OPENIG-387 Document removal of "objects" layer from heap ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@742 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-21 09:14:36 +0000

20 Nov, 2014

5 commits

98574eb1 Placate checkstyle ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@741 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-20 16:49:21 +0000
0503020c CR-5343 OPENIG-381 Update doc for change to global decorator config ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@738 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-20 15:42:38 +0000

13b2d660 CR-5327 OPENIG-365 Doc how to configure multiple SAML SPs ... Browse Dir »

This patch adds an appendix
that briefly describes and demonstrates
how OpenIG as a SAML 2.0 SP can support more than one application.

For future consideration I have also opened some issues
that might make this easier:
OPENIG-397, but also OPENIG-399, OPENIG-400.

git-svn-id: https://svn.forgerock.org/openig/trunk@737 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-20 15:34:20 +0000

95f1d731 OPENIG-368 (CR-5326) Use exchange.originalUri in OAuth2ClientFilter ... Browse Dir »

The Client filter heavily use the `exchange.request.uri` property to compute URIs.

That was causing issues because, in the set of upstream filters/handlers, someone
could have rebased the request URI (usually to globally 'redirect' the message
to the protected application). That was causing wrong URI computations (like an
OAuth2 `redirect_uri` with the hostname of the protected application, instead of
the user-facing one of OpenIG).

This changes fix this behaviour with the introduction of an immutable
`exchange.originalUri` property that is the original request URI, as received by the
web container.

The Client filter is now using this instead of the mutable one (`exchange.request.uri`).

Updated the Nascar page sample of the documentation to limit copy/paste errors.

git-svn-id: https://svn.forgerock.org/openig/trunk@735 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-20 13:57:53 +0000

cef1488f CR-5340 OPENIG-326 The OAuth2 ResourceServer scopes is now a list of ... Browse Dir »

expressions.

OAuth2ResourceServerFilter.java
- Replaced 'Set<String> scopes' to 'List<Expression> scopes'.
- As the AccessToken defines scopes as Set<String>,
 added a new method to getScopes from List<Expression> to Set<String>.
- InsufficientScopeChallengeHandler is no longer a field of the
OAuth2ResourceServerFilter.
- Added realm attribute to the OAuth2ResourceServerFilter.

OAuth2ResourceServerFilterTest.java
- Fixed tests according to the above modifications.
- Added unit tests with expression evaluations.

man-OAuth2ResourceServerFilter.xml
- Modified doc according to Mark's patch.

git-svn-id: https://svn.forgerock.org/openig/trunk@732 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-20 13:12:42 +0000

19 Nov, 2014

3 commits

213ddd32 OPENIG-329 CR-5335 Make it possible to omit an empty heap from a route ... Browse Dir »

* also added test to ensure that it is possible to inline a route's handler and avoid the need for a heap.


git-svn-id: https://svn.forgerock.org/openig/trunk@730 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-19 12:59:34 +0000

dcf61335 Typos ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@725 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-19 08:08:29 +0000
2b97cd45 Adjust wording in release notes chapter on compatibility ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@724 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-19 07:33:30 +0000

18 Nov, 2014

2 commits

fe434b82 Fix broken link found by docbook-linktester ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@723 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-18 15:56:48 +0000

6175b7f4 OpenIG-119 RedirectFilter renamed to LocationHeaderFilter ... Browse Dir »

- Renamed files
- Fixed javadoc.
- Fixed doc.
- Thanks to Mark for his patch on chap-compatibility.

git-svn-id: https://svn.forgerock.org/openig/trunk@719 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-18 09:03:17 +0000

14 Nov, 2014

2 commits

b12eb778 CR-5282 OPENIG-375: Doc change to default algorithm for CryptoHeaderFilter ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@704 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-14 09:09:19 +0000
5b459eca Reformatted source without material changes to content ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@703 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-14 08:18:48 +0000

12 Nov, 2014

3 commits

b4d3173e Adding admonition graphics. ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@700 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
austingene
2014-11-12 16:59:34 +0000
1665f94b CR-5249 OPENIG-373 Doc how to disable caching for OAuth RS, OIDC RP ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@698 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-12 14:21:50 +0000
b5e0e665 CR-5246 OPENIG-362: Document client info available ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@697 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-12 13:37:43 +0000

10 Nov, 2014

1 commit

4e9bd43f CR-5195 OPENIG-363: Doc how to integrate libs into the OpenIG war ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@696 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-10 11:37:11 +0000

07 Nov, 2014

4 commits

471ec570 OPENIG-336 OPENIG-350 (CCR-5078) Lazily retrieve cached user info resources in OAuth2 Client Filter ... Browse Dir »

Without this change, the OAuth 2.0 Client Filter triggers the retrieval of
the user info resource for each request that is intercepted. It's a problem
for Identity Providers such as Google that have an allowed quota of request/sec,
because of the sudden burst of user info request.

This is even worse than that because sometimes, the intercepted request may
not even need to use theses information (think of OpenIG intercepting an
image served by the protected application and returned as-is) ...

This fix includes both a user-info resources caching for a few seconds (the
time for all requests to load a web page to be executed) and a lazy loading
of the resource (triggered the first time a downstream filter/handler access
the `user_info` structure). By default, resources are kept for 20 seconds after
the first access.

Like for OAuth2ResourceServerFilter, you can disable that cache with
`"cacheExpiration": "disabled"` in the configuration.

git-svn-id: https://svn.forgerock.org/openig/trunk@694 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-07 15:14:49 +0000

61cbf492 OPENIG-264 Supports zero-length Durations ... Browse Dir »

That will be useful to support deactivation marker values when configuring cache timeouts.

This fix support both `zero` and `disabled` as zero-length Duration markers.
When the parsed String value also represents a zero-length duration (like `0 days and 0 ms`),
the special ZERO marker duration is returned.

Updated documentation as well.

git-svn-id: https://svn.forgerock.org/openig/trunk@692 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-07 15:14:33 +0000

707ab045 Updated doc with new log samples ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@690 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
guillaume.sauthier
2014-11-07 13:50:00 +0000
397990d0 OPENIG-320 CR-5181 Rename KeyStore 'file' option to 'url' ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@687 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
matthew
2014-11-07 08:46:44 +0000

06 Nov, 2014

1 commit

6344b598 CR-5165 OPENIG-364: Update doc on capturing exchange ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@686 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-11-06 19:12:50 +0000

03 Nov, 2014

1 commit

43baa4a4 Make documentation described constraints backed by code constructs: ... Browse Dir »

* `preparedStatement` attribute is required
* `parameters` could be optional if no placeholders are specified

Used the as-list-of construct to init the parameters' expression's value.
Synched the doc

git-svn-id: https://svn.forgerock.org/openig/trunk@676 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-11-03 11:18:06 +0000

30 Oct, 2014

2 commits

7308ba0b CR-5074 OPENIG-360 Update doc, using false to deactivate timer decoration ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@671 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-10-30 10:17:05 +0000

84bbb4b6 CR-5067 OPENIG-309 Remove "useJwtSession" from "OAuth2ClientFilter" ref ... Browse Dir »

This aligns with r611.
Thanks to Guillaume for pointing out what I'd missed.

git-svn-id: https://svn.forgerock.org/openig/trunk@667 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-10-30 06:45:01 +0000

29 Oct, 2014

1 commit

6f011d88 OPENIG-358 (CR-5060) Improve generated names for inline object declarations ... Browse Dir »

Although the JSON pointer is sufficient to guarantee unicity of a name
within the scope of a heap, it makes it hard for reader to link that name
to the configuration object they provided.

This patch supports both improvements:
* if a `name` attribute is provided in the declaration, use it as-is
* if not, prepend the `type` attribute value to the pointer String to help identification

This patch also updates the logs samples provided in the documentation.

git-svn-id: https://svn.forgerock.org/openig/trunk@666 dbb9e58e-28e6-4ce0-90e8-f11d9605b710

2014-10-29 13:43:57 +0000

28 Oct, 2014

1 commit

966279e8 CR-5025 OPENIG-354: Document timer decorator ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@665 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-10-28 09:12:54 +0000

24 Oct, 2014

1 commit

4e05621d Fix typo ... Browse Dir »
```
git-svn-id: https://svn.forgerock.org/openig/trunk@664 dbb9e58e-28e6-4ce0-90e8-f11d9605b710
```
mark
2014-10-24 15:16:47 +0000