summary |
shortlog | log |
commit |
commitdiff |
review |
tree
first ⋅ prev ⋅ next
Thanh Ha [Sun, 14 Dec 2014 20:30:55 +0000 (15:30 -0500)]
Fix checkstyle if-statements must use braces in aaa-idmlight
- Fix missing braces
- Fix indentation level
Change-Id: I5e81fb561b550a2085ceddf6403273dcb503c5ca
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Thanh Ha [Sun, 14 Dec 2014 20:25:06 +0000 (15:25 -0500)]
Fix checkstyle if-statements must use braces in aaa-authn
- Fix if-statements must use braces
- Add missing License headers
Change-Id: I5c9279d1702ec8c3ce0d1b5ea82aef5c7325e620
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Thanh Ha [Sun, 14 Dec 2014 20:23:11 +0000 (15:23 -0500)]
Fix checkstyle if-else-for-statements must use braces in aaa-authn-sts
Change-Id: I3c9ad139c47d0e4a07f29ce8b7dea681184c0b60
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Thanh Ha [Sun, 14 Dec 2014 20:21:05 +0000 (15:21 -0500)]
Fix checkstyle if-statements must use braces in aaa-authn-keystone
Change-Id: I84c3f8f0342148f71f5968d55d76a80084046a77
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Thanh Ha [Sun, 14 Dec 2014 20:20:27 +0000 (15:20 -0500)]
Fix checkstyle for-statements must use braces in aaa-authn-federation
Change-Id: I0a9fa5ebd078eb429d910a5d139153f13bf31937
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Thanh Ha [Sun, 14 Dec 2014 20:18:35 +0000 (15:18 -0500)]
Fix checkstyle if-statements must use braces in aaa-authn-store
- Fix checkstyle if-statement brances
- Fix missing License header
Change-Id: Iac67a50e459b363fd3b83f56011028d82b828c62
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Thanh Ha [Fri, 9 Jan 2015 21:56:31 +0000 (16:56 -0500)]
Set root pom.xml <name> for Sonar
As mentioned on the mailing list Sonar uses the <name> field of the
pom.xml that is passed to the mvn command as the name of the project in
Sonar. In most cases this is the root pom.xml file in a project. This
patch sets the name to the project shortname.
https://lists.opendaylight.org/pipermail/discuss/2014-November/004024.html
Change-Id: Ic8eabf78c37d6e449a837d34600ed3b86e7947a8
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
Wojciech Dec [Mon, 15 Dec 2014 15:52:31 +0000 (15:52 +0000)]
Merge "Change ENUMS used in config yangs for Strings"
Liem Nguyen [Fri, 5 Dec 2014 20:48:58 +0000 (12:48 -0800)]
Removed the pax-exam it tests in favor of Robot tests.
Change-Id: I33e0974795d92a4083129b37cb407d7847614c5f
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Fri, 5 Dec 2014 19:31:55 +0000 (11:31 -0800)]
Removed all* features as well as fixing circular dependencies with restconf.
Change-Id: I4de1af27c275d3877f1c5f3cc10fb188bfa28c2c
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Maros Marsalek [Thu, 27 Nov 2014 13:43:17 +0000 (14:43 +0100)]
Change ENUMS used in config yangs for Strings
ENUMs are not properly serialzied in config/netconf and it causes failure when reading/writing data using RESTCONF + Loopback connection
Change-Id: I8f9da4d009cdd3a432dd031ecc3a7cb551454d3d
Signed-off-by: Maros Marsalek <mmarsale@cisco.com>
Liem Nguyen [Fri, 14 Nov 2014 20:25:22 +0000 (20:25 +0000)]
Merge "Documentation for SSSD Federated IdP authentication"
Abhishek Kumar [Fri, 14 Nov 2014 01:13:21 +0000 (17:13 -0800)]
Adds a validate token API
Adds another API to validate token
The api can be invoked as
curl -s -d "some-previously generated-token"
http://<controller-ip:<port>/oauth2/validate
Returns:
HTTP 200 - if the token is valid
HTTP 401 - If the token is not valid
Change-Id: Ie39d154fb77e873d6b0b8d13feca7917f527cbb8
Signed-off-by: Abhishek Kumar <abhishk2@cisco.com>
Mayank Agarwal [Wed, 5 Nov 2014 02:28:30 +0000 (18:28 -0800)]
Enabling CORS in the idmlight app so that apps
from different domains can call the APIs.
Signed-off-by: Mayank Agarwal <mayagarw@cisco.com>
Change-Id: I6d960b867eb2dd2f48e6e0ce0b7cee3ff40ce731
Wojciech Dec [Wed, 5 Nov 2014 16:51:35 +0000 (16:51 +0000)]
Merge "Bug 2292 : CORS access control fix"
Liem Nguyen [Tue, 4 Nov 2014 18:54:35 +0000 (10:54 -0800)]
Updated pom.xml to use odlparent and add authz back into odl-aaa-all.
Also, segmented features into 3 main buckets:
1) APIs
2) Core features (AuthN and AuthZ)
3) Plugins
Change-Id: I7858b8f6302f34d22cbc548570a4bc15e93df9ec
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Harman Singh [Sat, 1 Nov 2014 00:56:34 +0000 (17:56 -0700)]
Bug 2292 : CORS access control fix
when browser sends cross-origin request, it first sends the OPTIONS method
with a list of access control request headers, which has a list of custom headers and access control method
such as GET. POST etc. You custom header "Authorization will not be present in request header, instead it
will be present as a value inside Access-Control-Request-Headers.
We should not do any authorization against such request.
Change-Id: I290f409a4685ed10685249b8514621ecb2159176
Signed-off-by: Harman Singh <harmasin@cisco.com>
John Dennis [Wed, 29 Oct 2014 13:58:54 +0000 (09:58 -0400)]
Add REMOTE_USER_GROUPS to ClaimAuthFilter
The REMOTE_USER_GROUPS IdP attribute was mistakenly omitted from
the medtadata collected in ClaimAuthFilter, this corrects that.
Bug #2272
Change-Id: Ibe7f9afb7b94341beb24ea5474c419b592261ce6
Signed-off-by: John Dennis <jdennis@redhat.com>
John Dennis [Fri, 5 Sep 2014 15:42:21 +0000 (11:42 -0400)]
Documentation for SSSD Federated IdP authentication
Change-Id: I8fd47de74486c1de37d12be3c7f259b5038b66b3
Signed-off-by: John Dennis <jdennis@redhat.com>
Colin Dixon [Wed, 8 Oct 2014 21:54:52 +0000 (16:54 -0500)]
Adding back the dependency on restconf in the authz feature
This is the second half of the post-Helium master version bump. It puts
the dependency from the authz feautre onto the restconf feature back in.
Change-Id: Ibe1da210147490acfcfaebf8d93dcd99c998587e
Signed-off-by: Colin Dixon <colin@colindixon.com>
Colin Dixon [Wed, 8 Oct 2014 20:20:49 +0000 (15:20 -0500)]
Incrementing versions by 0.1.0 for post-Helium master branch
Also temporarily removing the dependency from the authz feature onto the
restconf feature to solve the cyclic dependency issue. This will be fixed
in a second patch.
Change-Id: I9342717185094335bd5aab34e6ad8574126a2b61
Signed-off-by: Colin Dixon <colin@colindixon.com>
Liem Nguyen [Sun, 28 Sep 2014 17:25:27 +0000 (10:25 -0700)]
Added a sequence diagram for SSSD Authentication
Change-Id: I7acc23701a8340c1ab9f0992309e326528346312
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Wed, 24 Sep 2014 00:10:35 +0000 (00:10 +0000)]
Merge "Bug 1948: Separate out restconf features"
Ed Warnicke [Tue, 23 Sep 2014 02:10:54 +0000 (21:10 -0500)]
Bug 1948: Separate out restconf features
In order to avoid a maven project cycle in solving
Bug 1948, we need to separate restconf features.
Note, this is a first step, suffixing everything
with -new. Subsquently, after everywhere using
odl-restconf has been fixed to use this new repo,
we will deprecate the ones in the mdsal features.xml
and rename these to not have the -new.
This patch just adds the dependency to features/pom.xml
Change-Id: Iedb9dd592e057913b0e083db9488113250dba0b5
Signed-off-by: Ed Warnicke <eaw@cisco.com>
Liem Nguyen [Tue, 23 Sep 2014 20:16:24 +0000 (13:16 -0700)]
Bug 2057
Return 503 (Service Unavailable) status code if AAA service is not started yet and the Auth filter is invoked.
Change-Id: Id152994d9b2e4e10c30e398872ecc1538beee470
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Mon, 22 Sep 2014 23:08:37 +0000 (23:08 +0000)]
Merge "BUG2011 Fix"
Peter Mellquist [Mon, 22 Sep 2014 22:22:44 +0000 (22:22 +0000)]
BUG2011 Fix
Signed-off-by: Peter Mellquist <peter.mellquist@hp.com>
Change-Id: I715e7b2569f15353c24857d9f0ee73314a37f2f1
John Dennis [Fri, 19 Sep 2014 13:21:20 +0000 (09:21 -0400)]
Populate HttpRequestServlet API data from HTTP extension headers.
When SSSD is used for authentication and identity lookup those
actions occur in an Apache HTTP server which is fronting the
servlet container. After successful authentication Apache will
proxy the request to the container along with additional
authentication and identity metadata.
The preferred way to transport the metadata and have it appear
seamlessly in the servlet API is via the AJP protocol. However AJP
may not be available or desirable. An alternative method is to
transport the metadata in extension HTTP headers. However we still
want the standard servlet request API methods to work. Another way
to say this is we do not want upper layers to be aware of the
transport mechanism. To achieve this we wrap the HttpServletRequest
class and override specific methods which need to extract the data
from the extension HTTP headers. (This is roughly equivalent to
what happens when AJP is implemented natively in the container).
The extension HTTP headers are identified by the prefix
"X-SSSD-". The overridden methods check for the existence of the
appropriate extension header and if present returns the value found
in the extension header, otherwise it returns the value from the
method it's wrapping.
Bug: 1977
Change-Id: Id3020a4efe903c4c461df918574746dcc797ec37
Signed-off-by: John Dennis <jdennis@redhat.com>
Liem Nguyen [Mon, 22 Sep 2014 22:09:15 +0000 (15:09 -0700)]
Fixed broken (tempermental) unit test failure
Change-Id: I839b6716eac9cf0477c3c9cb2ae783219a6438db
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Ed Warnicke [Sun, 21 Sep 2014 19:50:53 +0000 (14:50 -0500)]
Bug 2010: missing aaa-authn-federation dependency
Change-Id: Iec8c15e738cf29dc9d975b4c4f60d190c45c4d3d
Signed-off-by: Ed Warnicke <eaw@cisco.com>
Liem Nguyen [Sun, 21 Sep 2014 19:11:20 +0000 (12:11 -0700)]
Bug 2009
Added WWW-Authenticate header with realm set to "opendaylight"
Change-Id: I51bce8b4da6ddbd249890ac4e317139372a3dacb
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Sat, 20 Sep 2014 00:35:25 +0000 (17:35 -0700)]
Bug 1964
Several fixes were made in this commit:
1) Separate the federation endpoint into its own webapp (aaa-authn-federation), so it can bind to a separate authorized proxy port.
2) Move initialization code in SssdClaimAuth from the constructor to the init() method to make sure it is initialized via OSGi lifecycle (fixed OSGi loading issue of SssdClaimAuth)
3) Clean up superflous log.info() messages from IdmLight
4) Fix ClaimAuthFilter to emit 401 error right away if we are federating on a non-authorized proxy port.
5) Add basic integration tests (-Paaa-it) for IdMLight and federation.
6) Configure:
a) IdmLight APIs (/auth/*) to listen on "adminConn" Jetty connector.
b) Federation API (/oauth2/federation/) to listen on "federationConn" Jetty connector.
Note: Currently, the aforementioned Jetty connectors are NOT configured on the ODL controller, so that means those APIs in 6) are not available by default.
To activate them, the sample jetty.xml under aaa-it/src/test/resources should be copied over to the controller's assembly/etc/jetty.xml. The sample jetty.xml
enables the adminConn on port 8282, localhost only, and the federationConn on port 8383. So, for example, a POST to the federation endpoint would be:
curl -i -XPOST http://localhost:8383/oauth2/federation/
Change-Id: I1bc939536806d864e462b5cd0f69d1bb1777058d
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Fri, 19 Sep 2014 16:12:04 +0000 (16:12 +0000)]
Merge "Add secureProxyPorts configuration option."
Wojciech Dec [Fri, 19 Sep 2014 09:57:07 +0000 (11:57 +0200)]
Fix to authz config yang model
Change-Id: Icb06219d85ed164b842a43d9100b9b9c6c7653ec
Signed-off-by: Wojciech Dec <wdec@cisco.com>
Wojciech Dec [Thu, 18 Sep 2014 11:44:31 +0000 (13:44 +0200)]
Fix for checking if authz config has DomBroker + path of test hive
Change-Id: Ic522b972ece1b82e8bc963f2793d63dea3b00099
Signed-off-by: Wojciech Dec <wdec@cisco.com>
John Dennis [Thu, 18 Sep 2014 21:32:40 +0000 (17:32 -0400)]
Add secureProxyPorts configuration option.
The ClaimAuthFilter trusts any authentication metadata bound to a
request. A request with fake authentication claims could be forged by
an attacker and submitted to one of the Connector ports the engine is
listening on and it would blindly accept the forged information in
ClaimAuthFilter. Therefore it is vital we only accept authentication
claims from a trusted proxy.
It is incumbent upon the site administrator to dedicate specific
connector ports on which previously authenticated requests from a
trusted proxy will be sent to and to assure only a trusted proxy can
connect to that port. The site administrator must enumerate those
ports in the configuration. The ClaimAuthfilter will ignore any
request which did not originate on one of the configured secure proxy
ports.
The secureProxyPorts configuraton is a member of
FederationConfiguration.
Bug: 1964
Change-Id: Ieb1f9d464f631e5009939404d978d905e51c06a0
Signed-off-by: John Dennis <jdennis@redhat.com>
Liem Nguyen [Thu, 18 Sep 2014 00:01:32 +0000 (00:01 +0000)]
Merge "Added sonar plugin"
Wojciech Dec [Wed, 17 Sep 2014 18:52:52 +0000 (20:52 +0200)]
Fix to Authz feature dependency + some clean-up
Change-Id: I6a7298e809e7d2d3f3eefca3975012b3166db4d5
Signed-off-by: Wojciech Dec <wdec@cisco.com>
Lakshman Mukkamalla [Tue, 16 Sep 2014 20:46:29 +0000 (13:46 -0700)]
Bug 1912 - Missing config variable in pom
Signed-off-by: Lakshman Kumar Mukkamalla <lmukkama@cisco.com>
Change-Id: Iebc5860c3689529b5dd5a8ca8633f520942bb110
Liem Nguyen [Mon, 15 Sep 2014 23:10:49 +0000 (16:10 -0700)]
Added sonar plugin
Change-Id: If160229aa7fa67ed97dbb07cf44c94e4fd377120
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Mon, 15 Sep 2014 17:46:40 +0000 (10:46 -0700)]
Bug 1874
Fixed hard-coded repository URLs.
Change-Id: I0f90440ae923fa3d96a4ef90c3cd0096dd32accb
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Mon, 15 Sep 2014 17:19:53 +0000 (17:19 +0000)]
Merge "Added integration test for basic auth with toaster example."
Liem Nguyen [Mon, 15 Sep 2014 17:12:58 +0000 (10:12 -0700)]
Added integration test for basic auth with toaster example.
Change-Id: I95e9f4eef2ecdcebf13f4933573145a353f75a16
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Peter Mellquist [Sun, 14 Sep 2014 17:35:05 +0000 (17:35 +0000)]
BUG 1855
Error handling fixes and refactor
Change-Id: Iead5da76cdc8ed68e81d565e250aad5274ae8d6c
Signed-off-by: Peter Mellquist <peter.mellquist@hp.com>
Peter Mellquist [Fri, 12 Sep 2014 00:13:31 +0000 (00:13 +0000)]
Bug 1835
Bug 1749
IDM DM initialization fix
Change-Id: Iad8f9338b613d44e450ab2b6679152fd5f7738ee
Signed-off-by: Peter Mellquist <peter.mellquist@hp.com>
Liem Nguyen [Wed, 10 Sep 2014 17:44:08 +0000 (17:44 +0000)]
Merge "Added integration tests back (and cleaned up poms). Integration tests can be triggered by: mvn clean install -Paaa-it"
Liem Nguyen [Fri, 5 Sep 2014 05:37:29 +0000 (22:37 -0700)]
Added integration tests back (and cleaned up poms). Integration tests can be triggered by:
mvn clean install -Paaa-it
Change-Id: Ibb3c8a7a7bbce159530effaf653d02c690324b23
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Mathieu Lemay [Tue, 9 Sep 2014 00:53:32 +0000 (20:53 -0400)]
Added .gitreview file
Created a basic .gitreview file for AAA project so that we can use git
review instead of normal git operations with gerrit.
Change-Id: Ia7a60839f33c9220a5991f3479c79e00fdfc86e1
Signed-off-by: Mathieu Lemay <mlemay@inocybe.com>
John Dennis [Fri, 5 Sep 2014 18:45:56 +0000 (14:45 -0400)]
Decode i18n values from UTF-8 in ClamiAuthFilter.
Some of the attributes we extract in ClaimAuthFilter are
internationalized strings (i18n). We expect these will be encoded in
UTF-8 therefore we must decode them from UTF-8. There are extensive
comments in the code explaining the issues.
Change-Id: I7b4a437432c0e6d3b6c24f552a8886f54aabb1b5
Signed-off-by: John Dennis <jdennis@redhat.com>
John Dennis [Fri, 5 Sep 2014 14:24:43 +0000 (10:24 -0400)]
Remove the wholesale collection of HTTP headers since in general
they cannot be trusted, but retain the selected capture of specific
HTTP headers configured by an admin.
These changes were supposed to have been part of commit
0c20dce but
due to a mistake they were inadvertantly omitted. This finishes the
intent of commit
0c20dce.
Change-Id: I6e9f451ece62e021ed06432d7135242eb9e03844
Signed-off-by: John Dennis <jdennis@redhat.com>
Wojciech Dec [Fri, 5 Sep 2014 09:03:37 +0000 (11:03 +0200)]
Fixed formatting in README
Change-Id: Iaa3723bed99dc973f110578c9103ced12c900e78
Signed-off-by: Wojciech Dec <wdec@cisco.com>
Lakshman Mukkamalla [Thu, 4 Sep 2014 20:57:30 +0000 (13:57 -0700)]
Adding policy checks read transactions as a POC for the Authz service
Signed-off-by: Lakshman Kumar Mukkamalla <lmukkama@cisco.com>
Change-Id: Iee622780b6876ac6f16553811bfcd934851aa515
Liem Nguyen [Thu, 4 Sep 2014 21:22:42 +0000 (14:22 -0700)]
Way too many authz dependencies
Change-Id: I913fd197e736c2dbe2c14185b327394e9682db79
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Thu, 4 Sep 2014 21:15:29 +0000 (21:15 +0000)]
Merge "Fix broken feature dependencies."
Ed Warnicke [Thu, 4 Sep 2014 21:06:36 +0000 (16:06 -0500)]
Fix broken feature dependencies.
Change-Id: I8fe77e5f0718e64ee03464e213dbd7f49755db9d
Signed-off-by: Ed Warnicke <eaw@cisco.com>
Liem Nguyen [Thu, 4 Sep 2014 20:59:25 +0000 (20:59 +0000)]
Merge "Remove some captured values, add comment, add logging"
Liem Nguyen [Thu, 4 Sep 2014 20:43:12 +0000 (13:43 -0700)]
Fixed missing authz_service in integration
Change-Id: Iecb305fed5a0efe24553e06e21155040478cc398
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
John Dennis [Tue, 2 Sep 2014 20:48:57 +0000 (16:48 -0400)]
Remove some captured values, add comment, add logging
CGI_CONTENT_TYPE and CGI_CONTENT_LENGTH are not relevant to an
authentication claim, so remove them.
Reorder the CGI variable name declarations so they are sorted. Makes
it easier to cross check their usage when things are in the same
order.
Remove the wholesale collection of HTTP headers since in general
they cannot be trusted, but retain the selected capture of specific
HTTP headers configured by an admin.
Add comment explaining why getAttributeNames() has problems and how we
adopt.
Add logger and then log the claims map.
Change-Id: I19a274601eceb5e2f24a3c055e9c73d4bb52e9b9
Signed-off-by: John Dennis <jdennis@redhat.com>
Wojciech Dec [Thu, 4 Sep 2014 19:34:07 +0000 (19:34 +0000)]
Merge " Working AuthZ Broker (DOM Data only) + config files AuthZ service still needs to be fully invoked as noted in TODO"
Wojciech Dec [Fri, 29 Aug 2014 18:32:33 +0000 (20:32 +0200)]
Working AuthZ Broker (DOM Data only) + config files
AuthZ service still needs to be fully invoked as noted in TODO
Change-Id: I084926f9c8518e865527be4dafdcd0c3effc5340
Signed-off-by: Wojciech Dec <wdec@cisco.com>
John Dennis [Thu, 4 Sep 2014 15:50:16 +0000 (11:50 -0400)]
Add support for calling the IdP RuleProcessor from SssdClaimAuth.
Initialize the RuleProcessor in SssdClaimAuth and then invoke it
from SssdClaimAuth.transform.
Add all necessary dependencies to the pom.xml files and features.xml file.
Change-Id: Iea5d8eb15a65e4a1d5b808b748f0cf1e208d6c30
Signed-off-by: John Dennis <jdennis@redhat.com>
Liem Nguyen [Tue, 2 Sep 2014 23:29:17 +0000 (16:29 -0700)]
Fix broken integration test
Change-Id: Ib256a230d1628b5126488df6896cb453a5ebe83f
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Ed Warnicke [Wed, 27 Aug 2014 08:26:02 +0000 (10:26 +0200)]
BUG-1617 AUthProvider implementation for ODL netconf backed by CredentialAuth
Added bew Karaf feature for aaa-authn-odl-plugin.
Change-Id: I41fcf61c17da9d40a9f090a5a5d334125d36aab5
Signed-off-by: Maros Marsalek <mmarsale@cisco.com>
Signed-off-by: Ed Warnicke <eaw@cisco.com>
Liem Nguyen [Fri, 29 Aug 2014 21:38:59 +0000 (21:38 +0000)]
Merge "Moved configs to their respective bundles and added config for ClaimAuth"
Liem Nguyen [Fri, 29 Aug 2014 21:31:12 +0000 (14:31 -0700)]
Moved configs to their respective bundles and added config for ClaimAuth
Change-Id: Ibf7077c7f3dc3868b3c4bf4e431611f789e53b2a
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
John Dennis [Fri, 22 Aug 2014 15:55:50 +0000 (11:55 -0400)]
Map IdP assertions to local; initial code version
A federated Identity Provider (IdP) provides assertions (i.e. claims)
regarding the subject (i.e. principal) after a successful
authentication. Because a federated IdP is by definition external to
ODL the assertions must be mapped from the IdP into local values.
The mapping is performed by evaluating a series of rules expressed in
JSON notation.
This package implements a RuleProcessor class which accepts a set of
rules and an assertion. It emits the transformed assertions as JSON
object. JSON is the exchange format for the rules, assertion, and
result. As such the package includes the IdpJson class which
transforms between JSON and the Java data structures used by the
RuleProcessor.
There is complete documentation for using the RuleProcessor which will
be added in a later commit.
Change-Id: I707c2b7dd5be381ef25f2fcdfb1c73481a63c9e5
Signed-off-by: John Dennis <jdennis@redhat.com>
Liem Nguyen [Fri, 29 Aug 2014 01:21:14 +0000 (18:21 -0700)]
Added libraries used by idmlight into feature pom.xml
Change-Id: I1486e2f158d6470b96f4897ae810c7480ee6d34e
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Thu, 28 Aug 2014 23:18:27 +0000 (23:18 +0000)]
Merge "initial commit of idmlight"
Peter Mellquist [Thu, 28 Aug 2014 19:30:27 +0000 (19:30 +0000)]
initial commit of idmlight
Change-Id: I67dbd7e9dfa2510b3d600447bcf2e69628e7ad07
Signed-off-by: Peter Mellquist <peter.mellquist@hp.com>
Liem Nguyen [Thu, 28 Aug 2014 15:15:28 +0000 (08:15 -0700)]
Doh, forgot authz in feature.xml
Change-Id: I2d29806f6e3f00bc641bfbcc52139a92c291f012
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Wed, 27 Aug 2014 20:52:26 +0000 (13:52 -0700)]
Karaf integration
Change-Id: I267cbb1a99c3e196f5dc069f9a23ce97b8b00d21
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Tue, 26 Aug 2014 23:51:48 +0000 (16:51 -0700)]
Changed default password to admin
Change-Id: I6c9bf8196b6df73931d2531758c30b238ea2d3cc
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Tue, 26 Aug 2014 19:41:21 +0000 (12:41 -0700)]
Added HTTP basic auth support for backward compatibility
Change-Id: I7702df21f49fe796d17cfc35b76e484ee85d379a
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Mon, 25 Aug 2014 17:02:00 +0000 (10:02 -0700)]
Added configuration to turn on/off authentication
Change-Id: Ia0e0f3b236a90be98bddc70186eddaab42798544
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Sun, 24 Aug 2014 17:27:46 +0000 (10:27 -0700)]
Testing push to Nexus
Change-Id: I5afa68e4f0b1b3a1a3af60bd4d573bbf8fc000e8
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Sat, 23 Aug 2014 00:42:52 +0000 (17:42 -0700)]
Added pax-exam integration test for AuthN
Change-Id: I05e77bcc24dc2de9d784d31155a0ec5d77a7ecd1
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Fri, 22 Aug 2014 17:48:35 +0000 (17:48 +0000)]
Merge "Fixed broken karaf features for AAA"
Liem Nguyen [Fri, 22 Aug 2014 17:44:15 +0000 (10:44 -0700)]
Fixed broken karaf features for AAA
Change-Id: I151cf291d662dbf141b7d745fd6fcf94314fafcf
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Wed, 20 Aug 2014 23:38:07 +0000 (16:38 -0700)]
Allows usage of ehcache.xml in etc/
Change-Id: I8734b0ad1afb8fab727874b5db1fb657c1e63a71
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Wed, 20 Aug 2014 17:52:25 +0000 (10:52 -0700)]
Renamed tenant to domain
Change-Id: Ifdad2cd30543e1392f1780fc7157f96c2188106f
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Mon, 11 Aug 2014 20:29:32 +0000 (13:29 -0700)]
Removed kar packaging for now
Change-Id: I958e5e2b392d0e1487112dd66d7ca2db1b259257
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Sun, 3 Aug 2014 13:27:24 +0000 (06:27 -0700)]
Added Karaf feature and configuration
Change-Id: I23ef2e996c4e42f676bbb5a84bfdee289373e869
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Wojciech Dec [Tue, 29 Jul 2014 18:16:17 +0000 (18:16 +0000)]
Merge "Finalizinf model + removal of double key on list"
Wojciech Dec [Mon, 28 Jul 2014 19:11:16 +0000 (21:11 +0200)]
Finalizinf model + removal of double key on list
Change-Id: I4daf0160c0bbb813206153fbd0c43939c2bb18cc
Signed-off-by: Wojciech Dec <wdec@cisco.com>
Wojciech Dec [Mon, 28 Jul 2014 19:08:42 +0000 (19:08 +0000)]
Merge "Modified RPC API + removed basic AuthZ double key"
Wojciech Dec [Mon, 28 Jul 2014 19:06:19 +0000 (21:06 +0200)]
Modified RPC API + removed basic AuthZ double key
Change-Id: I418cf313f329d1c5507d9c5ceba3164c209fa919
Signed-off-by: Wojciech Dec <wdec@cisco.com>
Liem Nguyen [Thu, 24 Jul 2014 15:23:52 +0000 (15:23 +0000)]
Merge "Added unit tests"
Liem Nguyen [Thu, 24 Jul 2014 15:19:41 +0000 (08:19 -0700)]
Added unit tests
Change-Id: I11d87244662bd21a164f48716be23f532fd1c718
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Wojciech Dec [Tue, 22 Jul 2014 11:11:49 +0000 (13:11 +0200)]
Changes to AuthZ data model
Change-Id: I1730a8d0687e0c21a7ca1220c25cd23b1846baa4
Signed-off-by: Wojciech Dec <wdec@cisco.com>
Liem Nguyen [Mon, 21 Jul 2014 21:04:00 +0000 (14:04 -0700)]
Added client id to authentication context
Change-Id: I6bd8ca008974a9587521337e3611f469d2fa569d
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Tue, 15 Jul 2014 16:18:26 +0000 (09:18 -0700)]
Removed sal dependencies for authn.
Change-Id: I4db02ad554ffb3d4594a3a46d47f66b6e1c6f6fe
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Wojciech Dec [Mon, 7 Jul 2014 12:11:08 +0000 (14:11 +0200)]
1. Changes to project POM to allow for AuthZ module
2. Addition of AuthZ module + associated Yang tools enabling POM
3. Addition of yang AuthZ data schema
Change-Id: I2555c8c939939e7249515de572abd14a2c509255
Signed-off-by: Wojciech Dec <wdec@cisco.com>
Liem Nguyen [Thu, 3 Jul 2014 17:53:40 +0000 (10:53 -0700)]
Fixed ClaimBuilder and AuthenticationBuilder to return builder on chaining.
Change-Id: I831e7b10dae4f99b0ea52f6ef9f7f9bd83dbe4eb
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Wed, 2 Jul 2014 17:59:05 +0000 (10:59 -0700)]
Added IdmLight place-holder and OSGi proxy for IdmLight integration. Refactored renaming tenant -> domain.
Change-Id: I148963affe684bb9510ff1bcebf22d8e3d836a71
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Mon, 30 Jun 2014 22:51:18 +0000 (15:51 -0700)]
Added refresh token and federation endpoint.
Change-Id: I9a086bdc2e4356ee071ca27371dcc6f4a7570cc6
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Wed, 25 Jun 2014 17:20:47 +0000 (10:20 -0700)]
BlockingQueue decorator to transfer auth context via data elements
Change-Id: I7dc5e47a38f2c7407d3d8d9f580289f522c8da09
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Tue, 17 Jun 2014 14:37:12 +0000 (07:37 -0700)]
Refactoring of TokenAuthFilter and added more documentation.
Change-Id: If2ce2cb4abec9279b1f5fda94748edcb2794e5ce
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Fri, 13 Jun 2014 13:21:37 +0000 (06:21 -0700)]
Added docs.
Change-Id: Ied48c2b89b892eb4701fabc98cf1245e18b373b4
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Liem Nguyen [Tue, 10 Jun 2014 14:44:35 +0000 (07:44 -0700)]
Initial WIP for AAA
Change-Id: Ie2491d9d2e41f13e50da98d483603c2e53172831
Signed-off-by: Liem Nguyen <liem_m_nguyen@hp.com>
Aric Gardner [Tue, 20 May 2014 18:20:58 +0000 (18:20 +0000)]
Initial empty repository
Code Review / aaa.git / log