Branch: refs/heads/master
Home: https://github.com/jenkinsci/oic-auth-plugin
Commit: 60fc090c085949f2f1dc44cc009c0d2a5f9fb84d
https://github.com/jenkinsci/oic-auth-plugin/commit/60fc090c085949f2f1dc44cc009c0d2a5f9fb84d
Author: James Nord <[email protected]>
Date: 2024-10-04 (Fri, 04 Oct 2024)
Changed paths:
M pom.xml
A src/main/java/org/jenkinsci/plugins/oic/AnythingGoesTokenValidator.java
R src/main/java/org/jenkinsci/plugins/oic/JenkinsAwareConnectionFactory.java
M src/main/java/org/jenkinsci/plugins/oic/OicCrumbExclusion.java
R src/main/java/org/jenkinsci/plugins/oic/OicJsonWebTokenVerifier.java
M src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
M src/main/java/org/jenkinsci/plugins/oic/OicServerConfiguration.java
M src/main/java/org/jenkinsci/plugins/oic/OicServerManualConfiguration.java
M
src/main/java/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration.java
R src/main/java/org/jenkinsci/plugins/oic/OicSession.java
R src/main/java/org/jenkinsci/plugins/oic/OicTokenResponse.java
A src/main/java/org/jenkinsci/plugins/oic/ProxyAwareResourceRetriever.java
R
src/main/java/org/jenkinsci/plugins/oic/WellKnownOpenIDConfigurationResponse.java
A src/main/java/org/jenkinsci/plugins/oic/ssl/AnythingGoesTrustManager.java
A src/main/java/org/jenkinsci/plugins/oic/ssl/IgnoringHostNameVerifier.java
A src/main/java/org/jenkinsci/plugins/oic/ssl/TLSUtils.java
M src/main/resources/org/jenkinsci/plugins/oic/Messages.properties
A
src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-subjectType.html
M
src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/config.jelly
M
src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-issuer.html
M
src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-issuer_fr.html
M src/test/java/org/jenkinsci/plugins/oic/ConfigurationAsCodeTest.java
M src/test/java/org/jenkinsci/plugins/oic/FieldTest.java
R
src/test/java/org/jenkinsci/plugins/oic/JenkinsAwareConnectionFactoryTest.java
R src/test/java/org/jenkinsci/plugins/oic/OicJsonWebTokenVerifierTest.java
M
src/test/java/org/jenkinsci/plugins/oic/OicServerWellKnownConfigurationTest.java
R src/test/java/org/jenkinsci/plugins/oic/OicSessionTest.java
R src/test/java/org/jenkinsci/plugins/oic/OicTokenResponseTest.java
M src/test/java/org/jenkinsci/plugins/oic/PluginTest.java
A
src/test/java/org/jenkinsci/plugins/oic/ProxyAwareResourceRetrieverTest.java
M src/test/java/org/jenkinsci/plugins/oic/TestRealm.java
R
src/test/java/org/jenkinsci/plugins/oic/WellKnownOpenIDConfigurationResponseTest.java
M src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCode.yml
M src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeExport.yml
M
src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeMinimal.yml
Log Message:
-----------
Replace EOL Google Oauth library
This changes the Google OAuth library which is in maintainance mode with
a supported library (nimbusds via pac4j)
The library requires that the Issuer is set to enforce security and
there is no option to disable this requirement as it is mandated in the
specificiation. As such users must first update to 4.355.v3a_fb_fca_b_96d4
to set the Issuer before updating to this version.
fixes: #313
Commit: 347dd4da345a52783110abfbe7a0a880dfb935d0
https://github.com/jenkinsci/oic-auth-plugin/commit/347dd4da345a52783110abfbe7a0a880dfb935d0
Author: James Nord <[email protected]>
Date: 2024-10-04 (Fri, 04 Oct 2024)
Changed paths:
A src/main/java/org/jenkinsci/plugins/oic/CustomOidcConfiguration.java
M src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
M src/test/java/org/jenkinsci/plugins/oic/PluginTest.java
M src/test/java/org/jenkinsci/plugins/oic/TestRealm.java
Log Message:
-----------
Implement a custom configuration so we can modify HttpRequests
The OidcAuthenticator was not using the resource retreiver to talk to
servers. As such when used against a server with a self signed
certificate and disableTLS checks was set it would still fail.
Whilst we could implement our own Authenticator, there may be other
places where we need to modify the HttpRequest. Therefore we just
create a custom configuration that will set the proxy and TLS options as
required.
Commit: 2941d99076bec46a0d46f6c2fbab399d2d2f7b1b
https://github.com/jenkinsci/oic-auth-plugin/commit/2941d99076bec46a0d46f6c2fbab399d2d2f7b1b
Author: James Nord <[email protected]>
Date: 2024-10-07 (Mon, 07 Oct 2024)
Changed paths:
M src/main/java/org/jenkinsci/plugins/oic/OicServerManualConfiguration.java
Log Message:
-----------
the JWKSetURL set in the provider config was not set in manual mode.
The provider config did not contain the jsksServerUrl if it was present
in the manual configuration. This caused signed tokens to be rejected
when in manual configuration mode.
Commit: 227d072ed8a50573bbc2989f8ecba712e532614b
https://github.com/jenkinsci/oic-auth-plugin/commit/227d072ed8a50573bbc2989f8ecba712e532614b
Author: James Nord <[email protected]>
Date: 2024-10-07 (Mon, 07 Oct 2024)
Changed paths:
M
src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-sendScopesInTokenRequest.html
M
src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-sendScopesInTokenRequest_fr.html
Log Message:
-----------
update help for sendScopesInTokenRequest to show this is not supported.
The option is not removed here, so that it can staty in the config.
This will at least allow users to downgrade as the option would be
retained.
Commit: 5b51704906e1ca720d011354267041d4e683da06
https://github.com/jenkinsci/oic-auth-plugin/commit/5b51704906e1ca720d011354267041d4e683da06
Author: James Nord <[email protected]>
Date: 2024-10-07 (Mon, 07 Oct 2024)
Changed paths:
M src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
Log Message:
-----------
remove unused field
Commit: 7b753d624bb198272b188528354846e2da0d9f37
https://github.com/jenkinsci/oic-auth-plugin/commit/7b753d624bb198272b188528354846e2da0d9f37
Author: James Nord <[email protected]>
Date: 2024-10-08 (Tue, 08 Oct 2024)
Changed paths:
M src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
Log Message:
-----------
Prevent NPE if GrantTypes is empty for refresh
Commit: 659ecfc83bad3f1ccf6c6a9757e13d4a312f64f7
https://github.com/jenkinsci/oic-auth-plugin/commit/659ecfc83bad3f1ccf6c6a9757e13d4a312f64f7
Author: James Nord <[email protected]>
Date: 2024-10-08 (Tue, 08 Oct 2024)
Changed paths:
M docs/configuration/README.md
M src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
M src/test/java/org/jenkinsci/plugins/oic/PluginTest.java
Log Message:
-----------
Merge remote-tracking branch 'origin/master' into pac4j
Commit: 0ebc81b50af24be1f6bd295b1077ad5e140db3c8
https://github.com/jenkinsci/oic-auth-plugin/commit/0ebc81b50af24be1f6bd295b1077ad5e140db3c8
Author: James Nord <[email protected]>
Date: 2024-10-08 (Tue, 08 Oct 2024)
Changed paths:
M src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
Log Message:
-----------
IDToken and refresh token may not be present when refreshing
Commit: fb4ce0c302fb341b20ef5015e8050f276e5298ea
https://github.com/jenkinsci/oic-auth-plugin/commit/fb4ce0c302fb341b20ef5015e8050f276e5298ea
Author: James Nord <[email protected]>
Date: 2024-10-08 (Tue, 08 Oct 2024)
Changed paths:
M src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
Log Message:
-----------
workaround token refresh nonce issue
Pac4j setups the token validators, which during the refresh lifecycle
will attempt to check an ID tokens nonce.
However a provider should not set the nonce in the idtoken during a
refresh, and in this case the validator fails because the nonce is
missing from the token!
we disable the nonce check for the refresh call. it can be optionally
re-enabled by setting the system property
org.jenkinsci.plugins.oic.OicSecurityRealm.checkNonceInRefreshFlow to
true.
this is not exposed as a config option in the UI as
1) providers should not be sending the nonce anyway
2) this should be a short lived workaround whilst the issue with the
library is filed and fixed.
Commit: a594a2770eb8f420a231f5cf81be30a4c3c6db94
https://github.com/jenkinsci/oic-auth-plugin/commit/a594a2770eb8f420a231f5cf81be30a4c3c6db94
Author: James Nord <[email protected]>
Date: 2024-10-08 (Tue, 08 Oct 2024)
Changed paths:
M pom.xml
Log Message:
-----------
update to pac4j 5.7.7 to pick up security fix
Commit: 7116a7b55611d9a0dcc4f45adfae0e31043ad01b
https://github.com/jenkinsci/oic-auth-plugin/commit/7116a7b55611d9a0dcc4f45adfae0e31043ad01b
Author: James Nord <[email protected]>
Date: 2024-10-08 (Tue, 08 Oct 2024)
Changed paths:
M
src/main/java/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration.java
Log Message:
-----------
Do not allow the "none" signing algorithm
For extra security disable the "none" algorithm if the server claims to
support it.
Whilst we are using code flow, it is not needed, but providers MUST
support RS256 so there would always be a more secure option we can use.
Commit: f8230efda0cd3f866bf78597a6300208210143dd
https://github.com/jenkinsci/oic-auth-plugin/commit/f8230efda0cd3f866bf78597a6300208210143dd
Author: James Nord <[email protected]>
Date: 2024-10-08 (Tue, 08 Oct 2024)
Changed paths:
M pom.xml
Log Message:
-----------
update compatable since
Commit: 769f395b96017a5a2852eb14a93cca31271b91fe
https://github.com/jenkinsci/oic-auth-plugin/commit/769f395b96017a5a2852eb14a93cca31271b91fe
Author: James Nord <[email protected]>
Date: 2024-10-09 (Wed, 09 Oct 2024)
Changed paths:
M src/main/java/org/jenkinsci/plugins/oic/OicServerManualConfiguration.java
Log Message:
-----------
FormValidation should be an error as value is required
Co-authored-by: Pere <[email protected]>
Commit: d5e15228fc5410a024a4d0e9d03e5e5ea8a02882
https://github.com/jenkinsci/oic-auth-plugin/commit/d5e15228fc5410a024a4d0e9d03e5e5ea8a02882
Author: James Nord <[email protected]>
Date: 2024-10-09 (Wed, 09 Oct 2024)
Changed paths:
M src/main/java/org/jenkinsci/plugins/oic/OicServerManualConfiguration.java
Log Message:
-----------
fix empty strings
Commit: 7706fbdc9c3f2e5374ea4c4bf59b264b9ea1cd86
https://github.com/jenkinsci/oic-auth-plugin/commit/7706fbdc9c3f2e5374ea4c4bf59b264b9ea1cd86
Author: James Nord <[email protected]>
Date: 2024-10-10 (Thu, 10 Oct 2024)
Changed paths:
M pom.xml
A src/main/java/org/jenkinsci/plugins/oic/AnythingGoesTokenValidator.java
A src/main/java/org/jenkinsci/plugins/oic/CustomOidcConfiguration.java
R src/main/java/org/jenkinsci/plugins/oic/JenkinsAwareConnectionFactory.java
M src/main/java/org/jenkinsci/plugins/oic/OicCrumbExclusion.java
R src/main/java/org/jenkinsci/plugins/oic/OicJsonWebTokenVerifier.java
M src/main/java/org/jenkinsci/plugins/oic/OicSecurityRealm.java
M src/main/java/org/jenkinsci/plugins/oic/OicServerConfiguration.java
M src/main/java/org/jenkinsci/plugins/oic/OicServerManualConfiguration.java
M
src/main/java/org/jenkinsci/plugins/oic/OicServerWellKnownConfiguration.java
R src/main/java/org/jenkinsci/plugins/oic/OicSession.java
R src/main/java/org/jenkinsci/plugins/oic/OicTokenResponse.java
A src/main/java/org/jenkinsci/plugins/oic/ProxyAwareResourceRetriever.java
R
src/main/java/org/jenkinsci/plugins/oic/WellKnownOpenIDConfigurationResponse.java
A src/main/java/org/jenkinsci/plugins/oic/ssl/AnythingGoesTrustManager.java
A src/main/java/org/jenkinsci/plugins/oic/ssl/IgnoringHostNameVerifier.java
A src/main/java/org/jenkinsci/plugins/oic/ssl/TLSUtils.java
M src/main/resources/org/jenkinsci/plugins/oic/Messages.properties
M
src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-sendScopesInTokenRequest.html
M
src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-sendScopesInTokenRequest_fr.html
A
src/main/resources/org/jenkinsci/plugins/oic/OicSecurityRealm/help-subjectType.html
M
src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/config.jelly
M
src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-issuer.html
M
src/main/resources/org/jenkinsci/plugins/oic/OicServerManualConfiguration/help-issuer_fr.html
M src/test/java/org/jenkinsci/plugins/oic/ConfigurationAsCodeTest.java
M src/test/java/org/jenkinsci/plugins/oic/FieldTest.java
R
src/test/java/org/jenkinsci/plugins/oic/JenkinsAwareConnectionFactoryTest.java
R src/test/java/org/jenkinsci/plugins/oic/OicJsonWebTokenVerifierTest.java
M
src/test/java/org/jenkinsci/plugins/oic/OicServerWellKnownConfigurationTest.java
R src/test/java/org/jenkinsci/plugins/oic/OicSessionTest.java
R src/test/java/org/jenkinsci/plugins/oic/OicTokenResponseTest.java
M src/test/java/org/jenkinsci/plugins/oic/PluginTest.java
A
src/test/java/org/jenkinsci/plugins/oic/ProxyAwareResourceRetrieverTest.java
M src/test/java/org/jenkinsci/plugins/oic/TestRealm.java
R
src/test/java/org/jenkinsci/plugins/oic/WellKnownOpenIDConfigurationResponseTest.java
M src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCode.yml
M src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeExport.yml
M
src/test/resources/org/jenkinsci/plugins/oic/ConfigurationAsCodeMinimal.yml
Log Message:
-----------
Merge pull request #409 from jtnord/pac4j
Replace EOL Google Oauth library
Compare:
https://github.com/jenkinsci/oic-auth-plugin/compare/c7c0c06e8af5...7706fbdc9c3f
To unsubscribe from these emails, change your notification settings at
https://github.com/jenkinsci/oic-auth-plugin/settings/notifications
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/oic-auth-plugin/push/refs/heads/master/c7c0c0-7706fb%40github.com.
