All work
- Transcoding of object type of claim failsJCOMOIDC-127Philip Smart
- Release 3.2.0JCOMOIDC-125Resolved issue: JCOMOIDC-125Philip Smart
- Profile configuration setting for limiting initial access token to selfJCOMOIDC-124Resolved issue: JCOMOIDC-124Henri Mikkonen
- Profile configuration setting for strict scope validationJCOMOIDC-123Resolved issue: JCOMOIDC-123Henri Mikkonen
- Maximum lifetime for jti-claim validator's replay cache recordsJCOMOIDC-121Resolved issue: JCOMOIDC-121Henri Mikkonen
- Improve jti-claim validator's handling of overly long valuesJCOMOIDC-120Resolved issue: JCOMOIDC-120Henri Mikkonen
- Release 3.1.1JCOMOIDC-119Resolved issue: JCOMOIDC-119Philip Smart
- As an OIDC RP, loginHintLookupStrategy seems to be ignoredJCOMOIDC-118Resolved issue: JCOMOIDC-118Philip Smart
- Profile configuration setting for custom redirect URI validationJCOMOIDC-117Resolved issue: JCOMOIDC-117Henri Mikkonen
- Profile configuration setting for message handlerJCOMOIDC-116Resolved issue: JCOMOIDC-116Henri Mikkonen
- Update Nimbus oauth2-oidc-sdk into 10.15JCOMOIDC-115Resolved issue: JCOMOIDC-115Henri Mikkonen
- BaseJWTSignatureSecurityHandler cannot resolve trust engine via custom context locationJCOMOIDC-114Resolved issue: JCOMOIDC-114Henri Mikkonen
- TrustEngine implementation for token derived credentialsJCOMOIDC-113Resolved issue: JCOMOIDC-113Henri Mikkonen
- Profile configuration settings for OAuth2 DPoPJCOMOIDC-112Resolved issue: JCOMOIDC-112Henri Mikkonen
- Remove exp-claim requirement for JWTIdentifierClaimsValidatorJCOMOIDC-111Resolved issue: JCOMOIDC-111Henri Mikkonen
- Add link back to Nimbus and JOSE javadocsJCOMOIDC-109Resolved issue: JCOMOIDC-109Henri Mikkonen
- Profile Configuration for OAuth2 PARJCOMOIDC-108Resolved issue: JCOMOIDC-108Henri Mikkonen
- Release 3.1.0JCOMOIDC-107Resolved issue: JCOMOIDC-107Henri Mikkonen
- Fix incorrect NonNull annotations in APIJCOMOIDC-106Resolved issue: JCOMOIDC-106Henri Mikkonen
- Profile configuration setting to require OIDC authentication requestJCOMOIDC-105Resolved issue: JCOMOIDC-105Henri Mikkonen
- Enable dynamic type header naming when signing tokensJCOMOIDC-104Resolved issue: JCOMOIDC-104Henri Mikkonen
- Add metadata-driven naming to attribute transcodersJCOMOIDC-103Resolved issue: JCOMOIDC-103Henri Mikkonen
- Implement metadata cache loading strategy for generic resourcesJCOMOIDC-102Resolved issue: JCOMOIDC-102Henri Mikkonen
- Fix Principal typing issue in profile config default implementationJCOMOIDC-101Resolved issue: JCOMOIDC-101Philip Smart
- Allowed ResponseModes should be configurableJCOMOIDC-100Resolved issue: JCOMOIDC-100Henri Mikkonen
- Metadata policy merging misses subordinate values with some operatorsJCOMOIDC-99Resolved issue: JCOMOIDC-99Henri Mikkonen
- Suggest changing the support level for Versions 1.0.0 through 3.0.0JCOMOIDC-98Henri Mikkonen
- Release 3.0.1JCOMOIDC-97Philip Smart
- Support custom/additional metadata policy operatorsJCOMOIDC-96Resolved issue: JCOMOIDC-96Henri Mikkonen
- Add clockSkew and idGenerator configuration hooks to JSONSecurityConfigurationJCOMOIDC-95Resolved issue: JCOMOIDC-95Henri Mikkonen
- Profile configuration option for refresh token typeJCOMOIDC-94Resolved issue: JCOMOIDC-94Henri Mikkonen
- com.nimbusds.oauth2.sdk subject_types_supported out of specJCOMOIDC-92Resolved issue: JCOMOIDC-92Henri Mikkonen
- Refactor profile configuration options on major version changeJCOMOIDC-91Henri Mikkonen
- Add CSP protection to viewsJCOMOIDC-90Resolved issue: JCOMOIDC-90Philip Smart
- Add a new CredentialFactoryBean type which allows null objects from createInstanceJCOMOIDC-89Philip Smart
- Credential factory beans are returning null from doCreateInstanceJCOMOIDC-88Philip Smart
- Profile configuration for OIDC logoutJCOMOIDC-87Resolved issue: JCOMOIDC-87Henri Mikkonen
- Add PKCE support to the OIDC message encodersJCOMOIDC-86Resolved issue: JCOMOIDC-86Philip Smart
- Add PKCE support to authorization request objectJCOMOIDC-85Resolved issue: JCOMOIDC-85Philip Smart
- Test-jar dependency is needed for generic testing utility classesJCOMOIDC-84Henri Mikkonen
- Release commons 3.0.0 and config 2.0.0JCOMOIDC-83Resolved issue: JCOMOIDC-83Philip Smart
- Update into the IdP V5 codebaseJCOMOIDC-82Resolved issue: JCOMOIDC-82Henri Mikkonen
- Support policies for unregistered clientsJCOMOIDC-81Resolved issue: JCOMOIDC-81Henri Mikkonen
- RemoteJwkUtils HTTP resource leakJCOMOIDC-80Resolved issue: JCOMOIDC-80Henri Mikkonen
- Add protocol message logging support to the AbstractOIDCMessageEncoderJCOMOIDC-79Resolved issue: JCOMOIDC-79Philip Smart
- Fix possible NPE in JWETokenDecrypter when jcaKeyAlg is not supported by the registryJCOMOIDC-78Resolved issue: JCOMOIDC-78Philip Smart
- Use security params lookup strategy in base signature security handlerJCOMOIDC-77Philip Smart
- Decouple signature signing logic from SignJWTHandlerJCOMOIDC-76Resolved issue: JCOMOIDC-76Philip Smart
- Release 2.2.1JCOMOIDC-75Resolved issue: JCOMOIDC-75Philip Smart
- Add annotations to profile configuration settings for diagnosticsJCOMOIDC-74Resolved issue: JCOMOIDC-74Henri Mikkonen
50 of 120
Windows MSI installer and idp.attribute.resolver.LDAP.searchFilter=
Fixed
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
Environment
None
Details
Details
Details
Created May 19, 2017 at 10:56 AM
Updated June 22, 2021 at 11:04 PM
Resolved April 29, 2018 at 10:27 AM
Activity
Rod WiddowsonApril 29, 2018 at 10:27 AM
Made the obvious fix.
The more complicated question (about making AD configuration orthogonal to Wi ndows Installation) will wait for V4
Rod WiddowsonAugust 15, 2017 at 4:41 PM
I think I want this to be V4 and part of a bigger picture. But I'm not there yet,,,
Discussed in this thread - http://shibboleth.1660669.n2.nabble.com/Questions-about-making-Shibboleth-IdP-Windows-Installer-easier-to-deploy-searchFilter-useStartTLS-Ho-td7633230.html
Assuming Shibboleth IdP Windows Installer users are going to go the route of using Active Directory (AD) as the LDAP source for their Shibboleth IdP, then it would be useful if idp.attribute.resolver.LDAP.searchFilter= used sAMAccountName rather than uid. This appears to already happened for idp.authn.LDAP.userFilter= already.
Proposing an improvement to replace this;
idp.attribute.resolver.LDAP.searchFilter= (uid=$resolutionContext.principal)with this as part of either the Windows MSI installer, or other Shibboleth installer (The discussion with Rod and Scott also mentioned whether this should be considered in a cross-platform context.)
{{
idp.attribute.resolver.LDAP.searchFilter=(sAMAccountName=$resolutionContext.principal)}}
Thanks,
Jon Agland, UK federation team, Jisc