feature: filter IdP retrival #2882
Open
+237
−93
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- allow to delete a relyingPartySecret on IdP - Filter IdP list by origin - Return the auth_method to show current configured client authentication method
|
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/187584735 The labels on this github issue will be updated when the story is started. |
strehle
changed the title
|
generated documentation can be downloaded as ZIP |
|
NEW Filter: uaac curl -b /identity-providers?origin=sap.proxy | jq -r .[0] Allow to get IdP based on origin. Do not iterate over all. |
strehle
changed the title
strehle
added a commit
that referenced
this pull request
May 16, 2024
…n IdP Alternative to PR: #2882, #2887 and PR: #2885 Only one call in backend, but more input on client side. authMethod is used to make this change non-breakable. Because before the update prevented the removal of the relyingPartySecret. No if authMethod is not client_secret_basic or client_secret_post, then the relyingPartySecret can be overwritten with null.
strehle
added a commit
that referenced
this pull request
May 23, 2024
…n IdP (#2896) * WIP: idp secret * feature: delete secret on existing IdP - allow to delete a relyingPartySecret on IdP - Filter IdP list by origin - Return the auth_method to show current configured client authentication method * Documentation * fix names * sonar * sonar * Add patch call to change a secret from an external IdP * Alias handling * 2nd alternative fix: allow to change or delete a relyingPartySecret on IdP Alternative to PR: #2882, #2887 and PR: #2885 Only one call in backend, but more input on client side. authMethod is used to make this change non-breakable. Because before the update prevented the removal of the relyingPartySecret. No if authMethod is not client_secret_basic or client_secret_post, then the relyingPartySecret can be overwritten with null. * sonar * Tests added * Sonar smell * Review * more checks for edge cases * more tests to cover edge cases * Review Again fixed an edge case CLIENT_SECRET_BASIC, CLIENT_SECRET_POST both same method, therefore treat them equal * Review Again fixed an edge case Found during tests * Test refactored * small doc fixes - some clarification & formatting - no need to call out what the default is in the description because the `.optional("client_secret_basic")` syntax would automatically add that language. * doc: clarify when external OIDC client auth requirements - clarify when config.jwtClientAuthentication and config.relyingPartySecret are required in relation to the new field config.authMethod * Review, removed auth_method which is not used, but we ue authMethod field only * revert this * remove deprecated --------- Co-authored-by: Peter Chen <peter-h.chen@broadcom.com>
…torIdp2 # Conflicts: # server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java
…feature/idp-secret # Conflicts: # model/src/main/java/org/cloudfoundry/identity/uaa/constants/ClientAuthentication.java # model/src/main/java/org/cloudfoundry/identity/uaa/provider/AbstractExternalOAuthIdentityProviderDefinition.java # server/src/main/java/org/cloudfoundry/identity/uaa/provider/IdentityProviderEndpoints.java
strehle
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Many calls to IdPs first retrieve all and then filter by origin on client side. The origin has an index in DB, therefore there should be an option to get the IdP by origin filter.
NEW
Filter: uaac curl -b /identity-providers?origin=sap.proxy | jq -r .[0]
Allow to get IdP based on origin. Do not iterate over all.
Sonar
https://sonarcloud.io/summary/new_code?id=cloudfoundry-identity-parent&pullRequest=2882