osiam / server Goto Github PK

[DEPRECATED] OSIAM server

CSS 0.15% JavaScript 0.06% HTML 0.87% Java 64.90% Groovy 33.88% ANTLR 0.15%

server's Introduction

OSIAM - Open Source Identity and Access Management

Active development of this project has stopped.

OSIAM is a secure identity management solution providing REST based services for authentication and authorization. We achieve this by implementing two important open standards:

OSIAM is published under the MIT licence, giving you the greatest freedom possible to utilize OSIAM in you project or product. Watch our blog to stay informed about releases and upcoming changes.

Use cases

Single app with OSIAM as free backing store for users and groups and local auth service.
Distributed app with OSIAM as central identity store and auth service.
Publish your app's API with OSIAM as auth service for 3rd-parties and allow safe access to your user's data.

Quick Start

Download the latest version of OSIAM:

curl -L https://dl.bintray.com/osiam/downloads/osiam/3.0/osiam-3.0.war -o osiam.war

Make the .war file executable:

chmod +x osiam.war

Start OSIAM:

./osiam.war

After some seconds, OSIAM should be fully running. You can now retrieve your first access token:

curl -H "Authorization: Basic ZXhhbXBsZS1jbGllbnQ6c2VjcmV0" -X POST -d "grant_type=client_credentials&scope=ADMIN" http://localhost:8080/oauth/token

You can now start to setup OSIAM, by changing the administrator's password and add your own OAuth client. Please see the Installation and Configuration Manual for details.

Documentation

Learn how to install and configure OSIAM for production in the documentation.

Components

osiam handles the authentication and authorization based on OAuth 2.0 and holds the SCIM based user data
addon-self-administration provides account management self-service as a web application
addon-administration lets you administer users and groups via a web application

Easy customization

Every visual aspect of OSIAM's components can be easily customized by supplying your own templates, stylesheets and scripts to make OSIAM integrate seamlessly with your application. Read the customization guide to learn more.

Snapshots

To use the latest snapshot of OSIAM just download it from JFrog OSS: https://oss.jfrog.org/repo/org/osiam/osiam/latest-SNAPSHOT/

Scroll down to the bottom of the page and select the latest WAR file.

Issue Tracker

Please report issues, bugs and feature requests via [the issue tracker] (https://github.com/osiam/osiam/issues).

Get involved

Help is very appreciated. Please read the contributors guide to learn how to get started.

server's People

Contributors

Stargazers

Watchers

Forkers

wallner jasmin-opitz davidmoebius dacrome murygin idmachines sschum tkanera stweiz vdeer noroute tpick smancke zhilinwang charbul tkrille tool-recommender-bot yangmain

server's Issues

Email Multivalue patch edit / add

An example:
We have 2 emails already in the User and want to add once more.
Then this one was added but another one was deletet.
so at the end we have still two emails. But we want to have 3.

group displayname must be changed

I I want to update I always have to set the displayName

Installationsanleitung funktioniert nicht

Hi ihrs,

ich gehe gerade die Installationsanleitung für VerA.web durch, die ein tuëndes OSIAM voraussetzt (warum auch immer…). Hierbei wird auf https://github.com/osiam/server/wiki/detailed_reference_installation verwiesen.

Im Abschnitt https://github.com/osiam/server/wiki/detailed_reference_installation#user-content-database-setup sind die Dateinamen falsch, ich habe da z.B: osiam-server/osiam-resource-server/sql/init_ddl.sql

Außerdem wird dort auf eine init_data.sql im auth-server verwiesen, die nicht existiert.

delete all members and adding one member in one update patch

I had the following test.

I told the server to delete all members of a group and also to add a new member.
If I understand the following correct the server should delete all existing members and after this it should add the new member.

"The meta.attributes Sub-Attribute MAY contain a list of attributes to
be removed from the Resource. If the PATCH request body contains an
attribute that is present in the meta.attributes list, the attribute
on the Resource is replaced with the value from the PATCH body. If
the attribute is complex the attribute name must be a path to a Sub-
Attribute in standard attribute notation (Section 3.8); e.g.,
name.givenName."

In my test I had a group with two user member.
The jason string for the update was
{"meta":{"created":"2013-09-09T09:42:13.198+02:00","lastModified":"2013-09-09T09:42:13.198+02:00","attributes":["members"]},"schemas":["urn:scim:schemas:core:1.0"],"displayName":"Irrelevant","members":[{"value":"7d33bcbe-a54c-43d8-867e-f6146164941e"}]}

My return group had 0 members instead of 1

group displayname part of the constructor

The field Group displayName is mandatory.
But it is not part of the constructor like the username in user but a normal set method.
This ways the developer doesn't recognizes that he has to set a displayname until he tries to save the group.

'classes' classifier in pom

Hello
Would you please add 'classes' classifier for both war projects so they will be available as raw classes ?
Thanks

lower log level for distribution

at the moment everything ist logged into catalina.out

would be great if you lower the loglevel for all versions which will be released under https://maven-repo.evolvis.org/releases/org/osiam/osiam-distribution/

maybe its possible too, to write in a separate logfile instead of pushing all data into the main log catalina.out

group displayname

If I wan't to delete the display name nothing happens (which is ok) but also no exception happens.
So the user things it is allowed but nothing happend

OSIAM doesn't honor content type negotiation

Apparently OSIAM does not properly handle the Content-Negotiation. Take for instance the following request:

curl -i -H "Authorization: Bearer $ACCESS_TOKEN" -X GET localhost:8080/osiam-server/Users/$USER_ID

Notice the missing "Accept" header. The response is as expected:

HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Server: Jetty(9.0.2.v20130417)

{"id": ... cut for brevety }

The Content-Type is set as expected. If I request the User resource directly, without a given UUID like so:

curl -i -H "Authorization: Bearer $ACCESS_TOKEN" -X GET localhost:8080/osiam-server/Users

The response comes back with a content-type of text/plain.

HTTP/1.1 200 OK
Content-Type: text/plain; charset=ISO-8859-1
Content-Length: 987
Server: Jetty(9.0.2.v20130417)

{"id": ... cut for brevety }

Given that OSIAM is only returning JSON objects I think it would be a good idea to always return "application/json". But it gets better: Assuming I accidentally use a wrong accept header for my request the request with the concrete UUID refuses service as I would expect it:

 curl -i -H "Authorization: Bearer $ACCESS_TOKEN" -H "Accept: text/html" -X GET localhost:8080/osiam-server/Users/$UUID

HTTP/1.1 406 Not Acceptable
Content-Length: 0
Server: Jetty(9.0.2.v20130417)

If I request the resource without a concrete UUID and a, in this situation, meaningless accept header, I am dutifully served the data in the requested content-type:

 curl -i -H "Authorization: Bearer bc049be0-e2a1-42f1-bcc0-21475237fd41" -H "Accept: image/png" -X GET localhost:8080/osiam-server/Users
HTTP/1.1 200 OK
Content-Type: image/png
Content-Length: 987
Server: Jetty(9.0.2.v20130417)

{"totalResults" ... cut for brevety }

I think this is a bug.

Entitlements Multivalue Update / delete

The Problem is that we get an FK-Error when we update or delete the Entitlement value a second time.
i dont't know if it's possible to enter a own value

members of a group don't know his type

if you get the members out of a Group you can get the uuid be getValue() but you don't know if it is a Group or a User since the getType() ist allways null

The https://www.osiam.org certificate has expired

Hi,
the SSL certificate expired on 10/19/14 it might be a good idea renew it, since It's still referenced by the projects on github.

A happy new year,
Florian Wallner

NPE with empty 'active' field for user

if a user does not contain a value for the field active (i.e. the value is null) the auth-server will throw a NPE. this is caused by this line. when user.isActive() returns null automatic un-boxing will throw the NPE while trying to convert null to a boolean value that is actually needed for the if statement.

the fix is actually very easy but there is one little problem: if there is no value for the field active for a given user, will he be considered active or inactive? i remember that we've had a discussion about this, but i forgot the outcome.

IMS Multivalue Type

When we update an IMS the type for ex. ICQ / Yabber it was not set

Paging in OSIAM violates RFC draft-scim-api

The RFC draft-ietf-scim-api-01 specifies in section 3.2.2.4. Pagination that the URL pagination parameter startIndex is 1-based. The startIndex delivered by OSIAM is apparently 0-based. This is a bug and should be fixed.

User returnes several times

In our test database are several users.
Also the Users cmiller and hsimpson.
I have been looking for them with

http://localhost:8080/osiam-server/Users?access_token=8ed9f8f1-b00d-4e0f-a7eb-74535c40a99b&filter=%28userName%20eq%20%22cmiller%22%20or%20userName%20eq%20%22hsimpson%22%29%20and%20meta.created%20gt%20%222003-05-23T13:12:45.672#;4302:00%22
(I executed the request direct in firefox)

As result I excepted 2 users.
In the return json was me told that I have 3 results and I got 5 results.
With the user cmiller is everything ok (one return). The user hsimpson returned 4 times.

The Database setup is:

<scim_meta id="4" created="2011-10-10 00:00:00.0" lastmodified="2011-10-10 00:00:00.0" resourcetype="User"/>
<scim_meta id="6" created="2013-08-08 19:45:20.816" lastmodified="2013-08-08 19:45:20.816" resourcetype="User"/>
<scim_meta id="10" created="2013-08-08 19:45:37.407" lastmodified="2013-08-08 19:45:37.407" resourcetype="User"/>
<scim_meta id="14" created="2013-08-08 19:45:47.18" lastmodified="2013-08-08 19:45:47.18" resourcetype="User"/>
<scim_meta id="22" created="2013-08-08 19:46:12.738" lastmodified="2013-08-08 19:46:12.738" resourcetype="User"/>
<scim_meta id="26" created="2013-08-08 19:46:20.638" lastmodified="2013-08-08 19:46:20.638" resourcetype="User"/>
<scim_meta id="30" created="2013-08-08 19:46:26.798" lastmodified="2013-08-08 19:46:26.798" resourcetype="User"/>
<scim_meta id="34" created="2013-08-08 19:47:26.151" lastmodified="2013-08-08 19:47:26.151" resourcetype="User"/>
<scim_meta id="43" created="2013-08-08 19:47:51.781" lastmodified="2013-08-08 19:47:51.781" resourcetype="User"/>
<scim_meta id="47" created="2013-08-08 19:51:34.498" lastmodified="2013-08-08 19:51:34.498" resourcetype="User"/>
<scim_meta id="50" created="2013-08-08 19:53:43.221" lastmodified="2013-08-08 19:53:43.221" resourcetype="User"/>
<scim_meta id="53" created="2013-07-31 21:43:18.0" lastmodified="2013-07-31 21:43:18.0" resourcetype="Group"/>
<scim_meta id="55" created="2013-08-08 19:59:54.612" lastmodified="2013-08-08 19:59:54.612" resourcetype="Group"/>
<scim_meta id="57" created="2013-08-08 19:59:56.681" lastmodified="2013-08-08 19:59:56.681" resourcetype="Group"/>
<scim_meta id="59" created="2013-08-08 19:59:59.191" lastmodified="2013-08-08 19:59:59.191" resourcetype="Group"/>
<scim_meta id="61" created="2013-08-08 20:00:01.532" lastmodified="2013-08-08 20:00:01.532" resourcetype="Group"/>
<scim_meta id="63" created="2013-08-08 20:00:03.577" lastmodified="2013-08-08 20:00:03.577" resourcetype="Group"/>
<scim_meta id="65" created="2013-08-08 20:00:07.333" lastmodified="2013-08-08 20:00:07.333" resourcetype="Group"/>
<scim_meta id="69" created="2013-08-08 20:01:31.049" lastmodified="2013-08-08 20:01:31.049" resourcetype="Group"/>
<scim_meta id="71" created="2013-08-08 20:01:55.84" lastmodified="2013-08-08 20:01:55.84" resourcetype="Group"/>
<scim_meta id="73" created="2013-08-08 20:02:18.462" lastmodified="2013-08-08 20:02:18.462" resourcetype="Group"/>

<scim_id internal_id="5" externalid="bthomson" meta_id="6" id="618b398c-0110-43f2-95df-d1bc4e7d2b4a"/>
<scim_id internal_id="9" externalid="adavies" meta_id="10" id="03dc8f50-acaa-44d6-9401-bdfc5e10e821"/>
<scim_id internal_id="13" externalid="cmiller" meta_id="14" id="ac3bacc9-915d-4bab-9145-9eb600d5e5bf"/>
<scim_id internal_id="21" externalid="dcooper" meta_id="22" id="d6f323e2-c717-4ab6-af9c-e639b50a948c"/>
<scim_id internal_id="25" externalid="epalmer" meta_id="26" id="db566580-08a7-44fa-be0f-d30f1c0ff2df"/>
<scim_id internal_id="29" externalid="gbarker" meta_id="30" id="df4ca43d-2811-4ade-aed9-75a1ba990dac"/>
<scim_id internal_id="33" externalid="hsimpson" meta_id="34" id="7d33bcbe-a54c-43d8-867e-f6146164941e"/>
<scim_id internal_id="42" externalid="kmorris" meta_id="43" id="aba67300-74f1-4e51-a68a-0a6c5c45b79c"/>
<scim_id internal_id="46" externalid="bjensen" meta_id="47" id="834b410a-943b-4c80-817a-4465aed037bc"/>
<scim_id internal_id="49" externalid="ewilley" meta_id="50" id="781d9891-9114-4cd5-813a-77c3f4b0e15f"/>
<scim_id internal_id="1" meta_id="4" id="cef9452e-00a9-4cec-a086-d171374ffbef"/>
<scim_id internal_id="52" meta_id="53" id="69e1a5dc-89be-4343-976c-b5541af249f4"/>
<scim_id internal_id="54" meta_id="55" id="d30a77eb-d7cf-4cd1-9fb3-cc640ef09578"/>
<scim_id internal_id="56" meta_id="57" id="d30a77eb-d7cf-4cd1-9fb3-cc640ef09578"/>
<scim_id internal_id="58" meta_id="59" id="4969930d-103a-4c34-8ecc-1f0966f4e3a6"/>
<scim_id internal_id="60" meta_id="61" id="7c198d82-f03b-4fa8-806c-16b26172bba5"/>
<scim_id internal_id="62" meta_id="63" id="1f838739-51cf-4cf1-99d5-0804d6bd41c2"/>
<scim_id internal_id="64" meta_id="65" id="f8b4294a-84fd-4f99-b1f8-a4949fc25254"/>
<scim_id internal_id="68" meta_id="69" id="2b6f5db7-a51a-4620-b8df-1ed267ec6f48"/>
<scim_id internal_id="70" meta_id="71" id="b2687732-c6f5-4bce-9e7a-e9e3e9db8918"/>
<scim_id internal_id="72" meta_id="73" id="d38393bb-5743-4067-88f2-d386bd68cc4b"/>

<scim_name id="7" familyname="Thompson" formatted="Ms. Beccy Thompson" givenname="Beccy"/>
<scim_name id="11" familyname="Davies" formatted="Ms. Adeline Davies" givenname="Adeline"/>
<scim_name id="15" familyname="Carolina" formatted="Ms. Carolina Miller" givenname="Miller"/>
<scim_name id="23" familyname="Cooper" formatted="Mr. Daniel Cooper" givenname="Daniel"/>
<scim_name id="27" familyname="Palmer" formatted="Mr. Emil Palmer" givenname="Emil"/>
<scim_name id="31" familyname="Barker" formatted="Mr. Gregg Barker" givenname="Gregg"/>
<scim_name id="35" familyname="Simpson" formatted="Mr. Homer Simpson" givenname="Homer"/>
<scim_name id="44" familyname="Morris" formatted="Mr. Kenny Morris" givenname="Kenny"/>
<scim_name id="48" familyname="Jensen" formatted="Ms. Barbara J Jensen III" givenname="Barbara"/>
<scim_name id="51" familyname="Erick" formatted="Erick Willey" givenname="Willey"/>

<scim_roles value="USER"/>

<scim_user password="76ab8f145eda495597b700ce75bc304a007a09393f18224ca3afd521c319e1f873bf240ece27f689ee17b9fd2329b51cfb78897fdede67d9d1f0a551ff5479f0"
           displayname="BarbaraJ." locale="de" nickname="Barbara" preferredlanguage="de" profileurl="http://babaraJ.com" timezone="UTC" title="Dr."
           username="bjensen" usertype="user" internal_id="46" name_id="48"/>
<scim_user displayname="BeccyT." locale="de" nickname="Beccy"
           password="908661cbdcd4795f95926b57e9979a80969f7ef55cec4c3dcfccabcae55d32f2a1eae227a91fd41df1462c2bb7b60c136beb75666d7bb60ff859ff886788a349"
           title="Dr." username="jcambell" internal_id="5" name_id="7"/>
<scim_user displayname="AdelineD." locale="de" nickname="Adeline"
           password="de80fa5f5b167a83e57d0f388f1f1964b8c3b991347eb71d7d74ed8823e88d592b19762ca78b58982aa85bb28a3b4596a97346daeabfcf2913bdc400e9af4b67"
           title="Prof." username="adavies" internal_id="9" name_id="11"/>
<scim_user displayname="CarolinaM." locale="de" nickname="Carolina"
           password="1fb68a8abc646ade5a1b75317269ff097374da7b39663adc5930bd92b21d8fce409eabc31ab60450c13046a533c4a7632c26fe75c72f12f4aa798aa034980ed1"
           username="cmiller" internal_id="13" name_id="15"/>
<scim_user displayname="DanielC." locale="de" nickname="Daniel"
           password="5adcf124d1edbad344f8bf4cac60d63dd3c071b58a2514a1a4b96837da370de4cd962d7275a6903b5c2c4a82712dc3b0c43a9f99c4a29631708af1352a86a0bf"
           title="" username="dcooper" internal_id="21" name_id="23"/>
<scim_user displayname="EmilP." locale="de" nickname="Emil"
           password="bff691b597ddc20e9368e6a887d6f7575968c17e164da805c07e3c59df467cde7cb4db9d2bbaaee644950c3eeab8e7c246e65f655cb0c05b93fc5d17a8ae01c8"
           title="" username="epalmer" internal_id="25" name_id="27"/>
<scim_user displayname="GreggB." locale="de" nickname="Gregg"
           password="bd8e5a6e09890f7dc8328a1264f947d2756b376f6d93d920cbe506621f9d2a5332557248e5fc2e0463a2f87e9921d29f0421178654df3165c9a811cac01a0681"
           title="" username="gparker" internal_id="29" name_id="31"/>
<scim_user displayname="HomerS." locale="us" nickname="Homer"
           password="2702f7e25e8db0e0ed8b2ac33556f37d239872f5b305233d0ef826b19e4caf3550cbd3a0b05ece40b5cfb5d5f10643dc6456cdb003942719b7dd74789f1de804"
           title="King" username="hsimpson" internal_id="33" name_id="35"/>
<scim_user displayname="KennyM." locale="de" nickname="Kenny"
           password="7b41aceb545dd17af963140cc34147e78e9f57776b6175a31d4206cfa8010aa412706b36ff2a3ff857d41040c45cf4134cf0d315eff4612bb1004c56a5527126"
           title="Dr." username="kmorris" internal_id="42" name_id="44"/>
<scim_user
        password="4e2e1ceaa25f4e1a4ec7436e3abc8e4c6ee4ad042778aede3412973eccda52ab213e5c84dc36113bf4dae95f0459a6ce264f6e8bcd7c9b30439cb5e60969aa9f"
        username="ewilley" internal_id="49" name_id="51"/>
<scim_user
        password="cbae73fac0893291c4792ef19d158a589402288b35cb18fb8406e951b9d95f6b8b06a3526ffebe96ae0d91c04ae615a7fe2af362763db386ccbf3b55c29ae800"
        username="marissa" internal_id="1"/>

<scim_group displayname="test_group01" internal_id="52"/>
<scim_group displayname="test_group02" internal_id="54"/>
<scim_group displayname="test_group03" internal_id="56"/>
<scim_group displayname="test_group04" internal_id="58"/>
<scim_group displayname="test_group05" internal_id="60"/>
<scim_group displayname="test_group06" internal_id="62"/>
<scim_group displayname="test_group08" internal_id="64"/>
<scim_group displayname="test_group07" internal_id="68"/>
<scim_group displayname="test_group09" internal_id="70"/>
<scim_group displayname="test_group10" internal_id="72"/>

<scim_group_scim_id  scim_group_internal_id="52" members_internal_id="46" />

<scim_email value="[email protected]" postgresql_does_not_like_primary="false" type="work" user_internal_id="9"/>
<scim_email value="[email protected]" postgresql_does_not_like_primary="false" type="work" user_internal_id="46"/>
<scim_email value="[email protected]" postgresql_does_not_like_primary="false" type="work" user_internal_id="5"/>
<scim_email value="[email protected]" postgresql_does_not_like_primary="false" type="work" user_internal_id="13"/>
<scim_email value="[email protected]" postgresql_does_not_like_primary="false" type="work" user_internal_id="21"/>
<scim_email value="[email protected]" postgresql_does_not_like_primary="false" type="work" user_internal_id="25"/>
<scim_email value="[email protected]" postgresql_does_not_like_primary="false" type="work" user_internal_id="49"/>
<scim_email value="[email protected]" postgresql_does_not_like_primary="false" type="work" user_internal_id="29"/>
<scim_email value="[email protected]" postgresql_does_not_like_primary="false" type="work"
            user_internal_id="33"/>
<scim_email value="[email protected]" postgresql_does_not_like_primary="false" type="home"
            user_internal_id="33"/>
<scim_email value="[email protected]" postgresql_does_not_like_primary="false" type="work" user_internal_id="42"/>


<scim_address id="8" country="Germany" locality="Germany" postalcode="66222"
              postgresql_does_not_like_primary="false" region="Germany" streetaddress="example street 62"
              type="work"/>
<scim_address id="12" country="Germany" locality="Germany" postalcode="66333"
              postgresql_does_not_like_primary="false" region="Germany" streetaddress="example street 63"
              type="work"/>
<scim_address id="16" country="Germany" locality="Germany" postalcode="6644"
              postgresql_does_not_like_primary="false" region="Germany" streetaddress="example street 64"
              type="work"/>
<scim_address id="24" country="Germany" locality="Germany" postalcode="66666"
              postgresql_does_not_like_primary="false" region="Germany" streetaddress="example street 66"
              type="work"/>
<scim_address id="28" country="Germany" locality="Germany" postalcode="66777"
              postgresql_does_not_like_primary="false" region="Germany" streetaddress="example street 67"
              type="work"/>
<scim_address id="32" country="Germany" locality="Germany" postalcode="66888"
              postgresql_does_not_like_primary="false" region="Germany" streetaddress="example street 68"
              type="work"/>
<scim_address id="36" country="USA" locality="USA" postalcode="4567" postgresql_does_not_like_primary="false"
              region="Springfield" streetaddress="742 Evergreen" type="home"/>
<scim_address id="37" country="USA" locality="USA" postalcode="1245" postgresql_does_not_like_primary="false"
              region="Springfield" streetaddress="Walnut Street - Moes" type="work"/>
<scim_address id="45" country="Germany" locality="Germany" postalcode="66111"
              postgresql_does_not_like_primary="false" region="Germany" streetaddress="example street 60"
              type="work"/>


<scim_photo value="http://example.com/barbara.jpg" type="photo" user_internal_id="46"/>

<scim_im value="barbara" type="xmpp" user_internal_id="46"/>

<scim_phonenumber value="555-555-8377" type="work" user_internal_id="46"/>
<scim_phonenumber value="555-555-8399" type="work" user_internal_id="49"/>
<scim_phonenumber value="600-555-8377" type="work" user_internal_id="42"/>
<scim_phonenumber value="622-555-8377" type="work" user_internal_id="5"/>
<scim_phonenumber value="633-555-8377" type="work" user_internal_id="9"/>
<scim_phonenumber value="644-555-8377" type="work" user_internal_id="13"/>
<scim_phonenumber value="655-111-8377" type="work" user_internal_id="33"/>
<scim_phonenumber value="655-222-8377" type="home" user_internal_id="33"/>
<scim_phonenumber value="666-555-8377" type="work" user_internal_id="21"/>
<scim_phonenumber value="677-555-8377" type="work" user_internal_id="25"/>
<scim_phonenumber value="688-555-8377" type="work" user_internal_id="29"/>

<scim_user_scim_address scim_user_internal_id="5" addresses_id="8"/>
<scim_user_scim_address scim_user_internal_id="9" addresses_id="12"/>
<scim_user_scim_address scim_user_internal_id="13" addresses_id="16"/>
<scim_user_scim_address scim_user_internal_id="21" addresses_id="24"/>
<scim_user_scim_address scim_user_internal_id="25" addresses_id="28"/>
<scim_user_scim_address scim_user_internal_id="29" addresses_id="32"/>
<scim_user_scim_address scim_user_internal_id="33" addresses_id="36"/>
<scim_user_scim_address scim_user_internal_id="33" addresses_id="37"/>
<scim_user_scim_address scim_user_internal_id="42" addresses_id="45"/>
<scim_user_scim_roles scim_user_internal_id="1" roles_value="USER"/>

Add configurable password constraints

one should be able to define password constraints at configuration/deployment time. we should start with minimal length constraints and add something like character classes later on. constraints should be configurable via the main configuration file (resource-server.properties at the time of writing). also, the connector(s) have to be extended to support the new behavior (like throwing an exception or something).

adress will not be deleted

If you delete a User the attached address won't be deleted even if the address is not connected to any User anymore.

osiam-registration-module 0.17.1 incompatible with OSIAM 1.3.2

This is more of an FYI issue, so others don’t search for this too:

osiam-registration-module contains a line in WEB-INF/classes/sql/registration_extension.sql that says:

SELECT pg_catalog.setval('hibernate_sequence', 10, false);

This sequence apparently no longer exists in OSIAM upstream. I removed the offending line, and the database import succeeded. Please advice whether this is the correct fix, and consider releasing a new version of the osiam-registration-module.

facebooks/me doesn't work

I have been trying to get the user who lodged in.
For this I got a accessToken with the grant_type=password.
After this I tried to get the connected user.
As response I got:

"error_code":"CONFLICT","description":"Unable to generate facebook credentials, no name submitted."

Since I want to do this to get the username it's strange that I need the name for this.

possible users with & and = as part of the name

In OSIAM is it possible to create a user where different values have a & or a = as part of the value.

This should not be possible since & and = a part of the search filter.

It was tested with the fields userName and externalId but also other fields like
name.formatted, addresses.streetAddress should not be allowed with & or =.

if this is not a bug but a feature please tell me.

search gives <1 result back

If I search for Users (not tested for Groups) and I say count=100 I get 99 users back.
Also If I say nothing (so it also should be 100 Users) I get 99 Users back.

Also If i say I want to have 99 Users I get 98 Users.

address extends MutliValueAttribute

Address extends Mutlivalue Attribute and so we can cal setValue(...) but Address should not have this field.
Since the Address extends the MutliValueAttribute it is not possible to set the values in any order. So it is not possible to say

new Address.Builder().setPreferred(true).setCountry("de");

Sorting breaks the result list

(migrated from https://jira.osiam.org/browse/OSNG-478)

Given:
A user without name (no name entity). And a user with name (name entity exists).

When I try to sort by given name (name.givenName) then I get a SCIMSearchResult where the resources contain only the user with the name! But the totalResult returns the correct number of results that should be returned!

Users/me gives back the user even he was deleted

login and get a access token
delete the current user
call Users/me

this should raise an exception since the user is already deleted.
But we are able to get the current user with /Users/me.

From the telling of Thomas Krille this is probably a problem with the cache and should be the same with /me (facebook)

Photos Multivalue Patch

The same problem with the type of Photos which can't be update

username is needed if patch is called

If you want tp update a User with patch you always have to set the userName even if you don't wan't to change it.
Thats because in the class
org.osiam.resources.controller.UserController in the method
public User update(@PathVariable final String id, HttpServletRequest request, HttpServletResponse response) throws IOException {

the method
jsonInputValidator.validateJsonUser(request);
is called. That is ok for creation and so but not for patching.
I think we just have to remove the call of this method.

Problem with "not"-Filter

It seams that is a bug in the filter mechanism. Even if I use the "not" filter, the result is not that what I would expect!

For example:

I want to search all users that are NOT included in a given group. Than I want to use the following filter: not(groups eq "<groupId>")
I want to search all groups in which is the user NOT a member. Than I want to use the following filter: not(members eq "<userId>")

In the following I have create a little JUnit-Test-File. In there the use-cases demonstrated.
EDIT: here is the gist-link: https://gist.github.com/sschum/ad6a09a2e70ae95ad1ce

init_ddl needs lowering keylength

While using the init_ddl-Script (resource-server/src/main/sql/mysql/init_ddl.sql) all tables are created but the script stops but a constraint and indices are lost.

tkrill mentioned a solution for this[1] so it would be nice to fix it before your next release.

thank you very much in advance

[1]
#240 (comment) and
#240 (comment)

Phone Multivalue patch

When we update an phonenumber the type for ex. home / work was not set

no query possible for emails.type

I you wan to query for Users who have for example have the emails.type = "work" you get a exception that a String can't be converted into a enum.

Roles Type Multivalue Patch

The same problem with the type of Photos which can't be update

A User can't be deleted if he is in one group

I tried to delete a user which was in one group. I got the following error message

Referentielle Integrität verletzt: "FK8D2C327B42F234F: PUBLIC.SCIM_GROUP_SCIM_ID FOREIGN KEY(MEMBERS_INTERNAL_ID) REFERENCES PUBLIC.SCIM_ID(INTERNAL_ID)"
Referential integrity constraint violation: "FK8D2C327B42F234F: PUBLIC.SCIM_GROUP_SCIM_ID FOREIGN KEY(MEMBERS_INTERNAL_ID) REFERENCES PUBLIC.SCIM_ID(INTERNAL_ID)"; SQL statement:
delete from scim_id where internal_id=? [23503-170]; SQL [n/a]; constraint ["FK8D2C327B42F234F: PUBLIC.SCIM_GROUP_SCIM_ID FOREIGN KEY(MEMBERS_INTERNAL_ID) REFERENCES PUBLIC.SCIM_ID(INTERNAL_ID)"; SQL statement:
delete from scim_id where internal_id=? [23503-170]]; nested exception is org.hibernate.exception.ConstraintViolationException: Referentielle Integrität verletzt: "FK8D2C327B42F234F: PUBLIC.SCIM_GROUP_SCIM_ID FOREIGN KEY(MEMBERS_INTERNAL_ID) REFERENCES PUBLIC.SCIM_ID(INTERNAL_ID)"
Referential integrity constraint violation: "FK8D2C327B42F234F: PUBLIC.SCIM_GROUP_SCIM_ID FOREIGN KEY(MEMBERS_INTERNAL_ID) REFERENCES PUBLIC.SCIM_ID(INTERNAL_ID)"; SQL statement:
delete from scim_id where internal_id=? [23503-170]

First: Noone can read this message
Second: It should be possible to delete a User if he is in a group. Of course, we should kick him out of the groups first, but this should be done by the server not the enddeveloper.

wrong address will be deleted

Our User has 2 addresses.
We delete the first one
the deleted address still exists but the other one has been deleted

osiam / server Goto Github PK

server's Introduction

OSIAM - Open Source Identity and Access Management

Use cases

Quick Start

Documentation

Components

Easy customization

Snapshots

Issue Tracker

Get involved

server's People

Contributors

Stargazers

Watchers

Forkers

server's Issues

Recommend Projects

Recommend Topics

Recommend Org