feat: include OIDC JWKSet in the gateway JWKs #3499
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: achmelo <[email protected]>
Signed-off-by: achmelo <[email protected]>
Signed-off-by: achmelo <[email protected]>
Signed-off-by: achmelo <[email protected]>
taban03
reviewed
Apr 5, 2024
...y-service/src/main/java/org/zowe/apiml/gateway/security/service/token/OIDCTokenProvider.java
Show resolved
Hide resolved
taban03
reviewed
Apr 5, 2024
gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/zosmf/ZosmfService.java
Show resolved
Hide resolved
taban03
reviewed
Apr 5, 2024
gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/zosmf/ZosmfService.java
Show resolved
Hide resolved
Signed-off-by: achmelo <[email protected]>
taban03
approved these changes
Apr 5, 2024
Signed-off-by: achmelo <[email protected]>
|
achmelo
added a commit
that referenced
this pull request
Apr 23, 2024
* use the same JWK format, include OIDC keys in the response Signed-off-by: achmelo <[email protected]> * cleanup, update tests Signed-off-by: achmelo <[email protected]> * integration test for local validation Signed-off-by: achmelo <[email protected]> * set default ssl factory Signed-off-by: achmelo <[email protected]> * change debug message Signed-off-by: achmelo <[email protected]> * test coverage Signed-off-by: achmelo <[email protected]> --------- Signed-off-by: achmelo <[email protected]> (cherry picked from commit a588a8f) Signed-off-by: achmelo <[email protected]>
achmelo
added a commit
that referenced
this pull request
Apr 24, 2024
* fix: allow key exchange port configuration (#3453) * allow key exchange port configuration Signed-off-by: achmelo <[email protected]> * explain different defaults for the port Signed-off-by: achmelo <[email protected]> * use the same default port number Signed-off-by: achmelo <[email protected]> --------- Signed-off-by: achmelo <[email protected]> (cherry picked from commit d82322e) * chore: Change log levels for WS and Identity Mapper and add service info (#3344) * add info about the southbound service request for authsource Signed-off-by: at670475 <[email protected]> * add debug msg for websocket routing Signed-off-by: at670475 <[email protected]> * address pr comments Signed-off-by: at670475 <[email protected]> --------- Signed-off-by: at670475 <[email protected]> (cherry picked from commit 0a888f8) * fix: Respect configuration enabling JWT Token Refresh Functionality #3468 (#3474) * Respect JWT Refresh Configuration from zowe.yaml Signed-off-by: Jakub Balhar <[email protected]> * Fix the default in shell. Signed-off-by: Jakub Balhar <[email protected]> --------- Signed-off-by: Jakub Balhar <[email protected]> (cherry picked from commit b4146be) * feat: include OIDC JWKSet in the gateway JWKs (#3499) * use the same JWK format, include OIDC keys in the response Signed-off-by: achmelo <[email protected]> * cleanup, update tests Signed-off-by: achmelo <[email protected]> * integration test for local validation Signed-off-by: achmelo <[email protected]> * set default ssl factory Signed-off-by: achmelo <[email protected]> * change debug message Signed-off-by: achmelo <[email protected]> * test coverage Signed-off-by: achmelo <[email protected]> --------- Signed-off-by: achmelo <[email protected]> (cherry picked from commit a588a8f) Signed-off-by: achmelo <[email protected]> * feat: forward valid OIDC token to southbound service in case of distributed ID is not mapped (#3497) * forward token and message in case of missing mapping Signed-off-by: at670475 <[email protected]> * fix test Signed-off-by: at670475 <[email protected]> * add unit test Signed-off-by: at670475 <[email protected]> * small refactoring Signed-off-by: at670475 <[email protected]> * updating integration tests Signed-off-by: at670475 <[email protected]> * add test Signed-off-by: at670475 <[email protected]> * add exception to the error handler to return correct response code Signed-off-by: at670475 <[email protected]> * fix styles Signed-off-by: achmelo <[email protected]> --------- Signed-off-by: at670475 <[email protected]> Signed-off-by: achmelo <[email protected]> Co-authored-by: achmelo <[email protected]> Co-authored-by: achmelo <[email protected]> (cherry picked from commit 60777c1) * fix: check for nullpointer exception when jwk key can't be retrieved (#3503) * check for nullpointer ex when jwk key can't be retrieved Signed-off-by: at670475 <[email protected]> * add test Signed-off-by: at670475 <[email protected]> * address comment Signed-off-by: at670475 <[email protected]> --------- Signed-off-by: at670475 <[email protected]> (cherry picked from commit 7c00dba) * revert Signed-off-by: achmelo <[email protected]> * use current methods Signed-off-by: achmelo <[email protected]> * feat: Move OIDC access token from cookie to special header (#3513) * POC Signed-off-by: Pavel Jares <[email protected]> * fix Signed-off-by: Pavel Jares <[email protected]> * replace old constructors Signed-off-by: achmelo <[email protected]> * update IT Signed-off-by: achmelo <[email protected]> * fix Signed-off-by: Pavel Jares <[email protected]> * update IT Signed-off-by: achmelo <[email protected]> * fix IT Signed-off-by: Pavel Jares <[email protected]> * exception handler for no MF ID, unit test Signed-off-by: achmelo <[email protected]> * unit tests for request modification Signed-off-by: Pavel Jares <[email protected]> * license Signed-off-by: achmelo <[email protected]> * minor changes Signed-off-by: Pavel Jares <[email protected]> * lowercase header Signed-off-by: achmelo <[email protected]> * remove import Signed-off-by: achmelo <[email protected]> * remove authorization header from httpservletrequest Signed-off-by: achmelo <[email protected]> * test no ID and invalid token Signed-off-by: achmelo <[email protected]> * ignore cookies if auth cookie only remains Signed-off-by: achmelo <[email protected]> * expect no cookie in request Signed-off-by: achmelo <[email protected]> * fix sonar Signed-off-by: Pavel Jares <[email protected]> --------- Signed-off-by: Pavel Jares <[email protected]> Signed-off-by: achmelo <[email protected]> Co-authored-by: achmelo <[email protected]> (cherry picked from commit 6248308) * url without default Signed-off-by: achmelo <[email protected]> * use the same jwk uri Signed-off-by: achmelo <[email protected]> * attempt to fix IT Signed-off-by: Pavel Jares <[email protected]> * Revert "attempt to fix IT" This reverts commit cf35400. * use keyLocator for JWK set Signed-off-by: achmelo <[email protected]> --------- Signed-off-by: achmelo <[email protected]> Signed-off-by: Pavel Jares <[email protected]> Co-authored-by: Andrea Tabone <[email protected]> Co-authored-by: Jakub Balhar <[email protected]> Co-authored-by: Pavel Jareš <[email protected]> Co-authored-by: Pavel Jares <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Include JWKs retrieved from the Identity Provider to allow clients and services to validate the OIDC access token locally.
Linked to #3455
Part of the # (epic)
Type of change
Please delete options that are not relevant.
Checklist:
For more details about how should the code look like read the Contributing guideline