summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2023-03-22chore(core): update third-party libsThomas1-3/+32
Inlcude Spring 5.3.26 to fix CVE-2023-20859, CVE-2023-20861, CVE-2023-20860
2023-03-20fix(gui): escape error parameters that contains a '{' because that is not ↵Thomas1-1/+3
supported by error template
2023-03-10fix(ux): add error parameters, if they are available, in case of specific ↵Thomas1-1/+2
exceptions too
2023-02-21test(hsm): fix broken test, because HSM-Facade change an error messageThomas1-1/+1
2023-02-21chore(libs): update third-party libsThomas1-10/+10
- commons-fileupload to 1.5 to fix CVE-2023-24998
2023-02-06build(core): re-name reporting module to mitigate problem with some IDE'sThomas1-3/+3
2023-02-06feat(http): add request interceptor to pre-emptive HTTP Basic authenticationThomas4-0/+99
2023-02-06fix(core): add missing parameter to log messageThomas1-2/+3
2023-01-18build(core): switch to next snapshot versionThomas12-12/+12
2023-01-18build(core): switch to next release version1.3.13Thomas12-12/+12
2023-01-18fix(saml2): support XML decryption by using key from HSM-FacadeThomas6-15/+239
Details: openSAML4 uses org.apache.xml.security.algorithms.JCEMapper to define JCE cryptoprovider for openSAML crypto. operations. However, this JCEMapper is not used for openSAML Decrypter, so it must be set manually.
2023-01-17test(jose): add JWE encryption/decryptio test that uses a wrong decryption keyThomas1-0/+80
2023-01-09build(core): switch to next snapshot versionThomas12-12/+12
2023-01-09chore(core): change loglevel from 'error' to 'info'1.3.12Thomas1-1/+1
2023-01-09build(core): switch to next snapshot versionThomas12-12/+12
2022-12-19build(core): switch to next release version1.3.11Thomas12-12/+12
2022-12-19feat(core): support not-notified eIDAS LoAThomas4-12/+23
2022-12-19chore(pvp2): read LoA matching-mode from service-provider configurationThomas1-6/+6
2022-11-30chore(core): switch log-level to INFO because log-level classification will ↵Thomas1-1/+1
be done by centrial error-handling
2022-11-29feat(core): add ticket-based error-handling service as EAAF core functionalityThomas12-1/+1066
2022-11-24build(core): switch to next snapshot versionThomas12-12/+12
2022-11-24build(core): switch to next release version1.3.10Thomas12-12/+12
2022-11-24fix(sl20): remove full http response body from Exception messageThomas1-3/+3
Reason: Exception messages are illustrated as UX errors
2022-11-23build(core): switch to next snapshot versionThomas12-12/+12
2022-11-23build(core): switch to next release version1.3.9Thomas12-12/+12
2022-11-23fix(sl20): use valid encoded log-message parametersThomas1-3/+3
2022-11-21build(core): switch to next snapshot versionThomas12-12/+12
2022-11-21build(core): switch to next release version1.3.8Thomas12-12/+12
2022-11-07feat(sl20): add response property for IDA eIDAS-comply flagThomas1-0/+4
2022-10-24chore(core): add setter interfaces to inject an IRequestStorageThomas1-1/+6
2022-10-24build(core): switch to next snapshot versionThomas12-12/+12
2022-10-20build(core): switch to next release version1.3.7Thomas12-12/+12
2022-10-20chore(core): update third-party libsThomas1-6/+6
include commons-text-1.10.0 to fix CVE-2022-42889
2022-10-13build(core): switch to next snapshot versionThomas12-12/+12
2022-10-13build(core): switch to next release version1.3.6Thomas12-12/+12
2022-10-13chore(moa-sig): switch to moa-sig v3.1.8Thomas1-1/+1
2022-10-04test(moa-sig): add some more certificates into truststoreThomas9-0/+160
2022-10-04build(core): switch to next snapshot versionThomas12-12/+12
2022-10-03build(core): switch to next release version1.3.5Thomas12-12/+12
2022-09-29test(spring-sec): disable CSRF check, because they brake HTTP client testsThomas1-0/+16
2022-09-29feat(spring-sec): add PasswordEncorder decorator to speed-up password ↵Thomas4-1/+146
validation on REST API's
2022-09-29chore(core): update third-party libsThomas1-5/+5
2022-09-29refact(core): change logger to lombok annotationThomas1-4/+2
2022-09-28chore(core): change log basic status-messager implementationThomas1-5/+5
wrote log messages on level 'debug' if no message property was found
2022-09-28chore(core): switch to next release-version of MOA-SigThomas1-1/+1
2022-09-28chore(core): change log-level to info to get more information about invalid ↵Thomas1-3/+3
pendingRequestId's
2022-09-28chore(moa-sig): switch MOA-Sig to new IAIK-MOA v2.08Thomas4-5/+12
2022-09-27refact(moa-sig): call MOA-SIG initialization checkThomas1-5/+4
2022-09-22fix(sl20): refactor signature and encryption validation because it can be ↵Thomas2-50/+84
skipped - SBA Pentest finds a pattern that skip security validation SBA(202209-10.2)
2022-09-15feat(moa-sig): only re-initialize MOA-Sig if PKI module is not marked as ↵Thomas1-1/+6
configurated