OPENAM-5640-SP-Conditions-Assertion-master
OPENAM-6315 Proxying SAML2 Second level status code
OPENAM-8596
OPENAM-8351 - SAML2 JSP pages making use of the SAML2Auditor are calling the SAML2Utils.getRealm with an incorrect Map structure
TEMPER-43 Use TimeService throughout OpenAM.
Revert time travel
TEMPER-43 Use TimeService throughout AM
OPENAM-7507 - add support for static values containing an equals as part of the value in an attribute mapping
OPENAM-7055 Improve logic for POST binding Assertion/Response signature check
[OPENAM-7374] fix for overzellous guard block preventing IDP initiated SSO
OPENAM-2028 Handle null sessionIndex value
AME-7905 - Refactor SAML code base AME-8078 - SAML2 Authentication Module AME-8598 - SAML2 AuthModule: Code Review Large Commit covering the work on the SAML2 refactor and authentication module. More detail on the individual commits is preservered in the branch feature/AME-8078-saml2-authentication-module on the fork repository openam-newton
OPENAM-4103, review CR-6963 - Provide a switch to allow sending AuthnRequests without the RequestedAuthnContext element
OPENAM-3470 CR-6948 Fix formatting and improve code quality
OPENAM-5609 FR-636
OPENAM-5260 CR-5694 Allow only response to be signed when using HTTP POST binding
OPENAM-4248 CR-4284 Proxy NoPassive Responses in IdP Proxy setups
OPENAM-4531 CR-4743 Resolve RelayState validation issues in SAML
Backport of OPENAM-3731 to 11.0.x
Fix for OPENAM-3731, review CR-3937
Fix for OPENAM-4133, review CR-3371: OPENAM-4133: Useless debug log in SAML2Util.putHeaders()
Fix for OPENAM-1773 and OPENAM-3462 - review: CR-3803 DAS now supports goto URL validation. Changes: * The valid goto URL domain setting has been moved to a new service called validationService, the new property name is "openam-auth-valid-goto-resources" * A new delegation policy has been created that allows agent accounts to read the validationService settings * The necessary upgrade step has been implemented that should migrate existing valid goto domains to the new service (also removes the old ones), which also ensures that the new delegation policy is added to the system. * The Goto URL validation logic has been extracted out to a separate class called GotoUrlValidator, which is now can be used from both openam-core and openam-federation-library (for Relaystate evaluations).
Fix for OPENAM-3519, review CR-3176 - remove dependency of openam-core from openam-federation-library
Fix for OPENAM-1655 - review: CR-3125 AttributeQueryUtil now utilizes the configured SP attribute mapper to map received attributes the same way as they would come as part of an assertion.
Fix for OPENAM-3707 Adding extra emptiness check to ensure we don't try to retrieve affiliationDescriptor for "".
Backported fix for OPENAM-2327 to 11.0.x
Fix for OPENAM-3437 - review: CR-2902 Modified relaystate validation logic for SLO cases to handle the scenario when the metaAlias is not available in the URL.
AME-2227 (See AME-2706 for CR list) Resolved servlet and JSP violations.
Fix for OPENAM-2758, internal review.
Fix for OPENAM-2306 review CR-1445.
AME-302/AME-712/AME-722 -- Refactoring of locale's and applicable property files from openam-server-only to openam-locale. A couple of additional changes to fix NPE's and latest XACML3 development.
Fix for OPENAM-1980 - review: CR-1060 Changed the inflating mechanism, so it actually tries to buffer the input using the configured buffer size.
Fix for OPENAM-1819 - review: CR-853
Merging openam_10.1.0_AME-211 branch to trunk - Fix for AME-211
MAE-131/AME-192/AME-211 - CR-790. Session HA Failover and starting to refactor for use for SAML2 and OAUTH2 tokens as well.
AME-153 OPENAM-1623
Fix for OPENAM-1427
Moved Federation library source