OPENAM-9644 Redirect callback flow doesn't set the AM_REDIRECT_BACK_SERVER_URL cookie

AME-11510 Type generics and reduce method scope in LoginState

OPENAM-7233: skipping decision on change org page no longer throws NPE

OPENAM-8014 - NullPointer when using "Default Failure Login URL" with IDP

OPENAM-8014 - NullPointer when using "Default Failure Login URL" with IDP

OPENAM-7920 Set cookies only for the appropriate domains

OPENAM-7429 NPE when base64 decoding a value which isn't base64 encoded.

AME-7905 - Refactor SAML code base AME-8078 - SAML2 Authentication Module AME-8598 - SAML2 AuthModule: Code Review Large Commit covering the work on the SAML2 refactor and authentication module. More detail on the individual commits is preservered in the branch feature/AME-8078-saml2-authentication-module on the fork repository openam-newton

OPENAM-6472 CR-8410 Clear authentication state after failed new_org flow

OPENAM-6056 CR-7068 LoginViewBean does not correctly handle empty ChoiceCallbacks

AME-6618 CR-6902 Remove legacy persistent cookie implementation

Backport of OPENAM-4562 to OpenAM 11.0.x

OPENAM-4562 FR-441

OPENAM-4011, CR-4009 - Valid goto URL domains work performed on server-side.

OPENAM-2451: CR-3840: Cleanup after session upgrade via REST

OPENAM-4109: Revert R9126

Stories: AME-3613 CR-3776 Create basic scripted authentication module AME-3614 CR-3700 Added validation support to the scripting framework AME-3623 CR-3757 Enable scripts to make REST calls AME-3621 CR-3755 JavaScript scripting engine support AME-3629 CR-3742 Implement TextOutput Callback AME-3729 CR-3761 Ensure JS necessary characters can be passed over transport via PLL AME-3620 CR-3788 Enable Groovy support within our custom scripting engine AME-3626 CR-3759 Add logging support to authentication scripting Noteworthy Subtasks: AME-3708 CR-3722 Changed the default size of the Script text areas AME-3657 CR-3796 Add validation functionality to Scripting UI

OPENAM-2451: CR-3657: REST Auth does not support Session Upgrade

Fix for OPENAM-3784 - review: CR-3252 Check the loginState isn't nullified.

Fix for OPENAM-3784 - review: CR-3252 Check the loginState isn't nullified.

Backported fix for OPENAM-2294 to 11.0.x

Fix for OPENAM-2294, review CR-3126

Backported fix for OPENAM-2327 to 11.0.x

Fix for OPENAM-3531 - review: CR-2857 Updating the new_org code to handle cases when the new authentication is initiated with a SAML POST. The login URL is now also managed by the login framework, ensuring that it is correctly retained (instead of trying to manually reconstruct it).

Fix for OPENAM-3531 - review: CR-2857 Updating the new_org code to handle cases when the new authentication is initiated with a SAML POST. The login URL is now also managed by the login framework, ensuring that it is correctly retained (instead of trying to manually reconstruct it).

Fix for OPENAM-3458 - review: CR-2761 LoginViewBean now handles the loss of the forward parameter upon successful authentication.

Fix for OPENAM-3458 - review: CR-2761 LoginViewBean now handles the loss of the forward parameter upon successful authentication.

AME-2227 (See AME-2706 for CR list) Resolved servlet and JSP violations.

Fix for OPENAM-3259 - review: CR-2596 Modified the error handling for the AUTH_RESET scenario, instead of trying to redisplay the login page, now we just show an error message. Modified the logic in LoginState so if we receive a pcookie from a realm where pcookie is disabled, now the login just continues like there was no cookie presented at all.

Fix for OPENAM-3259 - review: CR-2596 Modified the error handling for the AUTH_RESET scenario, instead of trying to redisplay the login page, now we just show an error message. Modified the logic in LoginState so if we receive a pcookie from a realm where pcookie is disabled, now the login just continues like there was no cookie presented at all.

Fix for OPENAM-2616 - review: CR-1939 Zero page login option now only affects GET login requests as it should.

Fix for OPENAM-2354 - review: CR-1549 Zero page login is now configurable

AME-803 Implement addition callbacks for REST Auth service

Fix for OPENAM-751, review CR-1239.

Fix for OPENAM-1873, review CR-959: Auth module error messages can get lost

Fix for OPENAM-1280 - review: CR-831

Fix for OPENAM-1340 - review: CR-810

Fix for OPENAM-1686

Fix for AME-197