0cbb44acdcab0e5a2d60c601698454b6a01bd0b3 |
|
08-Oct-2015 |
Jake Feasel <jake.feasel@forgerock.com> |
OPENIDM-3559 - Moving policy details for managed objects into json schema
Adjusting authz rules for self-service requests (taking CSS-28 into account)
Including kbaInfo in default user schema
Progress with adding new properties to json editor for managed objects
Aligning the Admin UI and authz rules with backend, removing default configs
Using external/email endpoint in access.js authz rule |
c530b621413be174f6d4a9f0929f1541f05633a5 |
|
08-Jun-2015 |
Chris Drake <chris.drake@forgerock.com> |
OPENIDM-3223 CR-7161 Implement policy to prevent duplicate Managed User role assignments |
db078a648ff47e28bac8947479f0aaa1903bc385 |
|
25-Mar-2015 |
Jason Browne <jason.browne@forgerock.com> |
Readding telephone policy |
7898f723832b789fd5308fa29a0026051b4d0cbb |
|
23-Mar-2015 |
Jason Browne <jason.browne@forgerock.com> |
OPENIDM-3090 and OPENIDM-3078 (CR-6428) - Fixed two work flow issues casuing errors. |
e70f1914972c426188e8bf2a629d9cf593b10aab |
|
01-Apr-2014 |
Chad Kienle <chad.kienle@forgerock.com> |
[OPENIDM-1713][CR-3292] Updated policy.json to include the "system" role in the configured "exceptRoles" parameters for various properties (missed in commit 3034). |
6fb68c54d2b47bb74c480d298737d178376b9bec |
|
19-Mar-2014 |
Jake Feasel <jake.feasel@forgerock.com> |
http://sources.forgerock.org/cru/CR-3209 - OpenIDM various policy validation clean-up |
e237d4eb1fdc98503c951f58f29eab560bebad74 |
|
13-Mar-2014 |
Jake Feasel <jake.feasel@forgerock.com> |
Adding back in the default empty array for additionalPolicy entries, so it is more obvious how to configure it. |
7c46e67625712e94487c8a4354fe647faf63d6ca |
|
22-Jan-2014 |
Jake Feasel <jake.feasel@forgerock.com> |
http://sources.forgerock.org/cru/FR-47 - Updates to UI and script to align with recent script query changes and merging in list-based role updates from trunk |
2f5ed49d91280c3be52a1b8890687ddb3b8a9cde |
|
10-Jan-2014 |
huck.elliott <huck.elliott@forgerock.com> |
IDME-68 change user "email, familyName, phoneNumber" properties to "mail, sn, telephoneNumber" respectively |
49d879714b1ef69e1fac3294a3b4a83ba9eff3b4 |
|
10-Jan-2014 |
Chris Drake <chris.drake@forgerock.com> |
OPENIDM-1583 OpenIDM should not enforce the REAUTH_REQUIRED policy for openidm-cert role |
83c50dbefa56464a800820f0be675c5a75e02163 |
|
10-Jan-2014 |
Chris Drake <chris.drake@forgerock.com> |
OPENIDM-1583 OpenIDM should not enforce the REAUTH_REQUIRED policy for openidm-cert role |
eb2b0665954495b2b2ff7b64375040233c22398f |
|
04-Oct-2013 |
Chad Kienle <chad.kienle@forgerock.com> |
Changed "name" to "file" in script configs |
9e872d8e49431b339a65a98d4e5e0df39d7b01f4 |
|
20-Mar-2013 |
Chad Kienle <chad.kienle@forgerock.com> |
[OPENIDM-1256][CR-1444] Additional policy files will now load from project directory, unless full path is specified. Added default "additionalFiles" entry to config. |
3e3e4ec7955804aa5e93d4325d5743cc55a7433c |
|
04-Mar-2013 |
Laszlo Hordos <Laszlo.Hordos@forgerock.com> |
OPENIDM-1231 - Migrate the Policy service |
ca67694845f39bb124ebac5d8d9722d71116a0c4 |
|
04-Jan-2013 |
Jake Feasel <jake.feasel@forgerock.com> |
http://sources.forgerock.org/cru/CR-1157 - Commons UI: Updating patch actions to try using add when replace fails
These changes allow for the possibility of a non-existent password property on the managed/user object as a valid state. This could arise when, for example, a record was create via recon from a source system which doesn't expose a cleartext password. Code changes to policy and onCreate script to make this more sensible, and within the UI code to do an "add"-type of patch rather than a "replace" patch (which would fail, since the property doesn't exist). |
e82e853c4e62751f0adbacd5deaef860ce9a55e0 |
|
13-Dec-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
merging trunk 1773-1783 |
2562e648476d71cf595a938a74242443ebf0756d |
|
13-Dec-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
http://sources.forgerock.org/cru/CR-1097 - Removing policy for repo/internal/user/userName
https://bugster.forgerock.org/jira/browse/OPENIDM-1054 - Validating repo/internal/user/openidm-admin fails |
245d622535c32563b59ef5027b1171167ba9b451 |
|
12-Dec-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
merging trunk r1735-1772 |
49d1ddfb04571dd85218ee6c053e0dadba289283 |
|
11-Dec-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
https://bugster.forgerock.org/jira/browse/OPENIDM-1031 - Username can be exploited with arbitrary HTML code
http://sources.forgerock.org/cru/CR-1073 - OpenIDM - prevent embedded HTML from rendering in the UI |
f53e8bf374334553495526c75f961fd0684de0af |
|
28-Nov-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
merging ui branch r1634-1654
Using new validateOnlyIfPresent flag to solve https://bugster.forgerock.org/jira/browse/OPENIDM-934
Modifying apache configuration to reverse proxy for all requests to openidm/ rather than just to openidm/managed
misc trivial cleanup |
2d6f56abae8d1e98c3a1faf5b2c69e6664507d42 |
|
22-Nov-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
Removing old references to "admin" role |
923784d59ac065eee98b208dfacda6fbc24c71d6 |
|
20-Nov-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
Merging trunk r1582-1607
http://sources.forgerock.org/cru/CR-912
Tag, you're it QA! |
84c85c397eae0f322016e56f55ffc53800259886 |
|
19-Nov-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
Adding "admin" to list of roles which do not have to provide certain user attributes |
0f2f4d5fa99181611e0625ed2e446e92511a1bd9 |
|
18-Nov-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
Adding policy to prevent managed users from having the same names as internal users |
0ed4fb3f3aeb24a17760bc3411db5d2f2c2182a9 |
|
16-Nov-2012 |
jdabrowski <jdabrowski@localhost> |
add special privilages to 'admin' role |
35d8f970e25366e2703f1dacbf8fe3f55b494be1 |
|
15-Nov-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
Moving scripts to bin/defaults and updating references in conf |
006579fc6d904d79ff1065cc8aa5c244a00f41ab |
|
15-Nov-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
UI branch changes, r1480-1529
http://sources.forgerock.org/cru/CR-891
This also includes global rename of _query-id to _queryId and _query-expression to _queryExpression.
Note for documenters: there are several changes expected to be made soon; review the code review (linked above) and note Andi's comments |
95c1f779aa24521d0da68679a2ab928bee2cb824 |
|
14-Nov-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
Updates to policy and default settings for new users - allows admin to create users
New authz entries to work with workflow endpoints |
3b32d9ae1dfcc9cabd6e301b9c923be16312cda4 |
|
13-Nov-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
Using new version of i18next (1.5.8)
Using new reauth policy for passwords and security answers
New (blank) translation entry for reauth rule |
96f780b2685504729a2d57531df54cd90b1b513b |
|
12-Nov-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
Merging UI branch, r1455-1477
Updates for UI: Corrected policy, max security answer attempts, task/workflow updates.
http://sources.forgerock.org/cru/CR-862 |
bae0f27fde2298fc261664f259a70326ffb07a27 |
|
09-Nov-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
Using new, proper policy path for validation. Note - there is a known issue with creating users from the admin screen, a result from conflicting policy and default scripts. See here for details: https://bugster.forgerock.org/jira/browse/OPENIDM-848
Also a start on using a policy to enforce the maximum number of security answer attempts within a given timeframe. |
a51d95a87538f829bbcaa442e43df70b5e30edc9 |
|
09-Nov-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
Merging in changes from UI branch, r1420-1452
http://sources.forgerock.org/cru/CR-851 |
f3cde06c21790f13db8925fbdf51404f6f49103c |
|
05-Nov-2012 |
mbilski <mbilski@localhost> |
settings users roles; changing password by internal user |
3032add8d51a0dcb46e076c4dc6105e78a7c9150 |
|
02-Nov-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
CR-824
Merging in changes from UI branch to trunk |
b4118f2f813a4fd95d2a30542e25d8ac7436ad31 |
|
02-Nov-2012 |
Chad Kienle <chad.kienle@forgerock.com> |
[OPENIDM-741/765/766/811] [CR-809] Phase 2 of Policy Service: client side execution of policies, server side enforcement of policies, support for "required" policy, support for policy config inside component configs, policy request/response format changes, support for additional policy scirpts, other minor fixes. |
80bee2069b3d33baed6fd0501419e357413d8f91 |
|
01-Nov-2012 |
Jake Feasel <jake.feasel@forgerock.com> |
Changing validation to use new server-based policy resource |
7e5743eba4787b2af8f31fbbb1f7d529d36196b5 |
|
24-Oct-2012 |
Chad Kienle <chad.kienle@forgerock.com> |
Inital commit of Policy Service component |