OPENIDM-4685 - Using policy service to validate self-service pages

OPENIDM-4298 - Managed/user can use _action=patch instead of PATCH method to update account

Updates to use forgerock-ui 8.6.0 and forgerock-selfservice * Includes forgotten username process in admin and enduser UI * Aligns contractor sample with userQuery stage, and account for double-quotes in userNames passed to queryFilters * Updates self-service examples * Support for updating kba questions as part of self-service profile * Bug with update logic in router-authz * Support for locales in email

OPENIDM-4328 - Restores missed 'excludePatterns' change from earlier commit

OPENIDM-4289 - Aligns workflow sample with relationships (authzRoles and manager) and refactoring and cleanup of contractorOnBoarding workflow Uses selfservice reset to set the new contractor's password.

OPENIDM-4287 - Updates workflow endpoints to use current user's security context

OPENIDM-4278 - Refactor KBA questions into a shared location in config store

OPENIDM-4284 - Removing lingering references to siteIdentification as well as obsolete openam sample

CSS-30 - Support for password reset using KBA

OPENIDM-3559 - Moving policy details for managed objects into json schema Adjusting authz rules for self-service requests (taking CSS-28 into account) Including kbaInfo in default user schema Progress with adding new properties to json editor for managed objects Aligning the Admin UI and authz rules with backend, removing default configs Using external/email endpoint in access.js authz rule

OPENIDM-3892 - Integrating User Self-Service with the openidm selfservice UI Bumping up to forgerock-ui 7.2.0 Fixes backgrid layout by including common/structure/backgrid.less Deleting old registration and reset code, and clearing out a lot of cruft Fixes to the /admin config screens for self-service: - for mimeType, ordering, labels, and _id removal - Updating ui/configuration when self-service features are enabled/disabled - bug with admin context startup, due to looking at wrong site configuration delegate

CHF-68 and CHF-69: move Context, SecurityContext, and AbstractRouter to services package

OPENIDM-2761...OpenAM Session Module UI integration includes "fullStack" sample which demonstrates how to effectively use IDM, DJ, and AM together reviewed at CR-6042

fix typos

OPENIDM-2180 update comment per Laurent

OPENIDM-2180 (CR-4447) Disallow ?_action=command on repo via HTTP

Fixing bug introduced in r3030 related to patch requests made with ?_action=patch - OPENIDM-1766 Reviewed in Skype

Tightening the default authz rule for non-admin users - action and query are not necessary. Reviewed with Andi via Skype

CR-3215 - OPENIDM-1683 - Pass-through authentication support for enduser ui

[IDME-17] workflow onboarding sample: [IDME-26] sunrise workflow [IDME-27] email notification extensions extending osgi import line in router: adding other non-available contexts updating Activiti version from 5.12 to 5.12.1

http://sources.forgerock.org/cru/CR-2981 - FR-UI - Dialog transition problems, improved default value support, and IDM enduser UI alignment

http://sources.forgerock.org/cru/FR-62 - Aligning scripts in CREST branch to use new request and context variables, and updates to workflow UI Resolves IDME-108

CUI-1 move user profile to commons...CR-2825...also a couple of changes related to IDME-68 (changed address1 to postalAddress)

IDME-68 change user "email, familyName, phoneNumber" properties to "mail, sn, telephoneNumber" respectively

http://sources.forgerock.org/cru/FR-29 - OpenIDM UI changes for CREST branch - aligning with API and commons-ui

http://sources.forgerock.org/cru/FR-20 - Pulling in numerous updates to common ui from bridge work http://sources.forgerock.org/cru/FR-22 - Updates to pass-through auth config and script to be more flexible with choice of ldap backend

fix contractor onboarding default sample

Align access config to trunk, and allow test and testConfig actions by default; note that the provisioner functionality still needs porting.

aligning commons changes related to openam ui customization by realm with openidm https://bugster.forgerock.org/jira/browse/AME-2014 https://bugster.forgerock.org/jira/browse/OPENIDM-1410 http://sources.forgerock.org/cru/CR-1985

[OPENIDM-1260][CR-1511] Security Manager Service implmentation for certificate and key management via REST API

[OPENIDM-1254][CR-1479] Added "test" and "testConfig" actions for testing connector configurations and connections.

OPENIDM-1146 Allow liveSync to be invoked from the resource API/RESTful API

Using JSLint to validate server-side JavaScript code as part of the maven build process. Updates to server-side JavaScript to pass JSLint validation rules. http://sources.forgerock.org/cru/CR-1175

Updating access rule based on Laurent's testing http://sources.forgerock.org/cru/CR-1107#CFR-20620 - Granting patch for managed/user/password to openidm-cert users. https://bugster.forgerock.org/jira/browse/OPENIDM-988 - OpenDJ Password Synchronization Plugin raising error on password change in OpenDJ

http://sources.forgerock.org/cru/CR-1107#CFR-20620 - Granting patch for managed/user/password to openidm-cert users. https://bugster.forgerock.org/jira/browse/OPENIDM-988 - OpenDJ Password Synchronization Plugin raising error on password change in OpenDJ

merging trunk r1735-1772

http://sources.forgerock.org/cru/CR-1078 - OpenIDM - fix authz rules to allow correct access to optional feature securityQA https://bugster.forgerock.org/jira/browse/OPENIDM-1032 - When only security questions are enabled, an authz failure occurs when attempts to reset password

Whitelist for attributes users are allowed to modify on their account http://sources.forgerock.org/cru/CR-1043 https://bugster.forgerock.org/jira/browse/OPENIDM-1006

Whitelisting user attributes - http://sources.forgerock.org/cru/CR-1043 Changing default behavior in mysql to be case-sensitive for usernames, as in OrientDB - http://sources.forgerock.org/cru/CR-1039

For changes to access.js: https://bugster.forgerock.org/jira/browse/OPENIDM-936 http://sources.forgerock.org/cru/CR-970 For changes to router-authz.js: https://bugster.forgerock.org/jira/browse/OPENIDM-935 http://sources.forgerock.org/cru/CR-969

Opening up selective access to parts of the system/ endpoint

Disallowing access to system/ endpoint

Restoring disallowQueryExpression customAuthz https://bugster.forgerock.org/jira/browse/OPENIDM-935

[OPENIDM-936] Added support for an "excludePatterns" field in httpAccessConfig entries.

[OPENIDM-922] Renamed accessConfig object to httpAccessConfig and adjusted the comments.

[OPENIDM-922] Added access to Rhino shell commands in OpenIDM scripts. Separated enforcement and helper logic of router authorization script. Moved router-authz.js to bin/defaults.