diff --git a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JsonSchemaBuilderService.groovy b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JsonSchemaBuilderService.groovy index 0ed02bc47..b13cc2575 100644 --- a/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JsonSchemaBuilderService.groovy +++ b/backend/src/main/groovy/edu/internet2/tier/shibboleth/admin/ui/service/JsonSchemaBuilderService.groovy @@ -59,7 +59,7 @@ class JsonSchemaBuilderService { [title : it['displayName'], description : it['helpText'], type : ((IRelyingPartyOverrideProperty)it).getTypeForUI(), - default : it['displayType'] == 'boolean' ? Boolean.getBoolean(it['defaultValue']) : it['defaultValue'], + default : it['displayType'] == 'boolean' ? Boolean.parseBoolean(it['defaultValue']) : it['defaultValue'], examples : it['examples']] } properties[(String) it['name']] = property diff --git a/backend/src/main/resources/application.yml b/backend/src/main/resources/application.yml index 2c3f24b17..a737e13e4 100644 --- a/backend/src/main/resources/application.yml +++ b/backend/src/main/resources/application.yml @@ -241,18 +241,18 @@ custom: defaultValue: CHAIN attributeName: http://shibboleth.net/ns/profiles/oauth2/revocation/revocationMethod protocol: oidc - - name: accessTokenLifetime + - name: accessTokenLifetimeOauth attributeFriendlyName: accessTokenLifetime - displayName: label.accessTokenLifetime - helpText: tooltip.accessTokenLifetime + displayName: label.accessTokenLifetime.oauth + helpText: tooltip.accessTokenLifetime.oauth displayType: string defaultValue: PT10M attributeName: http://shibboleth.net/ns/profiles/oauth2/token/accessTokenLifetime protocol: oidc - - name: accessTokenType + - name: accessTokenTypeOauth attributeFriendlyName: accessTokenType - displayName: label.accessTokenType - helpText: tooltip.accessTokenType + displayName: label.accessTokenType.oauth + helpText: tooltip.accessTokenType.oauth displayType: string attributeName: http://shibboleth.net/ns/profiles/oauth2/token/accessTokenType protocol: oidc @@ -285,10 +285,10 @@ custom: defaultValue: authorization_code, refresh_token attributeName: http://shibboleth.net/ns/profiles/oauth2/token/grantTypes protocol: oidc - - name: refreshTokenLifetime + - name: refreshTokenLifetimeOauth attributeFriendlyName: refreshTokenLifetime - displayName: label.refreshTokenLifetime - helpText: tooltip.refreshTokenLifetime + displayName: label.refreshTokenLifetime.oauth + helpText: tooltip.refreshTokenLifetime.oauth displayType: string defaultValue: PT2H attributeName: http://shibboleth.net/ns/profiles/oauth2/token/refreshTokenLifetime @@ -298,7 +298,7 @@ custom: displayName: label.resolveAttributes.oauth helpText: tooltip.resolveAttributes.oauth displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/oauth2/token/resolveAttributes protocol: oidc - name: authorizationCodeFlowEnabled @@ -306,7 +306,7 @@ custom: displayName: label.authorizationCodeFlowEnabled helpText: tooltip.authorizationCodeFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/authorizationCodeFlowEnabled protocol: oidc - name: hybridFlowEnabled @@ -314,7 +314,7 @@ custom: displayName: label.hybridFlowEnabled helpText: tooltip.hybridFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/hybridFlowEnabled protocol: oidc - name: implicitFlowEnabled @@ -322,7 +322,7 @@ custom: displayName: label.implicitFlowEnabled helpText: tooltip.implicitFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/implicitFlowEnabled protocol: oidc - name: refreshTokensEnabled @@ -330,21 +330,21 @@ custom: displayName: label.refreshTokensEnabled helpText: tooltip.refreshTokensEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/refreshTokensEnabled protocol: oidc - - name: accessTokenLifetime + - name: accessTokenLifetimeOidc attributeFriendlyName: accessTokenLifetime - displayName: label.accessTokenLifetime - helpText: tooltip.accessTokenLifetime + displayName: label.accessTokenLifetime.oidc + helpText: tooltip.accessTokenLifetime.oidc displayType: string defaultValue: PT10M attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/accessTokenLifetime protocol: oidc - - name: accessTokenType + - name: accessTokenTypeOidc attributeFriendlyName: accessTokenType - displayName: label.accessTokenType - helpText: tooltip.accessTokenType + displayName: label.accessTokenType.oidc + helpText: tooltip.accessTokenType.oidc displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/accessTokenType protocol: oidc @@ -362,10 +362,10 @@ custom: displayType: boolean attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/allowPKCEPlain protocol: oidc - - name: alwaysIncludedAttributes + - name: alwaysIncludedAttributesBrowser attributeFriendlyName: alwaysIncludedAttributes - displayName: label.alwaysIncludedAttributes - helpText: tooltip.alwaysIncludedAttributes + displayName: label.alwaysIncludedAttributes.browser + helpText: tooltip.alwaysIncludedAttributes.browser displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/alwaysIncludedAttributes protocol: oidc @@ -377,10 +377,10 @@ custom: defaultValue: PT5M attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/authorizeCodeLifetime protocol: oidc - - name: deniedUserInfoAttributes + - name: deniedUserInfoAttributesBrowser attributeFriendlyName: deniedUserInfoAttributes - displayName: label.deniedUserInfoAttributes - helpText: tooltip.deniedUserInfoAttributes + displayName: label.deniedUserInfoAttributes.browser + helpText: tooltip.deniedUserInfoAttributes.browser displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/deniedUserInfoAttributes protocol: oidc @@ -420,18 +420,18 @@ custom: displayType: boolean attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/includeIssuerInResponse protocol: oidc - - name: refreshTokenLifetime + - name: refreshTokenLifetimeOidc attributeFriendlyName: refreshTokenLifetime - displayName: label.refreshTokenLifetime - helpText: tooltip.refreshTokenLifetime + displayName: label.refreshTokenLifetime.oidc + helpText: tooltip.refreshTokenLifetime.oidc displayType: string defaultValue: PT2H attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/refreshTokenLifetime protocol: oidc - - name: alwaysIncludedAttributes + - name: alwaysIncludedAttributesToken attributeFriendlyName: alwaysIncludedAttributes - displayName: label.alwaysIncludedAttributes - helpText: tooltip.alwaysIncludedAttributes + displayName: label.alwaysIncludedAttributes.token + helpText: tooltip.alwaysIncludedAttributes.token displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/token/alwaysIncludedAttributes protocol: oidc @@ -440,7 +440,7 @@ custom: displayName: label.encryptionOptional helpText: tooltip.encryptionOptional displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/oidc/token/encryptionOptional protocol: oidc - name: IDTokenLifetime diff --git a/backend/src/main/resources/i18n/messages.properties b/backend/src/main/resources/i18n/messages.properties index 69571640b..50723320a 100644 --- a/backend/src/main/resources/i18n/messages.properties +++ b/backend/src/main/resources/i18n/messages.properties @@ -877,32 +877,32 @@ label.postAuthenticationFlows=Post Authentication Flows label.proxyCount=Proxy Count label.revocationLifetime=Revocation Lifetime label.revocationMethod=Revocation Method -label.accessTokenLifetime=Access Token Lifetime -label.accessTokenType=Access Token Type +label.accessTokenLifetime.oauth=Access Token Lifetime (OAUTH) +label.accessTokenType.oauth=Access Token Type (OAUTH) label.allowPKCEPlain.oidc=Allow PKCE Plain (OIDC) label.enforceRefreshTokenRotation=Enforce Refresh Token Rotation label.forcePKCE.oidc=Force PKCE (OIDC) label.grantTypes=Grant Types -label.refreshTokenLifetime=Refresh Token Lifetime -label.resolveAttributes.oauth=Resolve Attributes (Oauth) +label.refreshTokenLifetime.oauth=Refresh Token Lifetime (OAUTH) +label.resolveAttributes.oauth=Resolve Attributes (OAUTH) label.authorizationCodeFlowEnabled=Authorization Code Flow Enabled label.hybridFlowEnabled=Hybrid Flow Enabled label.implicitFlowEnabled=Implicit Flow Enabled label.refreshTokensEnabled=Refresh Tokens Enabled -label.accessTokenLifetime=Access Token Lifetime -label.accessTokenType=Access Token Type +label.accessTokenLifetime.oidc=Access Token Lifetime (OIDC) +label.accessTokenType.oidc=Access Token Type (OIDC) label.acrRequestAlwaysEssential=Acr Request Always Essential label.allowPKCEPlain.oauth=Allow PKCE Plain (OAUTH) -label.alwaysIncludedAttributes=Always Included Attributes +label.alwaysIncludedAttributes.token=Always Included Attributes (Token) label.authorizeCodeLifetime=Authorize Code Lifetime -label.deniedUserInfoAttributes=Denied User Info Attributes +label.deniedUserInfoAttributes.browser=Denied User Info Attributes (browser) label.encodeConsentInTokens=Encode Consent In Tokens label.encodedAttributes=Encoded Attributes label.forcePKCE.oauth=Force PKCE (OAUTH) label.IDTokenLifetime.browser=IDToken Lifetime (browser) label.includeIssuerInResponse=Include Issuer In Response -label.refreshTokenLifetime=Refresh Token Lifetime -label.alwaysIncludedAttributes=Always Included Attributes +label.refreshTokenLifetime.oidc=Refresh Token Lifetime (OIDC) +label.alwaysIncludedAttributes.browser=Always Included Attributes (browser) label.encryptionOptional=Encryption Optional label.IDTokenLifetime=IDToken Lifetime label.deniedUserInfoAttributes=Denied User Info Attributes @@ -918,33 +918,33 @@ tooltip.postAuthenticationFlows=Ordered list of profile interceptor flows to run tooltip.proxyCount=Limits use of proxying either to service providers downstream or when requesting authentication from identity providers upstream. This will generally depend on whether a particular protocol supports the feature. tooltip.revocationLifetime=The revocation lifetime used when revoking the full chain (see CHAIN above). tooltip.revocationMethod=The revocation method: CHAIN refers to revoking whole chain of tokens (from authorization code to all access/refresh tokens) and TOKEN refers to revoking single token -tooltip.accessTokenLifetime=Lifetime of access token issued to client -tooltip.accessTokenType=Format of access token. Supported values are ?JWT? or nothing/empty/null implying opaque tokens. -tooltip.allowPKCEPlain=Whether client is allowed to use PKCE code challenge method plain +tooltip.accessTokenLifetime.oauth=Lifetime of access token issued to client (OAUTH) +tooltip.accessTokenType.oauth=Format of access token. Supported values are ?JWT? or nothing/empty/null implying opaque tokens. +tooltip.allowPKCEPlain.oauth=Whether client is allowed to use PKCE code challenge method plain (OAUTH) tooltip.enforceRefreshTokenRotation=Whether to enforce refresh token rotation. If enabled the refresh token is revoked whenever it is used for issuing a new refresh token. -tooltip.forcePKCE=Whether client is required to use PKCE +tooltip.forcePKCE.oauth=Whether client is required to use PKCE (OAUTH) tooltip.grantTypes=OAuth grant types to allow -tooltip.refreshTokenLifetime=Lifetime of refresh token issued to client +tooltip.refreshTokenLifetime.oidc=Lifetime of refresh token issued to client tooltip.resolveAttributes.oidc=Whether to resolve attributes during the token issuance process tooltip.authorizationCodeFlowEnabled=Whether to enable the authorization code flow tooltip.hybridFlowEnabled=Whether to enable the hybrid flow tooltip.implicitFlowEnabled=Whether to enable the implicit flow tooltip.refreshTokensEnabled=Whether to enable refresh token support -tooltip.accessTokenLifetime=Lifetime of access token -tooltip.accessTokenType=Format of access token. Supported values are ?JWT? or nothing/empty/null implying opaque tokens. +tooltip.accessTokenLifetime.oidc=Lifetime of access token (OIDC) +tooltip.accessTokenType.oidc=Format of access token. Supported values are 'JWT' or nothing/empty/null implying opaque tokens. tooltip.acrRequestAlwaysEssential=Whether to treat "acr" claim requests as essential regardless of request -tooltip.allowPKCEPlain=Whether client is allowed to use PKCE code challenge method plain -tooltip.alwaysIncludedAttributes=Specifies IdPAttributes to always include in ID token regardless of response_type +tooltip.allowPKCEPlain.oidc=Whether client is allowed to use PKCE code challenge method plain (OIDC) +tooltip.alwaysIncludedAttributes.token=Specifies IdPAttributes to always include in ID token regardless of response_type tooltip.authorizeCodeLifetime=Lifetime of authorization code -tooltip.deniedUserInfoAttributes=Specifies IdPAttributes to omit from UserInfo token +tooltip.deniedUserInfoAttributes.browser=Specifies IdPAttributes to omit from UserInfo token (browser) tooltip.encodeConsentInTokens=Whether to embed consent decision(s) in access/refresh tokens and authorization code to allow for client-side consent storage tooltip.encodedAttributes=Specifies IdPAttributes to encode into tokens for recovery on back-channel token requests -tooltip.forcePKCE=Whether client is required to use PKCE +tooltip.forcePKCE.oidc=Whether client is required to use PKCE (OIDC) tooltip.IDTokenLifetime.browser=Lifetime of ID token (browser) tooltip.includeIssuerInResponse=Whether to include issuer -parameter in the responses as specified by RFC 9207. If set to true also consider including authorization_response_iss_parameter_supported to the OP metadata. -tooltip.refreshTokenLifetime=Lifetime of refresh token -tooltip.alwaysIncludedAttributes=Specifies IdPAttributes to always include in ID token regardless of response_type -tooltip.encryptionOptional=Whether the absence of encryption details in a client?s metadata should fail when issuing an ID token +tooltip.refreshTokenLifetime.oauth=Lifetime of refresh token +tooltip.alwaysIncludedAttributes.browser=Specifies IdPAttributes to always include in ID token regardless of response_type +tooltip.encryptionOptional=Whether the absence of encryption details in a client's metadata should fail when issuing an ID token tooltip.IDTokenLifetime=Lifetime of ID token issued to client tooltip.deniedUserInfoAttributes=Specifies IdPAttributes to omit from UserInfo token tooltip.resolveAttributes.oauth=Whether to run the attribute resolution/filtering step \ No newline at end of file diff --git a/testbed/authentication/shibui/application.yml b/testbed/authentication/shibui/application.yml index 4a8fdee76..73f30063f 100644 --- a/testbed/authentication/shibui/application.yml +++ b/testbed/authentication/shibui/application.yml @@ -187,18 +187,18 @@ shibui: defaultValue: CHAIN attributeName: http://shibboleth.net/ns/profiles/oauth2/revocation/revocationMethod protocol: oidc - - name: accessTokenLifetime + - name: accessTokenLifetimeOauth attributeFriendlyName: accessTokenLifetime - displayName: label.accessTokenLifetime - helpText: tooltip.accessTokenLifetime + displayName: label.accessTokenLifetime.oauth + helpText: tooltip.accessTokenLifetime.oauth displayType: string defaultValue: PT10M attributeName: http://shibboleth.net/ns/profiles/oauth2/token/accessTokenLifetime protocol: oidc - - name: accessTokenType + - name: accessTokenTypeOauth attributeFriendlyName: accessTokenType - displayName: label.accessTokenType - helpText: tooltip.accessTokenType + displayName: label.accessTokenType.oauth + helpText: tooltip.accessTokenType.oauth displayType: string attributeName: http://shibboleth.net/ns/profiles/oauth2/token/accessTokenType protocol: oidc @@ -231,10 +231,10 @@ shibui: defaultValue: authorization_code, refresh_token attributeName: http://shibboleth.net/ns/profiles/oauth2/token/grantTypes protocol: oidc - - name: refreshTokenLifetime + - name: refreshTokenLifetimeOauth attributeFriendlyName: refreshTokenLifetime - displayName: label.refreshTokenLifetime - helpText: tooltip.refreshTokenLifetime + displayName: label.refreshTokenLifetime.oauth + helpText: tooltip.refreshTokenLifetime.oauth displayType: string defaultValue: PT2H attributeName: http://shibboleth.net/ns/profiles/oauth2/token/refreshTokenLifetime @@ -244,7 +244,7 @@ shibui: displayName: label.resolveAttributes.oauth helpText: tooltip.resolveAttributes.oauth displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/oauth2/token/resolveAttributes protocol: oidc - name: authorizationCodeFlowEnabled @@ -252,7 +252,7 @@ shibui: displayName: label.authorizationCodeFlowEnabled helpText: tooltip.authorizationCodeFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/authorizationCodeFlowEnabled protocol: oidc - name: hybridFlowEnabled @@ -260,7 +260,7 @@ shibui: displayName: label.hybridFlowEnabled helpText: tooltip.hybridFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/hybridFlowEnabled protocol: oidc - name: implicitFlowEnabled @@ -268,7 +268,7 @@ shibui: displayName: label.implicitFlowEnabled helpText: tooltip.implicitFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/implicitFlowEnabled protocol: oidc - name: refreshTokensEnabled @@ -276,21 +276,21 @@ shibui: displayName: label.refreshTokensEnabled helpText: tooltip.refreshTokensEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/refreshTokensEnabled protocol: oidc - - name: accessTokenLifetime + - name: accessTokenLifetimeOidc attributeFriendlyName: accessTokenLifetime - displayName: label.accessTokenLifetime - helpText: tooltip.accessTokenLifetime + displayName: label.accessTokenLifetime.oidc + helpText: tooltip.accessTokenLifetime.oidc displayType: string defaultValue: PT10M attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/accessTokenLifetime protocol: oidc - - name: accessTokenType + - name: accessTokenTypeOidc attributeFriendlyName: accessTokenType - displayName: label.accessTokenType - helpText: tooltip.accessTokenType + displayName: label.accessTokenType.oidc + helpText: tooltip.accessTokenType.oidc displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/accessTokenType protocol: oidc @@ -308,10 +308,10 @@ shibui: displayType: boolean attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/allowPKCEPlain protocol: oidc - - name: alwaysIncludedAttributes + - name: alwaysIncludedAttributesBrowser attributeFriendlyName: alwaysIncludedAttributes - displayName: label.alwaysIncludedAttributes - helpText: tooltip.alwaysIncludedAttributes + displayName: label.alwaysIncludedAttributes.browser + helpText: tooltip.alwaysIncludedAttributes.browser displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/alwaysIncludedAttributes protocol: oidc @@ -323,10 +323,10 @@ shibui: defaultValue: PT5M attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/authorizeCodeLifetime protocol: oidc - - name: deniedUserInfoAttributes + - name: deniedUserInfoAttributesBrowser attributeFriendlyName: deniedUserInfoAttributes - displayName: label.deniedUserInfoAttributes - helpText: tooltip.deniedUserInfoAttributes + displayName: label.deniedUserInfoAttributes.browser + helpText: tooltip.deniedUserInfoAttributes.browser displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/deniedUserInfoAttributes protocol: oidc @@ -366,18 +366,18 @@ shibui: displayType: boolean attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/includeIssuerInResponse protocol: oidc - - name: refreshTokenLifetime + - name: refreshTokenLifetimeOidc attributeFriendlyName: refreshTokenLifetime - displayName: label.refreshTokenLifetime - helpText: tooltip.refreshTokenLifetime + displayName: label.refreshTokenLifetime.oidc + helpText: tooltip.refreshTokenLifetime.oidc displayType: string defaultValue: PT2H attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/refreshTokenLifetime protocol: oidc - - name: alwaysIncludedAttributes + - name: alwaysIncludedAttributesToken attributeFriendlyName: alwaysIncludedAttributes - displayName: label.alwaysIncludedAttributes - helpText: tooltip.alwaysIncludedAttributes + displayName: label.alwaysIncludedAttributes.token + helpText: tooltip.alwaysIncludedAttributes.token displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/token/alwaysIncludedAttributes protocol: oidc @@ -386,7 +386,7 @@ shibui: displayName: label.encryptionOptional helpText: tooltip.encryptionOptional displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/oidc/token/encryptionOptional protocol: oidc - name: IDTokenLifetime diff --git a/testbed/integration/shibui/application.yml b/testbed/integration/shibui/application.yml index 71d615a33..9bdb080df 100644 --- a/testbed/integration/shibui/application.yml +++ b/testbed/integration/shibui/application.yml @@ -179,18 +179,18 @@ shibui: defaultValue: CHAIN attributeName: http://shibboleth.net/ns/profiles/oauth2/revocation/revocationMethod protocol: oidc - - name: accessTokenLifetime + - name: accessTokenLifetimeOauth attributeFriendlyName: accessTokenLifetime - displayName: label.accessTokenLifetime - helpText: tooltip.accessTokenLifetime + displayName: label.accessTokenLifetime.oauth + helpText: tooltip.accessTokenLifetime.oauth displayType: string defaultValue: PT10M attributeName: http://shibboleth.net/ns/profiles/oauth2/token/accessTokenLifetime protocol: oidc - - name: accessTokenType + - name: accessTokenTypeOauth attributeFriendlyName: accessTokenType - displayName: label.accessTokenType - helpText: tooltip.accessTokenType + displayName: label.accessTokenType.oauth + helpText: tooltip.accessTokenType.oauth displayType: string attributeName: http://shibboleth.net/ns/profiles/oauth2/token/accessTokenType protocol: oidc @@ -223,10 +223,10 @@ shibui: defaultValue: authorization_code, refresh_token attributeName: http://shibboleth.net/ns/profiles/oauth2/token/grantTypes protocol: oidc - - name: refreshTokenLifetime + - name: refreshTokenLifetimeOauth attributeFriendlyName: refreshTokenLifetime - displayName: label.refreshTokenLifetime - helpText: tooltip.refreshTokenLifetime + displayName: label.refreshTokenLifetime.oauth + helpText: tooltip.refreshTokenLifetime.oauth displayType: string defaultValue: PT2H attributeName: http://shibboleth.net/ns/profiles/oauth2/token/refreshTokenLifetime @@ -236,7 +236,7 @@ shibui: displayName: label.resolveAttributes.oauth helpText: tooltip.resolveAttributes.oauth displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/oauth2/token/resolveAttributes protocol: oidc - name: authorizationCodeFlowEnabled @@ -244,7 +244,7 @@ shibui: displayName: label.authorizationCodeFlowEnabled helpText: tooltip.authorizationCodeFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/authorizationCodeFlowEnabled protocol: oidc - name: hybridFlowEnabled @@ -252,7 +252,7 @@ shibui: displayName: label.hybridFlowEnabled helpText: tooltip.hybridFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/hybridFlowEnabled protocol: oidc - name: implicitFlowEnabled @@ -260,7 +260,7 @@ shibui: displayName: label.implicitFlowEnabled helpText: tooltip.implicitFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/implicitFlowEnabled protocol: oidc - name: refreshTokensEnabled @@ -268,21 +268,21 @@ shibui: displayName: label.refreshTokensEnabled helpText: tooltip.refreshTokensEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/refreshTokensEnabled protocol: oidc - - name: accessTokenLifetime + - name: accessTokenLifetimeOidc attributeFriendlyName: accessTokenLifetime - displayName: label.accessTokenLifetime - helpText: tooltip.accessTokenLifetime + displayName: label.accessTokenLifetime.oidc + helpText: tooltip.accessTokenLifetime.oidc displayType: string defaultValue: PT10M attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/accessTokenLifetime protocol: oidc - - name: accessTokenType + - name: accessTokenTypeOidc attributeFriendlyName: accessTokenType - displayName: label.accessTokenType - helpText: tooltip.accessTokenType + displayName: label.accessTokenType.oidc + helpText: tooltip.accessTokenType.oidc displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/accessTokenType protocol: oidc @@ -300,10 +300,10 @@ shibui: displayType: boolean attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/allowPKCEPlain protocol: oidc - - name: alwaysIncludedAttributes + - name: alwaysIncludedAttributesBrowser attributeFriendlyName: alwaysIncludedAttributes - displayName: label.alwaysIncludedAttributes - helpText: tooltip.alwaysIncludedAttributes + displayName: label.alwaysIncludedAttributes.browser + helpText: tooltip.alwaysIncludedAttributes.browser displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/alwaysIncludedAttributes protocol: oidc @@ -315,10 +315,10 @@ shibui: defaultValue: PT5M attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/authorizeCodeLifetime protocol: oidc - - name: deniedUserInfoAttributes + - name: deniedUserInfoAttributesBrowser attributeFriendlyName: deniedUserInfoAttributes - displayName: label.deniedUserInfoAttributes - helpText: tooltip.deniedUserInfoAttributes + displayName: label.deniedUserInfoAttributes.browser + helpText: tooltip.deniedUserInfoAttributes.browser displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/deniedUserInfoAttributes protocol: oidc @@ -358,18 +358,18 @@ shibui: displayType: boolean attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/includeIssuerInResponse protocol: oidc - - name: refreshTokenLifetime + - name: refreshTokenLifetimeOidc attributeFriendlyName: refreshTokenLifetime - displayName: label.refreshTokenLifetime - helpText: tooltip.refreshTokenLifetime + displayName: label.refreshTokenLifetime.oidc + helpText: tooltip.refreshTokenLifetime.oidc displayType: string defaultValue: PT2H attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/refreshTokenLifetime protocol: oidc - - name: alwaysIncludedAttributes + - name: alwaysIncludedAttributesToken attributeFriendlyName: alwaysIncludedAttributes - displayName: label.alwaysIncludedAttributes - helpText: tooltip.alwaysIncludedAttributes + displayName: label.alwaysIncludedAttributes.token + helpText: tooltip.alwaysIncludedAttributes.token displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/token/alwaysIncludedAttributes protocol: oidc @@ -378,7 +378,7 @@ shibui: displayName: label.encryptionOptional helpText: tooltip.encryptionOptional displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/oidc/token/encryptionOptional protocol: oidc - name: IDTokenLifetime diff --git a/testbed/mariadb/conf/application.yml b/testbed/mariadb/conf/application.yml index 9cf826d01..8acae5ea1 100644 --- a/testbed/mariadb/conf/application.yml +++ b/testbed/mariadb/conf/application.yml @@ -210,18 +210,18 @@ custom: defaultValue: CHAIN attributeName: http://shibboleth.net/ns/profiles/oauth2/revocation/revocationMethod protocol: oidc - - name: accessTokenLifetime + - name: accessTokenLifetimeOauth attributeFriendlyName: accessTokenLifetime - displayName: label.accessTokenLifetime - helpText: tooltip.accessTokenLifetime + displayName: label.accessTokenLifetime.oauth + helpText: tooltip.accessTokenLifetime.oauth displayType: string defaultValue: PT10M attributeName: http://shibboleth.net/ns/profiles/oauth2/token/accessTokenLifetime protocol: oidc - - name: accessTokenType + - name: accessTokenTypeOauth attributeFriendlyName: accessTokenType - displayName: label.accessTokenType - helpText: tooltip.accessTokenType + displayName: label.accessTokenType.oauth + helpText: tooltip.accessTokenType.oauth displayType: string attributeName: http://shibboleth.net/ns/profiles/oauth2/token/accessTokenType protocol: oidc @@ -254,10 +254,10 @@ custom: defaultValue: authorization_code, refresh_token attributeName: http://shibboleth.net/ns/profiles/oauth2/token/grantTypes protocol: oidc - - name: refreshTokenLifetime + - name: refreshTokenLifetimeOauth attributeFriendlyName: refreshTokenLifetime - displayName: label.refreshTokenLifetime - helpText: tooltip.refreshTokenLifetime + displayName: label.refreshTokenLifetime.oauth + helpText: tooltip.refreshTokenLifetime.oauth displayType: string defaultValue: PT2H attributeName: http://shibboleth.net/ns/profiles/oauth2/token/refreshTokenLifetime @@ -267,7 +267,7 @@ custom: displayName: label.resolveAttributes.oauth helpText: tooltip.resolveAttributes.oauth displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/oauth2/token/resolveAttributes protocol: oidc - name: authorizationCodeFlowEnabled @@ -275,7 +275,7 @@ custom: displayName: label.authorizationCodeFlowEnabled helpText: tooltip.authorizationCodeFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/authorizationCodeFlowEnabled protocol: oidc - name: hybridFlowEnabled @@ -283,7 +283,7 @@ custom: displayName: label.hybridFlowEnabled helpText: tooltip.hybridFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/hybridFlowEnabled protocol: oidc - name: implicitFlowEnabled @@ -291,7 +291,7 @@ custom: displayName: label.implicitFlowEnabled helpText: tooltip.implicitFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/implicitFlowEnabled protocol: oidc - name: refreshTokensEnabled @@ -299,21 +299,21 @@ custom: displayName: label.refreshTokensEnabled helpText: tooltip.refreshTokensEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/refreshTokensEnabled protocol: oidc - - name: accessTokenLifetime + - name: accessTokenLifetimeOidc attributeFriendlyName: accessTokenLifetime - displayName: label.accessTokenLifetime - helpText: tooltip.accessTokenLifetime + displayName: label.accessTokenLifetime.oidc + helpText: tooltip.accessTokenLifetime.oidc displayType: string defaultValue: PT10M attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/accessTokenLifetime protocol: oidc - - name: accessTokenType + - name: accessTokenTypeOidc attributeFriendlyName: accessTokenType - displayName: label.accessTokenType - helpText: tooltip.accessTokenType + displayName: label.accessTokenType.oidc + helpText: tooltip.accessTokenType.oidc displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/accessTokenType protocol: oidc @@ -331,10 +331,10 @@ custom: displayType: boolean attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/allowPKCEPlain protocol: oidc - - name: alwaysIncludedAttributes + - name: alwaysIncludedAttributesBrowser attributeFriendlyName: alwaysIncludedAttributes - displayName: label.alwaysIncludedAttributes - helpText: tooltip.alwaysIncludedAttributes + displayName: label.alwaysIncludedAttributes.browser + helpText: tooltip.alwaysIncludedAttributes.browser displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/alwaysIncludedAttributes protocol: oidc @@ -346,10 +346,10 @@ custom: defaultValue: PT5M attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/authorizeCodeLifetime protocol: oidc - - name: deniedUserInfoAttributes + - name: deniedUserInfoAttributesBrowser attributeFriendlyName: deniedUserInfoAttributes - displayName: label.deniedUserInfoAttributes - helpText: tooltip.deniedUserInfoAttributes + displayName: label.deniedUserInfoAttributes.browser + helpText: tooltip.deniedUserInfoAttributes.browser displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/deniedUserInfoAttributes protocol: oidc @@ -389,18 +389,18 @@ custom: displayType: boolean attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/includeIssuerInResponse protocol: oidc - - name: refreshTokenLifetime + - name: refreshTokenLifetimeOidc attributeFriendlyName: refreshTokenLifetime - displayName: label.refreshTokenLifetime - helpText: tooltip.refreshTokenLifetime + displayName: label.refreshTokenLifetime.oidc + helpText: tooltip.refreshTokenLifetime.oidc displayType: string defaultValue: PT2H attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/refreshTokenLifetime protocol: oidc - - name: alwaysIncludedAttributes + - name: alwaysIncludedAttributesToken attributeFriendlyName: alwaysIncludedAttributes - displayName: label.alwaysIncludedAttributes - helpText: tooltip.alwaysIncludedAttributes + displayName: label.alwaysIncludedAttributes.token + helpText: tooltip.alwaysIncludedAttributes.token displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/token/alwaysIncludedAttributes protocol: oidc @@ -409,7 +409,7 @@ custom: displayName: label.encryptionOptional helpText: tooltip.encryptionOptional displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/oidc/token/encryptionOptional protocol: oidc - name: IDTokenLifetime diff --git a/testbed/mysql/conf/application.yml b/testbed/mysql/conf/application.yml index a9204e697..9f328ddd4 100644 --- a/testbed/mysql/conf/application.yml +++ b/testbed/mysql/conf/application.yml @@ -210,18 +210,18 @@ custom: defaultValue: CHAIN attributeName: http://shibboleth.net/ns/profiles/oauth2/revocation/revocationMethod protocol: oidc - - name: accessTokenLifetime + - name: accessTokenLifetimeOauth attributeFriendlyName: accessTokenLifetime - displayName: label.accessTokenLifetime - helpText: tooltip.accessTokenLifetime + displayName: label.accessTokenLifetime.oauth + helpText: tooltip.accessTokenLifetime.oauth displayType: string defaultValue: PT10M attributeName: http://shibboleth.net/ns/profiles/oauth2/token/accessTokenLifetime protocol: oidc - - name: accessTokenType + - name: accessTokenTypeOauth attributeFriendlyName: accessTokenType - displayName: label.accessTokenType - helpText: tooltip.accessTokenType + displayName: label.accessTokenType.oauth + helpText: tooltip.accessTokenType.oauth displayType: string attributeName: http://shibboleth.net/ns/profiles/oauth2/token/accessTokenType protocol: oidc @@ -254,10 +254,10 @@ custom: defaultValue: authorization_code, refresh_token attributeName: http://shibboleth.net/ns/profiles/oauth2/token/grantTypes protocol: oidc - - name: refreshTokenLifetime + - name: refreshTokenLifetimeOauth attributeFriendlyName: refreshTokenLifetime - displayName: label.refreshTokenLifetime - helpText: tooltip.refreshTokenLifetime + displayName: label.refreshTokenLifetime.oauth + helpText: tooltip.refreshTokenLifetime.oauth displayType: string defaultValue: PT2H attributeName: http://shibboleth.net/ns/profiles/oauth2/token/refreshTokenLifetime @@ -267,7 +267,7 @@ custom: displayName: label.resolveAttributes.oauth helpText: tooltip.resolveAttributes.oauth displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/oauth2/token/resolveAttributes protocol: oidc - name: authorizationCodeFlowEnabled @@ -275,7 +275,7 @@ custom: displayName: label.authorizationCodeFlowEnabled helpText: tooltip.authorizationCodeFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/authorizationCodeFlowEnabled protocol: oidc - name: hybridFlowEnabled @@ -283,7 +283,7 @@ custom: displayName: label.hybridFlowEnabled helpText: tooltip.hybridFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/hybridFlowEnabled protocol: oidc - name: implicitFlowEnabled @@ -291,7 +291,7 @@ custom: displayName: label.implicitFlowEnabled helpText: tooltip.implicitFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/implicitFlowEnabled protocol: oidc - name: refreshTokensEnabled @@ -299,21 +299,21 @@ custom: displayName: label.refreshTokensEnabled helpText: tooltip.refreshTokensEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/refreshTokensEnabled protocol: oidc - - name: accessTokenLifetime + - name: accessTokenLifetimeOidc attributeFriendlyName: accessTokenLifetime - displayName: label.accessTokenLifetime - helpText: tooltip.accessTokenLifetime + displayName: label.accessTokenLifetime.oidc + helpText: tooltip.accessTokenLifetime.oidc displayType: string defaultValue: PT10M attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/accessTokenLifetime protocol: oidc - - name: accessTokenType + - name: accessTokenTypeOidc attributeFriendlyName: accessTokenType - displayName: label.accessTokenType - helpText: tooltip.accessTokenType + displayName: label.accessTokenType.oidc + helpText: tooltip.accessTokenType.oidc displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/accessTokenType protocol: oidc @@ -331,10 +331,10 @@ custom: displayType: boolean attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/allowPKCEPlain protocol: oidc - - name: alwaysIncludedAttributes + - name: alwaysIncludedAttributesBrowser attributeFriendlyName: alwaysIncludedAttributes - displayName: label.alwaysIncludedAttributes - helpText: tooltip.alwaysIncludedAttributes + displayName: label.alwaysIncludedAttributes.browser + helpText: tooltip.alwaysIncludedAttributes.browser displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/alwaysIncludedAttributes protocol: oidc @@ -346,10 +346,10 @@ custom: defaultValue: PT5M attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/authorizeCodeLifetime protocol: oidc - - name: deniedUserInfoAttributes + - name: deniedUserInfoAttributesBrowser attributeFriendlyName: deniedUserInfoAttributes - displayName: label.deniedUserInfoAttributes - helpText: tooltip.deniedUserInfoAttributes + displayName: label.deniedUserInfoAttributes.browser + helpText: tooltip.deniedUserInfoAttributes.browser displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/deniedUserInfoAttributes protocol: oidc @@ -389,18 +389,18 @@ custom: displayType: boolean attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/includeIssuerInResponse protocol: oidc - - name: refreshTokenLifetime + - name: refreshTokenLifetimeOidc attributeFriendlyName: refreshTokenLifetime - displayName: label.refreshTokenLifetime - helpText: tooltip.refreshTokenLifetime + displayName: label.refreshTokenLifetime.oidc + helpText: tooltip.refreshTokenLifetime.oidc displayType: string defaultValue: PT2H attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/refreshTokenLifetime protocol: oidc - - name: alwaysIncludedAttributes + - name: alwaysIncludedAttributesToken attributeFriendlyName: alwaysIncludedAttributes - displayName: label.alwaysIncludedAttributes - helpText: tooltip.alwaysIncludedAttributes + displayName: label.alwaysIncludedAttributes.token + helpText: tooltip.alwaysIncludedAttributes.token displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/token/alwaysIncludedAttributes protocol: oidc @@ -409,7 +409,7 @@ custom: displayName: label.encryptionOptional helpText: tooltip.encryptionOptional displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/oidc/token/encryptionOptional protocol: oidc - name: IDTokenLifetime diff --git a/testbed/postgres/conf/application.yml b/testbed/postgres/conf/application.yml index d6ca89dc3..ff1cfa696 100644 --- a/testbed/postgres/conf/application.yml +++ b/testbed/postgres/conf/application.yml @@ -212,18 +212,18 @@ custom: defaultValue: CHAIN attributeName: http://shibboleth.net/ns/profiles/oauth2/revocation/revocationMethod protocol: oidc - - name: accessTokenLifetime + - name: accessTokenLifetimeOauth attributeFriendlyName: accessTokenLifetime - displayName: label.accessTokenLifetime - helpText: tooltip.accessTokenLifetime + displayName: label.accessTokenLifetime.oauth + helpText: tooltip.accessTokenLifetime.oauth displayType: string defaultValue: PT10M attributeName: http://shibboleth.net/ns/profiles/oauth2/token/accessTokenLifetime protocol: oidc - - name: accessTokenType + - name: accessTokenTypeOauth attributeFriendlyName: accessTokenType - displayName: label.accessTokenType - helpText: tooltip.accessTokenType + displayName: label.accessTokenType.oauth + helpText: tooltip.accessTokenType.oauth displayType: string attributeName: http://shibboleth.net/ns/profiles/oauth2/token/accessTokenType protocol: oidc @@ -256,10 +256,10 @@ custom: defaultValue: authorization_code, refresh_token attributeName: http://shibboleth.net/ns/profiles/oauth2/token/grantTypes protocol: oidc - - name: refreshTokenLifetime + - name: refreshTokenLifetimeOauth attributeFriendlyName: refreshTokenLifetime - displayName: label.refreshTokenLifetime - helpText: tooltip.refreshTokenLifetime + displayName: label.refreshTokenLifetime.oauth + helpText: tooltip.refreshTokenLifetime.oauth displayType: string defaultValue: PT2H attributeName: http://shibboleth.net/ns/profiles/oauth2/token/refreshTokenLifetime @@ -269,7 +269,7 @@ custom: displayName: label.resolveAttributes.oauth helpText: tooltip.resolveAttributes.oauth displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/oauth2/token/resolveAttributes protocol: oidc - name: authorizationCodeFlowEnabled @@ -277,7 +277,7 @@ custom: displayName: label.authorizationCodeFlowEnabled helpText: tooltip.authorizationCodeFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/authorizationCodeFlowEnabled protocol: oidc - name: hybridFlowEnabled @@ -285,7 +285,7 @@ custom: displayName: label.hybridFlowEnabled helpText: tooltip.hybridFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/hybridFlowEnabled protocol: oidc - name: implicitFlowEnabled @@ -293,7 +293,7 @@ custom: displayName: label.implicitFlowEnabled helpText: tooltip.implicitFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/implicitFlowEnabled protocol: oidc - name: refreshTokensEnabled @@ -301,21 +301,21 @@ custom: displayName: label.refreshTokensEnabled helpText: tooltip.refreshTokensEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/refreshTokensEnabled protocol: oidc - - name: accessTokenLifetime + - name: accessTokenLifetimeOidc attributeFriendlyName: accessTokenLifetime - displayName: label.accessTokenLifetime - helpText: tooltip.accessTokenLifetime + displayName: label.accessTokenLifetime.oidc + helpText: tooltip.accessTokenLifetime.oidc displayType: string defaultValue: PT10M attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/accessTokenLifetime protocol: oidc - - name: accessTokenType + - name: accessTokenTypeOidc attributeFriendlyName: accessTokenType - displayName: label.accessTokenType - helpText: tooltip.accessTokenType + displayName: label.accessTokenType.oidc + helpText: tooltip.accessTokenType.oidc displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/accessTokenType protocol: oidc @@ -333,10 +333,10 @@ custom: displayType: boolean attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/allowPKCEPlain protocol: oidc - - name: alwaysIncludedAttributes + - name: alwaysIncludedAttributesBrowser attributeFriendlyName: alwaysIncludedAttributes - displayName: label.alwaysIncludedAttributes - helpText: tooltip.alwaysIncludedAttributes + displayName: label.alwaysIncludedAttributes.browser + helpText: tooltip.alwaysIncludedAttributes.browser displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/alwaysIncludedAttributes protocol: oidc @@ -348,10 +348,10 @@ custom: defaultValue: PT5M attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/authorizeCodeLifetime protocol: oidc - - name: deniedUserInfoAttributes + - name: deniedUserInfoAttributesBrowser attributeFriendlyName: deniedUserInfoAttributes - displayName: label.deniedUserInfoAttributes - helpText: tooltip.deniedUserInfoAttributes + displayName: label.deniedUserInfoAttributes.browser + helpText: tooltip.deniedUserInfoAttributes.browser displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/deniedUserInfoAttributes protocol: oidc @@ -391,18 +391,18 @@ custom: displayType: boolean attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/includeIssuerInResponse protocol: oidc - - name: refreshTokenLifetime + - name: refreshTokenLifetimeOidc attributeFriendlyName: refreshTokenLifetime - displayName: label.refreshTokenLifetime - helpText: tooltip.refreshTokenLifetime + displayName: label.refreshTokenLifetime.oidc + helpText: tooltip.refreshTokenLifetime.oidc displayType: string defaultValue: PT2H attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/refreshTokenLifetime protocol: oidc - - name: alwaysIncludedAttributes + - name: alwaysIncludedAttributesToken attributeFriendlyName: alwaysIncludedAttributes - displayName: label.alwaysIncludedAttributes - helpText: tooltip.alwaysIncludedAttributes + displayName: label.alwaysIncludedAttributes.token + helpText: tooltip.alwaysIncludedAttributes.token displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/token/alwaysIncludedAttributes protocol: oidc @@ -411,7 +411,7 @@ custom: displayName: label.encryptionOptional helpText: tooltip.encryptionOptional displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/oidc/token/encryptionOptional protocol: oidc - name: IDTokenLifetime diff --git a/testbed/sqlServer/conf/application.yml b/testbed/sqlServer/conf/application.yml index e905446b8..f94a2852c 100644 --- a/testbed/sqlServer/conf/application.yml +++ b/testbed/sqlServer/conf/application.yml @@ -210,18 +210,18 @@ custom: defaultValue: CHAIN attributeName: http://shibboleth.net/ns/profiles/oauth2/revocation/revocationMethod protocol: oidc - - name: accessTokenLifetime + - name: accessTokenLifetimeOauth attributeFriendlyName: accessTokenLifetime - displayName: label.accessTokenLifetime - helpText: tooltip.accessTokenLifetime + displayName: label.accessTokenLifetime.oauth + helpText: tooltip.accessTokenLifetime.oauth displayType: string defaultValue: PT10M attributeName: http://shibboleth.net/ns/profiles/oauth2/token/accessTokenLifetime protocol: oidc - - name: accessTokenType + - name: accessTokenTypeOauth attributeFriendlyName: accessTokenType - displayName: label.accessTokenType - helpText: tooltip.accessTokenType + displayName: label.accessTokenType.oauth + helpText: tooltip.accessTokenType.oauth displayType: string attributeName: http://shibboleth.net/ns/profiles/oauth2/token/accessTokenType protocol: oidc @@ -254,10 +254,10 @@ custom: defaultValue: authorization_code, refresh_token attributeName: http://shibboleth.net/ns/profiles/oauth2/token/grantTypes protocol: oidc - - name: refreshTokenLifetime + - name: refreshTokenLifetimeOauth attributeFriendlyName: refreshTokenLifetime - displayName: label.refreshTokenLifetime - helpText: tooltip.refreshTokenLifetime + displayName: label.refreshTokenLifetime.oauth + helpText: tooltip.refreshTokenLifetime.oauth displayType: string defaultValue: PT2H attributeName: http://shibboleth.net/ns/profiles/oauth2/token/refreshTokenLifetime @@ -267,7 +267,7 @@ custom: displayName: label.resolveAttributes.oauth helpText: tooltip.resolveAttributes.oauth displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/oauth2/token/resolveAttributes protocol: oidc - name: authorizationCodeFlowEnabled @@ -275,7 +275,7 @@ custom: displayName: label.authorizationCodeFlowEnabled helpText: tooltip.authorizationCodeFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/authorizationCodeFlowEnabled protocol: oidc - name: hybridFlowEnabled @@ -283,7 +283,7 @@ custom: displayName: label.hybridFlowEnabled helpText: tooltip.hybridFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/hybridFlowEnabled protocol: oidc - name: implicitFlowEnabled @@ -291,7 +291,7 @@ custom: displayName: label.implicitFlowEnabled helpText: tooltip.implicitFlowEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/implicitFlowEnabled protocol: oidc - name: refreshTokensEnabled @@ -299,21 +299,21 @@ custom: displayName: label.refreshTokensEnabled helpText: tooltip.refreshTokensEnabled displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/refreshTokensEnabled protocol: oidc - - name: accessTokenLifetime + - name: accessTokenLifetimeOidc attributeFriendlyName: accessTokenLifetime - displayName: label.accessTokenLifetime - helpText: tooltip.accessTokenLifetime + displayName: label.accessTokenLifetime.oidc + helpText: tooltip.accessTokenLifetime.oidc displayType: string defaultValue: PT10M attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/accessTokenLifetime protocol: oidc - - name: accessTokenType + - name: accessTokenTypeOidc attributeFriendlyName: accessTokenType - displayName: label.accessTokenType - helpText: tooltip.accessTokenType + displayName: label.accessTokenType.oidc + helpText: tooltip.accessTokenType.oidc displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/accessTokenType protocol: oidc @@ -331,10 +331,10 @@ custom: displayType: boolean attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/allowPKCEPlain protocol: oidc - - name: alwaysIncludedAttributes + - name: alwaysIncludedAttributesBrowser attributeFriendlyName: alwaysIncludedAttributes - displayName: label.alwaysIncludedAttributes - helpText: tooltip.alwaysIncludedAttributes + displayName: label.alwaysIncludedAttributes.browser + helpText: tooltip.alwaysIncludedAttributes.browser displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/alwaysIncludedAttributes protocol: oidc @@ -346,10 +346,10 @@ custom: defaultValue: PT5M attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/authorizeCodeLifetime protocol: oidc - - name: deniedUserInfoAttributes + - name: deniedUserInfoAttributesBrowser attributeFriendlyName: deniedUserInfoAttributes - displayName: label.deniedUserInfoAttributes - helpText: tooltip.deniedUserInfoAttributes + displayName: label.deniedUserInfoAttributes.browser + helpText: tooltip.deniedUserInfoAttributes.browser displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/deniedUserInfoAttributes protocol: oidc @@ -389,18 +389,18 @@ custom: displayType: boolean attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/includeIssuerInResponse protocol: oidc - - name: refreshTokenLifetime + - name: refreshTokenLifetimeOidc attributeFriendlyName: refreshTokenLifetime - displayName: label.refreshTokenLifetime - helpText: tooltip.refreshTokenLifetime + displayName: label.refreshTokenLifetime.oidc + helpText: tooltip.refreshTokenLifetime.oidc displayType: string defaultValue: PT2H attributeName: http://shibboleth.net/ns/profiles/oidc/sso/browser/refreshTokenLifetime protocol: oidc - - name: alwaysIncludedAttributes + - name: alwaysIncludedAttributesToken attributeFriendlyName: alwaysIncludedAttributes - displayName: label.alwaysIncludedAttributes - helpText: tooltip.alwaysIncludedAttributes + displayName: label.alwaysIncludedAttributes.token + helpText: tooltip.alwaysIncludedAttributes.token displayType: string attributeName: http://shibboleth.net/ns/profiles/oidc/token/alwaysIncludedAttributes protocol: oidc @@ -409,7 +409,7 @@ custom: displayName: label.encryptionOptional helpText: tooltip.encryptionOptional displayType: boolean - defaultValue: TRUE + defaultValue: true attributeName: http://shibboleth.net/ns/profiles/oidc/token/encryptionOptional protocol: oidc - name: IDTokenLifetime