perun
perun copied to clipboard
CESNET
Perun Identity and Access Management System
* extended attribute authorization check with option for MFA * if attribute action is marked as critical it requires MFA * if user didn't perform MFA, uncatched MfaPrivilegeException is thrown...
- Method AuthzResolverBlImpl.isAuthorized was extended to check MFA rules. MFAPrivilegeException is thrown when a policy requires MFA on an object marked as critical, but the principal isn't authenticated with MFA....
* if Perun throws MfaPrivilegeException, CLI tools need to instruct user to authenticate with Multi-Factor * this is done by setting enforce_mfa property in OIDC config * then when authentication...
On cesnet-devel there are Applications and ApplicationForms with group set as null. In openapi generated by python generator, there is problem when group is null (None). None is NoneType object...
Parameters to API calls that contain null value should be treated as not provided.
* Added new method which can be used to get all userExtSources with all attributes. By default, this method can be used only by PERUNADMIN or PERUNOBSERVER.
- added logic that tries to find correspoding group member of candidate based on ues attribute values, not just extLogins - ues attributes are also updated (or created) during sync...
* When resolving incoming expirations, to calculate expirations in a month, we need to use some fixed number of days, instead of plus month. If we use plusMonth, multiple days...
Changed implementation of **ExtSourceSql** and **ExtSourcesManagerImpl** to use database connections obtained from pooling DataSources instead of keeping a special connection open for each one. - changed parsing of XML file...
* Added method for get all user attributes * Rewrite the group synchronizations * Added method for get RichUser with all attributes * Added method for convert RichUser to RichUser...
