security
security copied to clipboard
jakartaee
Jakarta Security
**Challenged Tests:** [ee.jakarta.tck.security.test.AppLDAP2IT#testAuthenticated](https://github.com/jakartaee/security/blob/master/tck/app-ldap3/src/test/java/ee/jakarta/tck/security/test/AppLDAP2IT.java#L39) **TCK Version:** Jakarta Security TCK 3.0.0 **Tested Implementation:** Open Liberty **Description:** This test configures an [LDAPIdentityStoreDefinition](https://github.com/jakartaee/security/blob/master/tck/app-ldap3/src/main/java/ee/jakarta/tck/security/test/Servlet.java#L38) that is setting the `groupMemberOfAttribute` from the default of "memberOf" to...
Following on the discussions under the issue https://github.com/jakartaee/security/issues/267 and related approved PR https://github.com/jakartaee/security/pull/268 I am raising this challenge to request the ability to ignore the results of the following test...
for #277 - update OidcProvider to use SignedJWT - update the `/token` endpoint to use SignedJWT with RS256 instead of PlainJWT to comply with oidc spec - create the `/certs`...
**Challenged Tests:** [ee.jakarta.tck.security.test.OpenIdDefaultIT#testOpenIdConnect](https://github.com/jakartaee/security/blob/master/tck/app-openid/src/test/java/ee/jakarta/tck/security/test/OpenIdDefaultIT.java#L68) [ee.jakarta.tck.security.test.OpenIdWithELIT#testOpenIdConnect](https://github.com/jakartaee/security/blob/master/tck/app-openid/src/test/java/ee/jakarta/tck/security/test/OpenIdWithELIT.java#L64) **TCK Version:** Jakarta Security TCK 3.0.0 **Tested Implementation:** Open Liberty **Description:** [Section 2](https://openid.net/specs/openid-connect-core-1_0.html#IDToken) of the OpenID Connect specification states "ID Tokens MUST be signed using [JWS](https://openid.net/specs/openid-connect-core-1_0.html#JWS)...
**Challenged Tests:** [ee.jakarta.tck.security.test.OpenId2DefaultIT#testOpenIdConnect](https://github.com/jakartaee/security/blob/master/tck/app-openid2/src/test/java/ee/jakarta/tck/security/test/OpenId2DefaultIT.java#L55) [ee.jakarta.tck.security.test.OpenId3DefaultIT#testOpenIdConnect](https://github.com/jakartaee/security/blob/master/tck/app-openid3/src/test/java/ee/jakarta/tck/security/test/OpenId3DefaultIT.java#L52) **TCK Version:** Jakarta Security TCK 3.0.0 **Tested Implementation:** Open Liberty **Description:** [Section 5.3](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo) of the OpenID Connect specification states "Communication with the UserInfo Endpoint MUST utilize...
**Challenged Tests:** [ee.jakarta.tck.security.test.AppLDAPIT#testAuthenticated](https://github.com/jakartaee/security/blob/master/tck/app-ldap/src/test/java/ee/jakarta/tck/security/test/AppLDAPIT.java#L39) **TCK Version:** Jakarta Security TCK 3.0.0 **Tested Implementation:** Open Liberty **Description:** This test configures an [LDAPIdentityStoreDefinition](https://github.com/jakartaee/security/blob/master/tck/app-ldap/src/main/java/ee/jakarta/tck/security/test/Servlet.java#L34) with only the elements url, callerBaseDn, and groupSearchBase. It configures LDAP...
The app names are just minor annoyances when trying to debug test runs, but the test case name is a real problem as it prevents some of the results from...
hello, i'm proposing to change the `userinfoEndpoint` in `OpenIdProviderMetadata` from `Required` to `Optional` in its javadoc. i think this will make it more aligned with the authentication mechanism spec since:...
Bumps [jsoup](https://github.com/jhy/jsoup) from 1.15.1 to 1.15.3. Release notes Sourced from jsoup's releases. jsoup 1.15.3 jsoup 1.15.3 is out now, and includes a security fix for potential XSS attacks, along with...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
The server side of this test case requires "nimbus-jose-jwt" however it is not guaranteed that this will be available on the application server under test, the web application should bundle...