feat(jans-auth-server): harden allowed schemes for redirects #13423 by yuriyz · Pull Request #13429 · JanssenProject/jans (original) (raw)

…ipals (#13538)

refactor(authz): remove unused authorization methods and clean up code (#13416)

Removed the authorize method that accepted a Request type from the Cedarling implementation.
Cleaned up the AuthorizeResult struct by removing unnecessary fields and their associated serialization logic.
Deleted the trust_mode.rs file as it was no longer needed.
Updated imports and references across the codebase to reflect these changes.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

feat(jans-cedarling): Clean Up Configuration Modules for deprecated authz (#13427)
refactor(authz): simplify authorization configuration by removing unused fields

Removed use_user_principal and use_workload_principal fields from AuthorizationConfig and related structures.
Eliminated IdTokenTrustMode and its associated logic from the codebase.
Updated the BootstrapConfig and EntityBuilderConfig to reflect these changes, ensuring a cleaner and more maintainable code structure.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(authz): remove unused parameters from authorization methods

Eliminated _workload_uid and _person_uid parameters from the new_for_many_principals function in AuthorizeResult.
Updated the call to new_for_many_principals in the Authz implementation to reflect these changes, enhancing code clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(authz): clean up authorization entity building code

Removed the build_entities method from EntityBuilder, which was previously responsible for constructing various authorization entities.
Updated imports to reflect the removal of unused code, enhancing overall code clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(authz): streamline authorization configuration and remove unused fields

Removed unused fields related to user and workload principals from AuthorizationConfig and EntityBuilderConfig.
Simplified test configurations by utilizing default settings for authorization and entity building.
Cleaned up related test files to enhance clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(entity_builder): remove workload configuration from entity builder

Eliminated the with_workload() method call from EntityBuilderConfig across multiple entity builder files, simplifying the configuration process.
Updated tests to use default settings, enhancing clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

feat(jans-cedarling): Update All Language Bindings (Python, WASM, Go, UniFFI) (#13440)
refactor(authz): streamline authorization configuration by removing deprecated fields

Removed decision_log_user_claims and decision_log_workload_claims from AuthorizationConfig and related structures.
Updated BootstrapConfig and EntityBuilder to reflect these changes, enhancing code clarity and maintainability.
Cleaned up associated tests to ensure consistency with the new configuration structure.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(python_bindings): remove deprecated request handling and clean up authorization code

Eliminated the Request struct and its associated logic from the authorization module, streamlining the codebase.
Removed the authorize method from the Cedarling implementation that accepted a Request type.
Cleaned up the AuthorizeResult struct by removing unnecessary fields and their serialization logic.
Updated imports and references across the codebase to reflect these changes, enhancing clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(python_bindings): remove unused authorization methods and clean up code

Eliminated the authorize method from the Cedarling class, which accepted a Request type, to streamline the authorization process.
Removed the IdTokenTrustModeError class from the authorize_errors module, simplifying error handling.
Updated the Request class definition to remove unused fields, enhancing clarity and maintainability.
Cleaned up the AuthorizeResult struct by removing unnecessary methods, further refining the codebase.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(python_binding_tests): streamline authorization tests by removing unnecessary assertions

Removed assertions checking for workload and person being None in the test_authorize_unsigned and test_authorize_unsigned_json_rule_by_uid functions, as they are no longer relevant.
Updated the test_logger to utilize RequestUnsigned and simplified the logging configuration for better clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(wasm_bindings): transition to unsigned request handling in authorization

Updated the authorization process to utilize REQUEST_UNSIGNED instead of REQUEST, allowing for principals to be provided as entity data without JWT tokens.
Removed deprecated fields and methods related to standard authorization, streamlining the codebase.
Adjusted related tests to reflect the new unsigned request structure, enhancing clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

fix(wasm_bindings): add 'sub' field to principals in example data and tests

Introduced the 'sub' field in the principals of the REQUEST_UNSIGNED structure to ensure proper identification of users.
Updated test cases to include the 'sub' field for user principals, enhancing the accuracy of authorization tests.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(go_bindings): remove deprecated authorize method from G2RCall trait

Eliminated the authorize method from the G2RCall trait to streamline the authorization process.
Updated the implementation in G2RCallImpl to reflect this change, enhancing code clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(go_bindings): remove deprecated authorization methods and clean up request structures

Eliminated the Authorize method from the Cedarling class and the associated Request struct to streamline the authorization process.
Removed unnecessary fields from the AuthorizeResult struct, enhancing clarity and maintainability.
Updated related tests and configurations to reflect these changes, ensuring consistency across the codebase.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(cedarling_go): update README to reflect new authorization methods and configuration changes

Added AuthorizeMultiIssuer() to the features list for multi-issuer authorization support.
Updated example configuration by removing deprecated fields and clarifying the usage of CEDARLING_ID_TOKEN_TRUST_MODE.
Revised sections on authorization processes to reflect changes in method names and request structures, enhancing clarity for users.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(cedarling_uniffi): streamline error handling and clean up serialization logic

Refactored error handling in the try_from implementation for DataEntry to improve readability and maintainability.
Simplified serialization error messages for data_type and value fields.
Removed deprecated fields from the AuthorizeResult struct, enhancing clarity in the authorization response structure.
Cleaned up the authorize_unsigned method to ensure consistent error handling.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(cedarling_uniffi): update configuration files and clean up tests

Removed deprecated fields from bootstrap.json to streamline configuration.
Added a new principals.json file to define test principals for authorization.
Cleaned up the test suite by removing unused test cases, enhancing maintainability and clarity.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(cedarling_uniffi): update action and principals for authorization

Changed the action in configuration files from Update to UpdateTestPrincipal to reflect new testing requirements.
Introduced principals.json files for both Android and iOS to define test principals for authorization processes.
Updated the authorization logic in the Java and Swift implementations to utilize the new principals structure, enhancing the flexibility of authorization handling.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(cedarling_uniffi): update README to clarify authorization methods and configuration

Revised the description of the Cedarling initialization process to specify the use of authorizeUnsigned with sample principals.
Introduced new authorization methods: authorizeUnsigned and authorizeMultiIssuer, detailing their usage and input requirements.
Removed the deprecated CEDARLING_ID_TOKEN_TRUST_MODE section and updated the configuration example for clarity.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(cedarling_java): remove deprecated authorization fields and update tests

Eliminated deprecated fields from bootstrap.json to streamline configuration.
Refactored the authorize method in CedarlingAdapter to use authorizeUnsigned, enhancing clarity in authorization handling.
Updated test cases in CedarlingAdapterTest to reflect changes in authorization logic and ensure consistency across tests.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(cedarling_java): remove ID Token Trust Mode section from README

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

chore(deps): bump mkdocs-material from 9.7.3 to 9.7.4 in /docs (#13409)

Bumps mkdocs-material from 9.7.3 to 9.7.4.

updated-dependencies:

dependency-name: mkdocs-material dependency-version: 9.7.4 dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

feat(jans-fido2): add dropOffRate and completionRate to metrics error… (#13360)
feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint

Signed-off-by: imran imranishaq7071@gmail.com

feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 1

Signed-off-by: imran imranishaq7071@gmail.com

feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 2

Signed-off-by: imran imranishaq7071@gmail.com

feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 3

Signed-off-by: imran imranishaq7071@gmail.com

feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 4

Signed-off-by: imran imranishaq7071@gmail.com

Signed-off-by: imran imranishaq7071@gmail.com Co-authored-by: YuriyM Yuriy.Movchan@gmail.com

feat (jans-cedarling): Load trusted issuers on startup on the background (#13125)
fix(docker-jans-all-in-one): resolve path to healthcheck endpoint when running monitor script (#13385)
feat(jans-cli-tui): add arguments --auth-url, --config-url, --scim-url (#13414)
feat(jans-cli-tui): add arguments --auth-url, --config-url, --scim-url

Signed-off-by: Mustafa Baser mbaser@mail.com

fix(jans-cli-tui): copilot suggestion

Signed-off-by: Mustafa Baser mbaser@mail.com

fix(jans-cli-tui): coderabbitai suggestions

Signed-off-by: Mustafa Baser mbaser@mail.com

fix(jans-cli-tui): coderabbitai suggestions

Signed-off-by: Mustafa Baser mbaser@mail.com

fix(jans-cli-tui): Initialize logging before emitting normalized URL

Signed-off-by: Mustafa Baser mbaser@mail.com

chore(deps): bump cargo-bins/cargo-binstall from 1.17.4 to 1.17.6 (#13391)

Bumps cargo-bins/cargo-binstall from 1.17.4 to 1.17.6.

updated-dependencies:

dependency-name: cargo-bins/cargo-binstall dependency-version: 1.17.6 dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh 47318409+moabu@users.noreply.github.com

chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#13372)

Bumps actions/upload-artifact from 6.0.0 to 7.0.0.

updated-dependencies:

dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

chore(deps): bump PyO3/maturin-action from 1.50.0 to 1.50.1 (#13389)

Bumps PyO3/maturin-action from 1.50.0 to 1.50.1.

updated-dependencies:

dependency-name: PyO3/maturin-action dependency-version: 1.50.1 dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 (#13390)

Bumps github/codeql-action from 4.32.4 to 4.32.5.

updated-dependencies:

dependency-name: github/codeql-action dependency-version: 4.32.5 dependency-type: direct:production update-type: version-update:semver-patch ...

feat(jans-auth-server): harden allowed schemes for redirects #13423 (#13429)
feat(jans-auth-server): harden allowed schemes for redirects #13423 Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

Fixes Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

feat(jans-cedarling): Implement disabling file checksum validation using configuration (#13424)
feat(policy_store): add SHA-1 checksum support and validation

Updated load_policy_store_directory and related functions to accept a validate_checksum parameter for manifest validation.
Enhanced ManifestValidator to support SHA-1 checksums alongside SHA-256.
Modified error messages to reflect the new checksum format.
Updated tests to cover SHA-1 checksum computation and validation.

This change improves the integrity verification of policy store files by allowing both SHA-1 and SHA-256 checksums.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

feat(policy_store): add validate_checksum option for policy store configuration

Introduced validate_checksum field in PolicyStoreConfig to control checksum validation when loading policy stores from directories or archives.
Updated BootstrapConfig and PolicyStoreConfigRaw to support the new field, with a default value of true.
Enhanced the decoding logic to utilize the validate_checksum parameter for policy store configurations.

This change improves flexibility in policy store loading by allowing users to disable checksum validation if needed.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

feat(policy_store): enable checksum validation in policy store configurations

Added validate_checksum option to PolicyStoreConfig in multiple benchmark files to enhance policy store integrity checks.
Updated relevant configurations in authz_authorize_benchmark.rs, authz_authorize_multi_issuer_benchmark.rs, context_data_store_benchmark.rs, and startup_benchmark.rs.

This change ensures that checksum validation can be consistently applied across different benchmarks, improving the reliability of policy store loading.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

feat(policy_store): enable checksum validation in additional examples

Added validate_checksum option to PolicyStoreConfig in various example files, including authorize_unsigned.rs, authorize_with_jwt_validation.rs, authorize_without_jwt_validation.rs, bulk_authorization_benchmark.rs, lock_integration.rs, log_init.rs, and profiling.rs.
This enhancement ensures consistent checksum validation across different examples, improving the integrity checks for policy store configurations.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

feat(policy_store): enable checksum validation in policy store tests

Updated load_policy_store_archive_bytes calls in test files to include the validate_checksum parameter.
Modified PolicyStoreConfig in various test configurations to ensure consistent checksum validation across tests.

This change enhances the integrity checks for policy store loading in the test suite.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(tests): Updated the validate_file method call in the tests to use expect for clearer error handling.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(config): format policy_store_validate_checksum field for improved readability and use is_some

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

feat(policy_store): refactor checksum computation into a method

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

fix(jans-cedarling): fix loading default supported algorithms

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

chore(jans-cedarling): add check if supported algorisms list is not empty

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

chore(jans-cedarling): set default true for CEDARLING_POLICY_STORE_VALIDATE_CHECKSUM parameter

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

chore(jans-cedarling): remove word duplication

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

chore(jans-cedarling): fix clippy issue

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com Co-authored-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

feat(cloud-native): add subchart for Gateway API conformant implementation (#13415)
feat(cloud-native): add subchart for Gateway API conformant implementation

Signed-off-by: iromli isman.firmansyah@gmail.com

fix: resolve incorrect route labels and annotations

Signed-off-by: iromli isman.firmansyah@gmail.com

fix: grpc endpoints support for airlock-microgateway

Signed-off-by: iromli isman.firmansyah@gmail.com

refactor: explicit h2c protocol

Signed-off-by: iromli isman.firmansyah@gmail.com

docs: change WARNING message about legacy gatewayApi values

Signed-off-by: iromli isman.firmansyah@gmail.com

refactor: use gateway-api instead of gatewayApi

Signed-off-by: iromli isman.firmansyah@gmail.com

docs(cloud-native): conform to changes in gateway-api configuration

Signed-off-by: iromli isman.firmansyah@gmail.com

ci(cloud-native): change reference of Gateway API configuration

Signed-off-by: iromli isman.firmansyah@gmail.com

ci: attach global.lbIp to the gateway if using NodePort service

Signed-off-by: iromli isman.firmansyah@gmail.com

fix: guard the optional legacy flag lookup

Signed-off-by: iromli isman.firmansyah@gmail.com

chore: fix minimum requirement for gateway-api subchart

Signed-off-by: iromli isman.firmansyah@gmail.com

docs: update subchart docs

Signed-off-by: iromli isman.firmansyah@gmail.com

docs: add migration for attribute changes

Signed-off-by: iromli isman.firmansyah@gmail.com

docs: fix link to subchart source code

Signed-off-by: iromli isman.firmansyah@gmail.com

Signed-off-by: iromli isman.firmansyah@gmail.com Co-authored-by: Mohammad Abudayyeh 47318409+moabu@users.noreply.github.com

fix(jans-auth-server): harden jwe nested jwt verification #13437 (#13438)
fix(jans-auth-server): harden jwe nested jwt verification #13437

Signed-off-by: YuriyZ yzabrovarniy@gmail.com Signed-off-by: yuriyz yzabrovarniy@gmail.com

fixes Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

minor Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

Signed-off-by: YuriyZ yzabrovarniy@gmail.com Signed-off-by: yuriyz yzabrovarniy@gmail.com

chore(deps): bump step-security/harden-runner from 2.15.0 to 2.15.1 (#13430)

Bumps step-security/harden-runner from 2.15.0 to 2.15.1.

updated-dependencies:

dependency-name: step-security/harden-runner dependency-version: 2.15.1 dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

fix(jans-cli-tui): catch exceptions while getting smtp configuration (#13439)
fix(jans-cli-tui): catch exceptions while getting smtp configuration

Signed-off-by: Mustafa Baser mbaser@mail.com

fix(jans-cli-tui): coderabbitai suggestions

Signed-off-by: Mustafa Baser mbaser@mail.com

fix(jans-cli-tui): typo

Signed-off-by: Mustafa Baser mbaser@mail.com

Signed-off-by: Mustafa Baser mbaser@mail.com Co-authored-by: YuriyZ yzabrovarniy@gmail.com

chore(deps): bump cargo-bins/cargo-binstall from 1.17.6 to 1.17.7 (#13442)

Bumps cargo-bins/cargo-binstall from 1.17.6 to 1.17.7.

updated-dependencies:

dependency-name: cargo-bins/cargo-binstall dependency-version: 1.17.7 dependency-type: direct:production update-type: version-update:semver-patch ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

ci: improves token permission score (#13445)

Signed-off-by: moabu 47318409+moabu@users.noreply.github.com

chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#13420)

Bumps docker/setup-buildx-action from 3.12.0 to 4.0.0.

updated-dependencies:

dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#13419)

Bumps docker/login-action from 3.7.0 to 4.0.0.

updated-dependencies:

dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ...

chore(deps): bump actions/dependency-review-action from 4.8.3 to 4.9.0 (#13418)

Bumps actions/dependency-review-action from 4.8.3 to 4.9.0.

updated-dependencies:

dependency-name: actions/dependency-review-action dependency-version: 4.9.0 dependency-type: direct:production update-type: version-update:semver-minor ...

feat(jans-auth-server): support X-Forwarded-Client-Cert header #13444 (#13446)
feat(jans-auth-server): support X-Forwarded-Client-Cert header #13444 Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

added explicit test scope for mockito Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

improved docs Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

fixed bug if xfcc cert has blank value Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

improved docs Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

chore(deps-dev): bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.10.0 in /jans-casa (#13288)

chore(deps-dev): bump org.apache.maven.plugins:maven-dependency-plugin

Bumps org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.10.0.

updated-dependencies:

dependency-name: org.apache.maven.plugins:maven-dependency-plugin dependency-version: 3.10.0 dependency-type: direct:development update-type: version-update:semver-minor ...

chore(deps): bump org.apache.maven.plugins:maven-assembly-plugin from 3.1.0 to 3.8.0 in /jans-casa (#13318)

chore(deps): bump org.apache.maven.plugins:maven-assembly-plugin

Bumps org.apache.maven.plugins:maven-assembly-plugin from 3.1.0 to 3.8.0.

updated-dependencies:

dependency-name: org.apache.maven.plugins:maven-assembly-plugin dependency-version: 3.8.0 dependency-type: direct:production update-type: version-update:semver-minor ...

chore(deps-dev): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5 in /agama (#13328)

chore(deps-dev): bump org.apache.maven.plugins:maven-surefire-plugin

Bumps org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5.

updated-dependencies:

dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.5 dependency-type: direct:development update-type: version-update:semver-patch ...

chore(deps): bump org.apache.maven.plugins:maven-war-plugin from 3.4.0 to 3.5.1 in /jans-casa (#13290)

chore(deps): bump org.apache.maven.plugins:maven-war-plugin

Bumps org.apache.maven.plugins:maven-war-plugin from 3.4.0 to 3.5.1.

updated-dependencies:

dependency-name: org.apache.maven.plugins:maven-war-plugin dependency-version: 3.5.1 dependency-type: direct:production update-type: version-update:semver-minor ...

chore(deps): bump crazy-max/ghaction-import-gpg from 6.1.0 to 7.0.0 (#13453)

Bumps crazy-max/ghaction-import-gpg from 6.1.0 to 7.0.0.

updated-dependencies:

dependency-name: crazy-max/ghaction-import-gpg dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

chore(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.0 (#13452)

Bumps sigstore/cosign-installer from 4.0.0 to 4.1.0.

updated-dependencies:

dependency-name: sigstore/cosign-installer dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor ...

chore(deps): bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.39.0 to 2.40.0 in /terraform-provider-jans (#13451)

chore(deps): bump github.com/hashicorp/terraform-plugin-sdk/v2

Bumps github.com/hashicorp/terraform-plugin-sdk/v2 from 2.39.0 to 2.40.0.

updated-dependencies:

dependency-name: github.com/hashicorp/terraform-plugin-sdk/v2 dependency-version: 2.40.0 dependency-type: direct:production update-type: version-update:semver-minor ...

chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#13450)

Bumps actions/setup-node from 6.2.0 to 6.3.0.

updated-dependencies:

dependency-name: actions/setup-node dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor ...

chore(deps): bump github/codeql-action from 4.32.5 to 4.32.6 (#13449)

Bumps github/codeql-action from 4.32.5 to 4.32.6.

updated-dependencies:

dependency-name: github/codeql-action dependency-version: 4.32.6 dependency-type: direct:production update-type: version-update:semver-patch ...

chore(deps): bump certifi from 2026.1.4 to 2026.2.25 in /docs (#13421)

Bumps certifi from 2026.1.4 to 2026.2.25.

Commits

updated-dependencies:

dependency-name: certifi dependency-version: 2026.2.25 dependency-type: direct:production update-type: version-update:semver-minor ...

ci: improves openssf vuln score (#13458)
ci: improves openssf vuln score

Signed-off-by: moabu 47318409+moabu@users.noreply.github.com

fix: restrict cryptography version to <47.0.0

Signed-off-by: Mohammad Abudayyeh 47318409+moabu@users.noreply.github.com

fix: cryptography version constraint

Signed-off-by: Mohammad Abudayyeh 47318409+moabu@users.noreply.github.com

Signed-off-by: moabu 47318409+moabu@users.noreply.github.com Signed-off-by: Mohammad Abudayyeh 47318409+moabu@users.noreply.github.com

chore(deps-dev): bump @types/node from 24.12.0 to 25.4.0 in /demos/janssen-tarp/mcp-server (#13443)

chore(deps-dev): bump @types/node in /demos/janssen-tarp/mcp-server

Bumps @types/node from 24.12.0 to 25.4.0.

updated-dependencies:

dependency-name: "@types/node" dependency-version: 25.4.0 dependency-type: direct:development update-type: version-update:semver-major ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Arnab Dutta arnab.bdutta@gmail.com Co-authored-by: Mohammad Abudayyeh 47318409+moabu@users.noreply.github.com

chore(deps): bump uuid from 9.0.1 to 13.0.0 in /demos/janssen-tarp/browser-extension (#13396)

chore(deps): bump uuid in /demos/janssen-tarp/browser-extension

Bumps uuid from 9.0.1 to 13.0.0.

updated-dependencies:

dependency-name: uuid dependency-version: 13.0.0 dependency-type: direct:production update-type: version-update:semver-major ...

chore(deps-dev): bump style-loader from 3.3.4 to 4.0.0 in /demos/janssen-tarp/browser-extension (#13395)

chore(deps-dev): bump style-loader

Bumps style-loader from 3.3.4 to 4.0.0.

updated-dependencies:

dependency-name: style-loader dependency-version: 4.0.0 dependency-type: direct:development update-type: version-update:semver-major ...

chore(deps): bump react-dropzone from 14.4.1 to 15.0.0 in /demos/janssen-tarp/browser-extension (#13394)

chore(deps): bump react-dropzone

Bumps react-dropzone from 14.4.1 to 15.0.0.

updated-dependencies:

dependency-name: react-dropzone dependency-version: 15.0.0 dependency-type: direct:production update-type: version-update:semver-major ...

chore(deps-dev): bump webpack-merge from 5.10.0 to 6.0.1 in /demos/janssen-tarp/browser-extension (#13393)

chore(deps-dev): bump webpack-merge

Bumps webpack-merge from 5.10.0 to 6.0.1.

updated-dependencies:

dependency-name: webpack-merge dependency-version: 6.0.1 dependency-type: direct:development update-type: version-update:semver-major ...

chore(deps-dev): bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.5.0 in /jans-fido2 (#13378)

chore(deps-dev): bump org.apache.maven.plugins:maven-jar-plugin

Bumps org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.5.0.

updated-dependencies:

dependency-name: org.apache.maven.plugins:maven-jar-plugin dependency-version: 3.5.0 dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: YuriyM Yuriy.Movchan@gmail.com

chore(deps-dev): bump org.apache.maven.plugins:maven-clean-plugin from 3.2.0 to 3.5.0 in /jans-fido2 (#13376)

chore(deps-dev): bump org.apache.maven.plugins:maven-clean-plugin

Bumps org.apache.maven.plugins:maven-clean-plugin from 3.2.0 to 3.5.0.

updated-dependencies:

dependency-name: org.apache.maven.plugins:maven-clean-plugin dependency-version: 3.5.0 dependency-type: direct:development update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: YuriyM Yuriy.Movchan@gmail.com

chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.0.0 to 3.5.5 in /jans-fido2 (#13375)

chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin

Bumps org.apache.maven.plugins:maven-surefire-plugin from 3.0.0 to 3.5.5.

updated-dependencies:

dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.5 dependency-type: direct:production update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: YuriyM Yuriy.Movchan@gmail.com Co-authored-by: Yuriy M. 95305560+yuremm@users.noreply.github.com

chore(deps): bump org.codehaus.mojo:buildnumber-maven-plugin from 3.0.0 to 3.3.0 in /jans-fido2 (#13374)

chore(deps): bump org.codehaus.mojo:buildnumber-maven-plugin

Bumps org.codehaus.mojo:buildnumber-maven-plugin from 3.0.0 to 3.3.0.

updated-dependencies:

dependency-name: org.codehaus.mojo:buildnumber-maven-plugin dependency-version: 3.3.0 dependency-type: direct:production update-type: version-update:semver-minor ...

Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: YuriyM Yuriy.Movchan@gmail.com

chore(deps): bump org.apache.maven.plugins:maven-javadoc-plugin from 3.8.0 to 3.12.0 in /jans-fido2 (#13377)

chore(deps): bump org.apache.maven.plugins:maven-javadoc-plugin

Bumps org.apache.maven.plugins:maven-javadoc-plugin from 3.8.0 to 3.12.0.

updated-dependencies:

dependency-name: org.apache.maven.plugins:maven-javadoc-plugin dependency-version: 3.12.0 dependency-type: direct:production update-type: version-update:semver-minor ...

feat(jans-cedarling) add OPA plugin (#13406)
feat(jans-cedarling): initialize opa plugin rebased

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com

chore: use json config file

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com

docs: add readme

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com

chore: address reviews

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com

chore: address more comments

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com

chore: address comments

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com

chore: address comment

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com

chore: address another comment

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com

chore: address review

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com Co-authored-by: Mohammad Abudayyeh 47318409+moabu@users.noreply.github.com

feat(jans-cedarling): use multi-issuer-authz on sidecar (#13463)
feat(jans-cedarling): switch to multi issuer authz

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com

docs: update openapi

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com

docs(jans-cedarling): update readme and dockerfile

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com

chore: address reviews

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com

docs: update openapi

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com

Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com Co-authored-by: Mohammad Abudayyeh 47318409+moabu@users.noreply.github.com

fix: add op logout and github widgets for stars and watches (#13466)
fix: add op logout and github widgets for stars and watches

Signed-off-by: moabu 47318409+moabu@users.noreply.github.com

fix: address comments

Signed-off-by: moabu 47318409+moabu@users.noreply.github.com

chore(jans-auth-server): removed old deprecated code before 2.x release #13084 (#13410)
chore(jans-auth-server): remove /revoke_session endpoint (in favor of Global Token Revocation) https://github.com/JanssenProject/jans/issues/13084 Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

cache: removed redundant cache methods that use region Signed-off-by: YuriyZ yzabrovarniy@gmail.com

Signed-off-by: yuriyz yzabrovarniy@gmail.com

ci: sign helm packages (#13468)
ci: sign helm packages

Signed-off-by: moabu 47318409+moabu@users.noreply.github.com

style: remove comment

Signed-off-by: moabu 47318409+moabu@users.noreply.github.com

ci: revert ghaction import version

Signed-off-by: moabu 47318409+moabu@users.noreply.github.com

ci: merge signing step

Signed-off-by: moabu 47318409+moabu@users.noreply.github.com

chore(deps): bump commons-io:commons-io from 2.19.0 to 2.21.0 in /jans-casa (#13456)

chore(deps): bump commons-io:commons-io in /jans-casa

Bumps commons-io:commons-io from 2.19.0 to 2.21.0.

updated-dependencies:

dependency-name: commons-io:commons-io dependency-version: 2.21.0 dependency-type: direct:production update-type: version-update:semver-minor ...

chore(cloud-native): upgrade cryptography library in OCI images (#13488)
chore(cloud-native): upgrade cryptography library in OCI images

Signed-off-by: iromli isman.firmansyah@gmail.com

chore: target specific JANS_SOURCE_VERSION that introduces cryptography upgrade

Signed-off-by: iromli isman.firmansyah@gmail.com

fix: disable unsupported command until we have proper SAML component

Signed-off-by: iromli isman.firmansyah@gmail.com

fix: avoid silent success path of calling kc-sync command

Signed-off-by: iromli isman.firmansyah@gmail.com

Signed-off-by: iromli isman.firmansyah@gmail.com Co-authored-by: Mohammad Abudayyeh 47318409+moabu@users.noreply.github.com

chore: casa flow code refactoring (#13494)
fix: compilation error #13447

Signed-off-by: jgomer2001 bonustrack310@gmail.com

chore: oidc code flow refactoring #13447

Signed-off-by: jgomer2001 bonustrack310@gmail.com

fix: compilation error #13447

Signed-off-by: jgomer2001 bonustrack310@gmail.com

chore(jans-cedarling): remove wrong import

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

feat(jans-cedarling): Update Tests, Examples, and Benchmarks After Core Changes (#13464)
refactor(tests): remove deprecated test files and streamline test configurations

Deleted several obsolete test files including authorize_resource_entity.rs, cases_authorize_different_principals.rs, cases_authorize_namespace_jans2.rs, cases_authorize_without_check_jwt.rs, and schema_type_mapping.rs to clean up the test suite.
Updated authorize_multi_issuer.rs to remove unnecessary parameters in callback functions.
Adjusted mod.rs to reflect the removal of deleted test modules, enhancing clarity and maintainability of the test structure.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(benches): streamline authorization benchmarks and remove deprecated fields

Updated authz_authorize_benchmark.rs to utilize RequestUnsigned and renamed the benchmark function for clarity.
Simplified prepare_cedarling function by removing unused parameters and deprecated fields in AuthorizationConfig.
Adjusted authz_authorize_multi_issuer_benchmark.rs and context_data_store_benchmark.rs to remove unnecessary fields related to user and workload principals.
Cleaned up startup_benchmark.rs by eliminating deprecated fields from BootstrapConfig and EntityBuilderConfig.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(examples): streamline authorization configurations and remove deprecated files

Updated authorize_unsigned.rs, bulk_authorization_benchmark.rs, lock_integration.rs, log_init.rs, and profiling.rs to utilize default settings for AuthorizationConfig and EntityBuilderConfig, removing unnecessary fields.
Deleted obsolete files authorize_with_jwt_validation.rs and authorize_without_jwt_validation.rs to clean up the examples directory.
Adjusted imports and function calls to reflect the removal of deprecated fields, enhancing code clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(authz): remove built_entities method and related documentation

Eliminated the built_entities method from the AuthorizeEntitiesData implementation, streamlining the authorization logic.
Removed associated documentation comments to enhance code clarity and maintainability.
Adjusted imports to reflect the removal of the unused method.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(entity_builder): remove deprecated entity building files and streamline imports

Deleted obsolete files related to role and token entity building, including build_role_entity.rs and build_token_entities.rs, to clean up the entity builder module.
Refactored imports in build_multi_issuer_entity.rs and build_principal_entity.rs to remove unused dependencies and enhance code clarity.
Removed legacy user and workload entity building logic from build_principal_entity.rs, aligning with the current authorization paths.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(jwt): simplify token handling and remove deprecated methods

Removed unused fields and methods from the JwtService and Token structures, including signed_authz_available and jwt_sig_validation_required.
Streamlined the validate_tokens method by eliminating unnecessary logic and comments, focusing on single token validation.
Updated imports to reflect the removal of deprecated items, enhancing code clarity and maintainability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(config): remove deprecated authorization fields from configuration files and examples

Eliminated CEDARLING_USER_AUTHZ, CEDARLING_WORKLOAD_AUTHZ, and CEDARLING_ID_TOKEN_TRUST_MODE from various configuration files including JSON and YAML examples.
Streamlined the bootstrap_props and docker-compose-env configurations to enhance clarity and maintainability.
Updated test configurations to reflect the removal of deprecated fields, ensuring consistency across the codebase.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(tests): remove obsolete policy store files and update configurations

Deleted multiple deprecated policy store files including agama-store_2.yaml, policy-store_entity_mapping.yaml, and others to clean up the test suite.
Updated bootstrap_props.json and bootstrap_props.yaml to reference the new policy store file policy-store_ok.yaml.
Removed unused files related to local JWKS and policy store locks, enhancing clarity and maintainability of the test configurations.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

chore(jans-cedarling): remove claim mappings

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

chore(jans-cedarling): remove role mapping

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

chore(jans-cedarling): remove user_id

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

chore(jans-cedarling): remove get_token_metadata

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

chore(jans-cedarling): add fix build app after merging

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

chore(jans-cedarling): clean up unused imports and redundant code and fix failing tests

Removed unused imports from lib.rs and mod.rs.
Eliminated unnecessary continue statements in build_entity_attrs.rs.
Cleaned up commented-out test code in mod.rs.
Streamlined imports in token.rs for clarity.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

feat(jans-cedarling): add multi-issuer profiling example

Introduced a new example file profiling_multi_issuer.rs to demonstrate profiling for multi-issuer JWT validation.
Implemented a main function that initializes Cedarling with multiple issuers, validates authorization requests, and generates a flamegraph for performance analysis.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com Co-authored-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

docs: Update Documentation (#13515)
refactor(docs): rename authorization methods for clarity

Updated method names in the Cedarling Rust documentation to improve clarity:
- Renamed authorize() to authorize_unsigned() for unsigned authorization with directly provided principals.
- Renamed authorize_unsigned() to authorize_multi_issuer() for token-based authorization using multi-issuer tokens.
Adjusted corresponding examples in the mobile apps documentation to reflect these changes.
Removed deprecated configuration fields from the sidecar tutorial to streamline setup instructions.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

docs(cedarling): update README to reflect changes in authorization interfaces

Revised the Cedarling documentation to clarify the number of core interfaces, reducing from six to five.
Enhanced descriptions for authorize_unsigned and authorize_multi_issuer methods to improve understanding of their functionality and use cases.
Removed redundant explanations and streamlined the text for better readability.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

docs(cedarling): remove deprecated configuration fields from KrakenD integration guide

Eliminated CEDARLING_WORKLOAD_AUTHZ and CEDARLING_ID_TOKEN_TRUST_MODE from the KrakenD integration documentation to reflect recent changes in authorization configurations.
Updated the instructions for clarity and to ensure alignment with the current setup requirements.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

docs(cedarling): update authorization documentation to reflect multi-issuer changes

Removed references to deprecated configuration fields CEDARLING_USER_AUTHZ and CEDARLING_WORKLOAD_AUTHZ from the quick start and reference guides.
Enhanced the cedarling-authz.md and cedarling-entities.md documentation to clarify the creation of User and Workload entities in the context of the new authorize_multi_issuer method.
Updated examples and descriptions to align with the latest authorization methods and their usage.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

docs(cedarling): update authorization tutorials

Removed deprecated configuration fields and streamlined examples to enhance clarity and usability.
Updated context and request building sections to align with the latest authorization practices.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

docs(cedarling): remove deprecated configuration fields from sample inputs

Eliminated CEDARLING_ID_TOKEN_TRUST_MODE, CEDARLING_USER_AUTHZ, and CEDARLING_WORKLOAD_AUTHZ from the sample inputs documentation to reflect recent changes in authorization configurations.
Streamlined the documentation for improved clarity and alignment with current practices.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

docs(cedarling): update README files to reflect changes in authorization methods

Revised the README documentation across multiple components to clarify the usage of authorize_unsigned and remove references to deprecated fields such as CEDARLING_ID_TOKEN_TRUST_MODE.
Enhanced examples and descriptions for better alignment with current authorization practices, including updates to the Python and WASM bindings.
Added new bootstrap config fixtures for testing purposes to support the updated authorization methods.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

refactor(policies): Removed legacy User and Workload policies from policy-store_no_trusted_issuers.yaml and policy-store_ok_2.yaml to focus on TestPrincipal entities.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

docs(cedarling): update authorization documentation and examples

Revised the Cedarling Rust and Go documentation to reflect the new authorize_multi_issuer method, replacing references to the deprecated authorize method.
Updated examples in the Go and Python tutorials to demonstrate the new multi-issuer token handling and clarified the differences between authorization methods.
Removed outdated sections and streamlined content for better clarity and alignment with current practices.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

chore(jans-cedarling): remove unused params from test files

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

docs(cedarling): update authorization method references and examples

Revised documentation across Rust, JavaScript, Python, and Java tutorials to replace deprecated authorize method references with authorize_unsigned and authorize_multi_issuer.
Added a new example for multi-issuer profiling in the Rust documentation.
Clarified the retrieval of request_id in the logging documentation to include both authorize_unsigned and authorize_multi_issuer methods.

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com Co-authored-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

fix(jans-cedarling): fix unsigned benchmark

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

chore(jans-cedarling): add for unsigned auth realistic payload

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

fix(jans-cedarling): add returning error on build entity with schema (#13539)
refactor(jans-cedarling): update build_entity_attrs_with_shape to return error

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

fix(jans-cedarling): fix errors surfaced by build_entity_attrs_with_shape returning Result

Skip type mismatch errors for optional attributes instead of failing
Pass all claims (incl. synthetic token_type/validated_at) to build_entity_attrs instead of filtering reserved claims and re-adding them
Fix test schemas: use Url record type for TrustedIssuer.issuer_entity_id
Check for default resource entity before attribute validation
Update can_build_entity_with_optional_attr test to provide required attrs

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

refactor(jans-cedarling): cosmetic code changes

Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com

chore(jans-cedarling): remove duplicate CEDARLING_LOCK entry and run cargo fmt --all

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com

Signed-off-by: haileyesus2433 haileyesusbe@gmail.com Signed-off-by: dependabot[bot] support@github.com Signed-off-by: imran imranishaq7071@gmail.com Signed-off-by: Mustafa Baser mbaser@mail.com Signed-off-by: yuriyz yzabrovarniy@gmail.com Signed-off-by: Oleh Bozhok 6554798+olehbozhok@users.noreply.github.com Signed-off-by: iromli isman.firmansyah@gmail.com Signed-off-by: YuriyZ yzabrovarniy@gmail.com Signed-off-by: moabu 47318409+moabu@users.noreply.github.com Signed-off-by: Mohammad Abudayyeh 47318409+moabu@users.noreply.github.com Signed-off-by: SafinWasi 6601566+SafinWasi@users.noreply.github.com Signed-off-by: jgomer2001 bonustrack310@gmail.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Imran 78725662+imran-ishaq@users.noreply.github.com Co-authored-by: YuriyM Yuriy.Movchan@gmail.com Co-authored-by: Oleh 6554798+olehbozhok@users.noreply.github.com Co-authored-by: Isman Firmansyah iromli@users.noreply.github.com Co-authored-by: Devrim devrimyatar@gluu.org Co-authored-by: Mohammad Abudayyeh 47318409+moabu@users.noreply.github.com Co-authored-by: YuriyZ yzabrovarniy@gmail.com Co-authored-by: Arnab Dutta arnab.bdutta@gmail.com Co-authored-by: Yuriy M. 95305560+yuremm@users.noreply.github.com Co-authored-by: Safin Wasi 6601566+SafinWasi@users.noreply.github.com Co-authored-by: Jose Gonzalez bonustrack310@gmail.com