Skip to content

Small enhancements to Security components, primarily for local, non-https UAA#1574

Merged
TimHess merged 5 commits into
3.xfrom
3.x_authfixes
Aug 29, 2025
Merged

Small enhancements to Security components, primarily for local, non-https UAA#1574
TimHess merged 5 commits into
3.xfrom
3.x_authfixes

Conversation

@TimHess
Copy link
Copy Markdown
Member

@TimHess TimHess commented Aug 22, 2025
edited
Loading

  • Allow configuration-binding for MetadataAddress and RequireHttpsMetadata
  • Allow more places to set valid audience
    • only set ValidateAudience if one or more audience has been configured (MSFT always runs it if present).
  • Provide access to customizing CertificateForwardingOptions

Description

Fix issues identified in SteeltoeOSS/Documentation#403

Quality checklist

  • Your code complies with our Coding Style.
  • You've updated unit and/or integration tests for your change, where applicable.
  • You've updated documentation for your change, where applicable.
    If your change affects other repositories, such as Documentation, Samples and/or MainSite, add linked PRs here.
  • There's an open issue for the PR that you are making. If you'd like to propose a new feature or change, please open an issue to discuss the change or find an existing issue.
  • You've added required license files and/or file headers (explaining where the code came from with proper attribution), where code is copied from StackOverflow, a blog, or OSS.

@TimHess TimHess mentioned this pull request Aug 22, 2025
Merged
@TimHess TimHess marked this pull request as ready for review August 23, 2025 00:43
@TimHess TimHess requested a review from bart-vmware August 23, 2025 00:43
@TimHess TimHess added this to the 3.3.0 milestone Aug 23, 2025
@TimHess TimHess added Component/Security Issues related to Steeltoe Security components (not app-sec) ReleaseLine/3.x Identified as a feature/fix for the 3.x release line labels Aug 23, 2025
TimHess added 2 commits August 27, 2025 09:56
@TimHess
Enhance support for local, non-https UAA with OIDC and JWT
a068fc6 
Allow configuration-binding for MetadataAddress and RequireHttpsMetadata
Allow more places to set valid audience, only set ValidateAudience if one or more audience has been configured (MSFT always runs it if present)
@TimHess
Allow customization of CertificateForwardingOptions
182e268
bart-vmware
bart-vmware reviewed Aug 27, 2025
View reviewed changes
Comment thread src/Security/src/Authentication.CloudFoundryBase/CloudFoundryTokenValidator.cs Outdated
@TimHess
Copy link
Copy Markdown
Member Author

TimHess commented Aug 28, 2025
edited
Loading

I'm running through this one more time in these repos with the updated UAA from my other PR

MigrateApps.zip

I still plan to walk through the mtls bits one more time too (unless you beat me to it), or there's the attached super-complex version that should be a very close match to the docs now.

MigrateApps.zip

bart-vmware
bart-vmware reviewed Aug 28, 2025
View reviewed changes
Comment thread src/Security/src/Authentication.CloudFoundryCore/ServiceCollectionExtensions.cs Outdated
Comment thread src/Security/src/Authentication.CloudFoundryCore/ServiceCollectionExtensions.cs Outdated
Comment thread src/Security/test/Authentication.CloudFoundryBase.Test/CloudFoundryTokenValidatorTest.cs Outdated
@TimHess TimHess changed the title Enhance support for local, non-https UAA with OIDC and JWT Small enhancements to Security component, primarily for local, non-https UAA Aug 28, 2025
@TimHess TimHess changed the title Small enhancements to Security component, primarily for local, non-https UAA Small enhancements to Security components, primarily for local, non-https UAA Aug 28, 2025
@TimHess
Copy link
Copy Markdown
Member Author

TimHess commented Aug 28, 2025

I'm running through this one more time in these repos with the updated UAA from my other PR

MigrateApps.zip

I still plan to walk through the mtls bits one more time too (unless you beat me to it), or there's the attached super-complex version that should be a very close match to the docs now.

MigrateApps.zip

MTLS migration

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Aug 28, 2025

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@TimHess TimHess requested a review from bart-vmware August 28, 2025 20:52
@TimHess TimHess merged commit c85a474 into 3.x Aug 29, 2025
26 checks passed
@TimHess TimHess deleted the 3.x_authfixes branch August 29, 2025 14:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bart-vmware bart-vmware bart-vmware approved these changes

Assignees

No one assigned

Labels

Component/Security Issues related to Steeltoe Security components (not app-sec) ReleaseLine/3.x Identified as a feature/fix for the 3.x release line

Projects

None yet

Milestone

3.3.0

Development

Successfully merging this pull request may close these issues.

2 participants

@TimHess @bart-vmware