Regapp issueshttps://git.scc.kit.edu/reg-app/reg-app/-/issues2023-09-18T08:17:20+02:00https://git.scc.kit.edu/reg-app/reg-app/-/issues/175Create Backup Tan list when user creates a 2FA token2023-09-18T08:17:20+02:00ls1947Create Backup Tan list when user creates a 2FA tokenAutomatically create and show a backup tan list with 2 or 3 values, when user creates a token. At the moment, users can confuse the backup tan list with a 2FA token, that is actually usable for login. Perhaps also rename the button "Crea...Automatically create and show a backup tan list with 2 or 3 values, when user creates a token. At the moment, users can confuse the backup tan list with a 2FA token, that is actually usable for login. Perhaps also rename the button "Create new tan list" to "Create new backup tan list".https://git.scc.kit.edu/reg-app/reg-app/-/issues/169Use feature/REGAPP-17_project_management in new Gitlab-Installation (gitlab.k...2023-06-30T15:59:37+02:00cu4863Use feature/REGAPP-17_project_management in new Gitlab-Installation (gitlab.kit.edu)Make use of webgui at https://fels.scc.kit.edu/project/ for creating groups withing gitlab.kit.edu.
Donghee and me can contribute a script, which creates the projects/groups within gitlab.kit.edu
according to the projects PIs create a...Make use of webgui at https://fels.scc.kit.edu/project/ for creating groups withing gitlab.kit.edu.
Donghee and me can contribute a script, which creates the projects/groups within gitlab.kit.edu
according to the projects PIs create at FeLS. So that projects within FeLS are always kept in sync
with Groups (https://docs.gitlab.com/ee/user/group/) within KIT's Gitlab-Installation.ls1947ls1947https://git.scc.kit.edu/reg-app/reg-app/-/issues/168Make Token reset possible via Backup TAN, even if fail counter is too high2023-06-15T09:32:19+02:00ls1947Make Token reset possible via Backup TAN, even if fail counter is too highwenn bei einem Nutzer aufgrund fehlerhafter 6-stelliger
Smartphone TOTP eingaben der Fail-Counter auf hohen Werten
ist, kann der Nutzer dann trotzdem noch eine 8-stellige
TAN der Backup TAN Liste (zumindest im Web-Interface)
verwenden, u...wenn bei einem Nutzer aufgrund fehlerhafter 6-stelliger
Smartphone TOTP eingaben der Fail-Counter auf hohen Werten
ist, kann der Nutzer dann trotzdem noch eine 8-stellige
TAN der Backup TAN Liste (zumindest im Web-Interface)
verwenden, um sich selbst zu retten und den Fail-Counter
zurück zu setzen?
Trotzdem wäre es doch vorstellbar, dass der Registration-Server
im Web-Interface bei einer korrekten Angabe eines Tokens
der Backup TAN Liste (die sind ja länger - 8 stellig - und
Shibooleth Auth hat zu dem Zeitpunkt den Nutzer
bereits ausreichend identifiziert) dann den Fail-Counter
des Nutzers wieder auf Null setzt.
Wäre das eine mögliche Erweiterung?https://git.scc.kit.edu/reg-app/reg-app/-/issues/163Implement Audit Tab in /admin/user/show-user.xhtml2023-04-05T08:24:43+02:00ls1947Implement Audit Tab in /admin/user/show-user.xhtmlIt is there, but does not show relevant entries.It is there, but does not show relevant entries.https://git.scc.kit.edu/reg-app/reg-app/-/issues/160Check Type of adminForGroups in GroupAdminRoleEntity2022-12-08T12:29:42+01:00ls1947Check Type of adminForGroups in GroupAdminRoleEntityhttps://git.scc.kit.edu/reg-app/reg-app/-/blob/branch-2.7/bwreg-entities/src/main/java/edu/kit/scc/webreg/entity/GroupAdminRoleEntity.java#L24
This should probably be `private Set<GroupEntity> adminForGroups;`https://git.scc.kit.edu/reg-app/reg-app/-/blob/branch-2.7/bwreg-entities/src/main/java/edu/kit/scc/webreg/entity/GroupAdminRoleEntity.java#L24
This should probably be `private Set<GroupEntity> adminForGroups;`https://git.scc.kit.edu/reg-app/reg-app/-/issues/157Sign E-Mails2023-08-16T13:09:23+02:00ls1947Sign E-MailsAdd S/MIME to e-mail templates for signing e-mails.
The required key pair shall be manageable via the GUI and the keys themself persisted in a DB. If no key pair is available (e.g. not uploaded yet), e-mails shall be send unsigned. Othe...Add S/MIME to e-mail templates for signing e-mails.
The required key pair shall be manageable via the GUI and the keys themself persisted in a DB. If no key pair is available (e.g. not uploaded yet), e-mails shall be send unsigned. Otherwise signed.
The public key shall be downloadable via a REST endpoint.
Their is always only be one key pair at the same time. Key pairs are deletable and can be replaced
# Implementation
## UI
* "Email-Templates" in the navigation bar on the left side became "Emails"
* The list-email-templates page became show-email-overview (incl renaming of backing bean)
* The show-email-overview uses `p:panel` to structurally separate the existing templates overview from the new signature overview
* The signature overview on the show-email-overview page features
* A message if signature keys are available or not
* A download button for the certificates
* An edit button leading to a edit page (which is equivalent to the one for the templates)
* A delete button leading to a confirmation page
* Buttons are disabled, if the action makes no sense, e.g. certificate download without existing keys
* messages.properties for de, en und fr were updated
## Management of crypto keys
* Keys are stored in a Java `KeyStore`
* Key stores are stored in the DB as base64 encoded blobs in the `KeyStoreEntity`; the DB data type is TEXT (Postgres)
* Key stores are discriminated by scenario using 'KeyStoreEntity.context' as unique attribute
* Key stores are usually accessed and used via the `KeyStoreService`
* Key stores and key entries are not encrypted at the moment
* Bouncy-Castle was used for Parsing from and Writing to PEM-formatted stringhttps://git.scc.kit.edu/reg-app/reg-app/-/issues/154Upgrade OpenSAML2022-11-17T11:30:52+01:00ls1947Upgrade OpenSAMLUpgrade to OpenSAML 4Upgrade to OpenSAML 4https://git.scc.kit.edu/reg-app/reg-app/-/issues/152GroupRecon with UserRecon taking too long2022-10-27T07:47:22+02:00ls1947GroupRecon with UserRecon taking too longDon't process line 325 in Registrator in sync. Should be done async as it can take too long and produce locks. Idea: As in group flags, just set a dirty flag on registries, and emit a process event at the end to recon all dirty registries.Don't process line 325 in Registrator in sync. Should be done async as it can take too long and produce locks. Idea: As in group flags, just set a dirty flag on registries, and emit a process event at the end to recon all dirty registries.https://git.scc.kit.edu/reg-app/reg-app/-/issues/151Registration already running error message not shown2022-09-16T07:00:03+02:00ls1947Registration already running error message not shownthe error message is not shown for users that are sent from an SP and register for a service with a policy without consent.the error message is not shown for users that are sent from an SP and register for a service with a policy without consent.https://git.scc.kit.edu/reg-app/reg-app/-/issues/146Make Token Limit configurable and show correct error message2022-07-21T06:59:25+02:00ls1947Make Token Limit configurable and show correct error messageShow correct error message, if a user has more token than allowed. Atm only the "new token" button simply vanish.Show correct error message, if a user has more token than allowed. Atm only the "new token" button simply vanish.https://git.scc.kit.edu/reg-app/reg-app/-/issues/143Process Text properties in Infotainment nodes2022-06-01T07:52:48+02:00ls1947Process Text properties in Infotainment nodesInfotainement is displayed hardcoded at the moment. Change it, so that text properties can be used in RegisterWorkflows.Infotainement is displayed hardcoded at the moment. Change it, so that text properties can be used in RegisterWorkflows.https://git.scc.kit.edu/reg-app/reg-app/-/issues/141Formatting Table Saml Values in User info dialog2022-06-01T07:49:50+02:00ls1947Formatting Table Saml Values in User info dialogLong values, e.g. entitlement, are not visible, because the word-wrapping is only working on spaces, or dots.Long values, e.g. entitlement, are not visible, because the word-wrapping is only working on spaces, or dots.https://git.scc.kit.edu/reg-app/reg-app/-/issues/133Add sshj library2022-04-07T14:37:13+02:00ls1947Add sshj libraryAdd sshj library and deprecate ganymed, which seems to be no longer maintained.
https://github.com/hierynomus/sshjAdd sshj library and deprecate ganymed, which seems to be no longer maintained.
https://github.com/hierynomus/sshjhttps://git.scc.kit.edu/reg-app/reg-app/-/issues/132Don't show policy when rule fail2022-04-06T12:11:18+02:00ls1947Don't show policy when rule failhttps://git.scc.kit.edu/reg-app/reg-app/-/issues/99Add possibility to request 2fa based on script2021-04-19T07:06:49+02:00ls1947Add possibility to request 2fa based on scriptAdd the possibility to request 2fa for a specific service, based on script evaluation. Probably best, to include it in the attribute release script.Add the possibility to request 2fa for a specific service, based on script evaluation. Probably best, to include it in the attribute release script.https://git.scc.kit.edu/reg-app/reg-app/-/issues/94Add Tokeninfos for User Rest API2021-09-28T07:05:10+02:00ls1947Add Tokeninfos for User Rest APIDeliver token infos on Rest APIDeliver token infos on Rest APIhttps://git.scc.kit.edu/reg-app/reg-app/-/issues/80Make deprovisioning and user update modular per IDP/OP2020-02-17T07:29:37+01:00ls1947Make deprovisioning and user update modular per IDP/OPCreate an API to trigger user updates per IDP basis.Create an API to trigger user updates per IDP basis.https://git.scc.kit.edu/reg-app/reg-app/-/issues/67Set service passwords via Rest API2018-08-01T13:45:50+02:00ls1947Set service passwords via Rest APIhttps://git.scc.kit.edu/reg-app/reg-app/-/issues/54Add velocity capacity to redirectAfterRegister URL2018-05-15T12:24:11+02:00ls1947Add velocity capacity to redirectAfterRegister URLfor example, to fill in the IDP EntityID of the user, or the eppn, or whatever...for example, to fill in the IDP EntityID of the user, or the eppn, or whatever...https://git.scc.kit.edu/reg-app/reg-app/-/issues/53Use LDAP Password Modify Extended Operation instead of setting Attribute user...2018-05-15T12:24:11+02:00ls1947Use LDAP Password Modify Extended Operation instead of setting Attribute userPassword