------------------------------------------------------------------- Thu May 10 10:55:22 MDT 2007 - jluciani@novell.com - Removed the temporary work around made to the SPEC files which was allowing the user casaatsd to have a shell. - Removed the OES workaround from the CasaBasicATSSetup script since it is no longer needed. ------------------------------------------------------------------- Wed May 9 16:38:14 MDT 2007 - jluciani@novell.com - Added the capability to read REALM credentials from miCASA to avoid having the credentials in the clear in the iaRealms.xml file. This change adds a dependency on CASA and partially addresses BUG265414. - Created a utility that allows users to edit the iaRealms.xml file. This was necessary to support the CASA ATS Yast Module enhancements. - Fixed settings and policy utilities to output error messages to stderr instead of stdout to avoid messing up the CASA ATS Yast Module. - Fixed the SPEC files to set the appropriate home folder for the casaatsd user. - Temporary changed the SPEC files to allow the casaatsd user to have a shell. This change will be reverted as soon as the CASAcli is updated to allow a root user to pass the UID of the user being targeted. ------------------------------------------------------------------- Fri Apr 20 15:40:01 MDT 2007 - jluciani@novell.com - Created utilities for editing the connector entry for the server.xml Tomcat configuration file so that it can be easily modified so that the Tomcat instance utilized by the ATS use a different Keystore and be able to leverage Certificate/Keys installed for other products. This is the first step in the resolution of BUG242891. ------------------------------------------------------------------- Wed Apr 18 16:43:48 MDT 2007 - jluciani@novell.com - Fixed authentication problems where extended characters are part of either the username, password, or the information contained in the session or authentication tokens. This takes care of BUG263007. ------------------------------------------------------------------- Tue Apr 17 16:35:10 MDT 2007 - jluciani@novell.com - Fixed access rights to the /etc/CASA/authtoken/svc folder and its sub-folders to allow members of the casaauth group to configure themselves. This resolves BUG265580. ------------------------------------------------------------------- Mon Apr 2 16:45:11 MDT 2007 - jluciani@novell.com - Added pwdutils to BuildRequires to fix build issue. ------------------------------------------------------------------- Wed Mar 21 17:19:16 MDT 2007 - jluciani@novell.com - Fixed BUG256569. The changes allow the ATS to fail-over to another LDAP server in the case of a communication failure. ------------------------------------------------------------------- Mon Mar 19 10:41:50 MDT 2007 - jluciani@novell.com - Fixed BUG242969 by removing the log files that get created by the Windows install of the ATS. - Fixed BUG251942 by updating the Windows install file responsible for setting up the log4j.properties file so that it properly escapes the path characters. - Fixed BUG250413 by lowering the priority of the messages being logged and by increasing the log level priority to "warn" in the log4j.properties file. - Fixed BUG243339 by codding directly to the classes provided by xmlsec and taking care of building SOAP messages with the necessary WS-Security headers. ------------------------------------------------------------------- Mon Mar 5 11:32:37 MST 2007 - jluciani@novell.com - Fixed logging issues under Windows. ------------------------------------------------------------------- Thu Feb 22 15:44:28 MST 2007 - jluciani@novell.com - Switched logging from Standard Out to using Log4j. Now the logging and tracing levels can be adjusted via the log4j.properties file. The changes separate logs done for tracing Rpc processing from regular logs. These changes take care of BUG243343. ------------------------------------------------------------------- Tue Feb 13 16:41:46 MST 2007 - jluciani@novell.com - Made changes to deal with recommendations given by Greg as a result of the code review that he performed. - Added check to protect against zero length passwords in the Pwd authentication mechanism. - Fixed issue that was not allowing us to associate a PID file with the ATS service. - Stopped deleting the user "casaatsd" during RPM un-install to avoid problems with orphaned files. ------------------------------------------------------------------- Mon Feb 12 09:09:56 MST 2007 - jluciani@novell.com - Stopped deleting user casaatsd during RPM un-install to avoid issues with orphaned files. ------------------------------------------------------------------- Wed Jan 31 12:25:30 MST 2007 - jluciani@novell.com - Fixed typo in iaRealms.xml file template which was keeping the ATS from running. ------------------------------------------------------------------- Thu Jan 25 15:18:38 MST 2007 - jluciani@novell.com - The keystore path in the server.xml specific to Zen installations was wrong. ------------------------------------------------------------------- Wed Jan 24 10:55:40 MST 2007 - jluciani@novell.com - ATS envvars file now does not rely on the environment variable JAVA_HOME since it may not be pointed to the JVM that we would want to use. ------------------------------------------------------------------- Tue Jan 23 15:19:10 MST 2007 - jluciani@novell.com - More changes to become more compatible with Zen. - Enhanced places where exceptions are thrown to include information about exceptions that may have been caught to improve debugging. ------------------------------------------------------------------- Mon Jan 22 16:10:36 MST 2007 - jluciani@novell.com - Added the ability to explicitedly configure the type of directory back-ending a realm. - Added the ability to configure the search string that should be utilized when performing contextless-login as part of the Password authentication process. ------------------------------------------------------------------- Fri Jan 19 16:30:03 MST 2007 - jluciani@novell.com - Made changes to allow us to build RPMs to be consumed by the ZenWorks installer. ------------------------------------------------------------------- Wed Jan 17 16:52:46 MST 2007 - jluciani@novell.com - Fixed BUG225066 (Uninstall doesn't cleanup). - Addressed BUG190821 (CASA-AD - Display name is being used instead of the account name). - Added the ability to search an identity source using more than one context (search root). - Fixed problem that was keeping us from disabling the auto-reconfigure feature by setting the service reconfigure interval to 0. - The upgrade path for the ATS was not cleaning up the appropriate webapp folder so the new webapp was not getting re-deployed. ------------------------------------------------------------------- Fri Jan 12 10:23:06 MST 2007 - jluciani@novell.com - Fix issue that was causing authentication to fail when using Pwd authentication. ------------------------------------------------------------------- Mon Jan 8 15:26:15 MST 2007 - jluciani@novell.com - Applied changes to solve most issues found during my code review of the components. ------------------------------------------------------------------- Wed Dec 13 10:18:25 MST 2006 - jluciani@novell.com - Made changes to deal with API changes in the identity package file. Without these changes the component does not build successfully. ------------------------------------------------------------------- Wed Dec 6 10:29:15 MST 2006 - jluciani@novell.com - Added option to the command being used to import certificate from the CasaBasicATSSetup script so that it works correctly in conjunction with our Yast module. This addresses BUG225428. ------------------------------------------------------------------- Mon Dec 4 17:21:00 MST 2006 - jluciani@novell.com - Added a workaround to the CasaBasicATSSetup script to import eDirs CA Cert into the Java keystore if it is present. This workaround will be removed once OES starts performing it. This addresses BUG225428. ------------------------------------------------------------------- Mon Dec 4 15:14:12 MST 2006 - jluciani@novell.com - Fixed "Shutting..." init.d output script problem documented in BUG225027. ------------------------------------------------------------------- Mon Dec 4 10:26:16 MST 2006 - jluciani@novell.com - Fixed ATS Setup BUG225426. ------------------------------------------------------------------- Tue Nov 28 09:39:05 MST 2006 - jluciani@novell.com - Fixed a dependency on IBM's Java related to bugs: BUG222541, BUG216949, and BUG215221. ------------------------------------------------------------------- Wed Nov 22 08:43:26 MST 2006 - jluciani@novell.com - Resolved the following bugs: BUG222541, BUG216949, BUG215221. :-). ------------------------------------------------------------------- Tue Nov 21 17:53:20 MST 2006 - jluciani@novell.com - Added NOTICES file detailing the licenses and/or the copyrights of all third party software used within the project. ------------------------------------------------------------------- Tue Nov 21 10:36:42 MST 2006 - jluciani@novell.com - Fixed spec file issue. ------------------------------------------------------------------- Fri Nov 17 17:08:13 MST 2006 - jluciani@novell.com - Removed hard dependency on IBM's JVM. ------------------------------------------------------------------- Thu Nov 9 11:42:15 MST 2006 - jluciani@novell.com - Completed the ATS configuration story with a tool that sets up all of the needed configuration files and parameters with support for a single LDAP Realm and server. ------------------------------------------------------------------- Tue Nov 7 10:42:24 MST 2006 - jluciani@novell.com - The service is now only accessible via SSL. - Created tools for editing settings and policy files. ------------------------------------------------------------------- Fri Oct 20 09:53:55 MDT 2006 - jluciani@novell.com - Modified the CasaAuthTokenSvc war file to no longer include the identity-abstraction jars. The CASA_auth_token_svc rpm now requires the installation of the identity-abstraction rpm and the service is able to load its files from the location where they are installed with settings set in the server.xml file of our tomcat base. ------------------------------------------------------------------- Wed Oct 18 17:22:01 MDT 2006 - jluciani@novell.com - Updated the RPM install of the ATS to install it as a service and create the necessary signing keys. - Made changes to other components to integrate with the new RPM install changes. ------------------------------------------------------------------- Tue Oct 10 08:45:22 MDT 2006 - jluciani@novell.com - Brought up to date the README and TODO files. ------------------------------------------------------------------- Thu Sep 21 15:41:18 MDT 2006 - jluciani@novell.com - Reduced Kerberos configuration requirements. Now the ATS service principal name defaults to "host" and there is no need to set the "javax.security.auth.useSubjectCredsOnly" system property to "false" in the JAVA_OPTS. ------------------------------------------------------------------- Mon Sep 18 11:18:00 MDT 2006 - jluciani@novell.com - Updated the Svc to reduce the configuration requirements on services that want to leverage the infrastructure. - Modified the WSSecurity module to not include the X509 certificate in tokens if they are targeted to services residing on the same box as the ATS. This is being done in order to minimize the size of the tokens. ------------------------------------------------------------------- Thu Sep 14 09:57:00 MDT 2006 - jluciani@novell.com - Made changes to support the Authtoken Validate Service. This now fixes support of "C" services. - Switched to using IBMs java instead of SUNs. This was done in order to gain better Kerberos support (IBMs Kerberos modul supports more encryption types) and to get around a problem in SUN's Invocation API that was not letting us consume our AuthToken class from a native thread other than the thread which creates the JVM. ------------------------------------------------------------------- Fri Aug 18 11:49:22 MDT 2006 - jluciani@novell.com - Implemented securing Authentication and Session Tokens using WS-Security. This change temporarily breaks support of "C" services. "C" service support will be resumed once the necessary changes are made to the native authentication token APIs to support the new Authentication Tokens. ------------------------------------------------------------------- Mon Aug 14 14:25:27 MDT 2006 - jluciani@novell.com - Added some debug statements and added the sample Jaas application into the tar file that is submitted to autobuild. ------------------------------------------------------------------- Mon Aug 7 10:28:32 MDT 2006 - schoi@novell.com - This file has been created for CASA_auth_token_svc project for the first time. -------------------------------------------------------------------