diff --git a/perun-oidc-server-overlay/perun-oidc-server-config-template/perun-oidc-data-context.xml b/perun-oidc-server-overlay/perun-oidc-server-config-template/perun-oidc-data-context.xml
new file mode 100644
index 0000000..ae55b35
--- /dev/null
+++ b/perun-oidc-server-overlay/perun-oidc-server-config-template/perun-oidc-data-context.xml
@@ -0,0 +1,74 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/perun-oidc-server-overlay/perun-oidc-server-config-template/perun-oidc-keystore.jwks b/perun-oidc-server-overlay/perun-oidc-server-config-template/perun-oidc-keystore.jwks
new file mode 100644
index 0000000..d01bcbb
--- /dev/null
+++ b/perun-oidc-server-overlay/perun-oidc-server-config-template/perun-oidc-keystore.jwks
@@ -0,0 +1,17 @@
+{
+ "keys": [
+ {
+ "p": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+ "kty": "RSA",
+ "q": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+ "d": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+ "e": "AQAB",
+ "kid": "rsa1",
+ "qi": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+ "dp": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+ "dq": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
+ "n": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+ }
+ ]
+}
+
diff --git a/perun-oidc-server-overlay/perun-oidc-server-config-template/perun-oidc-scope.properties b/perun-oidc-server-overlay/perun-oidc-server-config-template/perun-oidc-scope.properties
new file mode 100644
index 0000000..70b45db
--- /dev/null
+++ b/perun-oidc-server-overlay/perun-oidc-server-config-template/perun-oidc-scope.properties
@@ -0,0 +1,43 @@
+# configure OIDC scopes, its claims, its json structure and map them to perun attributes.
+# if claim value begins with urn:perun: it will be considered as attribute name and will be replaced
+# with real user attribute value. Otherwise it is considered as constant value.
+
+# format is:
+# scope_name = {
+# "claim_name": "attribute_name",
+# "claim_name": "constant_value",
+# "claim_name": {
+# "key": "attribute_name",
+# "key": { ... }
+# }
+#}
+
+
+
+##### standard OIDC scopes #####
+
+openid = {\
+ "sub": "urn:perun:user:attribute-def:core:id"\
+ }
+
+profile = {\
+ "name": "urn:perun:user:attribute-def:core:displayName",\
+ "given_name": "urn:perun:user:attribute-def:core:firstName",\
+ "family_name": "urn:perun:user:attribute-def:core:lastName",\
+ "middle_name": "urn:perun:user:attribute-def:core:middleName",\
+ "preferred_username": "urn:perun:user:attribute-def:def:preferredMail"\
+ }
+
+email = {\
+ "email": "urn:perun:user:attribute-def:def:preferredMail"\
+ }
+
+phone = {\
+ "phone": "urn:perun:user:attribute-def:def:phone"\
+ }
+
+address = {\
+ "address": {\
+ "formatted": "urn:perun:user:attribute-def:def:address"\
+ }\
+ }
diff --git a/perun-oidc-server-overlay/perun-oidc-server-config-template/perun-oidc-server-config.xml b/perun-oidc-server-overlay/perun-oidc-server-config-template/perun-oidc-server-config.xml
new file mode 100644
index 0000000..e82cec8
--- /dev/null
+++ b/perun-oidc-server-overlay/perun-oidc-server-config-template/perun-oidc-server-config.xml
@@ -0,0 +1,75 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/perun-oidc-server-overlay/perun-oidc-server-config-template/perun-oidc-server.properties b/perun-oidc-server-overlay/perun-oidc-server-config-template/perun-oidc-server.properties
new file mode 100644
index 0000000..a92bece
--- /dev/null
+++ b/perun-oidc-server-overlay/perun-oidc-server-config-template/perun-oidc-server.properties
@@ -0,0 +1,16 @@
+
+# Credentials to communicate with perun via basic auth. Should have sufficient privileges.
+oidc.perun.username=
+oidc.perun.password=
+
+# URL pointing to perun rpc. Must ends with '/' e.g. http://localhost/krb/rpc/json/
+oidc.perun.url=
+
+# URL pointing to userinfo endpoint. Where access token is consumed
+oidc.userinfo.endpoint=
+
+# List of Perun user IDs divided by ',' which will be admins of Authorization server.
+oidc.admins=
+
+# Public URL to instance logo. e.g. Shown on consent page.
+oidc.logoUrl=
diff --git a/perun-oidc-server-overlay/perun-oidc-server-config-template/readme.md b/perun-oidc-server-overlay/perun-oidc-server-config-template/readme.md
new file mode 100644
index 0000000..223924b
--- /dev/null
+++ b/perun-oidc-server-overlay/perun-oidc-server-config-template/readme.md
@@ -0,0 +1,32 @@
+### Create a folder /etc/perun/
+
+mkdir /etc/perun/
+cd /etc/perun/
+
+
+### Copy this template files into /etc/perun/ and edit them:
+
+1. perun-oidc-data-context.xml - PSQL DB
+ * Uncomment initialize-database element for first run
+ * Modify username and password value in dataSource bean
+
+2. perun-oidc-scopes.properties
+ * Modify in relation to perun attributes you have
+
+3. perun-oidc-server.properties
+ * Communication details with Perun. Follow comments.
+ * Do not forget to add your perun user IDs.
+
+4. perun-oidc-server-config.xml
+ * Modify issuer property
+
+5. perun-oidc-keystore.jwks
+ * generate new set of keys here: https://github.com/mitreid-connect/json-web-key-generator
+ * download as zip
+ * extract and go to folder
+ *run:
+
+ mvn package
+ java -jar target/json-...-jar-with-dependencies.jar -t RSA -s 2048 -i rsa1
+
+ * copy output to the file into json array “keys”
diff --git a/perun-oidc-server-overlay/src/main/resources/db/clients.sql b/perun-oidc-server-overlay/src/main/resources/db/clients.sql
index 7e7a8a5..f119aac 100644
--- a/perun-oidc-server-overlay/src/main/resources/db/clients.sql
+++ b/perun-oidc-server-overlay/src/main/resources/db/clients.sql
@@ -2,7 +2,7 @@
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
-SET AUTOCOMMIT FALSE;
+SET AUTOCOMMIT = OFF;
START TRANSACTION;
@@ -35,29 +35,25 @@ INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES
-- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store.
--
-MERGE INTO client_details
- USING (SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP) AS vals(client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection)
- ON vals.client_id = client_details.client_id
- WHEN NOT MATCHED THEN
- INSERT (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES(client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection);
+INSERT INTO client_details (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection)
+ SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP
+ON CONFLICT
+ DO NOTHING;
-MERGE INTO client_scope
- USING (SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id) AS vals(id, scope)
- ON vals.id = client_scope.owner_id AND vals.scope = client_scope.scope
- WHEN NOT MATCHED THEN
- INSERT (owner_id, scope) values (vals.id, vals.scope);
+INSERT INTO client_scope (scope)
+ SELECT scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id
+ON CONFLICT
+ DO NOTHING;
-MERGE INTO client_redirect_uri
- USING (SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id) AS vals(id, redirect_uri)
- ON vals.id = client_redirect_uri.owner_id AND vals.redirect_uri = client_redirect_uri.redirect_uri
- WHEN NOT MATCHED THEN
- INSERT (owner_id, redirect_uri) values (vals.id, vals.redirect_uri);
+INSERT INTO client_redirect_uri (redirect_uri)
+ SELECT redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id
+ON CONFLICT
+ DO NOTHING;
-MERGE INTO client_grant_type
- USING (SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id) AS vals(id, grant_type)
- ON vals.id = client_grant_type.owner_id AND vals.grant_type = client_grant_type.grant_type
- WHEN NOT MATCHED THEN
- INSERT (owner_id, grant_type) values (vals.id, vals.grant_type);
+INSERT INTO client_grant_type (grant_type)
+ SELECT grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id
+ON CONFLICT
+ DO NOTHING;
--
-- Close the transaction and turn autocommit back on
@@ -65,5 +61,5 @@ MERGE INTO client_grant_type
COMMIT;
-SET AUTOCOMMIT TRUE;
+SET AUTOCOMMIT =ON;
diff --git a/perun-oidc-server-overlay/src/main/resources/db/scopes.sql b/perun-oidc-server-overlay/src/main/resources/db/scopes.sql
index 2779288..1843623 100644
--- a/perun-oidc-server-overlay/src/main/resources/db/scopes.sql
+++ b/perun-oidc-server-overlay/src/main/resources/db/scopes.sql
@@ -2,7 +2,7 @@
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
-SET AUTOCOMMIT FALSE;
+SET AUTOCOMMIT = OFF;
START TRANSACTION;
@@ -22,12 +22,12 @@ INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_sco
-- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
--
-MERGE INTO system_scope
- USING (SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP) AS vals(scope, description, icon, restricted, default_scope, structured, structured_param_description)
- ON vals.scope = system_scope.scope
- WHEN NOT MATCHED THEN
- INSERT (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES(vals.scope, vals.description, vals.icon, vals.restricted, vals.default_scope, vals.structured, vals.structured_param_description);
+INSERT INTO system_scope (scope, description, icon, restricted, default_scope, structured, structured_param_description)
+ SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP
+ ON CONFLICT(scope)
+ DO NOTHING;
+
COMMIT;
-SET AUTOCOMMIT TRUE;
\ No newline at end of file
+SET AUTOCOMMIT = ON;
\ No newline at end of file
diff --git a/perun-oidc-server-overlay/src/main/resources/db/tables/loading_temp_tables.sql b/perun-oidc-server-overlay/src/main/resources/db/tables/loading_temp_tables.sql
index 1d3908e..13645a8 100644
--- a/perun-oidc-server-overlay/src/main/resources/db/tables/loading_temp_tables.sql
+++ b/perun-oidc-server-overlay/src/main/resources/db/tables/loading_temp_tables.sql
@@ -6,12 +6,14 @@
CREATE TEMPORARY TABLE IF NOT EXISTS authorities_TEMP (
username varchar(50) not null,
authority varchar(50) not null,
- constraint ix_authority_TEMP unique (username,authority));
+ constraint ix_authority_TEMP unique (username,authority)
+);
CREATE TEMPORARY TABLE IF NOT EXISTS users_TEMP (
username varchar(50) not null primary key,
password varchar(50) not null,
- enabled boolean not null);
+ enabled boolean not null
+);
CREATE TEMPORARY TABLE IF NOT EXISTS user_info_TEMP (
sub VARCHAR(256) not null primary key,
diff --git a/perun-oidc-server-overlay/src/main/resources/db/tables/psql_database_indexes.sql b/perun-oidc-server-overlay/src/main/resources/db/tables/psql_database_indexes.sql
new file mode 100644
index 0000000..4c29736
--- /dev/null
+++ b/perun-oidc-server-overlay/src/main/resources/db/tables/psql_database_indexes.sql
@@ -0,0 +1,18 @@
+--
+-- Indexes for PostgreSQL
+--
+
+CREATE INDEX IF NOT EXISTS at_tv_idx ON access_token(token_value);
+CREATE INDEX IF NOT EXISTS ts_oi_idx ON token_scope(owner_id);
+CREATE INDEX IF NOT EXISTS at_exp_idx ON access_token(expiration);
+CREATE INDEX IF NOT EXISTS rf_ahi_idx ON refresh_token(auth_holder_id);
+CREATE INDEX IF NOT EXISTS cd_ci_idx ON client_details(client_id);
+CREATE INDEX IF NOT EXISTS at_ahi_idx ON access_token(auth_holder_id);
+CREATE INDEX IF NOT EXISTS aha_oi_idx ON authentication_holder_authority(owner_id);
+CREATE INDEX IF NOT EXISTS ahe_oi_idx ON authentication_holder_extension(owner_id);
+CREATE INDEX IF NOT EXISTS ahrp_oi_idx ON authentication_holder_request_parameter(owner_id);
+CREATE INDEX IF NOT EXISTS ahri_oi_idx ON authentication_holder_resource_id(owner_id);
+CREATE INDEX IF NOT EXISTS ahrt_oi_idx ON authentication_holder_response_type(owner_id);
+CREATE INDEX IF NOT EXISTS ahs_oi_idx ON authentication_holder_scope(owner_id);
+CREATE INDEX IF NOT EXISTS ac_ahi_idx ON authorization_code(auth_holder_id);
+CREATE INDEX IF NOT EXISTS suaa_oi_idx ON saved_user_auth_authority(owner_id);
\ No newline at end of file
diff --git a/perun-oidc-server-overlay/src/main/resources/db/tables/psql_database_tables.sql b/perun-oidc-server-overlay/src/main/resources/db/tables/psql_database_tables.sql
index da7e697..1252dcd 100644
--- a/perun-oidc-server-overlay/src/main/resources/db/tables/psql_database_tables.sql
+++ b/perun-oidc-server-overlay/src/main/resources/db/tables/psql_database_tables.sql
@@ -1,17 +1,16 @@
--
-- Tables for OIDC Server functionality, PostgreSQL
--
-
CREATE TABLE IF NOT EXISTS access_token (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP,
token_type VARCHAR(256),
refresh_token_id BIGINT,
client_id BIGINT,
auth_holder_id BIGINT,
- id_token_id BIGINT,
- approved_site_id BIGINT
+ approved_site_id BIGINT,
+ UNIQUE(token_value)
);
CREATE TABLE IF NOT EXISTS access_token_permissions (
@@ -20,7 +19,7 @@ CREATE TABLE IF NOT EXISTS access_token_permissions (
);
CREATE TABLE IF NOT EXISTS address (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
formatted VARCHAR(256),
street_address VARCHAR(256),
locality VARCHAR(256),
@@ -30,7 +29,7 @@ CREATE TABLE IF NOT EXISTS address (
);
CREATE TABLE IF NOT EXISTS approved_site (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
user_id VARCHAR(256),
client_id VARCHAR(256),
creation_date TIMESTAMP,
@@ -45,7 +44,7 @@ CREATE TABLE IF NOT EXISTS approved_site_scope (
);
CREATE TABLE IF NOT EXISTS authentication_holder (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
user_auth_id BIGINT,
approved BOOLEAN,
redirect_uri VARCHAR(2048),
@@ -85,7 +84,7 @@ CREATE TABLE IF NOT EXISTS authentication_holder_request_parameter (
);
CREATE TABLE IF NOT EXISTS saved_user_auth (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024),
authenticated BOOLEAN,
source_class VARCHAR(2048)
@@ -102,7 +101,7 @@ CREATE TABLE IF NOT EXISTS client_authority (
);
CREATE TABLE IF NOT EXISTS authorization_code (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
code VARCHAR(256),
auth_holder_id BIGINT,
expiration TIMESTAMP
@@ -119,18 +118,19 @@ CREATE TABLE IF NOT EXISTS client_response_type (
);
CREATE TABLE IF NOT EXISTS blacklisted_site (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS client_details (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
client_description VARCHAR(1024),
reuse_refresh_tokens BOOLEAN DEFAULT true NOT NULL,
dynamically_registered BOOLEAN DEFAULT false NOT NULL,
allow_introspection BOOLEAN DEFAULT false NOT NULL,
id_token_validity_seconds BIGINT DEFAULT 600 NOT NULL,
+ device_code_validity_seconds BIGINT,
client_id VARCHAR(256),
client_secret VARCHAR(2048),
@@ -168,6 +168,12 @@ CREATE TABLE IF NOT EXISTS client_details (
created_at TIMESTAMP,
initiate_login_uri VARCHAR(2048),
clear_access_tokens_on_refresh BOOLEAN DEFAULT true NOT NULL,
+
+ software_statement VARCHAR(4096),
+ software_id VARCHAR(2048),
+ software_version VARCHAR(2048),
+
+ code_challenge_method VARCHAR(256),
UNIQUE (client_id)
);
@@ -203,7 +209,7 @@ CREATE TABLE IF NOT EXISTS client_claims_redirect_uri (
);
CREATE TABLE IF NOT EXISTS refresh_token (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP,
auth_holder_id BIGINT,
@@ -226,7 +232,7 @@ CREATE TABLE IF NOT EXISTS token_scope (
);
CREATE TABLE IF NOT EXISTS system_scope (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
scope VARCHAR(256) NOT NULL,
description VARCHAR(4096),
icon VARCHAR(256),
@@ -238,7 +244,7 @@ CREATE TABLE IF NOT EXISTS system_scope (
);
CREATE TABLE IF NOT EXISTS user_info (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
sub VARCHAR(256),
preferred_username VARCHAR(256),
name VARCHAR(256),
@@ -263,7 +269,7 @@ CREATE TABLE IF NOT EXISTS user_info (
);
CREATE TABLE IF NOT EXISTS whitelisted_site (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
creator_user_id VARCHAR(256),
client_id VARCHAR(256)
);
@@ -274,14 +280,14 @@ CREATE TABLE IF NOT EXISTS whitelisted_site_scope (
);
CREATE TABLE IF NOT EXISTS pairwise_identifier (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
identifier VARCHAR(256),
sub VARCHAR(256),
sector_identifier VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS resource_set (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024) NOT NULL,
uri VARCHAR(1024),
icon_uri VARCHAR(1024),
@@ -296,14 +302,14 @@ CREATE TABLE IF NOT EXISTS resource_set_scope (
);
CREATE TABLE IF NOT EXISTS permission_ticket (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
ticket VARCHAR(256) NOT NULL,
permission_id BIGINT NOT NULL,
expiration TIMESTAMP
);
CREATE TABLE IF NOT EXISTS permission (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
resource_set_id BIGINT
);
@@ -313,7 +319,7 @@ CREATE TABLE IF NOT EXISTS permission_scope (
);
CREATE TABLE IF NOT EXISTS claim (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
name VARCHAR(256),
friendly_name VARCHAR(1024),
claim_type VARCHAR(1024),
@@ -331,7 +337,7 @@ CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
);
CREATE TABLE IF NOT EXISTS policy (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024),
resource_set_id BIGINT
);
@@ -352,14 +358,29 @@ CREATE TABLE IF NOT EXISTS claim_issuer (
);
CREATE TABLE IF NOT EXISTS saved_registered_client (
- id SERIAL PRIMARY KEY,
+ id BIGSERIAL PRIMARY KEY,
issuer VARCHAR(1024),
registered_client VARCHAR(8192)
);
+CREATE TABLE IF NOT EXISTS device_code (
+ id BIGSERIAL PRIMARY KEY,
+ device_code VARCHAR(1024),
+ user_code VARCHAR(1024),
+ expiration TIMESTAMP NULL,
+ client_id VARCHAR(256),
+ approved BOOLEAN,
+ auth_holder_id BIGINT
+);
+
+CREATE TABLE IF NOT EXISTS device_code_scope (
+ owner_id BIGINT NOT NULL,
+ scope VARCHAR(256) NOT NULL
+);
+
+CREATE TABLE IF NOT EXISTS device_code_request_parameter (
+ owner_id BIGINT,
+ param VARCHAR(2048),
+ val VARCHAR(2048)
+);
-CREATE INDEX at_tv_idx ON access_token(token_value);
-CREATE INDEX ts_oi_idx ON token_scope(owner_id);
-CREATE INDEX at_exp_idx ON access_token(expiration);
-CREATE INDEX rf_ahi_idx ON refresh_token(auth_holder_id);
-CREATE INDEX cd_ci_idx ON client_details(client_id);
\ No newline at end of file
diff --git a/perun-oidc-server-overlay/src/main/resources/db/tables/security-schema.sql b/perun-oidc-server-overlay/src/main/resources/db/tables/security-schema.sql
index bc5d70b..6028235 100644
--- a/perun-oidc-server-overlay/src/main/resources/db/tables/security-schema.sql
+++ b/perun-oidc-server-overlay/src/main/resources/db/tables/security-schema.sql
@@ -5,10 +5,12 @@
create table IF NOT EXISTS users(
username varchar(50) not null primary key,
password varchar(50) not null,
- enabled boolean not null);
+ enabled boolean not null
+);
create table IF NOT EXISTS authorities (
username varchar(50) not null,
authority varchar(50) not null,
constraint fk_authorities_users foreign key(username) references users(username),
- constraint ix_authority unique (username,authority));
\ No newline at end of file
+ constraint ix_authority unique (username,authority)
+ );
\ No newline at end of file
diff --git a/perun-oidc-server-overlay/src/main/webapp/WEB-INF/crypto-config.xml b/perun-oidc-server-overlay/src/main/webapp/WEB-INF/crypto-config.xml
index c255df0..3616c54 100644
--- a/perun-oidc-server-overlay/src/main/webapp/WEB-INF/crypto-config.xml
+++ b/perun-oidc-server-overlay/src/main/webapp/WEB-INF/crypto-config.xml
@@ -1,14 +1,15 @@
+ xmlns:mvc="http://www.springframework.org/schema/mvc"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:security="http://www.springframework.org/schema/security"
+ xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
+ xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
+ http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
-
+
-
+
-
+
diff --git a/perun-oidc-server-overlay/src/main/webapp/WEB-INF/data-context.xml b/perun-oidc-server-overlay/src/main/webapp/WEB-INF/data-context.xml
index 5796a37..202b765 100644
--- a/perun-oidc-server-overlay/src/main/webapp/WEB-INF/data-context.xml
+++ b/perun-oidc-server-overlay/src/main/webapp/WEB-INF/data-context.xml
@@ -1,7 +1,8 @@
diff --git a/perun-oidc-server-overlay/src/main/webapp/WEB-INF/local-config.xml b/perun-oidc-server-overlay/src/main/webapp/WEB-INF/local-config.xml
index c36199e..f8343ee 100644
--- a/perun-oidc-server-overlay/src/main/webapp/WEB-INF/local-config.xml
+++ b/perun-oidc-server-overlay/src/main/webapp/WEB-INF/local-config.xml
@@ -1,34 +1,38 @@
+
+ http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
-
+
diff --git a/perun-oidc-server-overlay/src/main/webapp/WEB-INF/server-config.xml b/perun-oidc-server-overlay/src/main/webapp/WEB-INF/server-config.xml
index 77fc2e9..0a9ca26 100644
--- a/perun-oidc-server-overlay/src/main/webapp/WEB-INF/server-config.xml
+++ b/perun-oidc-server-overlay/src/main/webapp/WEB-INF/server-config.xml
@@ -1,7 +1,8 @@
+
+ http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
+ http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
diff --git a/perun-oidc-server-overlay/src/main/webapp/WEB-INF/tags/topbar.tag b/perun-oidc-server-overlay/src/main/webapp/WEB-INF/tags/topbar.tag
index f4711a8..c2f1395 100644
--- a/perun-oidc-server-overlay/src/main/webapp/WEB-INF/tags/topbar.tag
+++ b/perun-oidc-server-overlay/src/main/webapp/WEB-INF/tags/topbar.tag
@@ -34,44 +34,18 @@
- 
${config.topbarTitle}
+
+
+
+ ${config.shortTopbarTitle}
+ ${config.topbarTitle}
+
+
- <%--
-
-
-
--%>
+
diff --git a/perun-oidc-server-overlay/src/main/webapp/WEB-INF/user-context.xml b/perun-oidc-server-overlay/src/main/webapp/WEB-INF/user-context.xml
index 233c560..c7124c8 100644
--- a/perun-oidc-server-overlay/src/main/webapp/WEB-INF/user-context.xml
+++ b/perun-oidc-server-overlay/src/main/webapp/WEB-INF/user-context.xml
@@ -1,14 +1,15 @@