Compare revisions

Dominik Frantisek Bucik · Dominik František Bučík · Dominik Frantisek Bucik · Dominik František Bučík · semantic-release-bot · bf7df6aa
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
+## [18.5.4](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/compare/v18.5.3...v18.5.4) (2024-06-19)
+
+
+### Bug Fixes
+
+* 🐛 Typo in device_code approve translation ([4920958](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/commit/4920958dc7b1a9f9b2ff5b0ed3d72e2715cc5cb6))
+
 ## [18.5.3](https://gitlab.ics.muni.cz/perun/perun-proxyidp/v1/OpenID-Connect-Java-Spring-Server/compare/v18.5.2...v18.5.3) (2024-05-30)



--- a/perun-oidc-server-webapp/pom.xml
+++ b/perun-oidc-server-webapp/pom.xml
@@ -21,7 +21,7 @@
 	<parent>
 		<groupId>cz.muni.ics</groupId>
 		<artifactId>perun-oidc-parent</artifactId>
-		<version>18.5.3</version>
+		<version>18.5.4</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>


--- a/perun-oidc-server-webapp/src/main/resources/localization/messages_cs.properties
+++ b/perun-oidc-server-webapp/src/main/resources/localization/messages_cs.properties
@@ -13,7 +13,7 @@ device_approve_header=Schv\u00E1len\u00ED p\u0159\u00EDstupu k Va\u0161im dat\u0
 device_approve_title=Schv\u00E1len\u00ED p\u0159\u00EDstupu k Va\u0161im dat\u016Fm

 #DEVICE_APPROVED
-device_approved_approved=Za\u0159\u00ED\u017Een\u00ED bylo autorizov\u00E1no
+device_approved_approved=Za\u0159\u00EDzen\u00ED bylo autorizov\u00E1no
 device_approved_rejected=Za\u0159\u00EDzen\u00ED byl odm\u00EDtnut p\u0159\u00EDstup
 device_approved_title=Autorizace za\u0159\u00EDzen\u00ED dokon\u010Dena
 device_approved_text_approved_start=Za\u0159\u00EDzen\u00ED bylo \u00FAsp\u011B\u0161n\u011B autorizov\u00E1no. Nyn\u00ED m\u016F\u017Eete pokra\u010Dovat ke slu\u017Eb\u011B
@@ -69,22 +69,25 @@ zoneinfo=Z\u00F3na
 phone_number=Telefon

 #UNAPPROVED
-contact_p=V p\u0159\u00EDpad\u011B nejasnost\u00ED n\u00E1s kontaktujte na
+403_aai_contact_text=V p\u0159\u00EDpad\u011B nejasnost\u00ED n\u00E1s kontaktujte na
 403_header=P\u0159\u00EDstup odm\u00EDtnut
 403_text=Nem\u00E1te dostate\u010Dn\u00E1 pr\u00E1va pro p\u0159\u00EDstup ke slu\u017Eb\u011B:
 403_informationPage=Pro v\u00EDce informac\u00ED o slu\u017Eb\u011B nav\u0161tivte
 403_contactSupport=Pokud si mysl\u00EDte \u017Ee m\u00E1te m\u00EDt p\u0159\u00EDstup, kontaktujte administr\u00E1tora:
 403_subject=Probl\u00E9m s p\u0159ihl\u00E1\u0161en\u00EDm do slu\u017Eby
+
 403_ensure_vo_hdr=P\u0159\u00EDstup zam\u00EDtnut
 403_ensure_vo_msg=Nem\u00E1te dostate\u010Dn\u00E1 pr\u00E1va pro p\u0159\u00EDstup ke slu\u017Eb\u011B
+403_ensure_vo_client_contact=Pokud si mysl\u00EDte, \u017Ee v\u00E1m byl p\u0159\u00EDstup odep\u0159en nepr\u00E1vem, nebo chcete p\u0159\u00EDstup z\u00EDskat, kontaktujte spr\u00E1vce slu\u017Eby pomoc\u00ED kontakt\u016F n\u00ED\u017Ee.
+
 403_authorization_hdr=P\u0159\u00EDstup zam\u00EDtnut
 403_authorization_msg=Tato str\u00E1nka se V\u00E1m zobrazuje, proto\u017Ee nem\u00E1te p\u0159\u00EDstup ke slu\u017Eb\u011B. To m\u016F\u017Ee b\u00FDt d\u016Fsledkem p\u0159\u00EDstupov\u00FDch omezen\u00ED nastaven\u00FDch administr\u00E1torem.
-403_not_in_test_vos_groups_hdr=P\u0159\u00EDstup zam\u00EDtnut
-403_not_in_test_vos_groups_msg=Tato str\u00E1nka se V\u00E1m zobrazuje, proto\u017Ee nem\u00E1te p\u0159\u00EDstup k testovac\u00EDm slu\u017Eb\u00E1m AAI.
-403_not_in_prod_vos_groups_hdr=P\u0159\u00EDstup zam\u00EDtnut
-403_not_in_prod_vos_groups_msg=Tato str\u00E1nka se V\u00E1m zobrazuje, proto\u017Ee nem\u00E1te p\u0159\u00EDstup ke slu\u017Eb\u00E1m AAI.
-403_not_in_mandatory_vos_groups_hdr=P\u0159\u00EDstup zam\u00EDtnut
-403_not_in_mandatory_vos_groups_msg=Tato str\u00E1nka se V\u00E1m zobrazuje, proto\u017Ee Va\u0161e po\u017Eadovan\u00E9 \u010Dlenstv\u00ED v organizaci je nevalidn\u00ED.
+
+403_not_in_env_vos_groups_hdr=P\u0159\u00EDstup zam\u00EDtnut
+403_not_in_env_vos_groups_msg=Tato str\u00E1nka se V\u00E1m zobrazuje, proto\u017Ee nespl\u0148ujete podm\u00EDnky \u010Dlenstv\u00ED v organiza\u010Dn\u00EDch jednotk\u00E1ch AAI.
+403_not_in_env_vos_groups_urls=Pomoc\u00ED n\u00E1sleduj\u00FA\u00EDc\u00EDch odkaz\u016F se m\u016F\u017Eete do organiza\u010Dn\u00EDch jednotek registrovat. Pokud nevid\u00EDte \u017E\u00E1dn\u00E9 odkazy, kontaktujte spr\u00E1ve slu\u017Eby pro p\u0159idelen\u00ED p\u0159\u00EDstupu.
+403_not_in_env_vos_groups_client_contact=Pokud si mysl\u00EDte, \u017Ee v\u00E1m byl p\u0159\u00EDstup odep\u0159en nepr\u00E1vem, nebo chcete p\u0159\u00EDstup z\u00EDskat, kontaktujte spr\u00E1vce slu\u017Eby pomoc\u00ED kontakt\u016F n\u00ED\u017Ee.
+
 403_not_logged_in_hdr=P\u0159\u00EDstup zam\u00EDtnut
 403_not_logged_in_msg=Zd\u00E1 se, \u017Ee p\u0159ihl\u00E1\u0161en\u00ED selhalo. Zkuste, pros\u00EDm, zav\u0159\u00EDt V\u00E1\u0161 prohl\u00ED\u017Ee\u010D a p\u0159ihl\u00E1sit se znovu.

@@ -92,21 +95,22 @@ contact_p=V p\u0159\u00EDpad\u011B nejasnost\u00ED n\u00E1s kontaktujte na
 403_is_eligible_default_text=P\u0159\u00EDstup ke slu\u017Eb\u011B byl zam\u00EDtnut, proto\u017Ee V\u00E1\u0161 \u00FA\u010Det nespl\u0148uje pomd\u00EDnky p\u0159\u00EDstupu. P\u0159ihlaste se, pros\u00EDme, pomoc\u00ED jin\u00E9ho \u00FA\u010Dtu.
 403_is_eligible_default_button_text=Pokra\u010Dovat
 403_is_eligible_default_contact_text=Pokud si mysl\u00EDte, \u017Ee pou\u017E\u00EDv\u00E1te spr\u00E1vn\u00FD \u00FA\u010Det a p\u0159\u00EDstup je V\u00E1m odm\u00EDtnut nepr\u00E1vem, pros\u00EDme kontakujte n\u00E1s na
+403_is_eligible_client_contact=Pokud si mysl\u00EDte, \u017Ee v\u00E1m byl p\u0159\u00EDstup odep\u0159en nepr\u00E1vem, nebo chcete p\u0159\u00EDstup z\u00EDskat, kontaktujte spr\u00E1vce slu\u017Eby pomoc\u00ED kontakt\u016F n\u00ED\u017Ee.

 #GO TO REGISTRATION
-go_to_registration_title=Je vy\u017Eadov\u00E1na Va\u0161e aktivita
-go_to_registration_header1=Pro p\u0159\u00EDstup ke slu\u017Eb\u011B
-go_to_registration_header2=je vy\u017Eadov\u00E1na Va\u0161e aktivita
-go_to_registration_continue=Pokra\u010Dovat na str\u00E1nku s dopl\u0148uj\u00EDc\u00EDmi informacemi
+unauthorized_register_notify_action_required_title=Je vy\u017Eadov\u00E1na Va\u0161e aktivita
+unauthorized_register_notify_action_required_header1=Pro p\u0159\u00EDstup ke slu\u017Eb\u011B
+unauthorized_register_notify_action_required_header2=je vy\u017Eadov\u00E1na Va\u0161e aktivita
+unauthorized_register_notify_action_required_continue=Pokra\u010Dovat na str\u00E1nku s dopl\u0148uj\u00EDc\u00EDmi informacemi

 #REGISTRATION
-registration_title=Registrace pro p\u0159\u00EDstup ke slu\u017Eb\u011B
-registration_header1=P\u0159\u00EDstup ke slu\u017Eb\u011B
-registration_header2=byl zam\u00EDtnut
-registration_message=Pro z\u00EDsk\u00E1n\u00ED p\u0159\u00EDstupu k dan\u00E9 slu\u017Eb\u011B je nutn\u00E9 b\u00FDt \u010Dlenem jedn\u00E9 z n\u00E1sleduj\u00EDc\u00EDch skupin. Pokra\u010Dujte v\u00FDb\u011Brem p\u0159\u00EDslu\u0161n\u00E9 organizace a skupiny.
-registration_select_vo=Vyberte virtu\u00E1ln\u00ED organizaci:
-registration_select_group=Vyberte skupinu pro registraci:
-registration_continue=Pokra\u010Dovat na registra\u010Dn\u00ED str\u00E1nku do vybran\u00E9 skupiny
+unauthorized_register_choose_vo_group_title=Registrace pro p\u0159\u00EDstup ke slu\u017Eb\u011B
+unauthorized_register_choose_vo_group_header1=P\u0159\u00EDstup ke slu\u017Eb\u011B
+unauthorized_register_choose_vo_group_header2=byl zam\u00EDtnut
+unauthorized_register_choose_vo_group_message=Pro z\u00EDsk\u00E1n\u00ED p\u0159\u00EDstupu k dan\u00E9 slu\u017Eb\u011B je nutn\u00E9 b\u00FDt \u010Dlenem jedn\u00E9 z n\u00E1sleduj\u00EDc\u00EDch skupin. Pokra\u010Dujte v\u00FDb\u011Brem p\u0159\u00EDslu\u0161n\u00E9 organizace a skupiny.
+unauthorized_register_choose_vo_group_select_vo=Vyberte virtu\u00E1ln\u00ED organizaci:
+unauthorized_register_choose_vo_group_select_group=Vyberte skupinu pro registraci:
+unauthorized_register_choose_vo_group_continue=Pokra\u010Dovat na registra\u010Dn\u00ED str\u00E1nku do vybran\u00E9 skupiny

 #CESNET footer specific
 footer_other_projects=OSTATN\u00CD PROJEKTY

--- a/perun-oidc-server-webapp/src/main/resources/localization/messages_en.properties
+++ b/perun-oidc-server-webapp/src/main/resources/localization/messages_en.properties
@@ -68,22 +68,25 @@ zoneinfo=Zone
 phone_number=Phone

 #UNAPPROVED
-contact_p=In case of any questions, do not hesitate to contact us at
+403_aai_contact_text=In case of any questions, do not hesitate to contact us at
 403_header=Access forbidden
 403_text=You don't meet the prerequisites for accessing the service:
 403_informationPage=For more information about this service please visit this
 403_contactSupport=If you think you should have an access contact service operator at
 403_subject=Problem with login to service:
+
 403_ensure_vo_hdr=Access denied
 403_ensure_vo_msg=You don't meet the prerequisites to access the service.
+403_ensure_vo_client_contact=If you think you should have access to the service, you can contact the service operator via the email(s) below.
+
 403_authorization_hdr=Access denied
 403_authorization_msg=You see this page because you are not allowed to access the service. This situation can be a result of the access restrictions that the service administrator has set up.
-403_not_in_test_vos_groups_hdr=Access denied
-403_not_in_test_vos_groups_msg=You see this page because you are not allowed to access AAI's testing services.
-403_not_in_prod_vos_groups_hdr=Access denied
-403_not_in_prod_vos_groups_msg=You see this page because you are not allowed to access AAI's services.
-403_not_in_mandatory_vos_groups_hdr=Access denied
-403_not_in_mandatory_vos_groups_msg=You are seeing this page because your membership in the required organizational units is invalid.
+
+403_not_in_env_vos_groups_hdr=Access denied
+403_not_in_env_vos_groups_msg=You see this page because you are not allowed to access this service. The reason is that you are not member of the required organizational units.
+403_not_in_env_vos_groups_urls=Please register into the required units using the links below. If you see no links, please get in touch with the service operator to grant you access.
+403_not_in_env_vos_groups_client_contact=If you need more information about the access requirements, please use one of the contacts of the service operator below.
+
 403_not_logged_in_hdr=Access denied
 403_not_logged_in_msg=It appears the login process has failed. Please close your browser and try to log in again.

@@ -91,21 +94,22 @@ contact_p=In case of any questions, do not hesitate to contact us at
 403_is_eligible_default_text=Your account does not meet the criteria for accessing the service. Please log in with other account.
 403_is_eligible_default_button_text=Continue with other account.
 403_is_eligible_default_contact_text=If you think you have used an account which meets the criteria, and you are still prevented from logging in to the service, please contact us at
+403_is_eligible_client_contact=If you think you should have access to the service, you can contact the service operator via the email(s) below.

 #GO TO REGISTRATION
-go_to_registration_title=Your activity is necessary
-go_to_registration_header1=Your activity is necessary to access the
-go_to_registration_header2=service
-go_to_registration_continue=Continue to a page with additional information
+unauthorized_register_notify_action_required_title=Your activity is necessary
+unauthorized_register_notify_action_required_header1=Your activity is necessary to access the
+unauthorized_register_notify_action_required_header2=service
+unauthorized_register_notify_action_required_continue=Continue to a page with additional information

 #REGISTRATION
-registration_title=Registration for access to the service
-registration_header1=Access to the service
-registration_header2=has been forbidden
-registration_message=To access the service it is necessary to have a valid membership in one of the following groups. Please proceed with selection of organization and group for registration.
-registration_select_vo=Select virtual organization for registration:
-registration_select_group=Select group for registration:
-registration_continue=Continue to the registration page for selected group
+unauthorized_register_choose_vo_group_title=Registration for access to the service
+unauthorized_register_choose_vo_group_header1=Access to the service
+unauthorized_register_choose_vo_group_header2=has been forbidden
+unauthorized_register_choose_vo_group_message=To access the service it is necessary to have a valid membership in one of the following groups. Please proceed with selection of organization and group for registration.
+unauthorized_register_choose_vo_group_select_vo=Select virtual organization for registration:
+unauthorized_register_choose_vo_group_select_group=Select group for registration:
+unauthorized_register_choose_vo_group_continue=Continue to the registration page for selected group

 #CESNET+einfra footer specific
 footer_other_projects=OTHER CESNET PROJECTS

--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/assertion-config.xml
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/assertion-config.xml
@@ -25,7 +25,7 @@
 	<bean id="jwtAssertionTokenFactory" class="cz.muni.ics.oauth2.assertion.impl.DirectCopyRequestFactory" />

 	<!-- validate client software statements for dynamic registration -->
-<!-- 	<bean id="clientAssertionValidator" class="cz.muni.ics.jwt.assertion.impl.NullAssertionValidator" /> -->
+	<!-- 	<bean id="clientAssertionValidator" class="cz.muni.ics.jwt.assertion.impl.NullAssertionValidator" /> -->
 	
 	<!-- this class will pass assertions signed by the issuers and keys in the whitelist -->
 	<bean id="clientAssertionValidator" class="cz.muni.ics.jwt.assertion.impl.WhitelistedIssuerAssertionValidator">

--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/aup.jsp
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/aup.jsp
@@ -29,7 +29,7 @@ request.setAttribute("cssLinks", cssLinks);
            <div>
                <p style="font-size: 16px; padding: 0; margin: 0;"><spring:message code="org_vo"/>${" "}<strong>${aup.key}</strong></p>
                <p><spring:message code="see_aup"/>${" "}${aup.value.version}${" "}
-                    <a href="${aup.value.link}"><spring:message code="here"/></a></p>
+                    <a href="${aup.value.link}" target="_blank"><spring:message code="here"/></a></p>
            </div>
        </c:forEach>
        <input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>

--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/isTestSpWarning.jsp
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/isTestSpWarning.jsp
@@ -27,13 +27,11 @@
    </div>
    <p><spring:message code="is_test_sp_warning_text"/></p>

-    <form method="GET" action="${action}">
+    <form method="POST" action="">
        <hr/>
        <br/>
-        <input type="hidden" name="target" value="${fn:escapeXml(target)}">
-        <input type="hidden" name="accepted" value="true">
-        <spring:message code="is_test_sp_warning_continue" var="submit_value"/>
-        <input type="submit" name="continue" value="${submit_value}" class="btn btn-lg btn-primary btn-block">
+        <input type="submit" name="continue" value="<spring:message code="is_test_sp_warning_continue"/>"
+               class="btn btn-lg btn-primary btn-block">
    </form>
 </div>
 </div><!-- ENDWRAP -->

--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/unapproved.jsp
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/unapproved.jsp
@@ -32,7 +32,7 @@ request.setAttribute("cssLinks", cssLinks);
            <c:if test="${not empty client.clientUri}">
                <br/>
                <spring:message key="403_informationPage"/>${' '}
-                <a href="${fn:escapeXml(client.clientUri)}">
+                <a href="${fn:escapeXml(client.clientUri)}" target="_blank">
                    ${fn:escapeXml(client.clientUri)}
                </a>
            </c:if>

--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/unapproved_is_eligible.jsp
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/unapproved_is_eligible.jsp
@@ -16,19 +16,26 @@ request.setAttribute("cssLinks", cssLinks);

 <t:header title="${title}" reqURL="${reqURL}" baseURL="${baseURL}"
          cssLinks="${cssLinks}" theme="${theme}" samlResourcesURL="${samlResourcesURL}"/>
-
 </div> <%-- header --%>

 <div id="content">
    <div class="error_message" style="word-wrap: break-word;">
-        <h1><spring:message code="${outHeader}"/></h1>
-        <p><spring:message code="${outMessage}"/></p>
-        <c:if test="${hasTarget}">
-            <form method="POST" action="" class="mb-4">
-                <button class="btn btn-primary btn-block"><spring:message code="${outButton}"/></button>
-            </form>
+        <h1><spring:message code="403_ensure_vo_hdr"/></h1>
+        <p><spring:message code="403_ensure_vo_msg"/></p>
+        <c:if test="${not empty client and not empty client.contacts}">
+            <p><spring:message code="403_ensure_vo_client_contact"/></p>
+            <ul>
+                <c:forEach items="${client.contacts}" var="contact">
+                    <li>
+                        <a href="mailto:${fn:escapeXml(contact)}">${fn:escapeXml(contact)}</a>
+                    </li>
+                </c:forEach>
+            </ul>
        </c:if>
-        <p><spring:message code="${outContactP}"/>${" "}<a href="mailto:${contactMail}">${contactMail}</a></p>
+        <p>
+            <spring:message code="403_aai_contact_text"/>${" "}
+            <a href="mailto:${fn:escapeXml(contactMail)}">${fn:escapeXml(contactMail)}</a>
+        </p>
    </div>
 </div>
 </div><!-- ENDWRAP -->

--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/registrationFormContinue.jsp
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/registrationFormContinue.jsp
 <%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8" trimDirectiveWhitespaces="true" %>
 <%@ page import="java.util.ArrayList" %>
 <%@ page import="java.util.List" %>
+<%@ page import="cz.muni.ics.oidc.web.controllers.PerunUnauthorizedController" %>
 <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
 <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
 <%@ taglib prefix="t" tagdir="/WEB-INF/tags/common"%>
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>

-
-
 <%

 String samlCssUrl = (String) request.getAttribute("samlResourcesURL");
 List<String> cssLinks = new ArrayList<>();

-cssLinks.add(samlCssUrl + "/module.php/perun/res/css/perun_identity_go_to_registration.css");
+cssLinks.add(samlCssUrl + "/module.php/perun/res/css/perun_identity_unauthorized_register_notify_action_required.css");

 request.setAttribute("cssLinks", cssLinks);

 %>

-<spring:message code="go_to_registration_title" var="title"/>
+<spring:message code="unauthorized_register_notify_action_required_title" var="title"/>
 <t:header title="${title}" reqURL="${reqURL}" baseURL="${baseURL}"
          cssLinks="${cssLinks}" theme="${theme}" samlResourcesURL="${samlResourcesURL}"/>

@@ -27,25 +26,22 @@ request.setAttribute("cssLinks", cssLinks);

 <div id="content">
    <div id="head">
-        <h1><spring:message code="go_to_registration_header1"/>
+        <h1><spring:message code="unauthorized_register_notify_action_required_header1"/>
            <c:choose>
                <c:when test="${not empty client.clientName and not empty client.clientUri}">
-                    ${" "}<a href="${fn:escapeXml(client.uri)}">${fn:escapeXml(client.clientName)}</a>
+                    ${" "}<a href="${fn:escapeXml(client.clientUri)}" target="_blank">${fn:escapeXml(client.clientName)}</a>
                </c:when>
                <c:when test="${not empty client.clientName}">
                    ${" "}${fn:escapeXml(client.clientName)}
                </c:when>
            </c:choose>
-            ${" "}<spring:message code="go_to_registration_header2"/>
+            ${" "}<spring:message code="unauthorized_register_notify_action_required_header2"/>
        </h1>
    </div>
-    <form method="GET" action="${action}">
+    <form action="${pageContext.request.contextPath}${PerunUnauthorizedController.UNAUTHORIZED_REGISTER_CHOOSE_VO_GROUP_MAPPING}" method="GET">
        <hr/>
        <br/>
-        <input type="hidden" name="client_id" value="${fn:escapeXml(client_id)}" />
-        <input type="hidden" name="facility_id" value="${fn:escapeXml(facility_id)}" />
-        <input type="hidden" name="user_id" value="${fn:escapeXml(user_id)}" />
-        <spring:message code="go_to_registration_continue" var="submit_value"/>
+        <spring:message code="unauthorized_register_notify_action_required_continue" var="submit_value"/>
        <input type="submit" name="continueToRegistration" value="${submit_value}"
               class="btn btn-lg btn-primary btn-block">
    </form>

--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/unauthorized_is_eligible.jsp
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/unauthorized_is_eligible.jsp
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8" trimDirectiveWhitespaces="true" %>
+<%@ page import="java.util.ArrayList" %>
+<%@ page import="java.util.List" %>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="t" tagdir="/WEB-INF/tags/common"%>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+
+<%
+
+List<String> cssLinks = new ArrayList<>();
+
+request.setAttribute("cssLinks", cssLinks);
+
+%>
+
+<t:header title="${title}" reqURL="${reqURL}" baseURL="${baseURL}"
+          cssLinks="${cssLinks}" theme="${theme}" samlResourcesURL="${samlResourcesURL}"/>
+
+</div> <%-- header --%>
+
+<div id="content">
+    <div class="error_message" style="word-wrap: break-word;">
+        <h1><spring:message code="${outHeader}"/></h1>
+        <p><spring:message code="${outMessage}"/></p>
+        <c:if test="${not empty target}">
+            <form method="GET" action="${target}" class="mb-4">
+                <input class="btn btn-primary btn-block" value="<spring:message code="${outButton}"/>" type="submit"/>
+            </form>
+        </c:if>
+        <c:if test="${not empty client and not empty client.contacts}">
+            <p><spring:message code="403_is_eligible_client_contact"/></p>
+            <ul>
+                <c:forEach items="${client.contacts}" var="contact">
+                    <li>
+                        <a href="mailto:${fn:escapeXml(contact)}">${fn:escapeXml(contact)}</a>
+                    </li>
+                </c:forEach>
+            </ul>
+        </c:if>
+        <p>
+            <spring:message code="${outContactP}"/>${" "}
+            <a href="mailto:${fn:escapeXml(contactMail)}">${fn:escapeXml(contactMail)}</a>
+        </p>
+    </div>
+</div>
+</div><!-- ENDWRAP -->
+
+<t:footer baseURL="${baseURL}" theme="${theme}" samlResourcesURL="${samlResourcesURL}"/>
--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/unauthorized_not_in_env_units.jsp
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/unauthorized_not_in_env_units.jsp
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8" trimDirectiveWhitespaces="true" %>
+<%@ page import="java.util.ArrayList" %>
+<%@ page import="java.util.List" %>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="t" tagdir="/WEB-INF/tags/common"%>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+
+<%
+
+List<String> cssLinks = new ArrayList<>();
+
+request.setAttribute("cssLinks", cssLinks);
+
+%>
+
+<t:header title="${title}" reqURL="${reqURL}" baseURL="${baseURL}"
+          cssLinks="${cssLinks}" theme="${theme}" samlResourcesURL="${samlResourcesURL}"/>
+</div> <%-- header --%>
+
+<div id="content">
+    <div class="error_message" style="word-wrap: break-word;">
+        <h1><spring:message code="403_not_in_env_vos_groups_hdr"/></h1>
+        <p><spring:message code="403_not_in_env_vos_groups_msg"/></p>
+        <p><spring:message code="403_not_in_env_vos_groups_urls"/></p>
+        <c:if test="${not empty registrationUrls}">
+            <ul>
+                <c:forEach var="entry" items="${registrationUrls}">
+                    <a href="<c:out value="${entry.key}" />" target="_blank">
+                        <c:out value="${entry.value}" />
+                    </a>
+                </c:forEach>
+            </ul>
+        </c:if>
+        <c:if test="${not empty client and not empty client.contacts}">
+            <p>
+                <spring:message code="403_not_in_env_vos_groups_client_contact"/>
+            </p>
+            <ul>
+                <c:forEach items="${client.contacts}" var="contact">
+                    <li>
+                        <a href="mailto:${fn:escapeXml(contact)}">${fn:escapeXml(contact)}</a>
+                    </li>
+                </c:forEach>
+            </ul>
+        </c:if>
+    </div>
+</div>
+</div><!-- ENDWRAP -->
+
+<t:footer baseURL="${baseURL}" theme="${theme}" samlResourcesURL="${samlResourcesURL}"/>
--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/registrationForm.jsp
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/registrationForm.jsp
@@ -6,8 +6,6 @@
 <%@ taglib prefix="t" tagdir="/WEB-INF/tags/common"%>
 <%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>

-
-
 <%

 String samlCssUrl = (String) request.getAttribute("samlResourcesURL");
@@ -18,7 +16,7 @@ cssLinks.add(samlCssUrl + "/module.php/perun/res/css/perun_identity_choose_vo_an
 request.setAttribute("cssLinks", cssLinks);

 %>
-<spring:message code="registration_title" var="title"/>
+<spring:message code="unauthorized_register_choose_vo_group_title" var="title"/>
 <t:header title="${title}" reqURL="${reqURL}" baseURL="${baseURL}"
          cssLinks="${cssLinks}" theme="${theme}" samlResourcesURL="${samlResourcesURL}"/>

@@ -26,24 +24,24 @@ request.setAttribute("cssLinks", cssLinks);

 <div id="content">
    <div id="head">
-        <h1><spring:message code="registration_header1"/>
+        <h1><spring:message code="unauthorized_register_choose_vo_group_header1"/>
            <c:choose>
                <c:when test="${not empty client.clientName and not empty client.clientUri}">
-                    &#32;<a href="${fn:escapeXml(client.clientUri)}">${fn:escapeXml(client.clientName)}</a>
+                    &#32;<a href="${fn:escapeXml(client.clientUri)}" target="_blank">${fn:escapeXml(client.clientName)}</a>
                </c:when>
                <c:when test="${not empty client.clientName}">
                    &#32;${fn:escapeXml(client.clientName)}
                </c:when>
            </c:choose>
-            ${" "}<spring:message code="registration_header2"/>
+            ${" "}<spring:message code="unauthorized_register_choose_vo_group_header2"/>
        </h1>
    </div>
-    <div class="msg"><spring:message code="registration_message"/></div>
+    <div class="msg"><spring:message code="unauthorized_register_choose_vo_group_message"/></div>

    <div class="list-group">
-        <form action="${action}" method="get">
-            <h4><spring:message code="registration_select_vo"/></h4>
-            <select id="selectVo" class="form-control" name="selectedVo" onchange="filter()" required>
+        <form action="${registrarUrl}" method="GET">
+            <h4><spring:message code="unauthorized_register_choose_vo_group_select_vo"/></h4>
+            <select id="selectVo" class="form-control" onchange="filter()" required name="vo">
                <c:forEach var="voGroupPair" items="${groupsForRegistration}">
                    <option value="${fn:escapeXml(voGroupPair.key.shortName)}">
                            ${fn:escapeXml(voGroupPair.key.name)}
@@ -51,8 +49,8 @@ request.setAttribute("cssLinks", cssLinks);
                </c:forEach>
            </select>

-            <h4 class="selectGroup" style="display: none"><spring:message code="registration_select_group"/></h4>
-            <select  class="selectGroup form-control" name="selectedGroup" class="form-control" style="display: none" required>
+            <h4 class="selectGroup" style="display: none"><spring:message code="unauthorized_register_choose_vo_group_select_group"/></h4>
+            <select  class="selectGroup form-control" style="display: none" required name="group">
                <c:forEach var="voGroupPair" items="${groupsForRegistration}">
                    <c:forEach var="group" items="${voGroupPair.value}">
                        <option class="groupOption" value="${fn:escapeXml(voGroupPair.key.shortName)}:${fn:escapeXml(group.name)}">
@@ -62,7 +60,7 @@ request.setAttribute("cssLinks", cssLinks);
                </c:forEach>
            </select>

-            <spring:message code="registration_continue" var="submit_value"/>
+            <spring:message code="unauthorized_register_choose_vo_group_continue" var="submit_value"/>
            <input type="submit" value="${submit_value}" class="btn btn-lg btn-primary btn-block">
        </form>
    </div>
@@ -71,4 +69,4 @@ request.setAttribute("cssLinks", cssLinks);

 <t:footer baseURL="${baseURL}" theme="${theme}" samlResourcesURL="${samlResourcesURL}"/>

-<script type="text/javascript" src="resources/js/reg_form_select.js"></script>
+<script type="text/javascript" src="resources/js/unauthorized_register_choose_vo_group.js"></script>
--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/unauthorized_register_notify_action_required.jsp
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/unauthorized_register_notify_action_required.jsp
+<%@ page contentType="text/html; charset=utf-8" pageEncoding="utf-8" trimDirectiveWhitespaces="true" %>
+<%@ page import="java.util.ArrayList" %>
+<%@ page import="java.util.List" %>
+<%@ page import="cz.muni.ics.oidc.web.controllers.PerunUnauthorizedController" %>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
+<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
+<%@ taglib prefix="t" tagdir="/WEB-INF/tags/common"%>
+<%@ taglib prefix="spring" uri="http://www.springframework.org/tags" %>
+
+<%
+
+String samlCssUrl = (String) request.getAttribute("samlResourcesURL");
+List<String> cssLinks = new ArrayList<>();
+
+cssLinks.add(samlCssUrl + "/module.php/perun/res/css/perun_identity_unauthorized_register_notify_action_required.css");
+
+request.setAttribute("cssLinks", cssLinks);
+
+%>
+
+<spring:message code="unauthorized_register_notify_action_required_title" var="title"/>
+<t:header title="${title}" reqURL="${reqURL}" baseURL="${baseURL}"
+          cssLinks="${cssLinks}" theme="${theme}" samlResourcesURL="${samlResourcesURL}"/>
+
+</div> <%-- header --%>
+
+<div id="content">
+    <div id="head">
+        <h1><spring:message code="unauthorized_register_notify_action_required_header1"/>
+            <c:choose>
+                <c:when test="${not empty client.clientName and not empty client.clientUri}">
+                    ${" "}<a href="${fn:escapeXml(client.clientUri)}" target="_blank">${fn:escapeXml(client.clientName)}</a>
+                </c:when>
+                <c:when test="${not empty client.clientName}">
+                    ${" "}${fn:escapeXml(client.clientName)}
+                </c:when>
+            </c:choose>
+            ${" "}<spring:message code="unauthorized_register_notify_action_required_header2"/>
+        </h1>
+    </div>
+    <form action="${pageContext.request.contextPath}${PerunUnauthorizedController.UNAUTHORIZED_REGISTER_CHOOSE_VO_GROUP_MAPPING}" method="GET">
+        <hr/>
+        <br/>
+        <spring:message code="unauthorized_register_notify_action_required_continue" var="submit_value"/>
+        <input type="submit" name="continueToRegistration" value="${submit_value}"
+               class="btn btn-lg btn-primary btn-block">
+    </form>
+</div>
+</div><!-- ENDWRAP -->
+
+<t:footer baseURL="${baseURL}" theme="${theme}" samlResourcesURL="${samlResourcesURL}"/>
\ No newline at end of file
--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/unapproved_spec.jsp
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/views/unapproved_spec.jsp
@@ -22,7 +22,7 @@ request.setAttribute("cssLinks", cssLinks);
    <div class="error_message" style="word-wrap: break-word;">
        <h1><spring:message code="${outHeader}"/></h1>
        <p><spring:message code="${outMessage}"/></p>
-        <p><spring:message code="contact_p"/>${" "}<a href="mailto:${contactMail}">${contactMail}</a></p>
+        <p><spring:message code="403_aai_contact_text"/>${" "}<a href="mailto:${contactMail}">${contactMail}</a></p>
    </div>
 </div>
 </div><!-- ENDWRAP -->

--- a/perun-oidc-server-webapp/src/main/webapp/WEB-INF/web-context.xml
+++ b/perun-oidc-server-webapp/src/main/webapp/WEB-INF/web-context.xml
@@ -49,7 +49,7 @@
            <mvc:exclude-mapping path="/token**"/>
            <mvc:exclude-mapping path="/resources/**" />
            <mvc:exclude-mapping path="/#{T(cz.muni.ics.openid.connect.web.endpoint.JWKSetPublishingEndpoint).URL}**" />
-            <mvc:exclude-mapping path="/#{T(cz.muni.ics.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" />
+            <mvc:exclude-mapping path="/#{T(cz.muni.ics.discovery.DiscoveryEndpoint).WELL_KNOWN_URL}/**" />
            <mvc:exclude-mapping path="/#{T(cz.muni.ics.openid.connect.web.endpoint.ProtectedResourceRegistrationEndpoint).URL}/**" />
            <mvc:exclude-mapping path="/#{T(cz.muni.ics.openid.connect.web.endpoint.UserInfoEndpoint).URL}**" />
            <mvc:exclude-mapping path="/#{T(cz.muni.ics.openid.connect.web.controller.GuiController).API_URL}/**" />
@@ -60,21 +60,18 @@
            <mvc:exclude-mapping path="/#{T(cz.muni.ics.oauth2.web.endpoint.IntrospectionEndpoint).URL}**" />
            <mvc:exclude-mapping path="/#{T(cz.muni.ics.oauth2.web.endpoint.RevocationEndpoint).URL}**" />
            <mvc:exclude-mapping path="/#{T(cz.muni.ics.oauth2.web.endpoint.DynamicRegistrationEndpoint).URL}**" />
-            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.IsTestSpController).MAPPING}**" />
+            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.TestSpWarningController).MAPPING}**" />
            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.AupController).URL}**" />
-            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnapprovedController).UNAPPROVED_MAPPING}**" />
-            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnapprovedController).UNAPPROVED_AUTHORIZATION}**" />
-            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnapprovedController).UNAPPROVED_ENSURE_VO_MAPPING}**" />
-            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnapprovedController).UNAPPROVED_IS_ELIGIBLE_MAPPING}**" />
-            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnapprovedController).UNAPPROVED_NOT_IN_MANDATORY_VOS_GROUPS}**" />
-            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnapprovedController).UNAPPROVED_NOT_IN_PROD_VOS_GROUPS}**" />
-            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnapprovedController).UNAPPROVED_NOT_IN_TEST_VOS_GROUPS}**" />
-            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnapprovedController).UNAPPROVED_NOT_LOGGED_IN}**" />
-            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnapprovedController).UNAPPROVED_SPECIFIC_MAPPING}**" />
-            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnapprovedRegistrationController).REGISTRATION_CONTINUE_MAPPING}**" />
-            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnapprovedRegistrationController).REGISTRATION_FORM_MAPPING}**" />
-            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnapprovedRegistrationController).REGISTRATION_FORM_SUBMIT_MAPPING}**" />
-            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.RegistrationController).CONTINUE_DIRECT_MAPPING}**" />
+            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnauthorizedController).UNAUTHORIZED_MAPPING}**" />
+            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnauthorizedController).UNAUTHORIZED_REGISTER_CHOOSE_VO_GROUP_MAPPING}**" />
+            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnauthorizedController).UNAUTHORIZED_AUTHORIZATION_MAPPING}**" />
+            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnauthorizedController).UNAUTHORIZED_ENSURE_VO_MAPPING}**" />
+            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnauthorizedController).UNAUTHORIZED_ENSURE_VO_REDIRECT_NOTIFY_MAPPING}**" />
+            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnauthorizedController).UNAUTHORIZED_IS_ELIGIBLE_MAPPING}**" />
+            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnauthorizedController).UNAUTHORIZED_NOT_IN_ENV_VOS_GROUPS_MAPPING}**" />
+            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnauthorizedController).UNAUTHORIZED_NOT_LOGGED_IN_MAPPING}**" />
+            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnauthorizedController).UNAUTHORIZED_REGISTER_NOTIFY_ACTION_REQUIRED_MAPPING}**" />
+            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.PerunUnauthorizedController).UNAUTHORIZED_SPECIFIC_MAPPING}**" />
            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.LogoutController).MAPPING_SUCCESS}" />
            <mvc:exclude-mapping path="#{T(cz.muni.ics.oidc.web.controllers.LoginController).MAPPING_FAILURE}" />
            <mvc:exclude-mapping path="/saml**" />
@@ -87,7 +84,7 @@
            <mvc:exclude-mapping path="/token**"/>
            <mvc:exclude-mapping path="/resources/**" />
            <mvc:exclude-mapping path="/#{T(cz.muni.ics.openid.connect.web.endpoint.JWKSetPublishingEndpoint).URL}**" />
-            <mvc:exclude-mapping path="/#{T(cz.muni.ics.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" />
+            <mvc:exclude-mapping path="/#{T(cz.muni.ics.discovery.DiscoveryEndpoint).WELL_KNOWN_URL}/**" />
            <mvc:exclude-mapping path="/#{T(cz.muni.ics.oauth2.web.endpoint.DynamicRegistrationEndpoint).URL}**" />
            <mvc:exclude-mapping path="/#{T(cz.muni.ics.openid.connect.web.endpoint.ProtectedResourceRegistrationEndpoint).URL}/**" />
            <mvc:exclude-mapping path="/#{T(cz.muni.ics.openid.connect.web.endpoint.UserInfoEndpoint).URL}**" />
@@ -227,11 +224,11 @@
    </security:http>

    <!-- Well-known -->
-    <security:http pattern="/#{T(cz.muni.ics.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**"
+    <security:http pattern="/#{T(cz.muni.ics.discovery.DiscoveryEndpoint).WELL_KNOWN_URL}/**"
                   use-expressions="true"
                   entry-point-ref="http403EntryPoint"
                   create-session="stateless">
-        <security:intercept-url pattern="/#{T(cz.muni.ics.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" access="permitAll"/>
+        <security:intercept-url pattern="/#{T(cz.muni.ics.discovery.DiscoveryEndpoint).WELL_KNOWN_URL}/**" access="permitAll"/>
        <security:custom-filter ref="mdcFilter" before="FIRST"/>
        <security:custom-filter ref="logRequestFilter" after="FIRST"/>
        <security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />

--- a/perun-oidc-server-webapp/src/main/webapp/resources/js/reg_form_select.js
+++ b/perun-oidc-server-webapp/src/main/webapp/resources/js/reg_form_select.js
+const selectGroup = $(".selectGroup");
+
 function filter() {
  hideGroups();
-  $(".selectGroup").val("");
+  selectGroup.val("");
  const vo = $("#selectVo").val();
  if (vo !== "") {
    showGroups();
@@ -15,10 +17,14 @@ function filter() {
  }
 }
 function showGroups() {
-  $(".selectGroup").show();
+  selectGroup.show();
+  selectGroup.prop("required", true);
+  selectGroup.prop("disabled", false);
 }
 function hideGroups() {
-  $(".selectGroup").hide();
+  selectGroup.hide();
+  selectGroup.prop("required", false);
+  selectGroup.prop("disabled", true);
 }
 $(document).ready(function () {
  $("#selectVo").val("");

--- a/perun-oidc-server/pom.xml
+++ b/perun-oidc-server/pom.xml
@@ -22,7 +22,7 @@
 	<parent>
 		<groupId>cz.muni.ics</groupId>
 		<artifactId>perun-oidc-parent</artifactId>
-		<version>18.5.3</version>
+		<version>18.5.4</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>


--- a/perun-oidc-server/src/main/java/cz/muni/ics/data/AbstractPageOperationTemplate.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/data/AbstractPageOperationTemplate.java
@@ -15,6 +15,8 @@
 *******************************************************************************/
 package cz.muni.ics.data;

+import lombok.Getter;
+import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;

 import java.util.Collection;
@@ -29,6 +31,8 @@ import java.util.Set;
 * @author Colm Smyth.
 */
 @Slf4j
+@Getter
+@Setter
 public abstract class AbstractPageOperationTemplate<T> {

 	private static final int DEFAULT_MAX_PAGES = 1000;
@@ -39,44 +43,13 @@ public abstract class AbstractPageOperationTemplate<T> {
 	private boolean swallowExceptions = true;
 	private String operationName;

-	public AbstractPageOperationTemplate(String operationName){
+	protected AbstractPageOperationTemplate(String operationName){
 		this(DEFAULT_MAX_PAGES, DEFAULT_MAX_TIME_MILLIS, operationName);
 	}
-	public AbstractPageOperationTemplate(int maxPages, long maxTime, String operationName){
-		this.maxPages = maxPages;
-		this.maxTime = maxTime;
-		this.operationName = operationName;
-	}

-	public int getMaxPages() {
-		return maxPages;
-	}
-
-	public void setMaxPages(int maxPages) {
+	protected AbstractPageOperationTemplate(int maxPages, long maxTime, String operationName){
 		this.maxPages = maxPages;
-	}
-
-	public long getMaxTime() {
-		return maxTime;
-	}
-
-	public void setMaxTime(long maxTime) {
 		this.maxTime = maxTime;
-	}
-
-	public boolean isSwallowExceptions() {
-		return swallowExceptions;
-	}
-
-	public void setSwallowExceptions(boolean swallowExceptions) {
-		this.swallowExceptions = swallowExceptions;
-	}
-
-	public String getOperationName() {
-		return operationName;
-	}
-
-	public void setOperationName(String operationName) {
 		this.operationName = operationName;
 	}

@@ -88,7 +61,7 @@ public abstract class AbstractPageOperationTemplate<T> {
 	 * performing the operation on the item will be swallowed if the
 	 * swallowException (default true) field is set true.
 	 */
-	public void execute(){
+	public void execute() {
 		log.debug("[{}] Starting execution of paged operation. max time: {}, max pages: {}", getOperationName(), maxTime, maxPages);

 		long startTime = System.currentTimeMillis();
@@ -99,9 +72,9 @@ public abstract class AbstractPageOperationTemplate<T> {
 		int operationsCompleted = 0;
 		Set<String> exceptionsSwallowedClasses = new HashSet<>();

-		while (i < maxPages && executionTime < maxTime){
+		while (i < maxPages && executionTime < maxTime) {
 			Collection<T> page = fetchPage();
-			if (page == null || page.size() == 0){
+			if (page == null || page.isEmpty()){
 				break;
 			}


--- a/perun-oidc-server/src/main/java/cz/muni/ics/discovery/web/DiscoveryEndpoint.java
+++ b/perun-oidc-server/src/main/java/cz/muni/ics/discovery/web/DiscoveryEndpoint.java
@@ -15,15 +15,11 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *******************************************************************************/
-package cz.muni.ics.discovery.web;
+package cz.muni.ics.discovery;

-import com.google.common.base.Function;
-import com.google.common.base.Strings;
-import com.google.common.collect.Collections2;
 import com.google.common.collect.Lists;
 import com.nimbusds.jose.Algorithm;
 import com.nimbusds.jose.JWSAlgorithm;
-import cz.muni.ics.discovery.util.WebfingerURLNormalizer;
 import cz.muni.ics.jwt.encryption.service.JWTEncryptionAndDecryptionService;
 import cz.muni.ics.jwt.signer.service.JWTSigningAndValidationService;
 import cz.muni.ics.oauth2.model.PKCEAlgorithm;
@@ -34,28 +30,23 @@ import cz.muni.ics.oauth2.web.endpoint.DynamicRegistrationEndpoint;
 import cz.muni.ics.oauth2.web.endpoint.IntrospectionEndpoint;
 import cz.muni.ics.oauth2.web.endpoint.RevocationEndpoint;
 import cz.muni.ics.openid.connect.config.ConfigurationPropertiesBean;
-import cz.muni.ics.openid.connect.model.UserInfo;
 import cz.muni.ics.openid.connect.service.ScopeClaimTranslationService;
-import cz.muni.ics.openid.connect.view.HttpCodeView;
 import cz.muni.ics.openid.connect.view.JsonEntityView;
 import cz.muni.ics.openid.connect.web.endpoint.EndSessionEndpoint;
 import cz.muni.ics.openid.connect.web.endpoint.JWKSetPublishingEndpoint;
 import cz.muni.ics.openid.connect.web.endpoint.UserInfoEndpoint;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.MediaType;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.util.UriComponents;
-import org.springframework.web.util.UriComponentsBuilder;

 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
+import java.util.function.Function;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;

@@ -70,10 +61,8 @@ import java.util.stream.Stream;
 @Slf4j
 public class DiscoveryEndpoint {

-	public static final String WELL_KNOWN_URL = ".well-known";
-	public static final String OPENID_CONFIGURATION_URL = WELL_KNOWN_URL + "/openid-configuration";
-	public static final String WEBFINGER_URL = WELL_KNOWN_URL + "/webfinger";
-	private static final String ISSUER_STRING = "http://openid.net/specs/connect/1.0/issuer";
+	public static final String WELL_KNOWN_URL = ".well-known/openid-configuration";
+
 	private final ConfigurationPropertiesBean config;
 	private final SystemScopeService scopeService;

@@ -82,7 +71,6 @@ public class DiscoveryEndpoint {
 	private final JWTSigningAndValidationService signService;
 	private final JWTEncryptionAndDecryptionService encService;

-
 	// used to map JWA algorithms objects to strings
 	private final Function<Algorithm, String> toAlgorithmName = alg -> alg == null ? null : alg.getName();

@@ -101,54 +89,7 @@ public class DiscoveryEndpoint {
 		this.encService = encService;
 	}

-	@RequestMapping(value = '/' + WEBFINGER_URL, produces = MediaType.APPLICATION_JSON_VALUE)
-	public String webfinger(@RequestParam("resource") String resource,
-							@RequestParam(value = "rel", required = false) String rel,
-							Model model) {
-		if (!Strings.isNullOrEmpty(rel) && !rel.equals(ISSUER_STRING)) {
-			log.warn("Responding to webfinger request for non-OIDC relation: {}", rel);
-		}
-
-		if (!resource.equals(config.getIssuer())) {
-			// it's not the issuer directly, need to check other methods
-			UriComponents resourceUri = WebfingerURLNormalizer.normalizeResource(resource);
-			if (resourceUri != null
-					&& resourceUri.getScheme() != null
-					&& resourceUri.getScheme().equals("acct")) {
-				UserInfo user = extractUser(resourceUri);
-				if (user == null) {
-					log.info("User not found: {}", resource);
-					model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
-					return HttpCodeView.VIEWNAME;
-				}
-
-				UriComponents issuerComponents = UriComponentsBuilder.fromHttpUrl(config.getIssuer()).build();
-				if (!Strings.nullToEmpty(issuerComponents.getHost())
-					.equals(Strings.nullToEmpty(resourceUri.getHost()))) {
-					log.info("Host mismatch, expected " + issuerComponents.getHost() + " got " + resourceUri.getHost());
-					model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
-					return HttpCodeView.VIEWNAME;
-				}
-			} else {
-				log.info("Unknown URI format: " + resource);
-				model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND);
-				return HttpCodeView.VIEWNAME;
-			}
-		}
-
-		model.addAttribute("resource", resource);
-		model.addAttribute("issuer", config.getIssuer());
-
-		return "webfingerView";
-	}
-
-	private UserInfo extractUser(UriComponents resourceUri) {
-		String username = resourceUri.getUserInfo() + "@" + resourceUri.getHost();
-		//TODO: lookup username in Perun
-		return null;
-	}
-
-	@RequestMapping("/" + OPENID_CONFIGURATION_URL)
+	@RequestMapping("/" + WELL_KNOWN_URL)
 	public String providerConfiguration(Model model) {

 		/*
@@ -273,15 +214,19 @@ public class DiscoveryEndpoint {
 		String baseUrl = config.getIssuer(true);

 		signService.getAllSigningAlgsSupported();
-		Collection<JWSAlgorithm> clientSymmetricAndAsymmetricSigningAlgs = Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512,
+		Collection<Algorithm> clientSymmetricAndAsymmetricSigningAlgs = List.of(
+				JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512,
 				JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512,
 				JWSAlgorithm.ES256, JWSAlgorithm.ES384, JWSAlgorithm.ES512,
-				JWSAlgorithm.PS256, JWSAlgorithm.PS384, JWSAlgorithm.PS512);
-		Collection<Algorithm> clientSymmetricAndAsymmetricSigningAlgsWithNone = Lists.newArrayList(JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512,
+				JWSAlgorithm.PS256, JWSAlgorithm.PS384, JWSAlgorithm.PS512
+		);
+		Collection<Algorithm> clientSymmetricAndAsymmetricSigningAlgsWithNone = List.of(
+				JWSAlgorithm.HS256, JWSAlgorithm.HS384, JWSAlgorithm.HS512,
 				JWSAlgorithm.RS256, JWSAlgorithm.RS384, JWSAlgorithm.RS512,
 				JWSAlgorithm.ES256, JWSAlgorithm.ES384, JWSAlgorithm.ES512,
 				JWSAlgorithm.PS256, JWSAlgorithm.PS384, JWSAlgorithm.PS512,
-				Algorithm.NONE);
+				Algorithm.NONE
+		);
 		ArrayList<String> grantTypes = Lists.newArrayList(
 				"authorization_code",
 				"implicit",
@@ -311,22 +256,25 @@ public class DiscoveryEndpoint {
 				)
 		);
 		m.put("subject_types_supported", Lists.newArrayList("public"));
-		m.put("userinfo_signing_alg_values_supported", Collections2.transform(clientSymmetricAndAsymmetricSigningAlgs, toAlgorithmName));
-		m.put("userinfo_encryption_alg_values_supported", Collections2.transform(encService.getAllEncryptionAlgsSupported(), toAlgorithmName));
-		m.put("userinfo_encryption_enc_values_supported", Collections2.transform(encService.getAllEncryptionEncsSupported(), toAlgorithmName));
-		m.put("id_token_signing_alg_values_supported", Collections2.transform(clientSymmetricAndAsymmetricSigningAlgsWithNone, toAlgorithmName));
-		m.put("id_token_encryption_alg_values_supported", Collections2.transform(encService.getAllEncryptionAlgsSupported(), toAlgorithmName));
-		m.put("id_token_encryption_enc_values_supported", Collections2.transform(encService.getAllEncryptionEncsSupported(), toAlgorithmName));
-		m.put("request_object_signing_alg_values_supported", Collections2.transform(clientSymmetricAndAsymmetricSigningAlgs, toAlgorithmName));
-		m.put("request_object_encryption_alg_values_supported", Collections2.transform(encService.getAllEncryptionAlgsSupported(), toAlgorithmName));
-		m.put("request_object_encryption_enc_values_supported", Collections2.transform(encService.getAllEncryptionEncsSupported(), toAlgorithmName));
-		m.put("token_endpoint_auth_methods_supported", Lists.newArrayList(
+		m.put("userinfo_signing_alg_values_supported", toAlgNames(clientSymmetricAndAsymmetricSigningAlgs));
+		m.put("userinfo_encryption_alg_values_supported", toAlgNames(encService.getAllEncryptionAlgsSupported()));
+		m.put("userinfo_encryption_enc_values_supported", toAlgNames(encService.getAllEncryptionEncsSupported()));
+		m.put("id_token_signing_alg_values_supported", toAlgNames(clientSymmetricAndAsymmetricSigningAlgsWithNone));
+		m.put("id_token_encryption_alg_values_supported", toAlgNames(encService.getAllEncryptionAlgsSupported()));
+		m.put("id_token_encryption_enc_values_supported", toAlgNames(encService.getAllEncryptionEncsSupported()));
+		m.put("request_object_signing_alg_values_supported", toAlgNames(clientSymmetricAndAsymmetricSigningAlgs));
+		m.put("request_object_encryption_alg_values_supported", toAlgNames(encService.getAllEncryptionAlgsSupported()));
+		m.put("request_object_encryption_enc_values_supported", toAlgNames(encService.getAllEncryptionEncsSupported()));
+		m.put("token_endpoint_auth_methods_supported",
+			List.of(
 				AuthMethod.SECRET_BASIC.getValue(), AuthMethod.SECRET_POST.getValue(), AuthMethod.NONE.getValue()
-				)
+			)
+		);
+		m.put("token_endpoint_auth_signing_alg_values_supported", toAlgNames(clientSymmetricAndAsymmetricSigningAlgs));
+		m.put("claim_types_supported", List.of("normal"));
+		m.put("claims_supported",
+			scopeTranslationService.getClaimsForScopeSet(scopeService.toStrings(scopeService.getAll()))
 		);
-		m.put("token_endpoint_auth_signing_alg_values_supported", Collections2.transform(clientSymmetricAndAsymmetricSigningAlgs, toAlgorithmName));
-		m.put("claim_types_supported", Lists.newArrayList("normal"));
-		m.put("claims_supported", scopeTranslationService.getClaimsForScopeSet(scopeService.toStrings(scopeService.getAll())));
 		m.put("claims_parameter_supported", false);
 		m.put("request_parameter_supported", true);
 		m.put("request_uri_parameter_supported", false);
@@ -346,4 +294,8 @@ public class DiscoveryEndpoint {
 		return JsonEntityView.VIEWNAME;
 	}

+	private List<String> toAlgNames(Collection<? extends Algorithm> algs) {
+		return algs.stream().map(toAlgorithmName).collect(Collectors.toList());
+	}
+
 }
No results found