Change ServiceResolver.java so that CDSSO becomes the default.
This would be the hottest topic at the moment... unfortunately everything else is pretty hot too.
(also these two which are basically the same thing...)
Replicate the Web Agents redirect behaviour in the Java Agents.
Another two hot topics, which when taken together actually prevent the writing of Unit Tests:
Further PLL-endpoint removal is required:
Redirect to a separate website on logout, J2EE PA would concatenate <logout URL> + <logout entry URI>
Infinite redirect loop between Agent and OpenAM. I have seen this happen many times. Could have a cookie containing a counter which is passed back and forth and break out when the counter gets past a certain limit.
It doesn't fix the core problem though (lack of cookie from OpenAM).
Possibly add in a configurable endpoint to give an agent status. Would have to figure out what to put on the status page - probably as much as possible. This was to be the subject of a hackday, but hasn't happened yet.
- Check on Agent Logout (agent calls logout endpoint and invalidates cache entries) and OIDC
- How the agent handles (or doesn't handle) advice(s)
- Remote auditing especially in client.PolicyEvaluator logAccessMessage
- Remote logging
- Strip the SDK Cache out of the AgentCache
- Alex security scan reports
- The Crypto that the agent uses is out of date (SHA-1)
- Failover and autonomous servers
- Continuous security
- PolicyDecisionDelegator getResponseDecisions must use the OpenAM REST endpoint to get the profile attributes
- Cache SSOValidationResult objects and fill them with wonderful things like the profile attributes and session properties
- Guice Provider cleanup