v29.0.1

README.md

@@ -52,7 +52,7 @@ or use docker compose:
 
 ```console
 $ mvn clean install -pl idp-server -am -Dskip.unittests -Dskip.inttests
-$ export appVersion=28.0.2
+$ export appVersion=29.0.1
 $ export serverLoglevel=info (default)
 $ docker-compose --project-name myidp -f docker-compose-ref.yml up -d
 ```
@@ -70,7 +70,8 @@ modify entries in the scopesConfiguration section of the idp-server's applicatio
 
 ### Configuration of Server URL
 
-The URL of the idp-server is required for many fields inside the discovery document of the server. For example, the authorization endpoint:
+The URL of the idp-server is required for many fields inside the discovery document of the server. For example, the
+authorization endpoint:
 
 ```
 {

ReleaseNotes.md

@@ -1,3 +1,10 @@
+# Release 29.0.1
+
+- Java 21
+- switch to docker base image eclipse-temurin:21-jre
+- replace hard coded values for ACR/AMR in access and id token with dynamic values by reading them from authentication
+  token
+
 # Release 28.0.2
 
 - update dependencies (unirest-java -> unirest-java-core)

idp-client/pom.xml

@@ -7,13 +7,13 @@
   <parent>
     <groupId>de.gematik.idp</groupId>
     <artifactId>idp-global</artifactId>
-    <version>28.0.2</version>
+    <version>29.0.1</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
   <groupId>de.gematik.idp</groupId>
   <artifactId>idp-client</artifactId>
 
-  <version>28.0.2</version>
+  <version>29.0.1</version>
   <packaging>jar</packaging>
 
   <dependencies>

idp-commons/pom.xml

@@ -6,12 +6,12 @@
   <parent>
     <groupId>de.gematik.idp</groupId>
     <artifactId>idp-global</artifactId>
-    <version>28.0.2</version>
+    <version>29.0.1</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
   <artifactId>idp-commons</artifactId>
 
-  <version>28.0.2</version>
+  <version>29.0.1</version>
 
   <dependencies>
 
@@ -77,7 +77,7 @@
     <dependency>
       <groupId>commons-codec</groupId>
       <artifactId>commons-codec</artifactId>
-      <version>1.17.0</version>
+      <version>1.17.1</version>
     </dependency>
     <dependency>
       <groupId>com.konghq</groupId>

idp-commons/src/main/java/de/gematik/idp/IdpConstants.java

@@ -33,6 +33,7 @@ public final class IdpConstants {
   public static final String THIRD_PARTY_ENDPOINT = "/extauth";
   public static final String DEFAULT_SERVER_URL = "https://idp.dev.gematik.solutions";
   public static final String EIDAS_LOA_HIGH = "gematik-ehealth-loa-high";
+  public static final String EIDAS_LOA_SUBSTANTIAL = "gematik-ehealth-loa-substantial";
   public static final int JTI_LENGTH = 16;
   public static final String AMR_FAST_TRACK = "mfa";
 

idp-commons/src/main/java/de/gematik/idp/token/AccessTokenBuilder.java

@@ -16,6 +16,7 @@
 
 package de.gematik.idp.token;
 
+import static de.gematik.idp.IdpConstants.EIDAS_LOA_HIGH;
 import static de.gematik.idp.IdpConstants.EREZEPT;
 import static de.gematik.idp.IdpConstants.OPENID;
 import static de.gematik.idp.IdpConstants.PAIRING;
@@ -110,7 +111,9 @@ public JsonWebToken buildAccessToken(final JsonWebToken authenticationToken) {
 
     claimsMap.put(ISSUED_AT.getJoseName(), now.toEpochSecond());
     claimsMap.put(ISSUER.getJoseName(), issuerUrl);
-    claimsMap.put(AUTHENTICATION_CLASS_REFERENCE.getJoseName(), IdpConstants.EIDAS_LOA_HIGH);
+    claimsMap.put(
+        AUTHENTICATION_CLASS_REFERENCE.getJoseName(),
+        authenticationToken.getBodyClaim(AUTHENTICATION_CLASS_REFERENCE).orElse(EIDAS_LOA_HIGH));
     claimsMap.put(
         AUDIENCE.getJoseName(),
         determineAudienceBasedOnScope(authenticationToken.getScopesBodyClaim()));

idp-commons/src/main/java/de/gematik/idp/token/IdTokenBuilder.java

@@ -16,6 +16,7 @@
 
 package de.gematik.idp.token;
 
+import static de.gematik.idp.IdpConstants.EIDAS_LOA_HIGH;
 import static de.gematik.idp.IdpConstants.EREZEPT;
 import static de.gematik.idp.field.ClaimName.ACCESS_TOKEN_HASH;
 import static de.gematik.idp.field.ClaimName.AUDIENCE;
@@ -114,7 +115,9 @@ public JsonWebToken buildIdToken(
             .getBodyClaim(AUTHENTICATION_METHODS_REFERENCE)
             .or(() -> accessToken.getBodyClaim(AUTHENTICATION_METHODS_REFERENCE))
             .orElseThrow());
-    claimsMap.put(AUTHENTICATION_CLASS_REFERENCE.getJoseName(), IdpConstants.EIDAS_LOA_HIGH);
+    claimsMap.put(
+        AUTHENTICATION_CLASS_REFERENCE.getJoseName(),
+        authenticationToken.getBodyClaim(AUTHENTICATION_CLASS_REFERENCE).orElse(EIDAS_LOA_HIGH));
     claimsMap.put(ACCESS_TOKEN_HASH.getJoseName(), atHashValue);
     claimsMap.put(
         SUBJECT.getJoseName(),

idp-crypto/pom.xml

@@ -6,12 +6,12 @@
   <parent>
     <groupId>de.gematik.idp</groupId>
     <artifactId>idp-global</artifactId>
-    <version>28.0.2</version>
+    <version>29.0.1</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 
   <artifactId>idp-crypto</artifactId>
-  <version>28.0.2</version>
+  <version>29.0.1</version>
 
   <dependencies>
     <dependency>

idp-crypto/src/main/java/de/gematik/idp/crypto/KeyUtility.java

@@ -54,7 +54,9 @@ public static PublicKey readX509PublicKey(final File pemFile) {
 
   private static BCECPublicKey convertToBCECPublicKey(
       final SubjectPublicKeyInfo subjectPublicKeyInfo)
-      throws PEMException, NoSuchAlgorithmException, NoSuchProviderException,
+      throws PEMException,
+          NoSuchAlgorithmException,
+          NoSuchProviderException,
           InvalidKeySpecException {
     // Convert SubjectPublicKeyInfo to PublicKey
     final JcaPEMKeyConverter converter = new JcaPEMKeyConverter();

idp-report/pom.xml

@@ -6,7 +6,7 @@
   <parent>
     <groupId>de.gematik.idp</groupId>
     <artifactId>idp-global</artifactId>
-    <version>28.0.2</version>
+    <version>29.0.1</version>
   </parent>
   <artifactId>idp-report</artifactId>
 

idp-sektoral/pom.xml

@@ -7,12 +7,12 @@
   <parent>
     <groupId>de.gematik.idp</groupId>
     <artifactId>idp-global</artifactId>
-    <version>28.0.2</version>
+    <version>29.0.1</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 
   <artifactId>idp-sektoral</artifactId>
-  <version>28.0.2</version>
+  <version>29.0.1</version>
   <packaging>jar</packaging>
 
   <properties>

idp-server/pom.xml

@@ -7,19 +7,19 @@
   <parent>
     <groupId>de.gematik.idp</groupId>
     <artifactId>idp-global</artifactId>
-    <version>28.0.2</version>
+    <version>29.0.1</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 
   <artifactId>idp-server</artifactId>
-  <version>28.0.2</version>
+  <version>29.0.1</version>
   <packaging>jar</packaging>
 
   <properties>
     <commit_hash>undefined</commit_hash>
     <version.jaxb-api>2.4.0-b180830.0359</version.jaxb-api>
     <version.jaxb-impl>4.0.5</version.jaxb-impl>
-    <version.tiger-rbel>3.1.1</version.tiger-rbel>
+    <version.tiger-rbel>3.1.3</version.tiger-rbel>
   </properties>
 
   <dependencies>
@@ -60,7 +60,7 @@
     <dependency>
       <groupId>org.springdoc</groupId>
       <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
-      <version>2.5.0</version>
+      <version>2.6.0</version>
     </dependency>
 
     <dependency>
@@ -136,7 +136,7 @@
     <dependency>
       <groupId>org.modelmapper</groupId>
       <artifactId>modelmapper</artifactId>
-      <version>3.2.0</version>
+      <version>3.2.1</version>
     </dependency>
     <dependency>
       <groupId>com.mysql</groupId>
@@ -145,7 +145,7 @@
     <dependency>
       <groupId>org.wiremock</groupId>
       <artifactId>wiremock-standalone</artifactId>
-      <version>3.7.0</version>
+      <version>3.9.1</version>
       <scope>test</scope>
     </dependency>
     <dependency>

idp-server/src/main/docker/Dockerfile

@@ -1,4 +1,4 @@
-FROM eclipse-temurin:17-jre
+FROM eclipse-temurin:21-jre
 
 ARG COMMIT_HASH
 ARG VERSION

idp-test/pom.xml

@@ -6,18 +6,18 @@
   <parent>
     <groupId>de.gematik.idp</groupId>
     <artifactId>idp-global</artifactId>
-    <version>28.0.2</version>
+    <version>29.0.1</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
   <artifactId>idp-test</artifactId>
-  <version>28.0.2</version>
+  <version>29.0.1</version>
 
   <dependencies>
     <dependency>
       <groupId>org.junit.jupiter</groupId>
       <!--version depends on spring-boot-->
       <artifactId>junit-jupiter-engine</artifactId>
-      <version>5.10.2</version>
+      <version>5.10.3</version>
     </dependency>
     <dependency>
       <groupId>commons-io</groupId>

idp-testsuite/pom.xml

@@ -6,28 +6,28 @@
 
   <groupId>de.gematik.idp</groupId>
   <artifactId>idp-testsuite</artifactId>
-  <version>28.0.2</version>
+  <version>29.0.1</version>
   <packaging>jar</packaging>
 
   <properties>
     <idp-server.spring.profile>idp</idp-server.spring.profile>
     <sektoral-idp.spring.profile>sektoralIdp</sektoral-idp.spring.profile>
     <version.build-helper-maven-plugin>3.6.0</version.build-helper-maven-plugin>
-    <version.commons-lang3>3.14.0</version.commons-lang3>
+    <version.commons-lang3>3.15.0</version.commons-lang3>
     <version.maven-compiler-plugin>3.13.0</version.maven-compiler-plugin>
     <version.copy-rename-maven-plugin>1.0.1</version.copy-rename-maven-plugin>
-    <version.java>17</version.java>
+    <java.version>21</java.version>
     <version.json>20240303</version.json>
     <version.maven-clean-plugin>3.4.0</version.maven-clean-plugin>
-    <version.maven-failsafe-plugin>3.3.0</version.maven-failsafe-plugin>
+    <version.maven-failsafe-plugin>3.3.1</version.maven-failsafe-plugin>
     <version.maven-jar-plugin>3.4.2</version.maven-jar-plugin>
-    <version.maven-javadoc-plugin>3.7.0</version.maven-javadoc-plugin>
+    <version.maven-javadoc-plugin>3.8.0</version.maven-javadoc-plugin>
     <version.maven-resources-plugin>3.3.1</version.maven-resources-plugin>
     <version.maven-source-plugin>3.3.1</version.maven-source-plugin>
-    <version.maven-surefire-plugin>3.3.0</version.maven-surefire-plugin>
-    <version.rest-assured>5.4.0</version.rest-assured>
+    <version.maven-surefire-plugin>3.3.1</version.maven-surefire-plugin>
+    <version.rest-assured>5.5.0</version.rest-assured>
     <version.slf4j-api>2.0.13</version.slf4j-api>
-    <version.tiger>3.1.1</version.tiger>
+    <version.tiger>3.1.3</version.tiger>
   </properties>
 
   <dependencyManagement>
@@ -88,7 +88,7 @@
     <dependency>
       <groupId>org.projectlombok</groupId>
       <artifactId>lombok</artifactId>
-      <version>1.18.32</version>
+      <version>1.18.34</version>
       <scope>provided</scope>
     </dependency>
     <dependency>
@@ -99,7 +99,7 @@
     <dependency>
       <groupId>org.skyscreamer</groupId>
       <artifactId>jsonassert</artifactId>
-      <version>1.5.1</version>
+      <version>1.5.3</version>
       <scope>test</scope>
     </dependency>
     <dependency>
@@ -169,7 +169,7 @@
     <dependency>
       <groupId>org.junit.vintage</groupId>
       <artifactId>junit-vintage-engine</artifactId>
-      <version>5.10.2</version>
+      <version>5.10.3</version>
       <scope>test</scope>
     </dependency>
   </dependencies>
@@ -182,15 +182,15 @@
           <version>${version.maven-compiler-plugin}</version>
           <configuration>
             <encoding>UTF-8</encoding>
-            <source>17</source>
-            <target>17</target>
+            <source>${java.version}</source>
+            <target>${java.version}</target>
             <debug>true</debug>
             <parameters>true</parameters>
           </configuration>
         </plugin>
         <plugin>
           <artifactId>maven-failsafe-plugin</artifactId>
-          <version>3.3.0</version>
+          <version>3.3.1</version>
           <configuration>
             <includes>
               <include>**/Driver*.java</include>