Prepare release 2.3.8

oc-sso-notificatie/src/main/java/nl/kennisnet/services/web/controller/SsoNotificationController.java

@@ -81,9 +81,11 @@ public class SsoNotificationController {
 
     private static final String SSONOT_FAILED = "SSONOT_FAILED";
 
+    private static final String SSONOT_INITIATED = "SSONOT_INITIATED";
+
     private static final String SSONOT_REDIRECT = "SSONOT_REDIRECT";
 
-    private static final String SSONOT_SUCCESS= "SSONOT_SUCCESS";
+    private static final String SSONOT_SUCCESS = "SSONOT_SUCCESS";
 
     /** The name of the SSO Cookie notification ({@value}) */
     public static final String COOKIE_NOTIFICATION = "ssonot";
@@ -128,11 +130,14 @@ public void processSsoNotification(@RequestParam(required = false) String id,
                                        HttpServletRequest request, HttpServletResponse response)
             throws IOException {
 
+        // Add IdP id to logback and set the MDC event to INITIATE
+        MDC.put(IDP, String.valueOf(id));
+        MDC.put(EVENT, SSONOT_INITIATED);
+
         LOGGER.info("Request received with id ('{}') url ('{}') redirectUri ('{}') referrer ('{}') realm ('{}') " +
                 "notificationCookie ('{}')", id, url, redirectUri, referrer, realm, notificationCookie);
 
-        // Add IdP id to logback and set default to failed
-        MDC.put(IDP, String.valueOf(id));
+        // Set default MDC event to FAILED
         MDC.put(EVENT, SSONOT_FAILED);
 
         List<IdP> remoteSsoNotifications = idPProvider.getAllSsoNotifications();
@@ -157,7 +162,8 @@ public void processSsoNotification(@RequestParam(required = false) String id,
 
         URL createdUrl = determineAndVerifyURL(idp, url, referrer);
 
-        // Set notification cookie
+        // Put the MDC event to SUCCESS and place notification cookie
+        MDC.put(EVENT, SSONOT_SUCCESS);
         LOGGER.info("Setting notification Cookie ('{}') for id ('{}') with url ('{}') and realm ('{}')",
                 COOKIE_NOTIFICATION, id, createdUrl, realm);
 
@@ -171,7 +177,6 @@ public void processSsoNotification(@RequestParam(required = false) String id,
             response.sendRedirect(redirectUri);
             return;
         }
-        MDC.put(EVENT, SSONOT_SUCCESS);
         EVENT_LOGGER.info("Finished without redirecting");
     }
 

pom.xml

@@ -41,15 +41,15 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.5.6</version>
+        <version>3.5.7</version>
     </parent>
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <java.version>17</java.version>
         <doxia-module-markdown.version>1.5</doxia-module-markdown.version>
         <jacoco.version>0.8.13</jacoco.version>
-        <dependency-check-maven.version>12.1.6</dependency-check-maven.version>
+        <dependency-check-maven.version>12.1.9</dependency-check-maven.version>
         <logback-ecs-encoder.version>1.7.0</logback-ecs-encoder.version>
         <logback.encoder.version>7.4</logback.encoder.version>
         <maven-project-info-reports-plugin.version>2.8</maven-project-info-reports-plugin.version>
@@ -194,17 +194,25 @@
             <email>Kok.Stephan@kpmg.nl</email>
         </developer>
         <developer>
-            <id>mutlu01</id>
-            <name>Aram Mutlu</name>
+            <id>schaafsma01</id>
+            <name>Donovan Schaafsma</name>
             <organization>KPMG Advisory N.V.</organization>
             <roles>
                 <role>Developer</role>
             </roles>
-            <email>Mutlu.Aram@kpmg.nl</email>
+            <email>Schaafsma.Donovan@kpmg.nl</email>
         </developer>
     </developers>
 
     <contributors>
+        <contributor>
+            <name>Aram Mutlu</name>
+            <organization>KPMG Advisory N.V.</organization>
+            <roles>
+                <role>Developer</role>
+            </roles>
+            <email>Mutlu.Aram@kpmg.nl</email>
+        </contributor>
         <contributor>
             <name>Vincent Jong</name>
             <organization>KPMG Advisory N.V.</organization>

release/pom.xml

@@ -31,7 +31,7 @@
     <properties>
         <!-- A list of all the previous versions in reverse order, separated by a comma separator -->
         <!-- The current version is automatically added in the release-notes-all overview. -->
-        <versions>2.3.7,2.3.6,2.3.5,2.3.4,2.3.3,2.3.2,2.3.1,2.3.0,2.2.1,2.2.0,2.1.1,2.1.0,2.0.6,2.0.5,2.0.4,2.0.3,2.0.2,2.0.1,1.0.0</versions>
+        <versions>2.3.8,2.3.7,2.3.6,2.3.5,2.3.4,2.3.3,2.3.2,2.3.1,2.3.0,2.2.1,2.2.0,2.1.1,2.1.0,2.0.6,2.0.5,2.0.4,2.0.3,2.0.2,2.0.1,1.0.0</versions>
     </properties>
 
     <dependencies>

release/src/site/markdown/docs/2.3.8/release-notes.md

@@ -0,0 +1,24 @@
+# OC SSO Notification Service - Release Notes
+
+| Field                     | Value                       |
+|:--------------------------|:----------------------------|
+| Application               | OC SSO Notification Service |
+| Version                   | 2.3.8                       |
+| Changes since version     | 2.3.7                       |
+| Release date              | 18-11-2025 (dd-mm-yyyy)     |
+| Delivery type             | Full release                |
+
+## Changes
+
+| #        | Description                                                   |
+|:---------|:--------------------------------------------------------------|
+| ENT-5279 | SSO notification seems to log 'SSONOT_FAILED' when successful |
+| ENT-5318 | Build release OC SSO Notification 2.3.8                       |
+
+## Configuration changes
+
+None.
+
+## Known vulnerabilities
+
+At the time of release, this version of the application had no known vulnerabilities with a CVE of 7 or higher.