OpenIdentityPlatform · maximthomas · Jul 11, 2025 · Jul 9, 2025 · Jul 9, 2025 · Jul 10, 2025
diff --git a/openidm-jetty-fragment/pom.xml b/openidm-jetty-fragment/pom.xml
@@ -13,6 +13,7 @@
  ~ information: "Portions copyright [year] [name of copyright owner]".
  ~
  ~ Copyright 2011-2016 ForgeRock AS.
+ ~ Portions copyright 2025 3A Systems LLC.
   -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
@@ -56,6 +57,14 @@
             <groupId>org.apache.felix</groupId>
             <artifactId>org.apache.felix.framework</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.osgi</groupId>
+            <artifactId>org.osgi.service.http.whiteboard</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.felix</groupId>
+            <artifactId>org.apache.felix.http.servlet-api</artifactId>
+        </dependency>
 
         <!-- Test Dependencies -->
         <dependency>

diff --git a/openidm-zip/src/main/resources/conf/jetty.xml b/openidm-zip/src/main/resources/conf/jetty.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0"?>
-<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_0.dtd">
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
 <!--
     ~ The contents of this file are subject to the terms of the Common Development and
     ~ Distribution License (the License). You may not use this file except in compliance with the
@@ -14,6 +14,7 @@
     ~ information: "Portions copyright [year] [name of copyright owner]".
     ~
     ~ Copyright 2015-2016 ForgeRock AS.
+    ~ Portions copyright 2025 3A Systems LLC.
 -->
 <Configure id="Server" class="org.eclipse.jetty.server.Server">
 
@@ -127,9 +128,29 @@
         <Item>TLS_ECDHE_RSA_WITH_RC4_128_SHA</Item>
         -->
 
+        <Item>TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</Item>
+        <Item>TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</Item>
+        <Item>TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</Item>
+        <Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</Item>
+        <Item>TLS_DHE_RSA_WITH_AES_256_CBC_SHA</Item>
+        <Item>TLS_DHE_DSS_WITH_AES_256_CBC_SHA</Item>
+        <Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA</Item>
+        <Item>TLS_DHE_DSS_WITH_AES_128_CBC_SHA</Item>
+        <Item>TLS_RSA_WITH_AES_256_GCM_SHA384</Item>
+        <Item>TLS_RSA_WITH_AES_128_GCM_SHA256</Item>
+        <Item>TLS_RSA_WITH_AES_256_CBC_SHA256</Item>
+        <Item>TLS_RSA_WITH_AES_128_CBC_SHA256</Item>
+        <Item>TLS_RSA_WITH_AES_256_CBC_SHA</Item>
+        <Item>TLS_RSA_WITH_AES_128_CBC_SHA</Item>
+
+        <Item>TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA</Item>
+        <Item>TLS_ECDH_RSA_WITH_AES_256_CBC_SHA</Item>
+        <Item>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA</Item>
+        <Item>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA</Item>
+
     </Array>
 
-    <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+    <New id="sslContextFactory" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
         <Set name="keyStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="keystoreLocation"/></Set>
         <Set name="keyStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="keystorePassword"/></Set>
         <Set name="keyStoreType"><Get class="org.forgerock.openidm.jetty.Param" name="keystoreType"/></Set>
@@ -138,7 +159,9 @@
         <Set name="trustStoreType"><Get class="org.forgerock.openidm.jetty.Param" name="truststoreType"/></Set>
         <Set name="trustStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="truststoreLocation"/></Set>
         <Set name="trustStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="truststorePassword"/></Set>
-        <Set name="wantClientAuth">true</Set>
+        <Set name="WantClientAuth">
+            <Property name="jetty.sslContext.wantClientAuth" deprecated="jetty.ssl.wantClientAuth" default="true"/>
+        </Set>
         <Set name="certAlias"><Get class="org.forgerock.openidm.jetty.Param" name="certAlias"/></Set>
         <Set name="ExcludeProtocols">
             <Array type="java.lang.String">
@@ -150,7 +173,7 @@
         </Set>
     </New>
 
-    <New id="sslContextFactoryMutualAuth" class="org.eclipse.jetty.util.ssl.SslContextFactory">
+    <New id="sslContextFactoryMutualAuth" class="org.eclipse.jetty.util.ssl.SslContextFactory$Server">
         <Set name="keyStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="keystoreLocation"/></Set>
         <Set name="keyStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="keystorePassword"/></Set>
         <Set name="keyStoreType"><Get class="org.forgerock.openidm.jetty.Param" name="keystoreType"/></Set>
@@ -159,7 +182,9 @@
         <Set name="trustStoreType"><Get class="org.forgerock.openidm.jetty.Param" name="truststoreType"/></Set>
         <Set name="trustStorePath"><Get class="org.forgerock.openidm.jetty.Param" name="truststoreLocation"/></Set>
         <Set name="trustStorePassword"><Get class="org.forgerock.openidm.jetty.Param" name="truststorePassword"/></Set>
-        <Set name="needClientAuth">true</Set>
+        <Set name="NeedClientAuth">
+            <Property name="jetty.sslContext.needClientAuth" deprecated="jetty.ssl.needClientAuth" default="true"/>
+        </Set>
         <Set name="certAlias"><Get class="org.forgerock.openidm.jetty.Param" name="certAlias"/></Set>
         <Set name="ExcludeProtocols">
             <Array type="java.lang.String">
@@ -171,6 +196,16 @@
         </Set>
     </New>
 
+    <Get id="OrigHandler" name="handler" />
+
+    <Set name="handler">
+        <New id="GzipHandler" class="org.eclipse.jetty.server.handler.gzip.GzipHandler">
+            <Set name="handler">
+                <Ref refid="OrigHandler" />
+            </Set>
+        </New>
+    </Set>
+
     <Call name="addConnector">
         <Arg>
             <New class="org.eclipse.jetty.server.ServerConnector">

diff --git a/openidm-zip/src/main/resources/conf/servletfilter-gzip.json b/openidm-zip/src/main/resources/conf/servletfilter-gzip.json
diff --git a/pom.xml b/pom.xml
@@ -13,7 +13,7 @@
   ~ information: "Portions copyright [year] [name of copyright owner]".
   ~
   ~ Copyright 2011-2016 ForgeRock AS.
-  ~ Portions Copyrighted 2019-2024 3A Systems LLC.
+  ~ Portions copyright 2019-2025 3A Systems LLC.
   -->
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <modelVersion>4.0.0</modelVersion>
@@ -120,7 +120,7 @@
         <javascript.maven.plugin.version>2.0.0-alpha-1</javascript.maven.plugin.version>
         <joda-time.version>2.9.4</joda-time.version>
         <h2.version>2.2.220</h2.version>
-        <paxweb.version>4.4.2</paxweb.version>
+        <paxweb.version>7.4.6</paxweb.version>
         <javax.inject.version>1_2</javax.inject.version>
         <xbean.version>4.5</xbean.version>
         <asm.version>5.0.4</asm.version>
@@ -137,6 +137,7 @@
         <osgi.promise.version>1.1.1</osgi.promise.version>
         <osgi.function.version>1.1.0</osgi.function.version>
         <osgi.pushstream.version>1.0.1</osgi.pushstream.version>
+        <osgi.whiteboard.version>1.1.0</osgi.whiteboard.version>
 
         <felix.framework.version>6.0.5</felix.framework.version>
         <felix.configadmin.version>1.9.18</felix.configadmin.version>
@@ -156,6 +157,7 @@
         <felix.webconsole.memoryusage.version>1.0.10</felix.webconsole.memoryusage.version>
         <felix.webconsole.obr.version>1.0.4</felix.webconsole.obr.version>
         <felix.webconsole.packageadmin.version>1.0.4</felix.webconsole.packageadmin.version>
+        <felix.servlet.version>1.1.2</felix.servlet.version>
 
         <!-- Site properties -->
         <siteDistributionURL>scp://community.internal.forgerock.com/var/www/vhosts/openidm.forgerock.org/httpdocs</siteDistributionURL>
@@ -476,7 +478,11 @@
                 <artifactId>org.osgi.util.pushstream</artifactId>
                 <version>${osgi.pushstream.version}</version>
             </dependency>
-
+            <dependency>
+                <groupId>org.osgi</groupId>
+                <artifactId>org.osgi.service.http.whiteboard</artifactId>
+                <version>${osgi.whiteboard.version}</version>
+            </dependency>
             <dependency>
                 <groupId>org.apache.felix</groupId>
                 <artifactId>org.apache.felix.framework</artifactId>
@@ -603,6 +609,12 @@
                 <version>${felix.scr.version}</version>
             </dependency>
 
+            <dependency>
+                <groupId>org.apache.felix</groupId>
+                <artifactId>org.apache.felix.http.servlet-api</artifactId>
+                <version>${felix.servlet.version}</version>
+            </dependency>
+
             <!-- Quartz based scheduler OSGi bundle.
                  This version wraps the original jar which is not a bundle
             -->