merge

broker/core/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

broker/core/src/main/java/org/keycloak/broker/provider/IdentityProvider.java

@@ -36,7 +36,7 @@ import javax.ws.rs.core.UriInfo;
  */
 public interface IdentityProvider<C extends IdentityProviderModel> extends Provider {
 
-    public interface AuthenticationCallback {
+    interface AuthenticationCallback {
         /**
          * This method should be called by provider after the JAXRS callback endpoint has finished authentication
          * with the remote IDP
@@ -44,7 +44,11 @@ public interface IdentityProvider<C extends IdentityProviderModel> extends Provi
          * @param context
          * @return
          */
-        public Response authenticated(BrokeredIdentityContext context);
+        Response authenticated(BrokeredIdentityContext context);
+
+        Response cancelled(String code);
+
+        Response error(String code, String message);
     }
 
 

broker/oidc/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

broker/oidc/src/main/java/org/keycloak/broker/oidc/AbstractOAuth2IdentityProvider.java

@@ -58,6 +58,7 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
     public static final String FEDERATED_ACCESS_TOKEN = "FEDERATED_ACCESS_TOKEN";
     public static final String FEDERATED_REFRESH_TOKEN = "FEDERATED_REFRESH_TOKEN";
     public static final String FEDERATED_TOKEN_EXPIRATION = "FEDERATED_TOKEN_EXPIRATION";
+    public static final String ACCESS_DENIED = "access_denied";
     protected static ObjectMapper mapper = new ObjectMapper();
 
     public static final String OAUTH2_PARAMETER_ACCESS_TOKEN = "access_token";
@@ -213,9 +214,11 @@ public abstract class AbstractOAuth2IdentityProvider<C extends OAuth2IdentityPro
                                      @QueryParam(OAuth2Constants.ERROR) String error) {
             if (error != null) {
                 //logger.error("Failed " + getConfig().getAlias() + " broker login: " + error);
-                event.event(EventType.LOGIN);
-                event.error(error);
-                return ErrorPage.error(session, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR);
+                if (error.equals(ACCESS_DENIED)) {
+                    return callback.cancelled(state);
+                } else {
+                    return callback.error(state, Messages.IDENTITY_PROVIDER_UNEXPECTED_ERROR);
+                }
             }
 
             try {

broker/oidc/src/main/java/org/keycloak/broker/oidc/OIDCIdentityProvider.java

@@ -19,6 +19,7 @@ package org.keycloak.broker.oidc;
 
 import org.codehaus.jackson.JsonNode;
 import org.jboss.logging.Logger;
+import org.keycloak.broker.oidc.mappers.AbstractJsonUserAttributeMapper;
 import org.keycloak.broker.oidc.util.JsonSimpleHttp;
 import org.keycloak.broker.provider.util.SimpleHttp;
 import org.keycloak.broker.provider.AuthenticationRequest;
@@ -50,6 +51,7 @@ import javax.ws.rs.core.Context;
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriInfo;
+
 import java.io.IOException;
 import java.security.PublicKey;
 
@@ -224,7 +226,7 @@ public class OIDCIdentityProvider extends AbstractOAuth2IdentityProvider<OIDCIde
                 name = getJsonProperty(userInfo, "name");
                 preferredUsername = getJsonProperty(userInfo, "preferred_username");
                 email = getJsonProperty(userInfo, "email");
-                identity.getContextData().put(USER_INFO, userInfo);
+                AbstractJsonUserAttributeMapper.storeUserProfileForMapper(identity, userInfo, getConfig().getAlias());
             }
             identity.getContextData().put(FEDERATED_ACCESS_TOKEN_RESPONSE, tokenResponse);
             identity.getContextData().put(VALIDATED_ID_TOKEN, idToken);

broker/oidc/src/main/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapper.java

@@ -0,0 +1,206 @@
+package org.keycloak.broker.oidc.mappers;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.codehaus.jackson.JsonNode;
+import org.jboss.logging.Logger;
+import org.keycloak.broker.oidc.OIDCIdentityProvider;
+import org.keycloak.broker.provider.AbstractIdentityProviderMapper;
+import org.keycloak.broker.provider.BrokeredIdentityContext;
+import org.keycloak.models.IdentityProviderMapperModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.UserModel;
+import org.keycloak.provider.ProviderConfigProperty;
+
+/**
+ * Abstract class for Social Provider mappers which allow mapping of JSON user profile field into Keycloak user
+ * attribute. Concrete mapper classes with own ID and provider mapping must be implemented for each social provider who
+ * uses {@link JsonNode} user profile.
+ * 
+ * @author Vlastimil Elias (velias at redhat dot com)
+ */
+public abstract class AbstractJsonUserAttributeMapper extends AbstractIdentityProviderMapper {
+
+
+	protected static final Logger logger = Logger.getLogger(AbstractJsonUserAttributeMapper.class);
+
+	protected static final Logger LOGGER_DUMP_USER_PROFILE = Logger.getLogger("org.keycloak.social.user_profile_dump");
+
+	private static final String JSON_PATH_DELIMITER = ".";
+
+	/**
+	 * Config param where name of mapping source JSON User Profile field is stored.
+	 */
+	public static final String CONF_JSON_FIELD = "jsonField";
+	/**
+	 * Config param where name of mapping target USer attribute is stored.
+	 */
+	public static final String CONF_USER_ATTRIBUTE = "userAttribute";
+
+	/**
+	 * Key in {@link BrokeredIdentityContext#getContextData()} where {@link JsonNode} with user profile is stored.
+	 */
+	public static final String CONTEXT_JSON_NODE = OIDCIdentityProvider.USER_INFO;
+
+	private static final List<ProviderConfigProperty> configProperties = new ArrayList<ProviderConfigProperty>();
+
+	static {
+		ProviderConfigProperty property;
+		ProviderConfigProperty property1;
+		property1 = new ProviderConfigProperty();
+		property1.setName(CONF_JSON_FIELD);
+		property1.setLabel("Social Profile JSON Field Path");
+		property1.setHelpText("Path of field in Social provider User Profile JSON data to get value from. You can use dot notation for nesting and square brackets for array index. Eg. 'contact.address[0].country'.");
+		property1.setType(ProviderConfigProperty.STRING_TYPE);
+		configProperties.add(property1);
+		property = new ProviderConfigProperty();
+		property.setName(CONF_USER_ATTRIBUTE);
+		property.setLabel("User Attribute Name");
+		property.setHelpText("User attribute name to store information into.");
+		property.setType(ProviderConfigProperty.STRING_TYPE);
+		configProperties.add(property);
+	}
+
+	/**
+	 * Store used profile JsonNode into user context for later use by this mapper. Profile data are dumped into special logger if enabled also to allow investigation of the structure. 
+	 * 
+	 * @param user context to store profile data into
+	 * @param profile to store into context
+	 * @param provider identification of social provider to be used in log dump
+	 * 
+	 * @see #importNewUser(KeycloakSession, RealmModel, UserModel, IdentityProviderMapperModel, BrokeredIdentityContext)
+	 * @see BrokeredIdentityContext#getContextData()
+	 */
+	public static void storeUserProfileForMapper(BrokeredIdentityContext user, JsonNode profile, String provider) {
+		user.getContextData().put(AbstractJsonUserAttributeMapper.CONTEXT_JSON_NODE, profile);
+		if (LOGGER_DUMP_USER_PROFILE.isDebugEnabled())
+			LOGGER_DUMP_USER_PROFILE.debug("User Profile JSON Data for provider "+provider+": " + profile);
+	}
+
+	@Override
+	public List<ProviderConfigProperty> getConfigProperties() {
+		return configProperties;
+	}
+
+	@Override
+	public String getDisplayCategory() {
+		return "Attribute Importer";
+	}
+
+	@Override
+	public String getDisplayType() {
+		return "Attribute Importer";
+	}
+
+	@Override
+	public String getHelpText() {
+		return "Import user profile information if it exists in Social provider JSON data into the specified user attribute.";
+	}
+
+	@Override
+	public void importNewUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
+		String attribute = mapperModel.getConfig().get(CONF_USER_ATTRIBUTE);
+		if (attribute == null || attribute.trim().isEmpty()) {
+			logger.debug("Attribute is not configured");
+			return;
+		}
+		attribute = attribute.trim();
+
+		String value = getJsonValue(mapperModel, context);
+		if (value != null) {
+			user.setAttribute(attribute, value);
+		}
+	}
+
+	@Override
+	public void updateBrokeredUser(KeycloakSession session, RealmModel realm, UserModel user, IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
+		// we do not update user profile from social provider
+	}
+
+	protected static String getJsonValue(IdentityProviderMapperModel mapperModel, BrokeredIdentityContext context) {
+
+		String jsonField = mapperModel.getConfig().get(CONF_JSON_FIELD);
+		if (jsonField == null || jsonField.trim().isEmpty()) {
+			logger.debug("JSON field path is not configured");
+			return null;
+		}
+		jsonField = jsonField.trim();
+
+		if (jsonField.startsWith(JSON_PATH_DELIMITER) || jsonField.endsWith(JSON_PATH_DELIMITER) || jsonField.startsWith("[")) {
+			logger.debug("JSON field path is invalid " + jsonField);
+			return null;
+		}
+
+		JsonNode profileJsonNode = (JsonNode) context.getContextData().get(CONTEXT_JSON_NODE);
+
+		String value = getJsonValue(profileJsonNode, jsonField);
+
+		if (value == null) {
+			logger.debug("User profile JSON value '" + jsonField + "' is not available.");
+		}
+
+		return value;
+	}
+
+	protected static String getJsonValue(JsonNode baseNode, String fieldPath) {
+		logger.debug("Going to process JsonNode path " + fieldPath + " on data " + baseNode);
+		if (baseNode != null) {
+
+			int idx = fieldPath.indexOf(JSON_PATH_DELIMITER);
+
+			String currentFieldName = fieldPath;
+			if (idx > 0) {
+				currentFieldName = fieldPath.substring(0, idx).trim();
+				if (currentFieldName.isEmpty()) {
+					logger.debug("JSON path is invalid " + fieldPath);
+					return null;
+				}
+			}
+
+			String currentNodeName = currentFieldName;
+			int arrayIndex = -1;
+			if (currentFieldName.endsWith("]")) {
+				int bi = currentFieldName.indexOf("[");
+				if (bi == -1) {
+					logger.debug("Invalid array index construct in " + currentFieldName);
+					return null;
+				}
+				try {
+				String is = currentFieldName.substring(bi+1, currentFieldName.length() - 1).trim();
+					arrayIndex = Integer.parseInt(is);
+				} catch (Exception e) {
+					logger.debug("Invalid array index construct in " + currentFieldName);
+					return null;
+				}
+				currentNodeName = currentFieldName.substring(0,bi).trim();
+			}
+
+			JsonNode currentNode = baseNode.get(currentNodeName);
+			if (arrayIndex > -1 && currentNode.isArray()) {
+				logger.debug("Going to take array node at index " + arrayIndex);
+				currentNode = currentNode.get(arrayIndex);
+			}
+
+			if (currentNode == null) {
+				logger.debug("JsonNode not found for name " + currentFieldName);
+				return null;
+			}
+
+			if (idx < 0) {
+				if (!currentNode.isValueNode()) {
+					logger.debug("JsonNode is not value node for name " + currentFieldName);
+					return null;
+				}
+				String ret = currentNode.asText();
+				if (ret != null && !ret.trim().isEmpty())
+					return ret.trim();
+			} else {
+				return getJsonValue(currentNode, fieldPath.substring(idx + 1));
+			}
+		}
+		return null;
+	}
+
+}

broker/oidc/src/test/java/org/keycloak/broker/oidc/mappers/AbstractJsonUserAttributeMapperTest.java

@@ -0,0 +1,120 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2015 Red Hat Inc. and/or its affiliates and other contributors
+ * as indicated by the @authors tag. All rights reserved.
+ */
+package org.keycloak.broker.oidc.mappers;
+
+import java.io.IOException;
+
+import org.codehaus.jackson.JsonNode;
+import org.codehaus.jackson.JsonProcessingException;
+import org.codehaus.jackson.map.ObjectMapper;
+import org.junit.Assert;
+import org.junit.Test;
+
+/**
+ * Unit test for {@link AbstractJsonUserAttributeMapper}
+ * 
+ * @author Vlastimil Elias (velias at redhat dot com)
+ */
+public class AbstractJsonUserAttributeMapperTest {
+
+	private static ObjectMapper mapper = new ObjectMapper();
+
+	private static JsonNode baseNode;
+
+	private JsonNode getJsonNode() throws JsonProcessingException, IOException {
+		if (baseNode == null)
+			baseNode = mapper.readTree("{ \"value1\" : \"v1 \",\"value_empty\" : \"\", \"value_b\" : true, \"value_i\" : 454, " + " \"value_array\":[\"a1\",\"a2\"], " +" \"nest1\": {\"value1\": \" fgh \",\"value_empty\" : \"\", \"nest2\":{\"value_b\" : false, \"value_i\" : 43}}, "+ " \"nesta\": { \"a\":[{\"av1\": \"vala1\"},{\"av1\": \"vala2\"}]}"+" }");
+		return baseNode;
+	}
+
+	@Test
+	public void getJsonValue_invalidPath() throws JsonProcessingException, IOException {
+
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "."));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), ".."));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "...value1"));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), ".value1"));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value1."));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "[]"));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "[value1"));
+	}
+
+	@Test
+	public void getJsonValue_simpleValues() throws JsonProcessingException, IOException {
+
+		//unknown field returns null
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_unknown"));
+		
+		// we check value is trimmed also!
+		Assert.assertEquals("v1", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value1"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_empty"));
+
+		Assert.assertEquals("true", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_b"));
+		Assert.assertEquals("454", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_i"));
+
+	}
+
+	@Test
+	public void getJsonValue_nestedSimpleValues() throws JsonProcessingException, IOException {
+
+		// null if path points to JSON object
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.nest2"));
+
+		//unknown field returns null
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.value_unknown"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.nest2.value_unknown"));
+
+		// we check value is trimmed also!
+		Assert.assertEquals("fgh", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.value1"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.value_empty"));
+
+		Assert.assertEquals("false", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.nest2.value_b"));
+		Assert.assertEquals("43", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.nest2.value_i"));
+
+		// null if invalid nested path
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1."));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nest1.nest2."));
+	}
+
+	@Test
+	public void getJsonValue_simpleArray() throws JsonProcessingException, IOException {
+
+		// array field itself returns null if no index is provided
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array"));
+		// outside index returns null
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array[2]"));
+
+		//corect index
+		Assert.assertEquals("a1", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array[0]"));
+		Assert.assertEquals("a2", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array[1]"));
+		
+		//incorrect array constructs
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array[]"));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array]"));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array["));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array[a]"));
+		Assert.assertNull(AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "value_array[-2]"));
+	}
+
+	@Test
+	public void getJsonValue_nestedArrayWithObjects() throws JsonProcessingException, IOException {
+		Assert.assertEquals("vala1", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a[0].av1"));
+		Assert.assertEquals("vala2", AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a[1].av1"));
+
+		//different path erros or nonexisting indexes or fields return null
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a[2].av1"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a[0]"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a[0].av_unknown"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a[].av1"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a.av1"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a].av1"));
+		Assert.assertEquals(null, AbstractJsonUserAttributeMapper.getJsonValue(getJsonNode(), "nesta.a[.av1"));
+		
+	}
+
+}

broker/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

broker/saml/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

connections/file/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

connections/http-client/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

connections/infinispan/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

connections/jpa-liquibase/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
@@ -54,7 +54,7 @@
                 <configuration>
                     <changeLogFile>META-INF/jpa-changelog-master.xml</changeLogFile>
 
-                    <url>${url}</url>
+                    <url>${project.url}</url>
                     <driver>${driver}</driver>
                     <username>${username}</username>
                     <password>${password}</password>

connections/jpa-liquibase/src/main/java/org/keycloak/connections/jpa/updater/liquibase/custom/JpaUpdate1_2_0_CR1.java

@@ -3,6 +3,7 @@ package org.keycloak.connections.jpa.updater.liquibase.custom;
 import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 
+import liquibase.datatype.DataTypeFactory;
 import liquibase.exception.CustomChangeException;
 import liquibase.statement.core.InsertStatement;
 import liquibase.structure.core.Table;
@@ -17,7 +18,9 @@ public class JpaUpdate1_2_0_CR1 extends CustomKeycloakTask {
         String realmClientTableName = database.correctObjectName("REALM_CLIENT", Table.class);
 
         try {
-            PreparedStatement statement = jdbcConnection.prepareStatement("select CLIENT.REALM_ID, CLIENT.ID CLIENT_ID from CLIENT where CLIENT.CONSENT_REQUIRED = true");
+            String trueValue = DataTypeFactory.getInstance().getTrueBooleanValue(database);
+            PreparedStatement statement = jdbcConnection.prepareStatement("select CLIENT.REALM_ID, CLIENT.ID CLIENT_ID from CLIENT where CLIENT.CONSENT_REQUIRED = " + trueValue);
+
             try {
                 ResultSet resultSet = statement.executeQuery();
                 try {

connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.3.0.xml

@@ -1,19 +1,12 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
-    <changeSet author="bburke@redhat.com" id="1.3.0.Beta1">
+    <changeSet author="bburke@redhat.com" id="1.3.0">
         <delete tableName="CLIENT_SESSION_ROLE"/>
         <delete tableName="CLIENT_SESSION_PROT_MAPPER"/>
         <delete tableName="CLIENT_SESSION_NOTE"/>
         <delete tableName="CLIENT_SESSION"/>
         <delete tableName="USER_SESSION_NOTE"/>
         <delete tableName="USER_SESSION"/>
-        <createTable tableName="DEFAULT_REQUIRED_ACTIONS">
-            <column name="REALM_ID" type="VARCHAR(36)">
-                <constraints nullable="false"/>
-            </column>
-            <column name="VALUE" type="VARCHAR(36)"/>
-        </createTable>
-
         <createTable tableName="ADMIN_EVENT_ENTITY">
             <column name="ID" type="VARCHAR(36)">
                 <constraints nullable="false"/>
@@ -55,8 +48,12 @@
             <column name="FLOW_ID" type="VARCHAR(36)"/>
             <column name="REQUIREMENT" type="INT"/>
             <column name="PRIORITY" type="INT"/>
-            <column name="USER_SETUP_ALLOWED" type="BOOLEAN" defaultValueBoolean="false"/>
-            <column name="AUTHENTICATOR_FLOW" type="BOOLEAN" defaultValueBoolean="false"/>
+            <column name="USER_SETUP_ALLOWED" type="BOOLEAN" defaultValueBoolean="false">
+                <constraints nullable="false"/>
+            </column>
+            <column name="AUTHENTICATOR_FLOW" type="BOOLEAN" defaultValueBoolean="false">
+                <constraints nullable="false"/>
+            </column>
         </createTable>
         <createTable tableName="AUTHENTICATOR_CONFIG">
             <column name="AUTHENTICATOR_ID" type="VARCHAR(36)">
@@ -118,20 +115,26 @@
             <column name="AUTH_USER_ID" type="VARCHAR(36)"/>
         </addColumn>
         <addColumn tableName="IDENTITY_PROVIDER">
-            <column name="TRUST_EMAIL" type="BOOLEAN" defaultValueBoolean="false"/>
-            <column name="UPDATE_PROFILE_FIRST_LOGIN_MODE" type="VARCHAR(10)" defaultValue="on">
+            <column name="TRUST_EMAIL" type="BOOLEAN" defaultValueBoolean="false">
+                <constraints nullable="false"/>
+            </column>
+            <column name="UPDATE_PROFILE_FIRST_LGN_MD" type="VARCHAR(255)" defaultValue="on">
                 <constraints nullable="false"/>
             </column>
         </addColumn>
-        <!-- migrate value from UPDATE_PROFILE_FIRST_LOGIN to UPDATE_PROFILE_FIRST_LOGIN_MODE then drop it -->
+        <!-- migrate value from UPDATE_PROFILE_FIRST_LOGIN to UPDATE_PROFILE_FIRST_LGN_MD then drop it -->
         <update tableName="IDENTITY_PROVIDER">
-            <column name="UPDATE_PROFILE_FIRST_LOGIN_MODE" value="off"/>
-            <where>UPDATE_PROFILE_FIRST_LOGIN = false</where>
+            <column name="UPDATE_PROFILE_FIRST_LGN_MD" value="off"/>
+            <where>UPDATE_PROFILE_FIRST_LOGIN = :value</where>
+            <whereParams>
+                <param valueBoolean="false" />
+            </whereParams>
         </update>
+        <dropDefaultValue tableName="IDENTITY_PROVIDER" columnName="UPDATE_PROFILE_FIRST_LOGIN" />
         <dropColumn tableName="IDENTITY_PROVIDER" columnName="UPDATE_PROFILE_FIRST_LOGIN"/>
         
         <addColumn tableName="USER_REQUIRED_ACTION">
-            <column name="REQUIRED_ACTION" type="VARCHAR(36)">
+            <column name="REQUIRED_ACTION" type="VARCHAR(255)" defaultValue=" ">
                 <constraints nullable="false"/>
             </column>
         </addColumn>
@@ -152,95 +155,46 @@
             <column name="REQUIRED_ACTION" value="UPDATE_PASSWORD"/>
             <where>ACTION = 3</where>
         </update>
-
-        <addColumn tableName="CLIENT_SESSION">
-            <column name="CURRENT_ACTION" type="VARCHAR(36)">
-                <constraints nullable="false"/>
-            </column>
-        </addColumn>
-        <!-- OAUTH_GRANT,
-        CODE_TO_TOKEN,
-        VERIFY_EMAIL,
-        UPDATE_PROFILE,
-        CONFIGURE_TOTP,
-        UPDATE_PASSWORD,
-        RECOVER_PASSWORD,
-        AUTHENTICATE,
-        SOCIAL_CALLBACK,
-        LOGGED_OUT -->
-        <update tableName="CLIENT_SESSION">
-            <column name="CURRENT_ACTION" value="OAUTH_GRANT"/>
-            <where>ACTION = 0</where>
-        </update>
-        <update tableName="CLIENT_SESSION">
-            <column name="CURRENT_ACTION" value="CODE_TO_TOKEN"/>
-            <where>ACTION = 1</where>
-        </update>
-        <update tableName="CLIENT_SESSION">
-            <column name="CURRENT_ACTION" value="VERIFY_EMAIL"/>
-            <where>ACTION = 2</where>
-        </update>
-        <update tableName="CLIENT_SESSION">
-            <column name="CURRENT_ACTION" value="UPDATE_PROFILE"/>
-            <where>ACTION = 3</where>
-        </update>
-        <update tableName="CLIENT_SESSION">
-            <column name="CURRENT_ACTION" value="CONFIGURE_TOTP"/>
-            <where>ACTION = 4</where>
-        </update>
-        <update tableName="CLIENT_SESSION">
-            <column name="CURRENT_ACTION" value="UPDATE_PASSWORD"/>
-            <where>ACTION = 5</where>
-        </update>
-        <update tableName="CLIENT_SESSION">
-            <column name="CURRENT_ACTION" value="RECOVER_PASSWORD"/>
-            <where>ACTION = 6</where>
-        </update>
-        <update tableName="CLIENT_SESSION">
-            <column name="CURRENT_ACTION" value="AUTHENTICATE"/>
-            <where>ACTION = 7</where>
-        </update>
-        <update tableName="CLIENT_SESSION">
-            <column name="CURRENT_ACTION" value="SOCIAL_CALLBACK"/>
-            <where>ACTION = 8</where>
-        </update>
-        <update tableName="CLIENT_SESSION">
-            <column name="CURRENT_ACTION" value="LOGGED_OUT"/>
-            <where>ACTION = 9</where>
-        </update>
-
-        <createTable tableName="CLIENT_USER_SESSION_NOTE">
-            <column name="NAME" type="VARCHAR(255)">
-                <constraints nullable="false"/>
-            </column>
-            <column name="VALUE" type="VARCHAR(255)"/>
-            <column name="CLIENT_SESSION" type="VARCHAR(36)">
-                <constraints nullable="false"/>
-            </column>
-        </createTable>
-        <addPrimaryKey columnNames="CLIENT_SESSION, NAME" constraintName="CONSTRAINT_CLIENT_USER_SESSION_NOTE" tableName="CLIENT_USER_SESSION_NOTE"/>
-        <addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_USER_SESSION_NOTE" constraintName="FK_CLIENT_USER_SESSION_NOTE" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
-        <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_AUTHENTICATOR_PK" tableName="AUTHENTICATOR"/>
-        <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_AUTHENTICATION_FLOW_PK" tableName="AUTHENTICATION_FLOW"/>
-        <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_AUTHENTICATION_EXECUTION_PK" tableName="AUTHENTICATION_EXECUTION"/>
-        <addPrimaryKey columnNames="AUTHENTICATOR_ID, NAME" constraintName="CONSTRAINT_AUTHENTICATOR_CONFIG_PK" tableName="AUTHENTICATOR_CONFIG"/>
+        <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_AUTH_PK" tableName="AUTHENTICATOR"/>
+        <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_AUTH_FLOW_PK" tableName="AUTHENTICATION_FLOW"/>
+        <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_AUTH_EXEC_PK" tableName="AUTHENTICATION_EXECUTION"/>
+        <addPrimaryKey columnNames="AUTHENTICATOR_ID, NAME" constraintName="CONSTRAINT_AUTH_CFG_PK" tableName="AUTHENTICATOR_CONFIG"/>
         <dropPrimaryKey constraintName="CONSTRAINT_2" tableName="USER_REQUIRED_ACTION"/>
         <dropColumn tableName="USER_REQUIRED_ACTION" columnName="ACTION"/>
-        <dropColumn tableName="CLIENT_SESSION" columnName="ACTION"/>
         <addPrimaryKey columnNames="REQUIRED_ACTION, USER_ID" constraintName="CONSTRAINT_REQUIRED_ACTION" tableName="USER_REQUIRED_ACTION"/>
         <addPrimaryKey columnNames="CLIENT_SESSION, AUTHENTICATOR" constraintName="CONSTRAINT_AUTH_STATUS_PK" tableName="CLIENT_SESSION_AUTH_STATUS"/>
         <addPrimaryKey columnNames="ID" constraintName="CONSTRAINT_FEDMAPPERPM" tableName="USER_FEDERATION_MAPPER"/>
         <addPrimaryKey columnNames="USER_FEDERATION_MAPPER_ID, NAME" constraintName="CONSTRAINT_FEDMAPPER_CFG_PM" tableName="USER_FEDERATION_MAPPER_CONFIG"/>
-        <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="DEFAULT_REQUIRED_ACTIONS" constraintName="FK_DEFAULT_REQUIRED_ACTIONS_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
         <addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_SESSION_AUTH_STATUS" constraintName="AUTH_STATUS_CONSTRAINT" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
-        <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATOR" constraintName="FK_AUTHENTICATOR_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
-        <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATION_FLOW" constraintName="FK_AUTHENTICATION_FLOW_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
-        <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATION_EXECUTION" constraintName="FK_AUTHENTICATION_EXECUTION_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
-        <addForeignKeyConstraint baseColumnNames="FLOW_ID" baseTableName="AUTHENTICATION_EXECUTION" constraintName="FK_AUTHENTICATION_EXECUTION_FLOW" referencedColumnNames="ID" referencedTableName="AUTHENTICATION_FLOW"/>
+        <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATOR" constraintName="FK_AUTH_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
+        <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATION_FLOW" constraintName="FK_AUTH_FLOW_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
+        <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="AUTHENTICATION_EXECUTION" constraintName="FK_AUTH_EXEC_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
+        <addForeignKeyConstraint baseColumnNames="FLOW_ID" baseTableName="AUTHENTICATION_EXECUTION" constraintName="FK_AUTH_EXEC_FLOW" referencedColumnNames="ID" referencedTableName="AUTHENTICATION_FLOW"/>
         <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="USER_FEDERATION_MAPPER" constraintName="FK_FEDMAPPERPM_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
         <addForeignKeyConstraint baseColumnNames="FEDERATION_PROVIDER_ID" baseTableName="USER_FEDERATION_MAPPER" constraintName="FK_FEDMAPPERPM_FEDPRV" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_PROVIDER"/>
         <addForeignKeyConstraint baseColumnNames="USER_FEDERATION_MAPPER_ID" baseTableName="USER_FEDERATION_MAPPER_CONFIG" constraintName="FK_FEDMAPPER_CFG" referencedColumnNames="ID" referencedTableName="USER_FEDERATION_MAPPER"/>
 
+        <dropDefaultValue tableName="REALM" columnName="PASSWORD_CRED_GRANT_ALLOWED" />
         <dropColumn tableName="REALM" columnName="PASSWORD_CRED_GRANT_ALLOWED"/>
+
+        <!-- KEYCLOAK-1298 Change constraint names to be upper-cased -->
+        <dropForeignKeyConstraint baseTableName="PROTOCOL_MAPPER_CONFIG" constraintName="FK_PMConfig" />
+        <dropPrimaryKey constraintName="CONSTRAINT_PMConfig" tableName="PROTOCOL_MAPPER_CONFIG"/>
+        <addPrimaryKey columnNames="PROTOCOL_MAPPER_ID, NAME" constraintName="CONSTRAINT_PMCONFIG" tableName="PROTOCOL_MAPPER_CONFIG"/>
+        <addForeignKeyConstraint baseColumnNames="PROTOCOL_MAPPER_ID" baseTableName="PROTOCOL_MAPPER_CONFIG" constraintName="FK_PMCONFIG" referencedColumnNames="ID" referencedTableName="PROTOCOL_MAPPER"/>
+
+        <dropForeignKeyConstraint baseTableName="IDP_MAPPER_CONFIG" constraintName="FK_IDPMConfig" />
+        <dropPrimaryKey constraintName="CONSTRAINT_IDPMConfig" tableName="IDP_MAPPER_CONFIG"/>
+        <addPrimaryKey columnNames="IDP_MAPPER_ID, NAME" constraintName="CONSTRAINT_IDPMCONFIG" tableName="IDP_MAPPER_CONFIG"/>
+        <addForeignKeyConstraint baseColumnNames="IDP_MAPPER_ID" baseTableName="IDP_MAPPER_CONFIG" constraintName="FK_IDPMCONFIG" referencedColumnNames="ID" referencedTableName="IDENTITY_PROVIDER_MAPPER"/>
+
+        <!-- Sybase specific hacks -->
+        <modifySql dbms="sybase">
+            <replace replace="[USER_REQUIRED_ACTION] DROP PRIMARY KEY" with="[USER_REQUIRED_ACTION] DROP CONSTRAINT CONSTRAINT_2" />
+            <replace replace="[PROTOCOL_MAPPER_CONFIG] DROP PRIMARY KEY" with="[PROTOCOL_MAPPER_CONFIG] DROP CONSTRAINT CONSTRAINT_PMConfig" />
+            <replace replace="[IDP_MAPPER_CONFIG] DROP PRIMARY KEY" with="[IDP_MAPPER_CONFIG] DROP CONSTRAINT CONSTRAINT_IDPMConfig" />
+            <regExpReplace replace=".*(SET DEFAULT NULL)" with="SELECT 1" />
+        </modifySql>
+
     </changeSet>
 </databaseChangeLog>

connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-1.4.0.xml

@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<databaseChangeLog xmlns="http://www.liquibase.org/xml/ns/dbchangelog" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.liquibase.org/xml/ns/dbchangelog http://www.liquibase.org/xml/ns/dbchangelog/dbchangelog-3.1.xsd">
+    <changeSet author="bburke@redhat.com" id="1.4.0">
+        <delete tableName="CLIENT_SESSION_AUTH_STATUS"/>
+        <delete tableName="CLIENT_SESSION_PROT_MAPPER"/>
+        <delete tableName="CLIENT_SESSION_NOTE"/>
+        <delete tableName="CLIENT_SESSION"/>
+        <delete tableName="USER_SESSION_NOTE"/>
+        <delete tableName="USER_SESSION"/>
+        <createTable tableName="DEFAULT_REQUIRED_ACTIONS">
+            <column name="REALM_ID" type="VARCHAR(36)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="VALUE" type="VARCHAR(36)"/>
+        </createTable>
+        <addColumn tableName="CLIENT_SESSION">
+            <column name="CURRENT_ACTION" type="VARCHAR(36)">
+                <constraints nullable="false"/>
+            </column>
+        </addColumn>
+        <!-- OAUTH_GRANT,
+        CODE_TO_TOKEN,
+        VERIFY_EMAIL,
+        UPDATE_PROFILE,
+        CONFIGURE_TOTP,
+        UPDATE_PASSWORD,
+        RECOVER_PASSWORD,
+        AUTHENTICATE,
+        SOCIAL_CALLBACK,
+        LOGGED_OUT -->
+        <update tableName="CLIENT_SESSION">
+            <column name="CURRENT_ACTION" value="OAUTH_GRANT"/>
+            <where>ACTION = 0</where>
+        </update>
+        <update tableName="CLIENT_SESSION">
+            <column name="CURRENT_ACTION" value="CODE_TO_TOKEN"/>
+            <where>ACTION = 1</where>
+        </update>
+        <update tableName="CLIENT_SESSION">
+            <column name="CURRENT_ACTION" value="VERIFY_EMAIL"/>
+            <where>ACTION = 2</where>
+        </update>
+        <update tableName="CLIENT_SESSION">
+            <column name="CURRENT_ACTION" value="UPDATE_PROFILE"/>
+            <where>ACTION = 3</where>
+        </update>
+        <update tableName="CLIENT_SESSION">
+            <column name="CURRENT_ACTION" value="CONFIGURE_TOTP"/>
+            <where>ACTION = 4</where>
+        </update>
+        <update tableName="CLIENT_SESSION">
+            <column name="CURRENT_ACTION" value="UPDATE_PASSWORD"/>
+            <where>ACTION = 5</where>
+        </update>
+        <update tableName="CLIENT_SESSION">
+            <column name="CURRENT_ACTION" value="RECOVER_PASSWORD"/>
+            <where>ACTION = 6</where>
+        </update>
+        <update tableName="CLIENT_SESSION">
+            <column name="CURRENT_ACTION" value="AUTHENTICATE"/>
+            <where>ACTION = 7</where>
+        </update>
+        <update tableName="CLIENT_SESSION">
+            <column name="CURRENT_ACTION" value="SOCIAL_CALLBACK"/>
+            <where>ACTION = 8</where>
+        </update>
+        <update tableName="CLIENT_SESSION">
+            <column name="CURRENT_ACTION" value="LOGGED_OUT"/>
+            <where>ACTION = 9</where>
+        </update>
+
+        <createTable tableName="CLIENT_USER_SESSION_NOTE">
+            <column name="NAME" type="VARCHAR(255)">
+                <constraints nullable="false"/>
+            </column>
+            <column name="VALUE" type="VARCHAR(255)"/>
+            <column name="CLIENT_SESSION" type="VARCHAR(36)">
+                <constraints nullable="false"/>
+            </column>
+        </createTable>
+        <addPrimaryKey columnNames="CLIENT_SESSION, NAME" constraintName="CONSTR_CL_USR_SES_NOTE" tableName="CLIENT_USER_SESSION_NOTE"/>
+        <addForeignKeyConstraint baseColumnNames="CLIENT_SESSION" baseTableName="CLIENT_USER_SESSION_NOTE" constraintName="FK_CL_USR_SES_NOTE" referencedColumnNames="ID" referencedTableName="CLIENT_SESSION"/>
+        <dropColumn tableName="CLIENT_SESSION" columnName="ACTION"/>
+        <addForeignKeyConstraint baseColumnNames="REALM_ID" baseTableName="DEFAULT_REQUIRED_ACTIONS" constraintName="FK_DEF_REQ_ACTS_REALM" referencedColumnNames="ID" referencedTableName="REALM"/>
+    </changeSet>
+</databaseChangeLog>

connections/jpa-liquibase/src/main/resources/META-INF/jpa-changelog-master.xml

@@ -6,5 +6,6 @@
     <include file="META-INF/jpa-changelog-1.2.0.Beta1.xml"/>
     <include file="META-INF/jpa-changelog-1.2.0.CR1.xml"/>
     <include file="META-INF/jpa-changelog-1.2.0.Final.xml"/>
-    <include file="META-INF/jpa-changelog-1.3.0.Beta1.xml"/>
+    <include file="META-INF/jpa-changelog-1.3.0.xml"/>
+    <include file="META-INF/jpa-changelog-1.4.0.xml"/>
 </databaseChangeLog>

connections/jpa/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

connections/jpa/src/main/java/org/keycloak/connections/jpa/updater/JpaUpdaterProvider.java

@@ -12,7 +12,7 @@ public interface JpaUpdaterProvider extends Provider {
 
     public String FIRST_VERSION = "1.0.0.Final";
 
-    public String LAST_VERSION = "1.3.0.Beta1";
+    public String LAST_VERSION = "1.4.0";
 
     public String getCurrentVersionSql();
 

connections/mongo-update/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/DefaultMongoUpdaterProvider.java

@@ -27,7 +27,7 @@ public class DefaultMongoUpdaterProvider implements MongoUpdaterProvider {
             Update1_1_0_Beta1.class,
             Update1_2_0_Beta1.class,
             Update1_2_0_CR1.class,
-            Update1_3_0_Beta1.class
+            Update1_3_0.class
     };
 
     @Override

connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0.java

@@ -0,0 +1,59 @@
+package org.keycloak.connections.mongo.updater.impl.updates;
+
+import com.mongodb.BasicDBList;
+import com.mongodb.BasicDBObject;
+import com.mongodb.DBCollection;
+import com.mongodb.DBCursor;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.representations.idm.IdentityProviderRepresentation;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class Update1_3_0 extends Update {
+
+    @Override
+    public String getId() {
+        return "1.3.0";
+    }
+
+    @Override
+    public void update(KeycloakSession session) {
+        deleteEntries("clientSessions");
+        deleteEntries("sessions");
+
+        removeField("realms", "passwordCredentialGrantAllowed");
+
+        updateIdentityProviders();
+    }
+
+    private void updateIdentityProviders() {
+        DBCollection realms = db.getCollection("realms");
+        DBCursor realmsCursor = realms.find();
+
+        try {
+            while (realmsCursor.hasNext()) {
+                BasicDBObject realm = (BasicDBObject) realmsCursor.next();
+
+                BasicDBList identityProviders = (BasicDBList) realm.get("identityProviders");
+                if (identityProviders != null) {
+                    for (Object ipObj : identityProviders) {
+                        BasicDBObject identityProvider = (BasicDBObject) ipObj;
+
+                        boolean updateProfileFirstLogin = identityProvider.getBoolean("updateProfileFirstLogin");
+                        String upflMode = updateProfileFirstLogin ? IdentityProviderRepresentation.UPFLM_ON : IdentityProviderRepresentation.UPFLM_OFF;
+                        identityProvider.put("updateProfileFirstLoginMode", upflMode);
+                        identityProvider.removeField("updateProfileFirstLogin");
+
+                        identityProvider.put("trustEmail", false);
+                    }
+                }
+
+                realms.save(realm);
+            }
+        } finally {
+            realmsCursor.close();
+        }
+    }
+
+}

connections/mongo-update/src/main/java/org/keycloak/connections/mongo/updater/impl/updates/Update1_3_0_Beta1.java

@@ -1,20 +0,0 @@
-package org.keycloak.connections.mongo.updater.impl.updates;
-
-import org.keycloak.models.KeycloakSession;
-
-/**
- * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
- */
-public class Update1_3_0_Beta1 extends Update {
-
-    @Override
-    public String getId() {
-        return "1.3.0.Beta1";
-    }
-
-    @Override
-    public void update(KeycloakSession session) {
-        removeField("realms", "passwordCredentialGrantAllowed");
-    }
-
-}

connections/mongo/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

connections/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
     <name>Connections Parent</name>
     <description/>

core-jaxrs/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

core/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>

core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java

@@ -266,6 +266,10 @@ public class RealmRepresentation {
         this.codeSecret = codeSecret;
     }
 
+    public Boolean isPasswordCredentialGrantAllowed() {
+        return passwordCredentialGrantAllowed;
+    }
+
     public Boolean isRegistrationAllowed() {
         return registrationAllowed;
     }

core/src/main/java/org/keycloak/util/HtmlUtils.java

@@ -34,7 +34,17 @@ public class HtmlUtils {
         for (int i = 0; i < value.length(); i++) {
             char chr = value.charAt(i);
 
-            if (chr != '\'' && chr != '"' && chr != '<' && chr != '>' && chr != '/') {
+            if (chr == '<') {
+                escaped.append("&lt;");
+            } else if (chr == '>') {
+                escaped.append("&gt;");
+            } else if (chr == '"') {
+                escaped.append("&quot;");
+            } else if (chr == '\'') {
+                escaped.append("&apos;");
+            } else if (chr == '&') {
+                escaped.append("&amp;");
+            } else {
                 escaped.append(chr);
             }
         }

dependencies/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
     </parent>
 
     <modelVersion>4.0.0</modelVersion>

dependencies/server-all/pom.xml

@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>

dependencies/server-min/pom.xml

@@ -4,7 +4,7 @@
 	<parent>
 		<artifactId>keycloak-parent</artifactId>
 		<groupId>org.keycloak</groupId>
-		<version>1.3.0.Final-SNAPSHOT</version>
+		<version>1.4.0.Final-SNAPSHOT</version>
 		<relativePath>../../pom.xml</relativePath>
 	</parent>
 	<modelVersion>4.0.0</modelVersion>

distribution/adapters/as7-eap6-adapter/as7-adapter-zip/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 

distribution/adapters/as7-eap6-adapter/as7-modules/pom.xml

@@ -8,7 +8,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
@@ -56,7 +56,6 @@
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcprov-jdk15on</artifactId>
-            <version>${bouncycastle.crypto.version}</version>
         </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>

distribution/adapters/as7-eap6-adapter/eap6-adapter-zip/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 

distribution/adapters/as7-eap6-adapter/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak AS7 / JBoss EAP 6 Adapter Distros</name>

distribution/adapters/jetty81-adapter-zip/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

distribution/adapters/jetty91-adapter-zip/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

distribution/adapters/jetty92-adapter-zip/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

distribution/adapters/js-adapter-zip/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

distribution/adapters/osgi/features/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak OSGI Features</name>

distribution/adapters/osgi/jaas/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak OSGI JAAS Realm Configuration</name>

distribution/adapters/osgi/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak OSGI Integration</name>

distribution/adapters/osgi/thirdparty/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 

distribution/adapters/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

distribution/adapters/tomcat6-adapter-zip/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

distribution/adapters/tomcat7-adapter-zip/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

distribution/adapters/tomcat8-adapter-zip/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
 

distribution/adapters/wf8-adapter/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak Wildfly 8 Adapter</name>

distribution/adapters/wf8-adapter/wf8-adapter-zip/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 

distribution/adapters/wf8-adapter/wf8-modules/pom.xml

@@ -8,7 +8,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 

distribution/adapters/wf9-adapter/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../pom.xml</relativePath>
     </parent>
     <name>Keycloak Wildfly 9 Adapter</name>

distribution/adapters/wf9-adapter/wf9-adapter-zip/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 

distribution/adapters/wf9-adapter/wf9-modules/pom.xml

@@ -8,7 +8,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../../../pom.xml</relativePath>
     </parent>
 

distribution/demo-dist/assembly.xml

@@ -14,7 +14,6 @@
             <outputDirectory>keycloak</outputDirectory>
             <excludes>
                 <exclude>**/*.sh</exclude>
-                <exclude>standalone/configuration/standalone-keycloak.xml</exclude>
             </excludes>
         </fileSet>
         <fileSet>
@@ -25,6 +24,20 @@
             </includes>
             <fileMode>0755</fileMode>
         </fileSet>
+        <fileSet>
+            <directory>${project.build.directory}/unpacked/keycloak-server-overlay-${project.version}</directory>
+            <outputDirectory>keycloak</outputDirectory>
+            <excludes>
+                <exclude>standalone/configuration/standalone-keycloak.xml</exclude>
+            </excludes>
+        </fileSet>
+        <fileSet>
+            <directory>${project.build.directory}/unpacked/keycloak-wf9-adapter-${project.version}</directory>
+            <outputDirectory>keycloak</outputDirectory>
+            <excludes>
+                <exclude>standalone/configuration/standalone-keycloak.xml</exclude>
+            </excludes>
+        </fileSet>
         <fileSet>
             <directory>${project.build.directory}/unpacked/keycloak-docs-${project.version}</directory>
             <outputDirectory>docs</outputDirectory>
@@ -34,5 +47,11 @@
             <outputDirectory>examples</outputDirectory>
         </fileSet>
     </fileSets>
+    <files>
+        <file>
+            <source>${project.build.directory}/unpacked/standalone.xml</source>
+            <outputDirectory>keycloak/standalone/configuration</outputDirectory>
+        </file>
+    </files>
 
 </assembly>

distribution/demo-dist/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 
@@ -16,7 +16,12 @@
     <dependencies>
         <dependency>
             <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-server-dist</artifactId>
+            <artifactId>keycloak-wf9-server-overlay</artifactId>
+            <type>zip</type>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-wf9-adapter-dist</artifactId>
             <type>zip</type>
         </dependency>
         <dependency>
@@ -63,7 +68,7 @@
                         </configuration>
                     </execution>
                     <execution>
-                        <id>unpack-server-overlay</id>
+                        <id>unpack-server</id>
                         <phase>prepare-package</phase>
                         <goals>
                             <goal>unpack</goal>
@@ -72,9 +77,26 @@
                             <artifactItems>
                                 <artifactItem>
                                     <groupId>org.keycloak</groupId>
-                                    <artifactId>keycloak-server-overlay</artifactId>
+                                    <artifactId>keycloak-wf9-server-overlay</artifactId>
                                     <type>zip</type>
-                                    <outputDirectory>${project.build.directory}/unpacked/wildfly-${wildfly.version}</outputDirectory>
+                                    <outputDirectory>${project.build.directory}/unpacked/keycloak-server-overlay-${project.version}</outputDirectory>
+                                </artifactItem>
+                            </artifactItems>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>unpack-adapter</id>
+                        <phase>prepare-package</phase>
+                        <goals>
+                            <goal>unpack</goal>
+                        </goals>
+                        <configuration>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.keycloak</groupId>
+                                    <artifactId>keycloak-wf9-adapter-dist</artifactId>
+                                    <type>zip</type>
+                                    <outputDirectory>${project.build.directory}/unpacked/keycloak-wf9-adapter-${project.version}</outputDirectory>
                                 </artifactItem>
                             </artifactItems>
                         </configuration>
@@ -134,7 +156,7 @@
                                     <includes>
                                         <include>standalone.xml</include>
                                     </includes>
-                                    <outputDir>${project.build.directory}/unpacked/wildfly-${wildfly.version}/standalone/configuration</outputDir>
+                                    <outputDir>${project.build.directory}/unpacked/</outputDir>
                                 </transformationSet>
                             </transformationSets>
                         </configuration>

distribution/demo-dist/src/main/xslt/standalone.xsl

@@ -39,11 +39,9 @@
         <xsl:copy>
             <xsl:apply-templates select="node()|@*"/>
             <subsystem xmlns="urn:jboss:domain:keycloak-server:1.1">
-                <auth-server name="main-auth-server">
-                    <enabled>true</enabled>
                 <web-context>auth</web-context>
-                </auth-server>
             </subsystem>
+            <subsystem xmlns="urn:jboss:domain:keycloak:1.1"/>
         </xsl:copy>
     </xsl:template>
 

distribution/docs-dist/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

distribution/examples-dist/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

distribution/feature-packs/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <artifactId>distribution-pom</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <name>Feature Pack Builds</name>

distribution/feature-packs/server-feature-pack/pom.xml

@@ -20,7 +20,7 @@
     <parent>
         <groupId>org.keycloak</groupId>
         <artifactId>feature-packs-parent</artifactId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
     <modelVersion>4.0.0</modelVersion>
@@ -34,31 +34,22 @@
         <dependency>
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-dependencies-server-all</artifactId>
-            <version>${project.version}</version>
             <type>pom</type>
         </dependency>
         <dependency>
             <groupId>org.keycloak.subsystem</groupId>
             <artifactId>keycloak-server</artifactId>
-            <version>${project.version}</version>
             <type>war</type>
         </dependency>   
         <dependency>
             <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-wildfly-server-subsystem</artifactId>
-            <version>${project.version}</version>
+            <artifactId>keycloak-wf9-server-subsystem</artifactId>
         </dependency>
         <dependency>
             <groupId>org.wildfly</groupId>
             <artifactId>wildfly-feature-pack</artifactId>
             <type>zip</type>
         </dependency>
-        <dependency>
-            <groupId>org.keycloak.subsystem</groupId>
-            <artifactId>keycloak-server</artifactId>
-            <type>war</type>
-            <version>${project.version}</version>
-        </dependency>
     </dependencies>
 
     <build>
@@ -123,10 +114,9 @@
                                 <artifactItem>
                                     <groupId>org.keycloak.subsystem</groupId>
                                     <artifactId>keycloak-server</artifactId>
-                                    <version>${project.version}</version>
                                     <type>war</type>
                                     <overWrite>true</overWrite>
-                                    <outputDirectory>${project.build.directory}/${project.build.finalName}/modules/system/layers/base/org/keycloak/keycloak-server-subsystem/main/auth-server</outputDirectory>
+                                    <outputDirectory>${project.build.directory}/${project.build.finalName}/modules/system/layers/base/org/keycloak/keycloak-server-subsystem/main/server-war</outputDirectory>
                                 </artifactItem>
                             </artifactItems>
                         </configuration>

distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/de/idyl/winzipaes/main/module.xml

@@ -4,7 +4,7 @@
 
 <module xmlns="urn:jboss:module:1.1" name="de.idyl.winzipaes">
     <resources>
-        <!-- Insert resources here -->
+        <artifact name="${de.idyl:winzipaes}"/>
     </resources>
     <dependencies>
         <module name="javax.api"/>

distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-server-subsystem/main/module.xml

@@ -25,28 +25,14 @@
 <module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-server-subsystem">
     <properties>
         <property name="keycloak-version" value="${project.version}"/>
-        <property name="auth-server-exploded" value="false"/>
+        <property name="server-war-exploded" value="false"/>
     </properties>
 
     <resources>
         <resource-root path="."/>
-        <artifact name="${org.keycloak:keycloak-wildfly-server-subsystem}"/>
     </resources>
 
     <dependencies>
-        <module name="javax.api"/>
-        <module name="org.jboss.staxmapper"/>
-        <module name="org.jboss.as.controller"/>
-        <module name="org.jboss.as.ee"/>
-        <module name="org.jboss.as.server"/>
-        <module name="org.jboss.modules"/>
-        <module name="org.jboss.msc"/>
-        <module name="org.jboss.logging"/>
-        <module name="org.jboss.vfs"/>
-        <module name="org.jboss.as.web-common" optional="true"/>
-        <module name="org.jboss.as.web" optional="true"/>
-        <module name="org.jboss.as.version" optional="true"/>
-        <module name="org.keycloak.keycloak-wildfly-adapter" optional="true"/>
-        <module name="org.jboss.metadata"/>
+        <module name="org.keycloak.keycloak-wf9-server-subsystem" services="export" export="true"/>
     </dependencies>
 </module>

distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/base/org/keycloak/keycloak-wf9-server-subsystem/main/module.xml

@@ -0,0 +1,52 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+  ~ JBoss, Home of Professional Open Source.
+  ~ Copyright 2014, Red Hat, Inc., and individual contributors
+  ~ as indicated by the @author tags. See the copyright.txt file in the
+  ~ distribution for a full listing of individual contributors.
+  ~
+  ~ This is free software; you can redistribute it and/or modify it
+  ~ under the terms of the GNU Lesser General Public License as
+  ~ published by the Free Software Foundation; either version 2.1 of
+  ~ the License, or (at your option) any later version.
+  ~
+  ~ This software is distributed in the hope that it will be useful,
+  ~ but WITHOUT ANY WARRANTY; without even the implied warranty of
+  ~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+  ~ Lesser General Public License for more details.
+  ~
+  ~ You should have received a copy of the GNU Lesser General Public
+  ~ License along with this software; if not, write to the Free
+  ~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+  ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+  -->
+
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-wf9-server-subsystem">
+    <properties>
+        <property name="keycloak-version" value="${project.version}"/>
+        <property name="server-war-exploded" value="false"/>
+    </properties>
+
+    <resources>
+        <resource-root path="."/>
+        <artifact name="${org.keycloak:keycloak-wf9-server-subsystem}"/>
+    </resources>
+
+    <dependencies>
+        <module name="javax.api"/>
+        <module name="org.jboss.staxmapper"/>
+        <module name="org.jboss.as.controller"/>
+        <module name="org.jboss.as.ee"/>
+        <module name="org.jboss.as.server"/>
+        <module name="org.jboss.modules"/>
+        <module name="org.jboss.msc"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.jboss.vfs"/>
+        <module name="org.jboss.as.web-common" optional="true"/>
+        <module name="org.jboss.as.web" optional="true"/>
+        <module name="org.jboss.as.version" optional="true"/>
+        <module name="org.keycloak.keycloak-wildfly-adapter" optional="true"/>
+        <module name="org.jboss.metadata"/>
+    </dependencies>
+</module>

distribution/pom.xml

@@ -3,7 +3,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../pom.xml</relativePath>
     </parent>
 
@@ -28,13 +28,12 @@
 
     <modules>
         <module>adapters</module>
-        <!--<module>demo-dist</module>-->
+        <module>demo-dist</module>
         <module>docs-dist</module>
         <module>examples-dist</module>
-        <module>modules</module>
         <module>proxy-dist</module>
         <module>server-dist</module>
-        <!--<module>server-overlay</module>-->
+        <module>server-overlay</module>
         <module>src-dist</module>
         <module>subsystem-war</module>
         <module>feature-packs</module>

distribution/proxy-dist/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

distribution/server-dist/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
+        <version>1.4.0.Final-SNAPSHOT</version>
         <relativePath>../../pom.xml</relativePath>
     </parent>
 

distribution/server-overlay/eap6/eap6-server-modules/build.xml

@@ -46,6 +46,11 @@
             <maven-resource group="net.iharder" artifact="base64"/>
         </module-def>
 
+        <module-def name="org.bouncycastle">
+            <maven-resource group="org.bouncycastle" artifact="bcprov-jdk15on"/>
+            <maven-resource group="org.bouncycastle" artifact="bcpkix-jdk15on"/>
+        </module-def>
+
         <module-def name="org.keycloak.keycloak-broker-core">
             <maven-resource group="org.keycloak" artifact="keycloak-broker-core"/>
         </module-def>
@@ -306,9 +311,12 @@
 
         <module-def name="org.keycloak.keycloak-server"></module-def>
 
-        <module-def name="org.keycloak.keycloak-server-subsystem">
-            <maven-resource group="org.keycloak" artifact="keycloak-wildfly-server-subsystem"/>
+        <module-def name="org.keycloak.keycloak-as7-server-subsystem">
+            <maven-resource group="org.keycloak" artifact="keycloak-as7-server-subsystem"/>
         </module-def>
+
+        <module-def name="org.keycloak.keycloak-server-subsystem"/>
+
     </target>
 
     <target name="clean-target">

distribution/server-overlay/eap6/eap6-server-modules/pom.xml

@@ -8,13 +8,13 @@
     <parent>
         <artifactId>keycloak-parent</artifactId>
         <groupId>org.keycloak</groupId>
-        <version>1.3.0.Final-SNAPSHOT</version>
-        <relativePath>../../pom.xml</relativePath>
+        <version>1.4.0.Final-SNAPSHOT</version>
+        <relativePath>../../../../pom.xml</relativePath>
     </parent>
 
-    <artifactId>keycloak-jboss-modules</artifactId>
+    <artifactId>keycloak-eap6-server-modules</artifactId>
 
-    <name>Keycloak JBoss Modules</name>
+    <name>Keycloak EAP 6 Server Modules</name>
     <packaging>pom</packaging>
     <dependencies>
         <dependency>
@@ -22,10 +22,6 @@
             <artifactId>keycloak-dependencies-server-all</artifactId>
             <type>pom</type>
         </dependency>
-        <dependency>
-            <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-wildfly-extensions</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
             <artifactId>keycloak-core</artifactId>
@@ -36,14 +32,21 @@
         </dependency>
         <dependency>
             <groupId>org.keycloak</groupId>
-            <artifactId>keycloak-wildfly-server-subsystem</artifactId>
-            <version>${project.version}</version>
+            <artifactId>keycloak-as7-server-subsystem</artifactId>
         </dependency>
         <dependency>
             <groupId>org.keycloak.subsystem</groupId>
             <artifactId>keycloak-server</artifactId>
             <type>war</type>
         </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15on</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcpkix-jdk15on</artifactId>
+        </dependency>
     </dependencies>
 
     <build>
@@ -143,7 +146,7 @@
                                     <artifactId>keycloak-server</artifactId>
                                     <type>war</type>
                                     <overWrite>true</overWrite>
-                                    <outputDirectory>${project.build.directory}/modules/org/keycloak/keycloak-server-subsystem/main/auth-server</outputDirectory>
+                                    <outputDirectory>${project.build.directory}/modules/org/keycloak/keycloak-as7-server-subsystem/main/server-war</outputDirectory>
                                 </artifactItem>
                             </artifactItems>
                         </configuration>

distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/javax/ws/rs/api/2.0/module.xml

@@ -0,0 +1,12 @@
+<module xmlns="urn:jboss:module:1.3" name="javax.ws.rs.api">
+    <resources>
+        <resource-root path="jboss-jaxrs-api_2.0_spec-1.0.0.Final.jar"/>
+        <!-- Insert resources here -->
+    </resources>
+
+    <dependencies>
+        <module name="org.jboss.resteasy.resteasy-jaxrs" services="export"/>
+        <module name="javax.xml.bind.api" />
+        <module name="javax.api" />
+    </dependencies>
+</module>

distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/bouncycastle/main/module.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<module xmlns="urn:jboss:module:1.1" name="org.bouncycastle">
+    <resources>
+        <!-- Insert resources here -->
+    </resources>
+    <dependencies>
+        <module name="javax.api"/>
+    </dependencies>
+</module>

distribution/server-overlay/eap6/eap6-server-modules/src/main/resources/modules/org/keycloak/keycloak-as7-server-subsystem/main/module.xml

@@ -22,7 +22,7 @@
   ~ 02110-1301 USA, or see the FSF site: http://www.fsf.org.
   -->
 
-<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-server-subsystem">
+<module xmlns="urn:jboss:module:1.1" name="org.keycloak.keycloak-as7-server-subsystem">
     <properties>
         <property name="keycloak-version" value="${project.version}"/>
         <property name="auth-server-exploded" value="false"/>