Martin Bartoš
3a2bf0c04b
WebAuthnAuthenticator add timeout property
2021-12-12 11:36:51 +01:00
Hynek Mlnarik
95614e8b40
Fix NPE for component creation when realm unset but config known
...
Fixes #9019
2021-12-07 20:15:05 +01:00
Yoshiyuki Tabata
b1eeb0626e
KEYCLOAK-13847 fix offline token refresh date
2021-12-01 08:30:08 +01:00
Andre Fucs de Miranda
b03b390dd2
KEYCLOAK-19228: Prevent user enumeration in FIPS mode
2021-11-24 18:11:27 +01:00
Nemanja Hiršl
c9e1e00b95
KEYCLOAK-19773 BFD and Direct Grant - inconsistent number of failures
...
Do not "failure" on temporary or permanently locked users, but "forceChallenge"
Failure increments number of failures, and forceChallenge doesn't
Test cases cover:
1. Already disabled users
2. Temporarily disabled users by BFD
3. Permanently disabled users by BFD
2021-11-24 15:28:18 +01:00
Martin Bartoš
1e1a6779be
Issue 8814: Replace deprecated hamcrest-all dependencies
2021-11-23 13:56:28 +01:00
bal1imb
661aca4452
KEYCLOAK-19283 Implemented new identity provider mapper "Advanced claim to group mapper" alongside tests.
2021-11-19 16:54:39 +01:00
Hiroyuki Wada
884471c729
KEYCLOAK-19237 Avoid using stream that has been operated
2021-11-18 17:46:35 +01:00
Takashi Norimatsu
10c3e149d3
KEYCLOAK-19699 RSA key provider with key use = enc cannot select corresponding algorithm on Admin Console
2021-11-18 13:24:50 +01:00
Olivier Boudet
ed6eea26ea
KEYCLOAK-19413 Allows to set login_hint on registration and reset-credentials pages
2021-11-18 13:17:10 +01:00
Konstantinos Georgilakis
63c9845cb9
KEYCLOAK-18276 client content screen enhancement
2021-11-18 13:15:02 +01:00
Martin Bartoš
b17f0695ee
8793 User Profile multiple implementations
2021-11-15 08:46:34 +01:00
David Perrenoud
36da2d20e9
KEYCLOAK-17039 Local file in a webview fails when requesting with "Origin: null" since 11.0.2
2021-11-11 10:55:33 +01:00
Yoshiyuki Tabata
9be4c289d8
KEYCLOAK-18440 Improve logging for token introspection
2021-11-08 15:26:52 +01:00
rmartinc
a4c4c00d00
[KEYCLOAK-14309] Duplicate sub claim at JSON level
2021-11-08 11:54:39 +01:00
Alec Henninger
cec6a8a884
KEYCLOAK-19700: Attempt to reuse denied device authorization code results in server error
2021-11-08 11:37:51 +01:00
Takashi Norimatsu
d0493b4306
KEYCLOAK-19723 Existing ECDSA key provider's key pair is not regenerated when its curve is changed on Admin Console
2021-11-05 10:05:40 +01:00
mposolda
5740e158e3
KEYCLOAK-18744 OpenBanking Brasil fix for X509 client authentication. More flexibility in Subject DN comparison.
2021-11-05 09:10:50 +01:00
Luca Leonardo Scorcia
e99b363ba0
KEYCLOAK-18879 Generate RequestedAttribute SP metadata for SAML Attribute Role Mappers
2021-11-04 11:15:32 +01:00
Bruno Oliveira da Silva
16db810b03
[KEYCLOAK-19754] - Update documentation files to remove problematic language in the main repository
2021-11-04 10:08:56 +01:00
Pedro Igor
eaa96f6147
[KEYCLOAK-18255] - Vault Support in Dist.X
2021-11-03 09:23:33 -03:00
Martin Bartoš
bfce612641
KEYCLOAK-18338 Fix update user account with configured SSSD
2021-11-02 08:42:07 +01:00
Joerg Matysiak
afc5cb4d14
KEYCLOAK-19617 Simplify creation of custom user profiles
...
* DeclarativeUserProfileProvider passes its ID to DeclarativeUserProfileModel, so this also works for derived classes.
* Moved creation of declarative user profile model to a protected factory method to allow subclasses to provide their own implementation.
* Added integration tests for custom user profile
* configured declarative-user-profile as default user profile provider in test servers
* Restore previously configured default provider after test with special provider settings
* Some refactoring in SpiProviderSwitchingUtils
2021-10-28 08:26:11 -03:00
Takashi Norimatsu
0d62c6d498
KEYCLOAK-19565 Client Policies : Wrong SecureLogoutExecutor's provider ID
2021-10-25 13:49:48 +02:00
Konstantinos Georgilakis
a5c8c45551
KEYCLOAK-19388 correct AttributeConsumingService bug in SAML SP metadata
2021-10-21 20:24:46 +02:00
Takashi Norimatsu
263161ff66
KEYCLOAK-19540 FAPI 2.0 Baseline : Reject Resource Owner Password Credentials Grant
2021-10-21 09:13:12 +02:00
Pham Hoang Nam
e87952d1ad
Fix logout-all enpoint return json format
2021-10-20 11:37:49 -03:00
Thomas Darimont
9857a04895
KEYCLOAK-16107 Enable ScriptBasedOIDCProtocolMapper to return JSON objects directly
...
We now allow to return JSON objects directly from a ScriptBasedOIDCProtocolMapper, by
adding support to turn objects that implement the java.util.Map into JsonNodes.
Previously returning JSON objects directly caused an exception during runtime.
2021-10-19 11:21:26 -03:00
Alec Henninger
c392538f69
KEYCLOAK-19575: Different user authenticated results in server error instead of bad request
2021-10-19 13:52:11 +02:00
Douglas Palmer
73f0474008
[KEYCLOAK-19422] ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader
2021-10-18 10:23:06 +02:00
Václav Muzikář
7d0af8519b
KEYCLOAK-19080 Simplify the RHSSO setup in an OpenShift Disconnected cluster
...
KEYCLOAK-19080 Simplify the RHSSO setup in an OpenShift Disconnected cluster
2021-10-18 09:35:32 +02:00
mposolda
7010017e0e
KEYCLOAK-19555 Improvements in ConsentRequiredExecutor of client policies
2021-10-16 14:11:18 +02:00
Dominik Guhr
a3b23700ea
KEYCLOAK-19553 Fix Resteasy Bug in Authenticators for Keycloak.X
2021-10-15 14:24:46 -03:00
Thomas Darimont
b1bcd5d66e
KEYCLOAK-12754 Honor nested composite roles when creating roles via REST API ( #7097 )
...
* KEYCLOAK-12754 Honor nested composite roles when creating roles via REST API
- Validate composite roles when creating roles via REST API
2021-10-15 10:33:19 -03:00
mposolda
acd00a492b
KEYCLOAK-19556 Avoid auto-creating invalid redirect URL for FAPI clients
2021-10-15 11:17:59 +02:00
Bart Monhemius
5b0986e490
[KEYCLOAK-18891] Add support for searching users by custom user attributes
...
Users can now be searched by custom attributes using 'q' in the query parameters. The implementation is roughly the same as search clients by custom attributes.
2021-10-12 13:08:47 +02:00
R Yamada
891c8e1a12
[KEYCLOAK-17653] - OIDC Frontchannel logout support
2021-10-07 15:27:19 -03:00
Dominik
97ee8832a3
KEYCLOAK-19079 Add special case for kubeadmin without uid and OCP4
2021-10-07 14:29:00 -03:00
Martin Kanis
30b3caee9f
KEYCLOAK-18445 Add support for cross-site model tests
2021-10-06 14:37:06 +02:00
Seth
90947404a5
KEYCLOAK-16380 Make IdP display name available to idp link email subject ( #7626 )
...
KEYCLOAK-16380 Make IdP display name available to idp link email subject
2021-10-04 11:10:18 +02:00
Michal Hajas
da0c945475
KEYCLOAK-18940 Add support for searching composite roles
2021-10-01 12:41:19 +02:00
Nathan Strobbe
64717f650b
KEYCLOAK-15167 Retrieve email from Twitter IdP
2021-10-01 09:45:20 +02:00
Luca Leonardo Scorcia
43a3c676f7
KEYCLOAK-16456 X509 Auth: add option for OCSP fail-open behavior
2021-10-01 08:37:01 +02:00
Luca Leonardo Scorcia
9838a47662
KEYCLOAK-16520 X509 Auth: Add option to verify certificate policy
2021-09-30 16:36:05 +02:00
Daniel Fesenmeyer
0a2f8f5b63
KEYCLOAK-17887 fix endpoint for creating or updating realm localization texts for a given locale (UnsupportedOperation was thrown because RealmAdapter tried to change unmodifiable map):
...
- fix RealmAdapter to create a new map instead of trying to change unmodifiable map
- only provide POST endpoints for creating or updating the texts (to have the endpoints consistent with other Admin API endpoints)
- add tests
2021-09-30 15:07:56 +02:00
stianst
f471a110cd
KEYCLOAK-19408 Better client secrets
2021-09-29 18:19:43 +02:00
stianst
12c7bc7350
KEYCLOAK-19410 Compile issues in IntelliJ due to imports of sun packages
2021-09-28 14:59:33 +02:00
Václav Muzikář
69a146db7e
KEYCLOAK-18128 Keycloak cannot fetch group claims from openshift
2021-09-27 08:05:43 -03:00
Daniel Fesenmeyer
339224578e
KEYCLOAK-10603 adjust assignments to roles (user-role and group-role assignments, client-scope and client "scope mappings"): allow assignments of roles which are already indirectly assigned (e.g. by composite role)
...
- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
2021-09-22 13:56:29 +02:00
Nikolas Laskaris
8f09d34272
KEYCLOAK-18288 ( #8096 )
...
RealmsAdminResource now returns also a brief representation (not by default, to be backwards compatible) for realms[] if the appropriate flag is sent.
2021-09-20 15:32:15 -04:00
Vlastimil Elias
28e220fa6d
KEYCLOAK-18497 - Support different input types in built-in dynamic forms
2021-09-20 09:14:49 -03:00
Takashi Norimatsu
375e47877e
KEYCLOAK-18558 Client Policy - Endpoint : support Device Authorization Endpoint
2021-09-20 11:22:58 +02:00
Jess Thrysoee
b4fe7bbda2
KEYCLOAK-19344 Add CORS to Device Authorization Request
...
Add CORS headers to the Device Authorization Request (OAuth 2.0 Device Authorization Grant)
to make it available for non-confidential public webbrowser based clients, e.g. SPA like
signage or kiosk webapps.
2021-09-20 10:32:10 +02:00
chen kqing
c9809f0151
KEYCLOAK-18873 href attribute of a "Unable to scan?" tag is wrong in "Configure TOTP" page
2021-09-20 10:09:58 +02:00
Sophie Tauchert
b5d477c421
[KEYCLOAK-18556] Check for federated credentials when resolving authenticators
2021-09-15 16:54:56 +02:00
Stan Silvert
93e229e45d
KEYCLOAK-18512: Integrate New Admin Console into Keycloak build ( #8366 )
...
* KEYCLOAK-18512: Integrate New Admin Console into Keycloak build
* KEYCLOAK-18512: Integrate New Admin Console into Keycloak build
* Change version to project version. Make experimental.
* Add PAT for reading packages (#12 )
* Add PAT for reading packages
* Encode token
* Use generic GH account for installation of packages
* Enable Github packages repo only for snapshots
* KEYCLOAK-18512: Make ADMIN2 experimental instead of preview
* KEYCLOAK-18512: Remove early return
* KEYCLOAK-18512: Fix formatting issue
Co-authored-by: Jon Koops <jonkoops@gmail.com>
2021-09-15 10:09:06 -04:00
Vlastimil Elias
2be5f528e4
KEYCLOAK-18700 - consistently record User profile attribute changes in
...
UPDATE_PROFILE event
2021-09-15 08:26:01 -03:00
bohmber
4fe7d6d318
KEYCLOAK-17110
...
LDAP Connection Pool not used with org.keycloak.truststore.SSLSocketFactory
2021-09-15 10:55:59 +02:00
Luca Leonardo Scorcia
6d0708d263
KEYCLOAK-17368 Show forwarded errors when a default remote IdP is configured ( #7838 )
2021-09-14 09:44:59 +02:00
bal1imb
67e3df654f
KEYCLOAK-18740 Admin events trigger transaction rollback if exception is thrown.
2021-09-13 14:07:28 +02:00
Luca Leonardo Scorcia
af8354267b
KEYCLOAK-16462 X509 Auth: add option to revalidate certificate trust
2021-09-13 12:12:38 +02:00
David Hellwig
a6cd80c933
KEYCLOAK-16076 added new warining when cookies are disabled -with new branch- ( #7632 )
...
* KEYCLOAK-16076 added new warining when cookies are disabled
Co-authored-by: David Hellwig <david.hellwig@bosch.com>
Co-authored-by: Christoph Leistert <christoph.leistert@bosch-si.com>
2021-09-13 11:30:11 +02:00
Hynek Mlnarik
4518b3d3d1
KEYCLOAK-19143 Split note for broker and SP SAML request ID
2021-09-07 17:04:30 +02:00
Olivier Boudet
c7f8544b0c
KEYCLOAK-18454 Reset password : wrong email instructions when duplicates email is allowed
2021-09-02 14:44:18 +02:00
Thomas Darimont
e217e9a175
KEYCLOAK-18818 Add CORS preflight handler to token revocation endpoint
2021-08-31 10:07:32 +02:00
vramik
5fe675b612
KEYCLOAK-18841 prevent deletion of default role using RoleContainerResource
2021-08-20 12:02:07 +02:00
Thomas Darimont
f16eb4d8b9
KEYCLOAK-18954 Refactor user consent list retrieval to avoid ConcurrentModificationException
...
This avoids a ConcurrentModificationException to be thrown in UserResource.getConsents()
calls that got introduced in 4e8b18f560
by filtering
the resulting stream explicitly instead of removing items from the collection
that we iterate over, which triggered the CME in the first place.
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-08-18 10:39:44 +02:00
wuweixin
6431afe360
KEYCLOAK-18974 BitbucketIdentityProvider IdentityBrokerException message
...
github => bitbucket
2021-08-18 10:32:07 +02:00
rmartinc
5ff6ff57a8
[KEYCLOAK-18535] KeycloakSanitizerMethod causes java.lang.IndexOutOfBoundsException when there is more then one href in a sanitized message
2021-08-18 10:19:22 +02:00
bal1imb
269b661b8a
KEYCLOAK-16633 Prevent deletion of internal clients.
2021-08-09 11:45:03 -03:00
Martin Kanis
b42f765c2a
KEYCLOAK-18982 Token OIDC introspection endpoint should not update any of the timestamps
2021-08-05 18:21:16 +02:00
Yoshiyuki Tabata
b31b60fffe
KEYCLOAK-18341 Support JWKS OAuth2 Client Metadata in the "by value" key loading method
2021-08-05 16:52:55 +02:00
mposolda
b1d39aa136
KEYCLOAK-18949 DirectGrant login should fail if authenticationSession contains some required actions
2021-08-04 08:50:27 +02:00
carlChen
a0b01b6ef4
KEYCLOAK-16703 The username returned by token introspect endpoint is null when remove or modify username mapper
2021-08-03 17:38:37 +02:00
Florian Ritterhoff
65480cb5a1
Prevent security flaw using passwordless authentication
...
If you register without an password or delete your last token your account can be hijacked. This is can be done by simply trying to login in that moment where the account is without a token. You get the "normal" registration dialog and can capture the complete account.
2021-08-03 10:49:45 -03:00
Sebastian Kanzow
4e8e4592ca
[KEYCLOAK-18419] Support SAML 2.0 Encrypted IDs in Assertion
2021-08-03 11:55:36 +02:00
laskasn
f265d1d662
KEYCLOAK-18933
2021-08-02 15:27:08 +02:00
keycloak-bot
262ec3d031
Set version to 16.0.0-SNAPSHOT
2021-07-30 14:56:10 +02:00
Pedro Igor
afb0b16e43
[KEYCLOAK-18922] - Ignore empty values for internal attributes not set to user
2021-07-30 12:30:43 +02:00
Pedro Igor
ff70e2e04b
[KEYCLOAK-18916] - Do not consider empty values when checking read-only attributes
2021-07-29 08:46:16 +02:00
Vlastimil Elias
32f2f095fe
KEYCLOAK-7724 User Profile default validations
2021-07-29 08:42:37 +02:00
mposolda
4dacbb9e0b
KEYCLOAK-16996 User not able to revoke his offline token for directGrant clients
2021-07-29 08:04:16 +02:00
mposolda
9b0e1fff8d
KEYCLOAK-18903 More customizable OIDC WellKnown provider
2021-07-28 18:03:23 +02:00
mposolda
05dfed721a
KEYCLOAK-18636 The mtls_endpoint_aliases claim is not advertized in the discovery document
2021-07-28 13:32:31 +02:00
Pedro Igor
ef72343a6a
[KEYCLOAK-18882] - User Profile still tech preview
2021-07-28 08:45:35 +02:00
mposolda
4520cbd38c
KEYCLOAK-18904 Support cert-bound tokens when doing client credentials grant. Client policies support for client credentials grant
2021-07-28 07:24:30 +02:00
mposolda
643b3c4c5a
KEYCLOAK-18594 CIBA Ping Mode
2021-07-27 08:33:17 +02:00
Hynek Mlnarik
8889122dc1
KEYCLOAK-18845 Remove key type in map storage (simplify generics)
2021-07-23 17:04:20 +02:00
Takashi Norimatsu
9018fe9fad
KEYCLOAK-18863 Global client profile for FAPI CIBA
2021-07-23 14:30:26 +02:00
Joerg Matysiak
9dff21d0a7
KEYCLOAK-18552
...
* added group as attribute metadata
* validation for groups and references to groups
* adapted template to use show attribute groups
* test and integration tests for attribute groups
2021-07-23 09:26:21 -03:00
Takashi Norimatsu
6436716514
KEYCLOAK-18834 Client Policies : ClientScopesCondition needs to be evaluated on CIBA backchannel authentication request and token request
2021-07-23 10:06:02 +02:00
Martin Bartoš
036239a901
KEYCLOAK-18643 Generic Javascript failure in server and adapters test pipeline
2021-07-23 08:47:27 +02:00
Takashi Norimatsu
84e19f1c57
KEYCLOAK-18833 FAPI-CIBA-ID1 : need to only accept confidential client on Backchannel Authentication endpoint
2021-07-23 08:26:36 +02:00
Luca Leonardo Scorcia
6bd7420907
KEYCLOAK-17290 SAML Client - Generate AttributeConsumingService SP metadata section
2021-07-22 21:53:16 +02:00
Pedro Igor
8260c3c623
[KEYCLOAK-18860] - Fixing attributes returned from user api
2021-07-22 15:09:30 -03:00
Vlastimil Elias
f307c56fe1
KEYCLOAK-18812 UserProfile metadata in Account REST API
2021-07-22 08:46:30 -03:00
Pedro Igor
b4c940fe3f
[KEYCLOAK-18860] - Return attributes defined in user profile from user api
2021-07-22 08:32:47 -03:00
Robert Schuh
843bbf1bb3
KEYCLOAK-18852 Prevent NPE in case of missing truststore
...
even though the "return null" at the top of the method is called if no truststore is set, the finally block is still executed. And since the keystore is not there an NPE is thrown when calling the remove method.
2021-07-21 14:13:22 +02:00
Pedro Igor
d29d945cc4
[KEYCLOAK-18857] - Do not force default to RS256 when verifying tokens sent by clients and JWK does not hold an algorithm
2021-07-21 11:09:02 +02:00
Takashi Norimatsu
2c019c9ce5
KEYCLOAK-18832 FAPI-CIBA-ID1 conformance test : need to return 401 error=invalid_client if client authentication is not successfully completed on Backchannel Authentication endpoint
2021-07-21 10:13:55 +02:00
Takashi Norimatsu
8df36fbf28
KEYCLOAK-18828 FAPI-CIBA-ID1 conformance test : Additional checks of signed authentication request
2021-07-21 08:19:19 +02:00
Takashi Norimatsu
61fcbb307b
KEYCLOAK-18830 FAPI-CIBA-ID1 conformance test : HolderOfKeyEnforcerExecutor needs to be executed on CIBA token request
2021-07-21 08:07:50 +02:00
Pedro Igor
54a0e84070
[KEYCLOAK-18741] - Review error messages when validating PAR requests
2021-07-20 14:08:49 -03:00
Pedro Igor
7f34af4016
Revert "[KEYCLOAK-18425] - Allow mapping user profile attributes"
...
This reverts commit 3e07ca3c
2021-07-20 14:08:09 -03:00
mposolda
db7e247f7b
KEYCLOAK-18848 KEYCLOAK-18850 Enable CIBA and PAR by default
2021-07-20 15:59:06 +02:00
Takashi Norimatsu
f154b0b209
KEYCLOAK-18831 FAPI-CIBA-ID1 conformance test : need to return 400 if user authentication is not successfully completed
2021-07-20 10:46:16 +02:00
Takashi Norimatsu
e2c5fa20a2
KEYCLOAK-18849 Client Policy - Condition : ClientRolesCondition needs to be evaluated on PAR endpoint
2021-07-20 09:41:48 +02:00
Pedro Igor
396a78bcc4
[KEYCLOAK-18723] - Configurable constraints for request object encryption
2021-07-20 09:28:09 +02:00
Pedro Igor
730d4e8ac9
[KEYCLOAK-18807] - Fixing claims in JARM responses
2021-07-20 08:23:33 +02:00
Pedro Igor
13a08362d4
[KEYCLOAK-18819] - SecureResponseType executor shall allow response_type=code when using JARM and response_mode=jwt
2021-07-20 08:16:19 +02:00
Takashi Norimatsu
f76c07476c
KEYCLOAK-18827 FAPI-CIBA-ID1 conformance test : Client JWT authentication should allow Backchannel Authentication endpoint as audience
2021-07-20 06:39:28 +02:00
Takashi Norimatsu
02a9eb442d
KEYCLOAK-18829 FAPI-CIBA-ID1 conformance test : ClientRolesCondition needs to be evaluated on CIBA backchannel authentication request and token request
2021-07-20 06:31:10 +02:00
Pedro Igor
fe4e089e81
[KEYCLOAK-18745] - Client JWT authentication should allow PAR endpoint as audience
2021-07-19 14:23:53 -03:00
Vlastimil Elias
61aa4e6a70
KEYCLOAK-18750 - Set "Email Verified" to false when email changed in
...
UserProfile Provider
2021-07-19 11:19:29 -03:00
Takashi Norimatsu
f188f02d03
KEYCLOAK-18826 FAPI-CIBA-ID1 conformance test : ID Token needs to include auth_time claim
2021-07-19 15:11:23 +02:00
Takashi Norimatsu
63f04c1118
KEYCLOAK-18683 Client policy executor for check Backchannel signed request algorithms matching FAPI compliant algorithms
2021-07-19 14:48:31 +02:00
Pedro Igor
a79d28f115
[KEYCLOAK-18729] - Support JAR when using PAR
2021-07-19 11:42:20 +02:00
bal1imb
2c8d4ad9b4
KEYCLOAK-18590 Realm localizations of one realm must not affect themes displayed in context of other realms.
2021-07-16 16:12:58 +02:00
bal1imb
fbaeb18a5f
KEYCLOAK-18471 Added ID to admin event object.
2021-07-16 12:46:07 +02:00
Pedro Igor
f1face6973
[KEYCLOAK-18748] - Do not remove attributes when declarative provider is enabled
2021-07-15 12:00:39 -03:00
Vlastimil Elias
7618e66136
[KEYCLOAK-18541] separate template for IDP review page
2021-07-13 21:43:52 -03:00
vramik
00017b44a3
KEYCLOAK-18311 fix creation of roles during client registration
2021-07-12 11:39:47 +02:00
Pedro Igor
1baab67f3b
[KEYCLOAK-18630] - Request object encryption support
2021-07-09 11:27:30 -03:00
Vlastimil Elias
6686482ba5
[KEYCLOAK-18591] - Support a dynamic IDP user review form
2021-07-09 10:05:26 -03:00
Takashi Norimatsu
7cdcf0f93e
KEYCLOAK-18654 Client Policy - Endpoint : support Token Request by CIBA Backchannel Authentication
2021-07-09 11:24:12 +02:00
Takashi Norimatsu
43eb2b7c90
KEYCLOAK-18123 Client Policy - Executor : Enforce Backchannel Authentication Request satisfying high security level
2021-07-09 09:11:13 +02:00
Takashi Norimatsu
63b737545f
KEYCLOAK-18653 Client Policy - Endpoint : support Pushed Authorization Request Endpoint
2021-07-09 09:06:38 +02:00
Pedro Igor
4099833be8
[KEYCLOAK-18693] - Declarative profile validating read-only attribute if it exists
2021-07-08 15:22:02 -03:00
Takashi Norimatsu
dce163d3e2
KEYCLOAK-18587 CIBA signed request: Client must configure the algorithm
2021-07-08 10:16:22 +02:00
Dmitry Telegin
3b3a61dfba
KEYCLOAK-18639 Token Exchange SPI Milestone 1
2021-07-06 15:48:45 -03:00
Benjamin Weimer
8c1ea60b04
* Add sid claim to ID Token
...
* deprecate session state parameter in ID Token
* remove charset=UTF-8 from backchannel logout post request Content-Type header
2021-07-06 15:30:53 -03:00
Takashi Norimatsu
2b1624390a
KEYCLOAK-17937 Client Policy - Endpoint : support CIBA Backchannel Authentication Endpoint
2021-07-03 08:57:20 +02:00
Hryhorii Hevorkian
2803685cd7
KEYCLOAK-18353 Implement Pushed Authorization Request inside the Keycloak
...
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-07-03 08:47:42 +02:00
lbortoli
e5ae113453
KEYCLOAK-18452 FAPI JARM: JWT Secured Authorization Response Mode for OAuth 2.0
2021-07-03 00:00:32 +02:00
Vlastimil Elias
04ff2c327b
[KEYCLOAK-18429] Support a dynamic update profile form
2021-07-02 10:22:47 -03:00
Vlastimil Elias
f32447bcc1
[KEYCLOAK-18424] GUI order for user profile attributes
2021-07-02 08:37:24 -03:00
Pedro Igor
b26b41332e
[KEYCLOAK-18626] - Avoid changing username when registration as email is enabled
2021-07-02 08:07:04 -03:00
Pedro Igor
3e07ca3c22
[KEYCLOAK-18425] - Allow mapping user profile attributes
2021-07-01 10:19:28 -03:00
lbortoli
164f3df080
KEYCLOAK-18502 - Support for additional parameters from the backchannel authentication request and backchannel authentication callback.
2021-07-01 00:31:26 +02:00
Valentin Hervieu
aab6782bae
KEYCLOAK-18603 Remove duplicated statement
...
This is super minor but saw this while reading this file.
2021-06-30 15:56:32 +02:00
Vlastimil Elias
bcfa6e4309
KEYCLOAK-18592 - put attribute validators configuration into freemarker
...
template for user profile pages
2021-06-30 09:01:12 -03:00
Václav Muzikář
eb3bd8bbb5
KEYCLOAK-18554 Make ErrorHandler to log all errors for debugging purposes
2021-06-30 08:58:09 +02:00
Takashi Norimatsu
cef742ee3f
KEYCLOAK-18583 Remove OIDCWellKnownProvider.isAsymmetricAlgorithm
2021-06-30 07:35:46 +02:00
Luca Leonardo Scorcia
ae98d8ea28
KEYCLOAK-18315 SAML Client - Add parameter to request specific AttributeConsumingServiceIndex
2021-06-29 16:22:38 +02:00
Takashi Norimatsu
57c80483bb
KEYCLOAK-17936 FAPI-CIBA : support Signed Authentication Request
...
Co-authored-by: Pritish Joshi <pritish@banfico.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-06-29 08:07:40 +02:00
Pedro Igor
948f453e2d
[KEYCLOAK-18427] - Allowing switching to declarative provider
2021-06-28 15:50:04 -03:00
Vlastimil Elias
512bcd14f7
[KEYCLOAK-18428] - dynamic registration form
2021-06-25 17:11:15 -03:00
Pedro Igor
faadb896ea
[KEYCLOAK-18426] - Support required by role and scopes in Admin UI
2021-06-24 10:43:49 -03:00
Vlastimil Elias
b7a4fd8745
KEYCLOAK-18423 - Support a user-friendly name property for user profile
...
attributes
2021-06-24 08:17:06 -03:00
Luca Leonardo Scorcia
cdf9621257
KEYCLOAK-18450 Add basic tests for the Identity Provider Redirector Default IdP feature
2021-06-23 08:42:14 +02:00