Commit graph

5399 commits

Author SHA1 Message Date
Benjamin Weimer
8d1c3bbeb0 KEYCLOAK-19076 Entrypoint of Keycloak Docker Image that's used in
performance tests is not executable for jboss user
2021-10-20 12:35:32 +02:00
Thomas Darimont
9857a04895 KEYCLOAK-16107 Enable ScriptBasedOIDCProtocolMapper to return JSON objects directly
We now allow to return JSON objects directly from a ScriptBasedOIDCProtocolMapper, by
adding support to turn objects that implement the java.util.Map into JsonNodes.

Previously returning JSON objects directly caused an exception during runtime.
2021-10-19 11:21:26 -03:00
Dominik Guhr
7b135c4dfc KEYCLOAK-19461 Unignore OpenShiftTokenReviewEndpointTest 2021-10-18 08:56:43 -03:00
Dominik Guhr
c45a6fde12
KEYCLOAK-19547 Switch arquillian quarkus container to use autobuild to prevent timeo… (#8576)
* KEYCLOAK-19547 Switch arquillian quarkus container to use autobuild to prevent timeouts when reaugmentation is longer than 10s

Co-authored-by: Dominik Guhr <dguhr@redhat.com>
2021-10-18 08:53:12 -03:00
Hynek Mlnarik
8ee992e638 KEYCLOAK-19482 Generate map entity cloners 2021-10-18 13:14:14 +02:00
Douglas Palmer
73f0474008 [KEYCLOAK-19422] ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader 2021-10-18 10:23:06 +02:00
mposolda
7010017e0e KEYCLOAK-19555 Improvements in ConsentRequiredExecutor of client policies 2021-10-16 14:11:18 +02:00
Thomas Darimont
b1bcd5d66e
KEYCLOAK-12754 Honor nested composite roles when creating roles via REST API (#7097)
* KEYCLOAK-12754 Honor nested composite roles when creating roles via REST API
  - Validate composite roles when creating roles via REST API
2021-10-15 10:33:19 -03:00
Pedro Igor
982f0f93b4 [KEYCLOAK-19559] - Support for custom JPA model 2021-10-15 08:48:30 -03:00
mposolda
acd00a492b KEYCLOAK-19556 Avoid auto-creating invalid redirect URL for FAPI clients 2021-10-15 11:17:59 +02:00
Pedro Igor
27e74c41ff [KEYCLOAK-19459] - Enabling ClientSearchTest to Dist.X 2021-10-14 17:08:06 -03:00
Dominik
8f3940032e KEYCLOAK-19461 Add dependency for openshift restclient to quarkus dist to make the OpenShiftClientStorageTest work. 2021-10-13 14:52:19 -03:00
Takashi Norimatsu
a4f83c569d KEYCLOAK-19510 Nested JWT JOSE header needs to set JWT to cty field 2021-10-12 16:58:15 +02:00
Bart Monhemius
5b0986e490 [KEYCLOAK-18891] Add support for searching users by custom user attributes
Users can now be searched by custom attributes using 'q' in the query parameters. The implementation is roughly the same as search clients by custom attributes.
2021-10-12 13:08:47 +02:00
Dominik
ce0070508f KEYCLOAK-19457 Unignore JsonFileImportTests now that KEYCLOAK-19521 is done 2021-10-11 16:41:07 -03:00
Dominik
00feef4dbe KEYCLOAK-19496 Unignore ArtifactBindingCustomResolverTest and make SetDefaultProvider Annotation usable for Quarkus-based distribution 2021-10-08 15:50:59 -03:00
R Yamada
891c8e1a12 [KEYCLOAK-17653] - OIDC Frontchannel logout support 2021-10-07 15:27:19 -03:00
Dominik
97ee8832a3 KEYCLOAK-19079 Add special case for kubeadmin without uid and OCP4 2021-10-07 14:29:00 -03:00
Hynek Mlnarik
3abf9283a8 KEYCLOAK-19374 Create implementation based on annotation processor
Use of boxed types as started in 009d4ca445 is finalized here
to enable storing data in a map. MapClientEntity methods are
reordered for the sake of grouping the collection-based
properties together and understanding the connections between those.
2021-10-07 10:54:25 +02:00
Dominik
12d4837fa9 KEYCLOAK-19484_BasicSamlTest 2021-10-06 12:04:05 -03:00
Martin Kanis
30b3caee9f KEYCLOAK-18445 Add support for cross-site model tests 2021-10-06 14:37:06 +02:00
Dominik
cd7a22c174 KEYCLOAK-19476: Unignore LoginTest.loginWithLongRedirectUri by adding property to authserver-quarkus 2021-10-06 08:03:34 -03:00
Tomas Kyjovsky
01a0e11c8f KEYCLOAK-19392 pass infinispan javaVmArguments via JAVA_OPTS instead of CLI parameters 2021-10-05 09:06:50 +02:00
Dominik
021245a330 KEYCLOAK-19463 fix PasswordPolicyTest for Quarkus 2021-10-04 15:32:18 -03:00
Dominik
8cf35c9b7b KEYCLOAK-13770 - Working DefaultThemeManagerTest 2021-10-01 11:25:17 -03:00
Michal Hajas
da0c945475 KEYCLOAK-18940 Add support for searching composite roles 2021-10-01 12:41:19 +02:00
Nathan Strobbe
64717f650b KEYCLOAK-15167 Retrieve email from Twitter IdP 2021-10-01 09:45:20 +02:00
Pedro Igor
0210acadad [KEYCLOAK-19424] - Rename the config command to build 2021-10-01 08:39:50 +02:00
Luca Leonardo Scorcia
43a3c676f7 KEYCLOAK-16456 X509 Auth: add option for OCSP fail-open behavior 2021-10-01 08:37:01 +02:00
Daniel Fesenmeyer
0a2f8f5b63 KEYCLOAK-17887 fix endpoint for creating or updating realm localization texts for a given locale (UnsupportedOperation was thrown because RealmAdapter tried to change unmodifiable map):
- fix RealmAdapter to create a new map instead of trying to change unmodifiable map
- only provide POST endpoints for creating or updating the texts (to have the endpoints consistent with other Admin API endpoints)
- add tests
2021-09-30 15:07:56 +02:00
Douglas Palmer
ff07c4891e [KEYCLOAK-14378] Allow customization of debug settings for clustered JBoss app servers in tests. 2021-09-30 13:28:05 +02:00
stianst
f471a110cd KEYCLOAK-19408 Better client secrets 2021-09-29 18:19:43 +02:00
Dominik
82964f7460 KEYCLOAK-13770 Working FixedHostnameTest for Quarkus 2021-09-28 11:48:50 -03:00
stianst
12c7bc7350 KEYCLOAK-19410 Compile issues in IntelliJ due to imports of sun packages 2021-09-28 14:59:33 +02:00
Dominik
20b91c7d4f KEYCLOAK-13770 Fix Quarkus ScriptDeploymentTests, Hostnametests and tests relying on user attribute config 2021-09-27 15:19:45 -03:00
Václav Muzikář
69a146db7e KEYCLOAK-18128 Keycloak cannot fetch group claims from openshift 2021-09-27 08:05:43 -03:00
Daniel Fesenmeyer
339224578e KEYCLOAK-10603 adjust assignments to roles (user-role and group-role assignments, client-scope and client "scope mappings"): allow assignments of roles which are already indirectly assigned (e.g. by composite role)
- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
2021-09-22 13:56:29 +02:00
Vlastimil Elias
28e220fa6d KEYCLOAK-18497 - Support different input types in built-in dynamic forms 2021-09-20 09:14:49 -03:00
Takashi Norimatsu
375e47877e KEYCLOAK-18558 Client Policy - Endpoint : support Device Authorization Endpoint 2021-09-20 11:22:58 +02:00
chen kqing
c9809f0151 KEYCLOAK-18873 href attribute of a "Unable to scan?" tag is wrong in "Configure TOTP" page 2021-09-20 10:09:58 +02:00
Dominik
6d036a4647 KEYCLOAK-13770 Already working Tests after upgrade to Quarkus2 2021-09-17 10:03:26 -03:00
Dominik
4090114398 KEYCLOAK-16246 Revert changes from workaround made in KEYCLOAK-16244 after upgrading to quarkus 2
Also fixed a small type in testclass.
This reverts commit 9b2f2015f7.
2021-09-16 15:42:48 -03:00
Sophie Tauchert
b5d477c421 [KEYCLOAK-18556] Check for federated credentials when resolving authenticators 2021-09-15 16:54:56 +02:00
Vlastimil Elias
2be5f528e4 KEYCLOAK-18700 - consistently record User profile attribute changes in
UPDATE_PROFILE event
2021-09-15 08:26:01 -03:00
Marek Posolda
11e5f66c60
KEYCLOAK-19056 EDIT MODE field should not be leave empty (#8380) 2021-09-14 20:27:09 +02:00
Luca Leonardo Scorcia
6d0708d263
KEYCLOAK-17368 Show forwarded errors when a default remote IdP is configured (#7838) 2021-09-14 09:44:59 +02:00
Luca Leonardo Scorcia
af8354267b
KEYCLOAK-16462 X509 Auth: add option to revalidate certificate trust 2021-09-13 12:12:38 +02:00
David Hellwig
a6cd80c933
KEYCLOAK-16076 added new warining when cookies are disabled -with new branch- (#7632)
* KEYCLOAK-16076 added new warining when cookies are disabled

Co-authored-by: David Hellwig <david.hellwig@bosch.com>
Co-authored-by: Christoph Leistert <christoph.leistert@bosch-si.com>
2021-09-13 11:30:11 +02:00
Benjamin Weimer
655d66b03f KEYCLOAK-19077 fix login for admin console based scenarios (PKCE is required by default)
* also don't fetch fonts that are not needed/available anymore
2021-09-13 11:01:07 +02:00
Pedro Igor
aa018295c4 [KEYCLOAK-17866] - Upgrade to Quarkus v2 2021-09-10 11:21:09 -03:00
Hynek Mlnarik
4518b3d3d1 KEYCLOAK-19143 Split note for broker and SP SAML request ID 2021-09-07 17:04:30 +02:00
Olivier Boudet
c7f8544b0c KEYCLOAK-18454 Reset password : wrong email instructions when duplicates email is allowed 2021-09-02 14:44:18 +02:00
Martin Bartoš
a25a0d513e KEYCLOAK-19159 KcSamlEncryptedIdTest failure for undertow 2021-09-02 11:22:53 +02:00
vramik
d216f8f748 KEYCLOAK-19104 Add custom ForeignKeySnapshotGenerator 2021-09-02 09:59:26 +02:00
Martin Bartoš
7c243c8427 KEYCLOAK-18590 Save Button Enabled For Empty Attributes 2021-09-01 10:51:20 +02:00
vramik
5fe675b612 KEYCLOAK-18841 prevent deletion of default role using RoleContainerResource 2021-08-20 12:02:07 +02:00
Martin Bartos
18cef60bbd KEYCLOAK-19037 Problems with validation of Email field that contains uppercase character 2021-08-19 11:13:42 +02:00
mposolda
418d1e3471 KEYCLOAK-19039 Sync UPDATE_PASSWORD required action to only to MSAD with WRITABLE edit mode. Add tests for MSAD mapper 2021-08-18 17:39:19 +02:00
Thomas Darimont
a7fd1bc3a9 KEYCLOAK-18954 Add test for user consent retrieval with offline access consents
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-08-18 10:39:44 +02:00
bal1imb
269b661b8a KEYCLOAK-16633 Prevent deletion of internal clients. 2021-08-09 11:45:03 -03:00
Martin Kanis
6886bd6651 KEYCLOAK-18941 ExecutionException when computed future - InfinispanCacheInitializer 2021-08-05 18:28:27 +02:00
Martin Kanis
b42f765c2a KEYCLOAK-18982 Token OIDC introspection endpoint should not update any of the timestamps 2021-08-05 18:21:16 +02:00
Simen Heggestøyl
624a9a3ed7 KEYCLOAK-18509 Fix permission error when deleting client 2021-08-05 11:55:24 -03:00
Yoshiyuki Tabata
b31b60fffe KEYCLOAK-18341 Support JWKS OAuth2 Client Metadata in the "by value" key loading method 2021-08-05 16:52:55 +02:00
Martin Bartoš
3c19fae88b KEYCLOAK-18964 MetricsRestServiceTest contains wrong health check message 2021-08-05 16:01:01 +02:00
Hynek Mlnarik
2acb43a627 KEYCLOAK-18617 Fix index on client attributes 2021-08-05 15:35:55 +02:00
Sebastian Rose
5d9d749fbd KEYCLOAK-18380 Fix Groups search by name returns unwanted groups
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>

Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-08-05 11:43:56 +02:00
Sebastian Rose
565251d5a6 KEYCLOAK-18380 Fix Groups search by name returns unwanted groups, cleanup test, skip tests on map storage provider feature 2021-08-05 11:43:56 +02:00
Thomas Darimont
17da3ee8d9 KEYCLOAK-18380 Fix Groups search by name returns unwanted groups
Previously the group search did not apply a given search query as filter
for groups along the group path.

We now filter the found groups with the given group search query if present.
2021-08-05 11:43:56 +02:00
mposolda
b1d39aa136 KEYCLOAK-18949 DirectGrant login should fail if authenticationSession contains some required actions 2021-08-04 08:50:27 +02:00
Yang Xie
d8cb279bc4 KEYCLOAK-17693 add config for loading custom IdMapper class 2021-08-03 17:44:47 +02:00
carlChen
a0b01b6ef4 KEYCLOAK-16703 The username returned by token introspect endpoint is null when remove or modify username mapper 2021-08-03 17:38:37 +02:00
Sebastian Kanzow
4e8e4592ca [KEYCLOAK-18419] Support SAML 2.0 Encrypted IDs in Assertion 2021-08-03 11:55:36 +02:00
keycloak-bot
262ec3d031 Set version to 16.0.0-SNAPSHOT 2021-07-30 14:56:10 +02:00
Pedro Igor
afb0b16e43 [KEYCLOAK-18922] - Ignore empty values for internal attributes not set to user 2021-07-30 12:30:43 +02:00
Martin Bartoš
56888911b0 KEYCLOAK-18691 CIBATest.testTokenRequestAfterIntervalButNotYetAuthenticated wrong expiration 2021-07-29 17:01:51 +02:00
Pedro Igor
ff70e2e04b [KEYCLOAK-18916] - Do not consider empty values when checking read-only attributes 2021-07-29 08:46:16 +02:00
Vlastimil Elias
32f2f095fe KEYCLOAK-7724 User Profile default validations 2021-07-29 08:42:37 +02:00
mposolda
4dacbb9e0b KEYCLOAK-16996 User not able to revoke his offline token for directGrant clients 2021-07-29 08:04:16 +02:00
mposolda
9b0e1fff8d KEYCLOAK-18903 More customizable OIDC WellKnown provider 2021-07-28 18:03:23 +02:00
mposolda
05dfed721a KEYCLOAK-18636 The mtls_endpoint_aliases claim is not advertized in the discovery document 2021-07-28 13:32:31 +02:00
Pedro Igor
ef72343a6a [KEYCLOAK-18882] - User Profile still tech preview 2021-07-28 08:45:35 +02:00
mposolda
4520cbd38c KEYCLOAK-18904 Support cert-bound tokens when doing client credentials grant. Client policies support for client credentials grant 2021-07-28 07:24:30 +02:00
mposolda
ce80a3ba9b KEYCLOAK-18901 Test for update clientNotificationEndpoint to 'http' URL should fail 2021-07-27 16:22:49 +02:00
mposolda
643b3c4c5a KEYCLOAK-18594 CIBA Ping Mode 2021-07-27 08:33:17 +02:00
Hynek Mlnarik
8889122dc1 KEYCLOAK-18845 Remove key type in map storage (simplify generics) 2021-07-23 17:04:20 +02:00
Hynek Mlnarik
07402d9aac KEYCLOAK-18845 Remove key type in map storage (move StringKeyConvertor to CHM) 2021-07-23 17:04:20 +02:00
Takashi Norimatsu
9018fe9fad KEYCLOAK-18863 Global client profile for FAPI CIBA 2021-07-23 14:30:26 +02:00
Joerg Matysiak
9dff21d0a7 KEYCLOAK-18552
* added group as attribute metadata
* validation for groups and references to groups
* adapted template to use show attribute groups
* test and integration tests for attribute groups
2021-07-23 09:26:21 -03:00
Takashi Norimatsu
6436716514 KEYCLOAK-18834 Client Policies : ClientScopesCondition needs to be evaluated on CIBA backchannel authentication request and token request 2021-07-23 10:06:02 +02:00
Hynek Mlnarik
6b9040d18a KEYCLOAK-18876 Fix intermittent LoginTest failures 2021-07-23 08:44:50 +02:00
Takashi Norimatsu
84e19f1c57 KEYCLOAK-18833 FAPI-CIBA-ID1 : need to only accept confidential client on Backchannel Authentication endpoint 2021-07-23 08:26:36 +02:00
Luca Leonardo Scorcia
6bd7420907 KEYCLOAK-17290 SAML Client - Generate AttributeConsumingService SP metadata section 2021-07-22 21:53:16 +02:00
Pedro Igor
8260c3c623 [KEYCLOAK-18860] - Fixing attributes returned from user api 2021-07-22 15:09:30 -03:00
Vlastimil Elias
fff27f8bd6 KEYCLOAK-18812 fixing Account REST API tests under User Profile enabled 2021-07-22 13:43:21 -03:00
Vlastimil Elias
f307c56fe1 KEYCLOAK-18812 UserProfile metadata in Account REST API 2021-07-22 08:46:30 -03:00
Pedro Igor
b4c940fe3f [KEYCLOAK-18860] - Return attributes defined in user profile from user api 2021-07-22 08:32:47 -03:00
ruromero
464475caa0 [KEYCLOAK-17872] Add missing HTTPClient properties
Signed-off-by: ruromero <rromerom@redhat.com>
2021-07-22 10:54:59 +02:00
Hynek Mlnarik
44cd6cd5fb KEYCLOAK-18824 Simplify MapStorageTransaction and move registerEntityForChanges to CHM transaction 2021-07-21 20:58:26 +02:00
mposolda
3993b73625 KEYCLOAK-18865 CIBATests failing for auth-server-remote 2021-07-21 14:14:01 +02:00
Pedro Igor
d29d945cc4 [KEYCLOAK-18857] - Do not force default to RS256 when verifying tokens sent by clients and JWK does not hold an algorithm 2021-07-21 11:09:02 +02:00
Takashi Norimatsu
2c019c9ce5 KEYCLOAK-18832 FAPI-CIBA-ID1 conformance test : need to return 401 error=invalid_client if client authentication is not successfully completed on Backchannel Authentication endpoint 2021-07-21 10:13:55 +02:00
Takashi Norimatsu
8df36fbf28 KEYCLOAK-18828 FAPI-CIBA-ID1 conformance test : Additional checks of signed authentication request 2021-07-21 08:19:19 +02:00
Takashi Norimatsu
61fcbb307b KEYCLOAK-18830 FAPI-CIBA-ID1 conformance test : HolderOfKeyEnforcerExecutor needs to be executed on CIBA token request 2021-07-21 08:07:50 +02:00
Pedro Igor
54a0e84070 [KEYCLOAK-18741] - Review error messages when validating PAR requests 2021-07-20 14:08:49 -03:00
Pedro Igor
7f34af4016 Revert "[KEYCLOAK-18425] - Allow mapping user profile attributes"
This reverts commit 3e07ca3c
2021-07-20 14:08:09 -03:00
mposolda
db7e247f7b KEYCLOAK-18848 KEYCLOAK-18850 Enable CIBA and PAR by default 2021-07-20 15:59:06 +02:00
Takashi Norimatsu
f154b0b209 KEYCLOAK-18831 FAPI-CIBA-ID1 conformance test : need to return 400 if user authentication is not successfully completed 2021-07-20 10:46:16 +02:00
Takashi Norimatsu
e2c5fa20a2 KEYCLOAK-18849 Client Policy - Condition : ClientRolesCondition needs to be evaluated on PAR endpoint 2021-07-20 09:41:48 +02:00
Pedro Igor
396a78bcc4 [KEYCLOAK-18723] - Configurable constraints for request object encryption 2021-07-20 09:28:09 +02:00
Pedro Igor
730d4e8ac9 [KEYCLOAK-18807] - Fixing claims in JARM responses 2021-07-20 08:23:33 +02:00
Pedro Igor
13a08362d4 [KEYCLOAK-18819] - SecureResponseType executor shall allow response_type=code when using JARM and response_mode=jwt 2021-07-20 08:16:19 +02:00
Takashi Norimatsu
f76c07476c KEYCLOAK-18827 FAPI-CIBA-ID1 conformance test : Client JWT authentication should allow Backchannel Authentication endpoint as audience 2021-07-20 06:39:28 +02:00
Takashi Norimatsu
02a9eb442d KEYCLOAK-18829 FAPI-CIBA-ID1 conformance test : ClientRolesCondition needs to be evaluated on CIBA backchannel authentication request and token request 2021-07-20 06:31:10 +02:00
Pedro Igor
fe4e089e81 [KEYCLOAK-18745] - Client JWT authentication should allow PAR endpoint as audience 2021-07-19 14:23:53 -03:00
Vlastimil Elias
61aa4e6a70 KEYCLOAK-18750 - Set "Email Verified" to false when email changed in
UserProfile Provider
2021-07-19 11:19:29 -03:00
Takashi Norimatsu
f188f02d03 KEYCLOAK-18826 FAPI-CIBA-ID1 conformance test : ID Token needs to include auth_time claim 2021-07-19 15:11:23 +02:00
Takashi Norimatsu
63f04c1118 KEYCLOAK-18683 Client policy executor for check Backchannel signed request algorithms matching FAPI compliant algorithms 2021-07-19 14:48:31 +02:00
Pedro Igor
a79d28f115 [KEYCLOAK-18729] - Support JAR when using PAR 2021-07-19 11:42:20 +02:00
Hynek Mlnarik
009d4ca445 KEYCLOAK-18747 Turn MapClientEntity into interface + introduce delegates
Given that the Map*Entity is turned into an interface, it makes more sense
to use non-primitive types to allow for null values. This enables signalizing
that an entity does not define a particular value, and builds a base for definition
of instances with defaults: If a value is not present in the queried instance
(i.e. is `null`), the value would be obtained from a delegate containing
the defaults.
2021-07-17 15:45:46 +02:00
bal1imb
2c8d4ad9b4 KEYCLOAK-18590 Realm localizations of one realm must not affect themes displayed in context of other realms. 2021-07-16 16:12:58 +02:00
bal1imb
fbaeb18a5f KEYCLOAK-18471 Added ID to admin event object. 2021-07-16 12:46:07 +02:00
Pedro Igor
f1face6973 [KEYCLOAK-18748] - Do not remove attributes when declarative provider is enabled 2021-07-15 12:00:39 -03:00
Daniel Fesenmeyer
a25c70784c KEYCLOAK-18467 support unicode for realm localization texts 2021-07-15 10:30:42 +02:00
vramik
a07f3f9608 KEYCLOAK-18688 Add testing composite roles in RoleInvalidationClusterTest 2021-07-15 10:18:57 +02:00
Vlastimil Elias
7618e66136 [KEYCLOAK-18541] separate template for IDP review page 2021-07-13 21:43:52 -03:00
vramik
00017b44a3 KEYCLOAK-18311 fix creation of roles during client registration 2021-07-12 11:39:47 +02:00
Pedro Igor
1baab67f3b [KEYCLOAK-18630] - Request object encryption support 2021-07-09 11:27:30 -03:00
Vlastimil Elias
6686482ba5 [KEYCLOAK-18591] - Support a dynamic IDP user review form 2021-07-09 10:05:26 -03:00
Martin Bartoš
f3a96b9da9 KEYCLOAK-18644 New Account Console Tests failures 2021-07-09 11:56:02 +02:00
Takashi Norimatsu
7cdcf0f93e KEYCLOAK-18654 Client Policy - Endpoint : support Token Request by CIBA Backchannel Authentication 2021-07-09 11:24:12 +02:00
Takashi Norimatsu
43eb2b7c90 KEYCLOAK-18123 Client Policy - Executor : Enforce Backchannel Authentication Request satisfying high security level 2021-07-09 09:11:13 +02:00
Takashi Norimatsu
63b737545f KEYCLOAK-18653 Client Policy - Endpoint : support Pushed Authorization Request Endpoint 2021-07-09 09:06:38 +02:00
Pedro Igor
4099833be8 [KEYCLOAK-18693] - Declarative profile validating read-only attribute if it exists 2021-07-08 15:22:02 -03:00
Takashi Norimatsu
dce163d3e2 KEYCLOAK-18587 CIBA signed request: Client must configure the algorithm 2021-07-08 10:16:22 +02:00
Benjamin Weimer
8c1ea60b04 * Add sid claim to ID Token
* deprecate session state parameter in ID Token
* remove charset=UTF-8 from backchannel logout post request Content-Type header
2021-07-06 15:30:53 -03:00
Takashi Norimatsu
2b1624390a KEYCLOAK-17937 Client Policy - Endpoint : support CIBA Backchannel Authentication Endpoint 2021-07-03 08:57:20 +02:00
Hryhorii Hevorkian
2803685cd7 KEYCLOAK-18353 Implement Pushed Authorization Request inside the Keycloak
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-07-03 08:47:42 +02:00
lbortoli
e5ae113453 KEYCLOAK-18452 FAPI JARM: JWT Secured Authorization Response Mode for OAuth 2.0 2021-07-03 00:00:32 +02:00
Vlastimil Elias
04ff2c327b [KEYCLOAK-18429] Support a dynamic update profile form 2021-07-02 10:22:47 -03:00
Vlastimil Elias
f32447bcc1 [KEYCLOAK-18424] GUI order for user profile attributes 2021-07-02 08:37:24 -03:00
Pedro Igor
b26b41332e [KEYCLOAK-18626] - Avoid changing username when registration as email is enabled 2021-07-02 08:07:04 -03:00
Pedro Igor
3e07ca3c22 [KEYCLOAK-18425] - Allow mapping user profile attributes 2021-07-01 10:19:28 -03:00
vramik
2b9b50d50a KEYCLOAK-18194 fix migration of default role when realm id contains apostrophe 2021-07-01 11:22:11 +02:00
Hynek Mlnarik
0523dad4d5 KEYCLOAK-18414 Remove unnecessary id parameter from create operation 2021-07-01 11:18:53 +02:00
lbortoli
164f3df080 KEYCLOAK-18502 - Support for additional parameters from the backchannel authentication request and backchannel authentication callback. 2021-07-01 00:31:26 +02:00
Hynek Mlnarik
8a83ec83ac KEYCLOAK-18589 map-storage profile for KeycloakServer 2021-06-30 20:47:17 +02:00
Luca Leonardo Scorcia
ae98d8ea28 KEYCLOAK-18315 SAML Client - Add parameter to request specific AttributeConsumingServiceIndex 2021-06-29 16:22:38 +02:00
Martin Bartoš
9dc7300178 KEYCLOAK-18391 CIBATest failures 2021-06-29 16:15:12 +02:00
Sebastian Rose
ca6b78b730 KEYCLOAK-18390 GroupProvider search implementation of JPA and Map delivers different results 2021-06-29 14:59:01 +02:00