Commit graph

3262 commits

Author SHA1 Message Date
mposolda
73a38997d8 KEYCLOAK-14208 Default client profiles for FAPI 2021-05-31 12:31:52 +02:00
mposolda
ab13e3e4fe KEYCLOAK-17939 Enable Client policies feature by default 2021-05-31 12:31:52 +02:00
Michito Okai
bc6a746780 KEYCLOAK-18112 Token introspection of the revoked refresh token 2021-05-31 11:01:01 +02:00
vramik
2bf727d408 KEYCLOAK-17753 remove KeycloakModelUtils.isClientScopeUsed method 2021-05-28 21:07:14 +02:00
rmartinc
38101d01c2 [KEYCLOAK-18250] LDAPSyncTest.test09MembershipUsingDifferentAttributes fails on MySQL 8 and MariaDB 10.3 2021-05-28 00:01:57 +02:00
Michal Hajas
b216b9579c KEYCLOAK-18264 Fix SamlLogoutTest with different consumer and provider url 2021-05-27 23:23:46 +02:00
Michal Hajas
4dcb69596b KEYCLOAK-18146 Search for clients by client attribute when doing saml artifact resolution 2021-05-27 23:02:22 +02:00
Stian Thorgersen
2cb59e2503
KEYCLOAK-17844 Add option to disable authorization services to workaround issues with many clients 2021-05-27 22:28:56 +02:00
Martin Kanis
23aee6c210 KEYCLOAK-16616 Limit number of authSessios per rootAuthSession 2021-05-27 22:10:36 +02:00
Takashi Norimatsu
669556af71 KEYCLOAK-18296 RefreshTokenRequest returns incorrect error code during failed HoK request 2021-05-27 15:28:29 +02:00
Yoshiyuki Tabata
c52d0babce KEYCLOAK-17491 Move the key settings to the new Keys tab 2021-05-27 15:26:40 +02:00
Martin Bartoš
2096a0f5cc KEYCLOAK-18246 DemoFilterServletAdapterTest fails for app servers with TLS 2021-05-27 13:06:35 +02:00
vramik
3aa06c2721 KEYCLOAK-18073 avoid ModelDuplicateException during parallel starup of servers 2021-05-27 07:10:35 +02:00
Stefan Guilhen
eb631bf63b [KEYCLOAK-8730] Ensure role mappers don't remove roles already granted by another mapper when updating a brokered user 2021-05-26 17:21:54 +02:00
Michal Hajas
5c71c3d97f
KEYCLOAK-17764 Remove all clients querying fallback (#8077) 2021-05-26 13:18:58 +02:00
Martin Bartoš
77fe3e9bed KEYCLOAK-18054 EAP6Fuse6HawtioAdapterTest fails due to wrong port without TLS 2021-05-26 08:58:03 +02:00
Pedro Igor
b7e5db6534 [KEYCLOAK-18007] - Configure resolved paths with the method config from configuration 2021-05-25 09:48:30 -03:00
Luca Leonardo Scorcia
478319348b KEYCLOAK-16450 X509 Direct Grant Auth does not verify certificate timestamp validity 2021-05-25 10:32:17 +02:00
Takashi Norimatsu
6e7898039b KEYCLOAK-18139 SecureResponseTypeExecutor: polishing for FAPI 1 final 2021-05-25 08:32:43 +02:00
mposolda
d4374f37ae KEYCLOAK-18258 Not possible to login with public client, which was confidential with custom client authenticator set 2021-05-24 13:17:14 +02:00
Lukas Hanusovsky
afb8da7ff0 KEYCLOAK-18056 exclude test for remote testsuite. 2021-05-24 11:27:44 +02:00
Takashi Norimatsu
6532baa9a7 KEYCLOAK-18127 Option for skip return user's claims in the ID Token for hybrid flow 2021-05-24 08:02:34 +02:00
Michito Okai
cc2d6f0741 KEYCLOAK-18235 Display of options about device grant when selecting
"public" as the access type
2021-05-21 08:24:27 +02:00
Vlastimil Elias
4ad1687f2b [KEYCLOAK-17399] UserProfile SPI - Validation SPI integration 2021-05-20 15:26:17 -03:00
Pedro Igor
9ebbc7673c [KEYCLOAK-18111] - Error when processing path without associated resource 2021-05-20 11:15:11 -03:00
Thomas Darimont
c49dbd66fa KEYCLOAK-15437 Ensure at_hash is generated for IDTokens on token-refresh 2021-05-20 16:05:11 +02:00
Pedro Igor
a0f8d2bc0e [KEYCLOAK-17399] - Review User Profile SPI
Co-Authored-By: Vlastimil Elias <vlastimil.elias@worldonline.cz>
2021-05-20 08:44:24 -03:00
rmartinc
b97f177f26 [KEYCLOAK-14696] Unable to fetch list of members from a group through keycloak admin console. 2021-05-20 11:32:23 +02:00
Michal Hajas
3bb5bff8e0 KEYCLOAK-17495 Do not include principal in the reference to broker sessionId 2021-05-20 11:32:11 +02:00
mposolda
d3e9e21abd KEYCLOAK-17906 Use auto-configure instead of is-augment. Use default-client-authenticator option in SecureClientAuthenticatorExecutor 2021-05-19 12:18:11 +02:00
vramik
4d776cd780 KEYCLOAK-18137 Fix introduced SPI name 2021-05-18 20:30:21 +02:00
Martin Bartoš
8c299b417a KEYCLOAK-17784: Remember me - fix test 2021-05-18 16:15:30 +02:00
Bastian Ike
5c3d7f186e KEYCLOAK-17784: URL encode Keycloak's remember-me cookie to allow non-ascii usernames.
International users using non-ascii symbols such as the german `äöü`
will make Keycloak set the KEYCLOAK_REMEMBER_ME cookie without URL
encoding. This will trigger an java.lang.IllegalArgumentException:
UT000173 exception in undertow's cookie parser which does not
allow non-ascii characters.

Co-authored-by: Fabian Freyer <mail@fabianfreyer.de>
2021-05-18 16:15:30 +02:00
Mathieu CLAUDEL
df714506cc KEYCLOAK-17655 - Can't impersonate 2021-05-18 14:16:01 +02:00
mposolda
71dcbec642 KEYCLOAK-18108 Refactoring retrieve of condition/executor providers. Make sure correct configuration of executor/condition is used for particular provider 2021-05-18 12:20:47 +02:00
mposolda
b8a7750000 KEYCLOAK-18113 Refactor some executor/condition provider IDs 2021-05-18 09:17:41 +02:00
Václav Muzikář
62e6883524 KEYCLOAK-17084 KEYCLOAK-17434 Support querying clients by client attributes 2021-05-14 13:58:53 +02:00
Pedro Igor
62e17f3be7 [KEYCLOAK-17588] - Authz confirmation popping out twice 2021-05-14 07:21:06 -03:00
Tomas Kyjovsky
1292135729 KEYCLOAK-17322 Align tested databases with EAP 7.4 support matrix 2021-05-14 09:27:00 +02:00
Peter Flintholm
919899b994 KEYCLOAK-18039: Optimise offline session load on startup
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2021-05-13 16:26:26 +02:00
Alfredo Boullosa
716afe9404 KEYCLOAK-18075 - Remove "role_list" from expected default client scopes 2021-05-13 10:30:12 +02:00
Marek Posolda
a6d4316084
KEYCLOAK-14209 Client policies admin console support. Changing of format of JSON for client policies and profiles. Remove support for default policies (#7969)
* KEYCLOAK-14209 KEYCLOAK-17988 Client policies admin console support. Changing of format of JSON for client policies and profiles. Refactoring based on feedback and remove builtin policies
2021-05-12 16:19:55 +02:00
Takashi Norimatsu
355a5d65fb KEYCLOAK-18052 Client Policies : Revise SecureRequestObjectExecutor to have an option for checking nbf claim 2021-05-11 14:29:33 +02:00
rmartinc
2539bd9ed3 [KEYCLOAK-17903] idp metadata describing one entity MUST have EntityDescriptor root element 2021-05-11 13:02:13 +02:00
Takashi Norimatsu
5dced05591 KEYCLOAK-18050 Client Policies : Rename "secure-redirecturi-enforce-executor" to indicate what this executor does 2021-05-11 07:42:18 +02:00
Pedro Igor
6397671c88 [KEYCLOAK-17885] - Delete user-managed policies when removing groups 2021-05-10 16:33:23 -03:00
Takashi Norimatsu
b4e4e75743 KEYCLOAK-17928 Determine public client based on token_endpoint_auth_method during OIDC dynamic client registration 2021-05-10 08:24:18 +02:00
Takashi Norimatsu
624d300a55 KEYCLOAK-17938 Not possible to create client in the admin console when client policy with "secure-redirecturi-enforce-executor" condition is used 2021-05-07 17:52:09 +02:00
Takashi Norimatsu
b38b1eb782 KEYCLOAK-17895 SecureSigningAlgorithmEnforceExecutor: Ability to auto-configure default algorithm 2021-05-07 12:37:39 +02:00
Takashi Norimatsu
faab3183e0 KEYCLOAK-18034 Enforce SecureSigningAlgorithmForSignedJwtEnforceExecutor to private-key-jwt clients regardless their option 2021-05-07 12:26:46 +02:00
keycloak-bot
4b44f7d566 Set version to 14.0.0-SNAPSHOT 2021-05-06 14:55:01 +02:00
Bruno Oliveira da Silva
818dc40304 [KEYCLOAK-18001] Upgrade Apache Ant dependency 2021-05-06 08:55:57 -03:00
Michal Hajas
e7821bb67b KEYCLOAK-17995 Add a warning to standalone migration scripts to perform a manual migration script if needed + fix test failures when migrating from 9.0.3 2021-05-06 11:40:01 +02:00
Hynek Mlnarik
98a88e3e8b KEYCLOAK-17991 Introduce preview feature for map storage 2021-05-06 11:38:41 +02:00
Hynek Mlnarik
6d97a573e6 KEYCLOAK-17696 Make MapStorageFactory amphibian 2021-05-06 11:38:41 +02:00
Takashi Norimatsu
0a4fdc64f3 KEYCLOAK-17929 SecureSigningAlgorithmForSignedJwtEnforceExecutor polishing for FAPI 2021-05-06 08:41:05 +02:00
Takashi Norimatsu
b78d151a23 KEYCLOAK-16808 Client Policy : Implement existing ConsentRequiredClientRegistrationPolicy as Client Policies' executor
Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
2021-05-06 08:36:34 +02:00
Peter Skopek
b2ed99c70d KEYCLOAK-16928 Fix typo in authenticatorFlow representation 2021-05-06 08:33:19 +02:00
mposolda
20fc430be0 KEYCLOAK-17874 Server cannot be started with oracle19cRAC 2021-05-05 13:12:07 +02:00
Václav Muzikář
57fca2a34f KEYCLOAK-15170 Reset password link is not invalidated if email address is changed 2021-05-05 08:45:47 +02:00
Martin Bartoš
c2c1b482ea KEYCLOAK-17734 LifespanAdapterTest fails due to header check 2021-05-04 12:36:33 +02:00
rmartinc
7de5e7d298
KEYCLOAK-17074 Infinite loop logging as an user or impersonating an user as admin (#7799) 2021-05-03 21:05:12 -04:00
Christoph Leistert
61bdc92ad9
KEYCLOAK-17387: 403 response on localization endpoint for cross realm users
- add ForbiddenPage class for the assertion at the selenium test
- add assertion to selenium test
- GET requests for localization texts require at least one role for the realm
- Make GET requests for localization texts public, to display the admin UI correctly, even if the role view-realm is missing
2021-05-03 13:29:11 -03:00
Václav Muzikář
315b9e3c29 KEYCLOAK-17835 Account Permanent Lockout and login error messages 2021-05-03 09:39:34 +02:00
Takashi Norimatsu
65c48a4183
KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA) (#7679)
* KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA)

Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
Co-authored-by: Christophe Lannoy <c4r1570p4e@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-04-29 15:56:39 +02:00
Jan Lieskovsky
6df5ba0f1c [KEYCLOAK-17227] Wildfly 23 upgrade
Base fixes:
    * [KEYCLOAK-17228] Upgrade Keycloak to Wildfly 23.0.0.Final / Wildfly Core 15.0.0.Final

    Other (related) fixes:
    * [KEYCLOAK-17477] Update org.wildfly.common to 1.5.4.Final
    * [KEYCLOAK-17478] Update wildfly-galleon-maven-plugin to 5.1.0.Final
    * [KEYCLOAK-17479] Keycloak Galleon Feature Pack: Adapter fails to build on top of Wildfly 23
    * [KEYCLOAK-17482] Sync Wildfly 23 model changes to Keycloak
    * [KEYCLOAK-17508] Apply workaround for WFCORE-5335
    * [KEYCLOAK-17231] Update org.keycloak.testsuite.metrics.MetricsRestServiceTest
      to work with org.wildfly.extension.health
    * [KEYCLOAK-17585] Fix Quarkus startup failure post applying Wildfly 23 upgrade changes
    * [KEYCLOAK-17583] Fix ConfigMigrationTest post applying Wildfly 23 model changes
    * [KEYCLOAK-17584] Fix ActionTokenCrossDCTest#sendResetPasswordEmailSuccessWorksInCrossDc
      test failure post applying Wildfly 23 upgrade changes

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2021-04-29 12:36:03 +02:00
Jan Lieskovsky
16ba4c0104 [KEYCLOAK-16723] Upgrade to Wildfly 22
Base fixes:
* [KEYCLOAK-16724] Upgrade Keycloak to Wildfly 22.0.0.Beta1 / Wildfly Core 14.0.0.Beta4
* [KEYCLOAK-16822] Upgrade Keycloak to Wildfly 22.0.0.Final / Wildfly Core 14.0.0.Final
* [KEYCLOAK-17158] Upgrade Keycloak to Wildfly 22.0.1.Final / Wildfly Core 14.0.1.Final

Other (related) fixes:
* [KEYCLOAK-16174] Upgrade (RH-SSO adapters) to EAP CD 21
* [KEYCLOAK-16202] Don't upgrade versions of httpclient and httpcore in the Fuse adapter
                   as part of the Wildfly upgrade script run
* [KEYCLOAK-16737] Keycloak core depends on org.bouncycastle:bcprov-jdk15on:1.65, which
                   suffers from CVE-2020-28052
* [KEYCLOAK-16907] ConfigMigrationTest fails after upgrade to Wildfly 22.0.0.Final
* [KEYCLOAK-17156] org.keycloak.test.config.migration.ConfigMigrationTest fails with
                   'illegal reflective access to method com.sun.net.ssl.internal.ssl.Provider.isFIPS()'

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2021-04-29 12:36:03 +02:00
vramik
de79493294 KEYCLOAK-17896 Add maven profile for map storage 2021-04-28 21:05:42 +02:00
vramik
162043beec KEYCLOAK-17615 Move database initialization from KeycloakApplication to JpaConnectionProviderFactory 2021-04-28 13:43:48 +02:00
Martin Kanis
515bfb5064 KEYCLOAK-16378 User / client session map store
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2021-04-28 09:09:15 +02:00
Yoshiyuki Tabata
45202bd49a KEYCLOAK-17637 Client Scope Policy for authorization service 2021-04-26 08:58:33 -03:00
Ayat Bouchouareb
8255cba930 KEYCLOAK-17612- Invalid SAML Response : Invalid Destination 2021-04-26 11:15:28 +02:00
Pedro Igor
068a1811f2 [KEYCLOAK-17452] - Removing policies created from a user-managed policy 2021-04-21 11:30:57 -03:00
Pedro Igor
228de42859 [KEYCLOAK-17598] - Changing root path check when resolving resource by uri 2021-04-21 11:30:07 -03:00
Takashi Norimatsu
190b60c5cd KEYCLOAK-17827 Client Policy - Condition : Client - Client Host : Removing Option 2021-04-21 15:16:00 +02:00
i7a7467
ada7f37430 KEYCLOAK-16918 Set custom user attribute to Name ID Format for a SAML client
https://issues.redhat.com/browse/KEYCLOAK-16918

Co-authored-by: Michal Hajas <mhajas@redhat.com>
2021-04-20 10:29:17 +02:00
Martin Bartoš
ca019c36e8 KEYCLOAK-17457 Failed OfflineServletsAdapterTest 2021-04-19 16:58:38 -03:00
AlistairDoswald
8b3e77bf81 KEYCLOAK-9992 Support for ARTIFACT binding in server to client communication
Co-authored-by: AlistairDoswald <alistair.doswald@elca.ch>
Co-authored-by: harture <harture414@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2021-04-16 12:15:59 +02:00
Michal Hajas
64ccbda5d5 KEYCLOAK-17323 Compute token expiration using Time.currentTime() instead of userSession.getStarted() 2021-04-14 12:58:45 +02:00
Martin Bartoš
b237c503ba KEYCLOAK-16913 Fix failed FuseAdapterTest 2021-04-14 09:51:02 +02:00
Martin Bartoš
5a9068e732 KEYCLOAK-16401 Deny/Allow access in a conditional context 2021-04-09 12:04:45 +02:00
Alfredo Boullosa
cd342ad571 KEYCLOAK-17620 - Fix ClientClientScopesTest 2021-04-08 15:56:51 +02:00
Alfredo Boullosa
2f0f99c204 KEYCLOAK-17619 - Fix DefaultRolesTest 2021-04-08 12:17:53 +02:00
Michito Okai
d9ebbe4958 KEYCLOAK-17202 Restrict Issuance of Refresh tokens to specific clients 2021-04-08 11:51:25 +02:00
Takashi Norimatsu
8b0b657a8f KEYCLOAK-17682 Client Policy - Executor : remove inner config class for executor without any config 2021-04-08 09:22:16 +02:00
Takashi Norimatsu
3221708499 KEYCLOAK-17667 Client Policy - Executor : Only Accept Confidential Client 2021-04-08 09:17:10 +02:00
Takashi Norimatsu
e9035bb7b3 KEYCLOAK-17681 Client Policy - Executor : Limiting available period of Request Object with its configuration 2021-04-08 09:12:20 +02:00
Daniel Fesenmeyer
a48d04bfe0 KEYCLOAK-16082 save attributes when role is created (with REST POST request)
- add missing mapping code to RoleContainerResource#createRole
- extend ClientRolesTest and RealmRolesTest to check that now the attributes are saved when a role is created
- remove no longer needed code which updated roles because attributes were not saved on creation
2021-04-07 14:08:49 -03:00
Lukas Hanusovsky
e0d660d815 KEYCLOAK-17311 - exclude for Remote testsuite 2021-04-07 13:37:38 +02:00
Lukas Hanusovsky
17b19b2e36 KEYCLOAK-17302 - exclude for Remote testsuite 2021-04-07 13:35:47 +02:00
Takashi Norimatsu
7b227ae47c KEYCLOAK-17666 Client Policy - Executor : Limiting available period of Request Object 2021-04-07 08:36:26 +02:00
Takashi Norimatsu
42dec08f3c
KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation) (#7780)
* KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation)

* support tests using auth-server-quarkus

* Configuration changes for ClientPolicyExecutorProvider

* Change VALUE of table REALM_ATTRIBUTES to NCLOB

* add author tag

* incorporate all review comments

Co-authored-by: mposolda <mposolda@gmail.com>
2021-04-06 16:31:10 +02:00
vramik
d1ad905407 KEYCLOAK-17640 fix MultiVersionClusterTest.verifyFailureOn* tests 2021-04-06 12:55:26 +02:00
Miquel Simon
5f551e018d
KEYCLOAK-17310. Disabled test in remote environment. (#7898) 2021-04-06 09:03:04 +02:00
vramik
185075d373 KEYCLOAK-14552 Realm Map Store 2021-03-31 15:49:03 +02:00
Konstantinos Georgilakis
ec5c256562 KEYCLOAK-5657 Support for transient NameIDPolicy and AllowCreate in SAML IdP 2021-03-31 14:45:39 +02:00
rmartinc
0a0caa07d6 KEYCLOAK-17215 Slowness issue while hitting /auth/admin/realms/$REALM/clients?viewableOnly=true after DELETE a role 2021-03-31 12:57:17 +02:00
vramik
c3b9c66941 KEYCLOAK-17460 invalidate client when assigning scope 2021-03-30 10:58:16 +02:00
sma1212
e10f3b3672
[KEYCLOAK-17484] OIDC Conformance - Authorization response with Hybrid flow does not contain token_type (#7872)
* [KEYCLOAK-17484] fix oidc conformance for hybrid-flow

* [KEYCLOAK-17484] add TokenType & ExpiresIn to OAuth2Constants

* [KEYCLOAK-17484] add request validation for oidc-flows automated tests
2021-03-30 08:59:30 +02:00
devopsix
590ee1b1a2
KEYCLOAK-15459 Fix serialization of locale in admin console's “whoami” (#7397)
call.
2021-03-29 18:37:26 -04:00