Commit graph

1941 commits

Author SHA1 Message Date
mposolda
18e0c0277f KEYCLOAK-3666 Dynamic client registration policies 2016-10-14 20:20:40 +02:00
Bill Burke
1c0abbd722 Merge pull request #3315 from patriot1burke/master
import and sync spi
2016-10-14 10:12:42 -04:00
Stian Thorgersen
422805b511 Updated labels for java keystore provider config 2016-10-14 10:36:17 +02:00
Bill Burke
8c8a39c833 sync and import 2016-10-13 20:49:02 -04:00
Bill Burke
0938390654 sync and import 2016-10-13 20:38:49 -04:00
Stian Thorgersen
4e245d428c KEYCLOAK-905 More testing 2016-10-13 20:44:33 +02:00
Stian Thorgersen
d2cae0f8c3 KEYCLOAK-905
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
Bill Burke
fbaa731dfa import spi 2016-10-11 18:33:59 -04:00
Bill Burke
db05dc6ee4 KEYCLOAK-3671 2016-10-06 15:02:15 -04:00
Bill Burke
fbb65fa072 KEYCLOAK-3671 2016-10-06 14:56:02 -04:00
Bill Burke
74325fe133 initial sync/import spi 2016-10-06 14:48:53 -04:00
Hynek Mlnarik
cfbc9cf14b KEYCLOAK-3655: Fix for unexpected server error when adding duplicate auth flow 2016-10-05 13:57:02 +02:00
Bill Burke
c5600e888d revactor CredentialValidationOutput apis 2016-10-04 17:26:45 -04:00
Bill Burke
4af0976194 remove UserCredValueModel and hold hash providers 2016-10-04 12:34:15 -04:00
mposolda
bc916a1909 KEYCLOAK-3564 Update demo examples with public key rotation 2016-10-04 14:05:01 +02:00
mposolda
0f9798a10d KEYCLOAK-3493 KEYCLOAK-3532 Renamed KeyStorageProvider to PublicKeyStorageProvider 2016-10-03 15:23:50 +02:00
Thomas Darimont
c852d6d817 KEYCLOAK-3642 Favor StreamUtil over IOUTils in ScriptBasedAuthenticatorFactory
The dependency on commons-io through the use of IOUtils in
ScriptBasedAuthenticatorFactory resulted in
NoClassDefFoundError org/apache/commons/io/IOUtils when building the
keycloak-distribution.

We now use the StreamUtil from keycloak-common to avoid this dependency.
2016-10-03 13:33:53 +02:00
Bill Burke
d4c3fae546 merge conflicts 2016-09-30 19:19:12 -04:00
Bill Burke
6a4e413bf4 final mongo fixes 2016-09-30 19:08:34 -04:00
mposolda
f9a0abcfc4 KEYCLOAK-3493 KEYCLOAK-3532 Added KeyStorageProvider. Support key rotation for OIDC clients and identity providers with JWKS url. 2016-09-30 21:28:23 +02:00
Stian Thorgersen
5d34b7e682 Merge pull request #3189 from thomasdarimont/issue/KEYCLOAK-3491-revise-scripting-support
KEYCLOAK-3491 Revise Scripting Support
2016-09-29 10:12:15 +02:00
Bill Burke
8967ca4066 refactor mongo entities, optimize imports 2016-09-28 15:25:39 -04:00
Stian Thorgersen
34f62eb31d Fixes to [KEYCLOAK-2438] PR 2016-09-28 10:25:37 +02:00
Bruno Oliveira
98d2fe15e8 [KEYCLOAK-2438] - Add display name to social login buttons
[KEYCLOAK-3291] - Names of social identity providers are wrongly capitalized (eg GitHub vs Github)
2016-09-26 13:36:28 -03:00
Bill Burke
ecc104719d bump pom version 2016-09-26 11:01:18 -04:00
Stian Thorgersen
033d1f564a KEYCLOAK-2756
Renaming a realm breaks down the Clients
2016-09-26 10:11:28 +02:00
Bill Burke
27e86e36c4 Merge remote-tracking branch 'upstream/master' 2016-09-23 16:50:16 -04:00
Bill Burke
ff1326fe35 authenticator example updated 2016-09-23 16:50:08 -04:00
Marek Posolda
5fc7149aac Merge pull request #3257 from mposolda/pairwise
KEYCLOAK-3422 Pairwise subjects : few fixes and bit of refactoring
2016-09-23 20:58:51 +02:00
Bill Burke
a1bcd0651d fixes 2016-09-23 10:38:49 -04:00
Marek Posolda
22aaa4cb52 Merge pull request #3237 from brat000012001/kc-iss-3505
KEYCLOAK-3505: updated the oidc user attribute mapper used to map oid…
2016-09-23 15:38:20 +02:00
mposolda
04f05c0cd1 KEYCLOAK-3422 Pairwise subjects : few fixes and bit of refactoring 2016-09-23 15:29:13 +02:00
Bill Burke
8e65356891 creds 2016-09-22 19:57:39 -04:00
Bill Burke
7209a95dce credential refactoring 2016-09-22 08:34:45 -04:00
Thomas Darimont
8e113384aa KEYCLOAK-3491 Revise Scripting Support
Refactored the scripting infrastructure and added documentation.
Added tests and an authenticator template in JavaScript for a quickstart.
Increased height of ace code editor to 600px to avoid scrolling.
2016-09-20 14:33:39 +02:00
Stian Thorgersen
4977527f60 Merge pull request #3239 from stianst/SERVER-PROFILE
KEYCLOAK-3579 Add ability to define profiles
2016-09-20 10:39:05 +02:00
Stian Thorgersen
992268a8e6 KEYCLOAK-3579 Add ability to define profiles 2016-09-20 08:41:23 +02:00
Stian Thorgersen
44c47431a1 Merge pull request #3233 from betovieirasilva/master-KEYCLOAK-LoginUsername
[PULL-REQUEST-3181 & PULL-REQUEST-3233] Username is not displayed on the login screen with that email
2016-09-16 09:23:26 +02:00
Peter Nalyvayko
0348e427de KEYCLOAK-3505: cosmetic coding style changes 2016-09-15 15:42:09 -04:00
Peter Nalyvayko
b97908fb02 KEYCLOAK-3505: updated the oidc user attribute mapper used to map oidc broker claims to map the claims from userinfo claim set 2016-09-15 11:11:58 -04:00
Gilberto Vieira da Silva
6d5dc673d4 When keycloak is set to login email and Username is different from email, to check the "Remember Me" username is not displayed on the login screen with that email because the KEYCLOAK_REMEMBER_ME cookie is always recorded the username field.
Conflicts:
	services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java

[PULL-REQUEST-3181]
2016-09-13 18:56:25 -03:00
Gilberto Vieira da Silva
55e07bcde2 Reverted to appli to branch master-KEYCLOAK-LoginUsername 2016-09-13 18:52:16 -03:00
Gilberto Vieira da Silva
cb1b34eee5 When keycloak is set to login email and Username is different from email, to check the "Remember Me" username is not displayed on the login screen with that email because the KEYCLOAK_REMEMBER_ME cookie is always recorded the username field.
Conflicts:
	services/src/main/java/org/keycloak/services/managers/AuthenticationManager.java
2016-09-13 18:21:04 -03:00
Martin Hardselius
04d03452bd KEYCLOAK-3422 support pairwise subject identifier in oidc 2016-09-13 09:18:45 +02:00
mposolda
bf6246f5c1 KEYCLOAK-905 Realm keys rotation support on adapters 2016-09-12 21:24:04 +02:00
Stian Thorgersen
1630b9a20c Merge pull request #3220 from abstractj/KEYCLOAK-3535
KEYCLOAK-3535 - Check if SSSD is available via DBUS
2016-09-09 08:15:11 +02:00
Stian Thorgersen
65befb16fd Merge pull request #3219 from pedroigor/KEYCLOAK-3534
[KEYCLOAK-3534] - Authorization tab appears too soon in admin console
2016-09-09 08:14:03 +02:00
Stian Thorgersen
e8f99a2109 Merge pull request #3221 from patriot1burke/master
KEYCLOAK-3423
2016-09-09 07:45:53 +02:00
Pedro Igor
7af16fc747 [KEYCLOAK-3534] - Authorization tab appears too soon in admin console 2016-09-09 01:03:09 -03:00
Bill Burke
84f5c0926b KEYCLOAK-3423 2016-09-08 16:47:06 -04:00
Bruno Oliveira
11245701d2 Check if SSSD is available via DBUS 2016-09-08 16:01:45 -03:00
Bill Burke
2a5c778af5 Merge pull request #3209 from patriot1burke/master
KEYCLOAK-3440
2016-09-08 09:10:54 -04:00
Stian Thorgersen
36bb94afb8 Environment dependent provider 2016-09-08 07:40:19 -03:00
Marek Posolda
76e1160b36 Merge pull request #3210 from mposolda/master
KEYCLOAK-3537 Username not shown when validation error on Account pro…
2016-09-08 10:04:38 +02:00
Stian Thorgersen
f726caea9b Merge pull request #3205 from stianst/KEYCLOAK-3342
KEYCLOAK-3342 Add Identity Provider authenticator
2016-09-08 08:40:32 +02:00
mposolda
16282aeb7b KEYCLOAK-3537 Username not shown when validation error on Account profile page 2016-09-08 08:36:39 +02:00
Stian Thorgersen
d2c546bdc2 Merge pull request #3201 from pedroigor/KEYCLOAK-3129
[KEYCLOAK-3129] - Add authorization services endpoints to PermissionsTest
2016-09-08 08:03:40 +02:00
Stian Thorgersen
7c292b1213 KEYCLOAK-3342 Add Identity Provider authenticator 2016-09-08 07:20:35 +02:00
Bill Burke
3b9a6b32e1 Revert "Revert "KEYCLOAK-3440""
This reverts commit 01e48dc4b8.
2016-09-07 23:41:32 -04:00
Bill Burke
01e48dc4b8 Revert "KEYCLOAK-3440" 2016-09-07 23:17:35 -04:00
Bill Burke
3f35234cf5 Merge remote-tracking branch 'upstream/master' 2016-09-07 23:11:38 -04:00
Bill Burke
da135389c7 KEYCLOAK-3440 2016-09-07 23:11:28 -04:00
mposolda
5a015a6518 KEYCLOAK-3494 Input elements backed by user attributes fail to update in themes 2016-09-07 20:08:09 +02:00
Pedro Igor
517413d38e [KEYCLOAK-3129] - Add authorization services endpoints to PermissionsTest 2016-09-06 17:32:37 -03:00
Bill Burke
15d31a202f Merge remote-tracking branch 'upstream/master' 2016-09-06 08:56:17 -04:00
Bill Burke
6714c1a136 cred refactor 2016-09-06 08:55:47 -04:00
mposolda
8c5b1e4892 KEYCLOAK-3525 Validation callback when creating/updating protocolMapper 2016-09-06 07:15:27 +02:00
mposolda
03c05bd72b KEYCLOAK-2957 IdpEmailVerificationAuthenticator should setEmailVerified to true after successfuly link user by email verification 2016-09-05 18:04:24 +02:00
mposolda
a24a43c4be KEYCLOAK-3349 Support for 'request' and 'request_uri' parameters 2016-09-02 20:20:38 +02:00
Vaclav Muzikar
1b085d3e13 KEYCLOAK-3421 Validation for URI fragments in redirect_uri 2016-08-31 13:07:33 +02:00
mposolda
02f28a7e8e KEYCLOAK-3416 Add support for signed Userinfo requests 2016-08-30 20:21:04 +02:00
Stian Thorgersen
5a4bb5f3f0 Merge pull request #3168 from stianst/master
KEYCLOAK-3462 Fix exception not displayed in init from KeycloakServer
2016-08-30 09:47:31 +02:00
mposolda
f4aee129e4 KEYCLOAK-3424 Issuer or token-endpoint as audience in signed JWT 2016-08-29 14:43:35 +02:00
mposolda
a7f9a6e095 KEYCLOAK-3424 Support for import from public key 2016-08-29 14:43:29 +02:00
Stian Thorgersen
4f51b7b34c KEYCLOAK-3462 Fix exception not displayed in init from KeycloakServer 2016-08-29 09:21:22 +02:00
Stian Thorgersen
2a29f2a9c6 Merge pull request #3151 from ssilvert/dmr-server-config
KEYCLOAK-3196: Use WildFly management model for server configuration.
2016-08-26 13:44:45 +02:00
Marek Posolda
d138b19adb Merge pull request #3142 from vmuzikar/KEYCLOAK-3429
KEYCLOAK-3429 Fix behaviour of redirect_uri parameter with query components
2016-08-24 09:53:29 +02:00
Stan Silvert
3abcf713e5 KEYCLOAK-3196: Test need ability to load keycloak-server.json from
/META-INF
2016-08-23 11:27:06 -04:00
Stan Silvert
e4d97485ec KEYCLOAK-3196: Create master cli script for server-subsystem. 2016-08-23 11:27:04 -04:00
Stan Silvert
3493aa4ab7 KEYCLOAK-3196: Use WildFly management model for server configuration. 2016-08-23 11:26:56 -04:00
Stian Thorgersen
c522a20ab9 KEYCLOAK-3447 Manual upgrade of database schema 2016-08-22 10:22:08 +02:00
Pedro Igor
4cd0a8e894 [KEYCLOAK-3377] - Add pagination to authorization UI 2016-08-18 13:29:54 -03:00
Pedro Igor
a8d2b810cf [KEYCLOAK-3144] - Add authorization settings when exporting/importing a realm. 2016-08-15 10:35:28 -03:00
mposolda
2cba13db9c KEYCLOAK-3424 Possibility to import JWK key through admin console 2016-08-12 15:51:14 +02:00
mposolda
3eb9134e02 KEYCLOAK-3424 Support for save JWKS in OIDC ClientRegistration endpoint 2016-08-12 15:51:14 +02:00
Vaclav Muzikar
b7f2e0b5ff KEYCLOAK-3429 Fix behaviour of redirect_uri parameter with query components 2016-08-12 14:02:17 +02:00
Pedro Igor
27187c11f1 Merge pull request #3138 from pedroigor/KEYCLOAK-3428
[KEYCLOAK-3428] - Removing scope policies in case the resource does not match
2016-08-11 14:59:20 -03:00
Pedro Igor
0030df060b [KEYCLOAK-3428] - Removing scope policies in case the resource does not match 2016-08-11 14:58:14 -03:00
Marek Posolda
f6f587e472 Merge pull request #3137 from thomasdarimont/issue/KEYCLOAK-3412-remove-unused-adminEventBuilder-error-method
KEYCLOAK-3412 - Remove erroneous AdminEventBuilder.error method
2016-08-11 17:41:04 +02:00
Thomas Darimont
e0d70a35d6 KEYCLOAK-3412 - Remove erroneous AdminEventBuilder.error method
Wasn't used within the Keycloak codebase and wouldn't have worked either
since the OperationType lookup would always fail since there are no
"_ERROR" operation types.

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-11 16:10:49 +02:00
mposolda
0520d465c1 KEYCLOAK-3414 Support for client registration from trusted hosts 2016-08-11 15:55:32 +02:00
mposolda
a8fb988e31 KEYCLOAK-3406 OIDC dynamic client registrations specs fixes 2016-08-11 15:54:51 +02:00
mposolda
d52e043322 Set version to 2.2.0-SNAPSHOT 2016-08-10 08:57:18 +02:00
Marek Posolda
26bc07b2c4 Merge pull request #3126 from pedroigor/KEYCLOAK-3398
[KEYCLOAK-3398] - Review input fields on AuthZ UI to fetch data on demand
2016-08-10 06:50:51 +02:00
Pedro Igor
70eb27ec83 [KEYCLOAK-3398] - Review input fields on AuthZ UI to fetch data on demand 2016-08-09 21:56:29 -03:00
Bill Burke
530870f05e realm components import/export 2016-08-09 15:06:29 -04:00
Bill Burke
ff703f935f component export/import 2016-08-09 12:25:04 -04:00
Bill Burke
f838c697d1 Merge remote-tracking branch 'upstream/master' 2016-08-08 16:04:16 -04:00
Bill Burke
83306963e8 jta transaction abstraction 2016-08-08 12:32:36 -04:00
mposolda
65e2f127c9 KEYCLOAK-3400 OIDC request with missing response_type should respond with error 2016-08-08 16:11:50 +02:00
mposolda
9be6777685 KEYCLOAK-2169 KEYCLOAK-3286 Support for at_hash and c_hash 2016-08-08 10:57:44 +02:00
Bill Burke
f14f303dfe Merge remote-tracking branch 'upstream/master' 2016-08-07 11:50:44 -04:00
Bill Burke
33d7d89ad9 provider hot deployment 2016-08-07 11:41:52 -04:00
Marek Posolda
65c49c39f4 Merge pull request #3114 from mposolda/master
KEYCLOAK-3321 OIDC requests without 'nonce' claim should be rejected …
2016-08-05 16:45:56 +02:00
mposolda
e0a59baaf2 KEYCLOAK-3321 OIDC requests without 'nonce' claim should be rejected unless using the code flow. Started responseType tests 2016-08-05 15:05:26 +02:00
Thomas Darimont
e49afb2d83 KEYCLOAK-3142 - Revised according to codereview
Liquibase Moved schema evolution configuration from jpa-changelog-2.1.0
to jpa-changelog-2.2.0.
Corrected wrong ResourceType references in tests.
Adapted AdminEvents copy-routines to be aware of resourceType attribute.
Added ResourceType enum to exposed ENUMS of ServerInfoAdminResource.

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-05 00:01:03 +02:00
Thomas Darimont
586f6eeece KEYCLOAK-3142 - Capture ResourceType that triggers an AdminEvent
Introduced new ResourceType enum for AdminEvents which lists
the current supported ResourceTypes for which AdminEvents
can be fired.

Previously it was difficult for custom EventListeners to figure
out which ResourceType triggered an AdminEvent in order
to handle it appropriately, effectively forcing users to parse
the representation.
Having dedicated resource types as a marker on an AdminEvent helps
to ease custom EventListener code.

We now also allow filtering of admin events by ResourceType in the
admin-console.

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-04 11:30:02 +02:00
Bill Burke
534ee2e50c Merge remote-tracking branch 'upstream/master' 2016-08-03 19:16:45 -04:00
Bill Burke
70722d0d3d user storage provider jpa example 2016-08-03 19:16:11 -04:00
Bill Burke
7f08717dfb Merge pull request #3105 from patriot1burke/master
component model
2016-08-02 09:28:55 -04:00
Bill Burke
e3aec098a2 Merge pull request #3064 from cainj13/oneSamlAttributeStatement
SamlProtocol should only drop attributes into a single attributeStatement
2016-08-02 07:14:08 -04:00
Bill Burke
17e75950fe more fixes 2016-08-02 06:56:22 -04:00
Bill Burke
1c75b03e59 props 2016-08-02 06:50:13 -04:00
Bill Burke
1d695237b7 fix 2016-08-02 05:49:50 +02:00
Bill Burke
09693eb108 component model 2016-08-02 05:48:57 +02:00
Pedro Igor
ae1a7542d8 [KEYCLOAK-3385] - Improvements to evaluation tool UI and result 2016-08-01 18:01:24 -03:00
Bill Burke
a8a77add39 fix 2016-08-01 12:07:02 -04:00
Bill Burke
5facec73e4 Merge remote-tracking branch 'upstream/master' 2016-08-01 11:19:09 -04:00
Bill Burke
91a267a0d8 component model 2016-08-01 11:18:58 -04:00
Marek Posolda
0d99b797b6 Merge pull request #3068 from mstruk/KEYCLOAK-2981-m
KEYCLOAK-2981 Upload-certificate admin endpoint does not nullify private keys
2016-08-01 11:20:55 +02:00
Marek Posolda
159b752fb0 Merge pull request #3085 from pedroigor/master
[KEYCLOAK-3376] - Show authorization data when evaluating authorization requests
2016-08-01 09:09:55 +02:00
Dmitry Telegin
fea277a7f5 KEYCLOAK-3369: Fire RealmPostCreateEvent 2016-08-01 01:00:50 +03:00
Pedro Igor
bd5b434894 [KEYCLOAK-3376] - Show authorization data when evaluating authorization requests 2016-07-29 22:09:17 -03:00
Pedro Igor
3c8ed8e3d8 [KEYCLOAK-3372] - Code cleanup 2016-07-29 05:18:38 -03:00
Pedro Igor
8cfa50f134 [KEYCLOAK-3338] More testing and improvements when importing role policies 2016-07-28 12:31:46 -03:00
Bill Burke
5d9fe09599 Merge pull request #3070 from mstruk/KEYCLOAK-2571
KEYCLOAK-2571 RESET_PASSWORD_ERROR and UPDATE_PASSWORD_ERROR events not fired
2016-07-28 07:23:32 -04:00
Bill Burke
2219cd363e Merge pull request #3079 from patriot1burke/master
KEYCLOAK-3268
2016-07-28 07:22:45 -04:00
Pedro Igor
7e1b97888a [KEYCLOAK-3338] - Adding client roles to role policy and UX improvements 2016-07-27 15:15:14 -03:00
Bill Burke
46b4bb0909 KEYCLOAK-3268 2016-07-27 09:28:48 -04:00
Marko Strukelj
59e0570cdf KEYCLOAK-2571 RESET_PASSWORD_ERROR and UPDATE_PASSWORD_ERROR events not fired 2016-07-26 21:32:57 +02:00
Marko Strukelj
94f583e935 KEYCLOAK-2981 Upload-certificate admin endpoint does not nullify private keys 2016-07-25 11:13:21 +02:00
Bill Burke
3973aed57d Merge pull request #2989 from thomasdarimont/issue/KEYCLOAK-3234-allow-restricting-mapper-for-userinfo
KEYCLOAK-3234 Allow restricting claim mapper for userinfo endpoint
2016-07-22 17:54:00 -04:00
Josh Cain
535a0763fc put imports back, new IDE snuck a * in there. 2016-07-22 14:57:07 -05:00
Josh Cain
283581f920 SamlProtocol should only drop attributes into a single attributeStatement element 2016-07-22 14:49:48 -05:00
mposolda
01830fd7f3 KEYCLOAK-3319 More OIDC tests. Minor refactoring 2016-07-22 18:16:58 +02:00
mposolda
9169bcd88d KEYCLOAK-3354 request and request_uri not supported 2016-07-22 13:44:45 +02:00
mposolda
56e011dce4 KEYCLOAK-3318 Adapter support for prompt and max_age. Refactoring to not hardcode OIDC specifics to CookieAuthenticator 2016-07-21 18:19:53 +02:00
Pedro Igor
484d5d6e08 [KEYCLOAK-3313] - UI improvements and messages 2016-07-20 22:11:24 -03:00
mposolda
f4ddfe4a52 KEYCLOAK-3318 Support for prompt=login. More tests for prompt parameter 2016-07-20 21:27:38 +02:00
Bill Burke
6f92bac782 Merge pull request #3000 from tonswieb/master
KEYCLOAK-3265 Support writing a NameIDType AttributeValue
2016-07-20 11:23:18 -04:00
Stian Thorgersen
1b517a461e Merge pull request #3041 from stianst/KEYCLOAK-3302
KEYCLOAK-3302 Allow logout with expired refresh token
2016-07-19 08:03:52 +02:00
Marek Posolda
a6bdf81e6d Merge pull request #3040 from mposolda/master
KEYCLOAK-3220 Added test for missing response_type
2016-07-15 22:19:52 +02:00
Stian Thorgersen
e708c53730 KEYCLOAK-3302 Allow logout with expired refresh token 2016-07-15 12:56:31 +02:00
Stian Thorgersen
1ce17c459d Merge pull request #3039 from stianst/KEYCLOAK-3192
KEYCLOAK-3192 Ignore disabled required action
2016-07-15 10:38:49 +02:00
mposolda
fda0a79e27 KEYCLOAK-3237 Add scopes_supported to OIDC WellKnown endpoint 2016-07-15 09:47:09 +02:00
Stian Thorgersen
970c89dd6a KEYCLOAK-3192 Ignore disabled required action 2016-07-15 09:01:44 +02:00
mposolda
13a21e5fda KEYCLOAK-3220 Improve error handling on adapters 2016-07-14 23:56:46 +02:00
mposolda
dcc4ea3aea KEYCLOAK-3237 Change OIDC adapters to use scope=openid as required per specs 2016-07-14 23:56:46 +02:00
Pedro Igor
aacf2e9390 [KEYCLOAK-3137] - Review i18n for AuthZ Services 2016-07-14 13:54:37 -03:00
mposolda
ee3ac3fdaf KEYCLOAK-3223 Basic support for acr claim 2016-07-14 12:36:12 +02:00
Stian Thorgersen
4f1d83b9dc Merge pull request #3030 from stianst/KEYCLOAK-2824-2
KEYCLOAK-2824 Password Policy SPI
2016-07-14 10:12:25 +02:00
Stian Thorgersen
ea44b5888b KEYCLOAK-2824 Password Policy SPI 2016-07-14 07:20:30 +02:00
mposolda
abde62f369 KEYCLOAK-3220 redirect to client with error if possible 2016-07-13 20:57:43 +02:00
mposolda
38f89b93ff KEYCLOAK-3281 OIDC 'state' parameter is url-encoded twice when responseMode=form_post 2016-07-13 18:07:57 +02:00
mposolda
d5199501c7 KEYCLOAK-3219 Added claims info to OIDCWellKnownProvider. More tests 2016-07-13 10:17:45 +02:00
Stian Thorgersen
5b0980172d KEYCLOAK-3267 Fix identity broker login with brute force enabled 2016-07-12 15:21:00 +02:00
Stian Thorgersen
f97d0846ed Merge pull request #3010 from wadahiro/KEYCLOAK-3278
KEYCLOAK-3278 Add support for any encoding property file in theme
2016-07-12 10:34:34 +02:00
Stian Thorgersen
19e5ddeba5 Merge pull request #3015 from martin-kanis/master
KEYCLOAK-3096 Remove leading/trailing spaces from username/email
2016-07-12 10:03:55 +02:00
mposolda
039bb103c2 KEYCLOAK-3295 Kerberos authenticator changed during userFederationProvider update just if it was DISABLED 2016-07-11 15:52:49 +02:00
Martin Kanis
c67d834d39 KEYCLOAK-3096 Remove leading/trailing spaces from login 2016-07-09 18:35:51 +02:00
mposolda
629390dd4a KEYCLOAK-2986 Require either expiration or issuedAt for client authentication with signed JWT 2016-07-08 16:16:38 +02:00
mposolda
3bfd999590 KEYCLOAK-3222 extend WellKnown to return supported types of client authentications. More tests 2016-07-08 15:39:13 +02:00
Pedro Igor
80a67149af Merge pull request #3002 from pedroigor/KEYCLOAK-3249
[KEYCLOAK-3249] - AuthorizationContext.hasScopePermission() gives NPE
2016-07-08 09:16:51 -03:00
mposolda
c10a005997 KEYCLOAK-3290 UserInfoEndpoint error responses don't have correct statuses 2016-07-08 12:15:07 +02:00
mposolda
4dd28c0adf KEYCLOAK-3221 Tokens should be invalidated if an attempt to reuse code is made 2016-07-08 11:04:08 +02:00
Bill Burke
bdc57d57c1 Merge pull request #3008 from patriot1burke/master
new User Fed SPI initial iteration
2016-07-07 14:56:38 -04:00
Hiroyuki Wada
930b0d9ad7 KEYCLOAK-3278 Add support for any encoding property file in theme 2016-07-08 02:58:48 +09:00
mposolda
a7c9e71490 KEYCLOAK-3218 Support for max_age OIDC authRequest parameter and support for auth_time in IDToken 2016-07-07 17:04:32 +02:00
Bill Burke
0040d3fc3b Merge remote-tracking branch 'upstream/master' 2016-07-07 10:35:45 -04:00
Bill Burke
7e5a5f79cf fixes for new user fed spi 2016-07-07 10:35:35 -04:00
Marek Posolda
7a161cc8bb Merge pull request #3005 from mposolda/KEYCLOAK-3217
KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request sec…
2016-07-07 13:49:43 +02:00
Marek Posolda
c5e8a010dc Merge pull request #3004 from mposolda/KEYCLOAK-3147
KEYCLOAK-3147 Don't allow authRequest without redirect_uri parameter
2016-07-07 13:49:34 +02:00
mposolda
56e09bf189 KEYCLOAK-3147 Don't allow authRequest without redirect_uri parameter 2016-07-07 12:46:36 +02:00
mposolda
7aafbcd5d9 KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request secured with Bearer header 2016-07-07 12:28:25 +02:00
Pedro Igor
5ef65e837c [KEYCLOAK-3249] - AuthorizationContext.hasScopePermission() gives NPE 2016-07-06 09:39:56 -03:00
Stan Silvert
a231c1b31b RHSSO-296: Required Action "Configure Totp" should be "Configure OTP" 2016-07-05 15:07:52 -04:00
Ton Swieb
fed7339558 KEYCLOAK-3265 Support writing a NameIDType AttributeValue 2016-07-05 14:54:38 +02:00
Stian Thorgersen
7cfee80e58 KEYCLOAK-3189 KEYCLOAK-3190 Add kid and typ to JWT header 2016-07-05 08:26:26 +02:00
Stian Thorgersen
435cdb6180 Merge pull request #2994 from wadahiro/KEYCLOAK-3259
KEYCLOAK-3259 Specify UTF-8 encoding for freemarker template files
2016-07-04 19:25:03 +02:00
Hiroyuki Wada
00cb0a798a KEYCLOAK-3259 Specify UTF-8 encoding for freemarker template files 2016-07-04 19:46:00 +09:00
Stan Silvert
d90a708ceb RHSSO-274: "Undefined" as auth flow execution 2016-07-01 10:25:14 -04:00
Stian Thorgersen
fa312fb3db Merge pull request #2979 from cainj13/localeNpeFix
make locale retrieval null-safe
2016-07-01 12:33:36 +02:00
Thomas Darimont
ce7e7ef1d7 KEYCLOAK-3234 Allow restricting claim mapper for userinfo endpoint
Client mappers can now be configured to be limited to the
userinfo endpoint. This allows to keep access-tokens lean
while providing extended user information on demand via the
userinfo endpoint.
2016-07-01 11:35:19 +02:00
Bill Burke
a19469aba5 Merge remote-tracking branch 'upstream/master' 2016-06-30 17:18:17 -04:00
Bill Burke
b224917fc5 bump version 2016-06-30 17:17:53 -04:00
Bill Burke
3f1eecc4be Merge remote-tracking branch 'upstream/master' 2016-06-30 16:47:55 -04:00
Bill Burke
3ba3be877e fixes 2016-06-30 16:47:49 -04:00
Pedro Igor
01f3dddd91 Adding a column to list policies associated with a permission. 2016-06-30 10:26:05 -03:00
Pedro Igor
afa9471c7c [KEYCLOAK-3128] - Admin Client Authorization Endpoints 2016-06-30 10:26:05 -03:00
Bill Burke
a9f6948d74 Merge remote-tracking branch 'upstream/master' 2016-06-29 15:37:32 -04:00
Bill Burke
f51098c50b user fed refactor 2016-06-29 15:37:22 -04:00
Pedro Igor
8b0bf503c3 [KEYCLOAK-3172] - Migrating older versions with authorization services. 2016-06-29 12:07:49 -03:00
Josh Cain
ec402f759b make locale retrieval null-safe 2016-06-28 13:25:48 -05:00
Stian Thorgersen
2e2f34d94e Merge pull request #2957 from pedroigor/authz-changes
Changes to authz examples and some minor improvements
2016-06-23 07:49:47 +02:00
Pedro Igor
074a312fe5 Renaming authorization attributes. 2016-06-22 17:20:50 -03:00
Pedro Igor
f48288865b [KEYCLOAK-3156] - Missing CORS when responding with denies 2016-06-22 14:39:07 -03:00
Pedro Igor
905421a292 [KEYCLOAK-3152] - Keycloak Authorization JS Adapter 2016-06-22 14:28:02 -03:00
mposolda
f7a2ad021e KEYCLOAK-3141 Fix DB2 and some other DB issues 2016-06-22 17:06:55 +02:00
mposolda
5c731b4d14 KEYCLOAK-3149 DB update triggered before DBLock is retrieved 2016-06-21 17:14:25 +02:00
Pedro Igor
8402cedd82 Merge pull request #2946 from pedroigor/KEYCLOAK-3130
[KEYCLOAK-3130] - Permission checks to authorization admin endpoints
2016-06-21 10:50:29 -03:00