Commit graph

198 commits

Author SHA1 Message Date
Dmitry Telegin
b6c5acef25 KEYCLOAK-7969 - SAML users should not be identified by SAML:NameID 2020-02-06 08:53:31 +01:00
rmartinc
d39dfd8688 KEYCLOAK-12654: Data to sign is incorrect in redirect binding when URI has parameters 2020-02-05 11:30:28 +01:00
Thomas Darimont
fc397e8cd7 KEYCLOAK-12732 Improve SAMLAttribute parsing of unknown attributes
We now store all unknown attributes present on a SAMLAttribute element
in the "otherAttributes" map associated with the element.

Previously only the x500:encoding attribute was handled while parsing
attribute elements.
2020-01-31 10:15:11 +01:00
Andrei Arlou
b6a3fba6e3 KEYCLOAK-12568 Remove unused method from org.keycloak.saml.processing.core.saml.v2.factories.JBossSAMLAuthnResponseFactory 2020-01-14 13:21:29 +01:00
vramik
3b1bdb216a KEYCLOAK-11486 Add support for system property or env variable in AllowedClockSkew in keycloak-saml subsystem 2020-01-14 13:17:13 +01:00
mhajas
a79d6289de KEYCLOAK-11416 Fix nil AttributeValue handling 2020-01-10 12:47:09 +01:00
mhajas
28b01bc34d KEYCLOAK-12609 Fix integer overflow for SAML XMLTimeUtil add method parameters 2020-01-06 13:53:16 +01:00
Andrei Arlou
23b794aa51 KEYCLOAK-12313 Remove unused method from org.keycloak.saml.common.util.DocumentUtil 2019-12-20 15:03:42 +01:00
Andrei Arlou
6ee6001f39 KEYCLOAK-12203 Remove unused constants from module "saml-core" 2019-11-29 22:47:24 +01:00
Andrei Arlou
5f50c2951a KEYCLOAK-12202 Remove unnecessary modificators for enums and interfaces in module "saml-core" 2019-11-26 08:46:22 +01:00
Andrei Arlou
ca46c7f718 KEYCLOAK-12201 Use diamond operator for collections in module "saml-core" 2019-11-26 08:13:35 +01:00
keycloak-bot
76aa199fee Set version to 9.0.0-SNAPSHOT 2019-11-15 20:43:21 +01:00
Douglas Palmer
a32c8c5190 [KEYCLOAK-11185] Fixed build with JDK 11 2019-11-04 10:56:07 -03:00
Gideon Caranzo
e07fd9ffa3 KEYCLOAK-9936 Added optional hooks for preprocessing SAML authentication
Co-Authored-By: Hynek Mlnarik <hmlnarik@redhat.com>
2019-10-29 13:06:59 +01:00
mhajas
57a8fcb669 KEYCLOAK-10776 Add session expiration to Keycloak saml login response 2019-07-24 13:35:07 +02:00
mhajas
bf33cb0cf9 KEYCLOAK-9102 Add tests for Saml RelayState 2019-07-24 12:28:00 +02:00
keycloak-bot
17e9832dc6 Set version to 8.0.0-SNAPSHOT 2019-07-19 19:05:03 +02:00
Steeve Beroard
fc9a0e1766 [KEYCLOAK-8104] Keycloak SAML Adapter does not support clockSkew configuration
Co-Authored-By: vramik <vramik@redhat.com>
2019-07-15 13:08:52 +02:00
Hynek Mlnarik
ca4e14fbfa KEYCLOAK-7852 Use original NameId value in logout requests 2019-07-04 19:30:21 +02:00
vramik
f7c8896181 KEYCLOAK-10401 Fix log debug message in ConditionsValidator 2019-05-30 10:11:01 +02:00
vramik
d64f716a20 KEYCLOAK-2709 SAML Identity Provider POST Binding request page shown to user is comletely blank with nonsense title 2019-05-20 09:51:04 +02:00
keycloak-bot
49d4e935cb Set version to 7.0.0-SNAPSHOT 2019-04-17 09:48:07 +01:00
keycloak-bot
e843d84f6e Set version to 6.0.0-SNAPSHOT 2019-03-06 15:54:08 +01:00
Michael Parker
7bd1f32eb1 KEYCLOAK-9077 Adds support for SAML SessionNotOnOrAfter attribute in response xml serialization 2019-03-05 09:05:41 +01:00
stianst
e06c705ca8 Set version 5.0.0 2019-02-21 09:35:14 +01:00
stianst
7c9f15778a Set version to 4.8.3.Final 2019-01-09 20:39:30 +01:00
stianst
7c4890152c Set version to 4.8.2 2019-01-03 14:43:22 +01:00
stianst
b674c0d4d9 Prepare for 4.8.0.Final 2018-12-04 13:54:25 +01:00
Hynek Mlnarik
d90a5d1367 KEYCLOAK-8594 Fix missing option to Base64 encoder 2018-11-22 21:48:00 +01:00
stianst
ecd476fb10 Prepare for 4.7.0.Final 2018-11-14 20:10:59 +01:00
vramik
7a96911a83 KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
Hynek Mlnarik
17a1a33987 KEYCLOAK-7740 Support parsing of xs:date type 2018-10-02 19:54:40 +02:00
stianst
c3fc9e9815 Set version to 4.6.0.Final-SNAPSHOT 2018-09-26 20:58:41 +02:00
Hynek Mlnarik
2bf6d75e57 KEYCLOAK-8010 Improve handling of Conditions SAML tag 2018-09-19 14:00:28 +02:00
stianst
1fb4ca4525 Set version to 4.5.0.Final 2018-09-06 20:08:02 +02:00
Hynek Mlnarik
9f839f001f KEYCLOAK-8218 Do not clear SAML REDIRECT query parameters 2018-09-04 11:16:06 +02:00
Hynek Mlnarik
1f840b1fbc KEYCLOAK-8109 Fix getDOMElement 2018-08-24 10:03:33 +02:00
Hynek Mlnarik
a8a9631d4f KEYCLOAK-6832 Unify Destination attribute handling 2018-08-09 10:30:30 +02:00
mposolda
959cd035ba Set version to 4.3.0.Final-SNAPSHOT 2018-08-01 22:40:05 +02:00
Hynek Mlnarik
f43519a16e KEYCLOAK-6708 Fix NPE when email not set for email NameIDFormat 2018-07-27 11:10:35 +02:00
mposolda
d0a824dde4 Updating version to 4.2.0.Final-SNAPSHOT 2018-07-05 07:42:48 -04:00
Hynek Mlnarik
6b968796ce KEYCLOAK-7667 Fix namespace handling when decrypting assertion 2018-06-21 13:09:18 +02:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
Ola Bergefall
c8c76cc03f KEYCLOAK-7316: Default back to false if isPassive is missing in request. 2018-06-07 08:50:32 +02:00
Your Name
6052b1546d removed LANG-dependent check #7444 2018-06-06 12:53:58 +02:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT (#5185) 2018-05-02 14:32:20 +02:00
stianst
07fea02146 Bump versions to 4.0.0.Beta2-SNAPSHOT 2018-03-26 18:17:38 +02:00
Patric Vormstein
fe98c30077 [KEYCLOAK-6412] - Handle Proxy Restriction Tag incl. Test 2018-03-22 11:15:22 +01:00
mhajas
2a4663c940 KEYCLOAK-6471 Refactor SAML metadata parsers 2018-02-28 14:08:06 +01:00
Hynek Mlnarik
1f20c03afa KEYCLOAK-6470 Refactor SAML adapter parsers 2018-02-27 09:37:29 +01:00
Hynek Mlnarik
e7cdb8ad54 KEYCLOAK-6473 KEYCLOAK-6472 SAML parser refactor + protocol parsers 2018-02-23 08:16:14 +01:00
Hynek Mlnarik
12a2f23101 KEYCLOAK-6651 Fix JDK7 compilation issue 2018-02-21 09:43:04 +01:00
Hynek Mlnarik
84ea3f8cb1 KEYCLOAK-4315 Remove some dead/duplicate classes 2018-02-13 15:41:36 +01:00
Hynek Mlnarik
c07b60d527 KEYCLOAK-6474 Fix NPE on SAML logout 2018-02-07 08:05:36 +01:00
Hynek Mlnarik
c7cba6d5ad KEYCLOAK-6109 Skip Scoping element in AuthnRequest 2018-01-18 11:40:13 +01:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
Hynek Mlnarik
958185ec51 KEYCLOAK-4809 Support for SAML AttributeAuthorityDescriptor.Attribute elements 2017-12-13 11:55:40 +01:00
Hynek Mlnarik
e6a64e234b KEYCLOAK-5644 Skip Advice tag in SAML messages 2017-12-13 11:55:40 +01:00
James Stapleton
92cce7a6d4 [KEYCLOAK-5912] Add better improper SAML assertion error handling 2017-12-05 09:48:48 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
pskopek
a993f6fb75 [KEYCLOAK-4979] make schema location map unmodifiable after initial setup + log message change 2017-11-21 09:28:15 +01:00
Thomas Skjølberg
5f20df00d0 [KEYCLOAK-4979] Move picketlink schema, fix resolver and some related tests 2017-11-21 09:28:15 +01:00
Hynek Mlnařík
290f6ed2ad
Merge pull request #4671 from thomasdarimont/issues/remove-duplicate-check-in-saml11requestwriter
KEYCLOAK-5837 Remove duplicate check in SAML11AuthenticationQueryType
2017-11-13 14:49:11 +01:00
Thomas Darimont
71df504834 KEYCLOAK-5838 Fix comparison in SAMLSloRequestParser and SAMLSloResponseParser
The previous comparison was broken (always returned false)
since it compared the enum value with a string.
Calling `.get()` on the enum value to compare the string this the
given local-part fixes the comparison.

See:
73c82d296e/files/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/SAMLSloRequestParser.java (xe3bb353ac67565ed):1
73c82d296e/files/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/SAMLSloResponseParser.java (xdd5c8cb1952defd):1
2017-11-13 13:30:01 +01:00
Thomas Darimont
8cfbb8d0b3 KEYCLOAK-5837 Remove duplicate check in SAML11AuthenticationQueryType
The same check is applied in line 83.
2017-11-13 13:26:15 +01:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
Hynek Mlnarik
fe2f65daac KEYCLOAK-5581 Fix SAML identity broker context serialization 2017-11-03 21:09:18 +01:00
pskopek
d478cdfda4 [KEYCLOAK-4374] Support SAML 2.0 AttributeValue of AnyType and nil 2017-09-27 17:12:51 +02:00
Hynek Mlnarik
9098105a64 KEYCLOAK-5254 Fix NPE - NameID format is optional 2017-09-14 14:59:05 +02:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Hynek Mlnarik
ab05216730 KEYCLOAK-4775 Added encryption certificate to SAML metadata 2017-07-27 08:18:10 +02:00
Hynek Mlnarik
c7046b6325 KEYCLOAK-4189 Preparation for cross-DC SAML testing 2017-07-25 09:44:36 +02:00
Hynek Mlnarik
d52d685161 KEYCLOAK-4818 Fix undeclared namespace error in context serialization 2017-07-19 15:18:53 +02:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
hmlnarik
b4ad69b841 KEYCLOAK-5115 (#4272) 2017-06-29 15:50:50 +02:00
Stian Thorgersen
4be0e36306 Merge pull request #4208 from ASzc/KEYCLOAK-4758
KEYCLOAK-4758
2017-06-27 11:35:43 +02:00
Stian Thorgersen
6f731dfee9 Merge pull request #4118 from skjolber/feature/KEYCLOAK-3056-verify-signature-2
Some adjustments for KEYCLOAK-3056 / PR #3893
2017-06-22 08:44:32 +02:00
Alex Szczuczko
5d88c2b8be KEYCLOAK-4758 Update Encode class using latest resteasy. Use encodeQueryParamAsIs instead of encodeQueryParam when encoding key=value pairs for URI query sections. Also fix a few callers who were relying on the bad behaviour of queryParam. 2017-06-05 16:24:38 -06:00
Thomas Skjølberg
241c58dd61 Add unit tests related to signatures, check that a signature is present when want assertion signing. 2017-06-02 15:36:52 +02:00
Hynek Mlnarik
67a05ee227 KEYCLOAK-4790 Fix empty attribute value issue in SAML parser 2017-05-23 15:14:25 +02:00
Stian Thorgersen
f63c60855e Fix compilation error in SAMLParserTest.java 2017-05-08 14:45:45 +02:00
Bill Burke
e1b6ba13cc Merge pull request #3893 from anderius/feature/KEYCLOAK-3056-verify-signature
[WIP] Saml broker: Added wantAssertionsSigned and wantAssertionsEncrypted
2017-05-05 09:04:41 -04:00
Bas van Schaik
ff6dbd6bde Fix lgtm.com alert: cast int to long before multiplication
The integer multiplication has the potential to overflow before the
result is being cast to the 'long' result.

Details:
https://lgtm.com/projects/g/keycloak/keycloak/snapshot/dist-7900299-1490802114895/files/saml-core/src/main/java/org/keycloak/saml/processing/core/saml/v2/util/XMLTimeUtil.java#V133
2017-04-28 14:54:47 +01:00
Stian Thorgersen
87dedb56e5 Set version to 3.2.0.CR1-SNAPSHOT 2017-04-27 14:23:03 +02:00
Hynek Mlnarik
d7615d6a68 KEYCLOAK-2122 Configuration of AssertionConsumerServiceUrl in SAML adapter 2017-04-26 11:59:37 +02:00
Stian Thorgersen
a87ee04024 Bump to 3.1.0.CR1-SNAPSHOT 2017-03-16 14:21:40 +01:00
Stian Thorgersen
4dcb8d2c2a Merge pull request #3931 from hmlnarik/KEYCLOAK-4552
KEYCLOAK-4552
2017-03-13 12:31:33 +01:00
Hynek Mlnarik
42954e84d9 KEYCLOAK-4552 2017-03-10 10:59:50 +01:00
Mark Pardijs
c78c0b73d3 KEYCLOAK-4360: Add OneTimeUse condition to SAMLResponse
Add OneTimeUse Condition to SAMLResponse when configured in client settings
2017-03-09 13:01:05 +01:00
Anders Båtstrand
224c9c5395 KEYCLOAK-4489 Use event reader from AbstractParser, which handles newlines and whitespace. 2017-03-07 19:05:07 +01:00
Anders Båtstrand
89c6cda2ac Two new configuration options for the Saml broker:
* wantAssertionsSigned: This will toggle the flag in the SP Metadata Descriptor, and validate the signature if and only if "Validate signature" is selected.
 * wantAssertionsEncrypted: This will simply require that the assertion is encrypted.

 Default behavior is unchanged. The signature validation uses the original XML, and supports therefore an IdP that adds whitespace and line breaks between tags (for example OpenAM).
2017-02-24 15:08:57 +01:00
Hynek Mlnarik
ad0630d04f KEYCLOAK-4329 Fix NPE when not providing KeyInfo element in IdP initiated SSO SAML 2017-01-30 11:40:48 +01:00
Stian Thorgersen
6f22f88d85 Bump version to 3.0.0.CR1 2017-01-26 06:18:11 +01:00
Stian Thorgersen
a18a4477e0 Merge pull request #3784 from hmlnarik/KEYCLOAK-4236-Error-importing-SAML-Metadata-with-AttributeProfile-element-
KEYCLOAK-4236 Fix AttributeProfile element handler in SAML metadata
2017-01-24 10:34:39 +01:00
Hynek Mlnarik
b5212d58ec KEYCLOAK-4236 Fix AttributeProfile element handler in SAML metadata 2017-01-23 13:46:01 +01:00
Hynek Mlnarik
99fcc51019 KEYCLOAK-4261 Fix response type to SAML AuthnRequest messages 2017-01-19 16:30:06 +01:00
Stian Thorgersen
8a02ef1859 Merge pull request #3715 from hmlnarik/KEYCLOAK-4160
KEYCLOAK-4160
2017-01-09 12:50:38 +01:00
Hynek Mlnarik
0cb5ba0f6e KEYCLOAK-4160 2017-01-06 07:00:47 +01:00
Hynek Mlnarik
2035398ef4 KEYCLOAK-4148 Instantiate XML DocumentBuilder in singleton-like manner 2017-01-05 16:07:50 +01:00