Pedro Igor
086c29112a
[KEYCLOAK-2753] - Fine-grained Authorization Services
2016-06-17 02:07:34 -03:00
Thomas Darimont
a2d1c8313d
KEYCLOAK-3081: Add client mapper to map user roles to token
...
Introduced two new client protocol mappers to propagate assigned user client / realm roles to a JWT ID/Access Token.
Each protocol mapper supports to use a prefix string that is prepended to each role name.
The client role protocol mapper can specify from which client the roles should be considered.
Composite Roles are resolved recursively.
Background:
Some OpenID Connect integrations like mod_auth_openidc don't support analyzing deeply nested or encoded structures.
In those scenarios it is helpful to be able to define custom client protocol mappers that allow to propagate a users's roles as a flat structure
(e.g. comma separated list) as a top-level (ID/Access) Token attribute that can easily be matched with a regex.
In order to differentiate between client specific roles and realm roles it is possible to configure
both separately to be able to use the same role names with different contexts rendered as separate token attributes.
2016-06-03 15:52:58 +02:00
Pedro Igor
60f954a497
[KEYCLOAK-2894] - Fixing saml signature validation
2016-05-26 10:48:30 -03:00
Bruno Oliveira
1cc4ca2e71
RHSSO-130: AccessTokenTest migration
2016-04-22 16:30:57 -03:00
Stian Thorgersen
5606160e70
KEYCLOAK-2828 Refactor contribution and add tests
2016-04-19 13:09:00 +02:00
Thomas Raehalme
cd1094c3ad
KEYCLOAK-2828: LoginStatusIframeEndpoint now sets the P3P header.
...
IE requires a P3P header to be present in <iframe /> response. Otherwise
cookies are forbidden. The value of the header does not seem to matter.
2016-04-19 10:24:28 +02:00
Bill Burke
cca91dd175
public/private
2016-04-12 15:19:46 -04:00
Stian Thorgersen
a4335c3eb8
Merge pull request #2502 from velias/KEYCLOAK-2670-master
...
KEYCLOAK-2670 for master - client app is able to push additional HTTP GET
2016-04-05 11:20:06 +02:00
Vlastimil Elias
21a2a47172
KEYCLOAK-2670 - client app is able to push additional HTTP GET
...
parameters in initial OpenID auth request for use in Auth flows
2016-04-05 10:41:28 +02:00
Stian Thorgersen
55c5e9a381
KEYCLOAK-2722 Check user session in token introspection endpoint
2016-04-05 09:31:39 +02:00
Bill Burke
1dd4bdf0b7
KEYCLOAK-2718
2016-03-28 11:13:02 -04:00
Bill Burke
6030a65d1b
KEYCLOAK-2543
2016-03-24 08:49:08 -04:00
Stian Thorgersen
b4239c40c1
KEYCLOAK-2547 NPE in TokenEndpoint and InfinispanUserSessionProvider
2016-03-03 10:45:05 +01:00
Stian Thorgersen
3ca39801dc
KEYCLOAK-2511 Rename session-state in access token response to session_state
2016-02-25 10:14:12 +01:00
Bill Burke
fd49213cb9
KEYCLOAK-2477
2016-02-17 17:02:14 -05:00
mposolda
1328531f31
KEYCLOAK-2412 Added ClusterProvider. Avoid concurrent federation sync execution by more cluster nodes at the same time.
...
Clustering - more progress
2016-02-17 11:02:42 +01:00
mposolda
969b8c153f
KEYCLOAK-1989 Refreshing offline tokens didn't work correctly in cluster with revokeRefreshToken enabled
2016-02-12 12:54:47 +01:00
Bill Burke
00236c13ff
Merge pull request #2180 from cainj13/persistentWildcard
...
add support for wildcard persistent nameId attribute to SAML protocol
2016-02-09 09:43:30 -05:00
Stian Thorgersen
635ccae144
KEYCLOAK-2429
...
Disabled Google Identity Provider still kicks in when 'Authenticate by default' is enabled
2016-02-08 19:51:21 +01:00
Josh Cain
d5d954e80a
add support for wildcard persistent nameId attribute to SAML protocol
2016-02-04 11:06:14 -06:00
Stian Thorgersen
c7a8742a36
KEYCLOAK-1524
...
Source code headers
2016-02-03 11:20:22 +01:00
Bill Burke
6c020661e8
saml subsystem model changes
2016-01-30 07:13:13 -05:00
Bill Burke
25347cd45e
browser back button
2016-01-27 22:14:28 -05:00
mposolda
3731964a2a
KEYCLOAK-2351 Support for response_type=token to be OAuth2 compliant
2016-01-26 17:09:42 +01:00
Stian Thorgersen
ee847c1f20
KEYCLOAK-2390
...
Relative redirect uri is broken
2016-01-26 09:01:14 +01:00
Bill Burke
1b0aa8e55b
saml logging
2016-01-25 17:38:29 -05:00
Stan Silvert
0de4170865
KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc.utils
2016-01-21 11:55:23 -05:00
Stan Silvert
9c33738941
KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc.mappers
2016-01-21 11:55:21 -05:00
Stan Silvert
adfc192877
KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc.endpoints
2016-01-21 11:55:20 -05:00
Stan Silvert
550e23c8f6
KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc
2016-01-21 11:55:18 -05:00
Stan Silvert
9dccd45543
KEYCLOAK-1280: i18n logging for org.keycloak.protocol
2016-01-21 11:55:17 -05:00
Bill Burke
d9487a8745
social broker reorg
2016-01-20 16:46:38 -05:00
Stian Thorgersen
bc845bed0e
KEYCLOAK-2286 Remove deprecated OpenID Connect endpoints
2016-01-18 20:31:23 +01:00
Bill Burke
b0054b7682
email, login, account
2016-01-16 09:38:24 -05:00
Bill Burke
007e9530ec
brute force refactr, mv protocol
2016-01-15 19:25:28 -05:00
Bill Burke
b93d55cb63
remove model-api, add server-spi
2016-01-15 18:44:17 -05:00
Stian Thorgersen
435980d776
KEYCLOAK-1809
...
Upgrade jackson to version 2.x
2016-01-14 16:34:30 +01:00
Stian Thorgersen
eb10d6bfd6
Merge pull request #2024 from stianst/FIX-CLIENT-INSTALLATION-TEST
...
Fix client installation test
2016-01-14 12:33:26 +01:00
Stian Thorgersen
a6da6e48f9
Fix client installation test
2016-01-14 11:54:39 +01:00
Bill Burke
9dc21224bd
clean up most redirects
2016-01-13 16:18:24 -05:00
Pedro Igor
c9f9ee9799
[KEYCLOAK-2266] - OAuth2 Token Introspection.
2016-01-12 11:16:42 -02:00
Stian Thorgersen
ddd99c2411
KEYCLOAK-2259
...
Redirect URIs and token domains are matched case-sensitively
2016-01-08 15:38:00 +01:00
Bill Burke
64de96d34b
installation provider
2016-01-06 16:49:58 -05:00
Bill Burke
39d5a07218
KEYCLOAK-2221
2016-01-05 10:59:13 -05:00
Bill Burke
3bacbdf6ff
set framework for template config
2016-01-04 17:13:15 -05:00
Marek Posolda
6752a4f9b0
Merge pull request #1963 from mposolda/master
...
KEYCLOAK-1899 Added HardcodedLDAPRoleMapper
2015-12-22 20:43:09 +01:00
mposolda
41d22986d5
KEYCLOAK-1899 Added HardcodedLDAPRoleMapper
2015-12-22 16:22:02 +01:00
Pedro Igor
9172b5472e
[KEYCLOAK-2202] - Removing LoginProtocol in order to reuse SAML settings.
2015-12-22 12:53:39 -02:00
Bill Burke
ea6374163d
Merge pull request #1957 from stianst/master
...
KEYCLOAK-2043
2015-12-21 16:56:01 -05:00
Bill Burke
b90409c5e4
refactor client create
2015-12-21 16:36:13 -05:00