Commit graph

242 commits

Author SHA1 Message Date
Pedro Igor
086c29112a [KEYCLOAK-2753] - Fine-grained Authorization Services 2016-06-17 02:07:34 -03:00
Thomas Darimont
a2d1c8313d KEYCLOAK-3081: Add client mapper to map user roles to token
Introduced two new client protocol mappers to propagate assigned user client / realm roles to a JWT ID/Access Token.
Each protocol mapper supports to use a prefix string that is prepended to each role name.

 The client role protocol mapper can specify from which client the roles should be considered.
 Composite Roles are resolved recursively.

Background:
Some OpenID Connect integrations like mod_auth_openidc don't support analyzing deeply nested or encoded structures.
In those scenarios it is helpful to be able to define custom client protocol mappers that allow to propagate a users's roles as a flat structure
(e.g. comma separated list) as a top-level  (ID/Access) Token attribute that can easily be matched with a regex.

In order to differentiate between client specific roles and realm roles it is possible to configure
both separately to be able to use the same role names with different contexts rendered as separate token attributes.
2016-06-03 15:52:58 +02:00
Pedro Igor
60f954a497 [KEYCLOAK-2894] - Fixing saml signature validation 2016-05-26 10:48:30 -03:00
Bruno Oliveira
1cc4ca2e71 RHSSO-130: AccessTokenTest migration 2016-04-22 16:30:57 -03:00
Stian Thorgersen
5606160e70 KEYCLOAK-2828 Refactor contribution and add tests 2016-04-19 13:09:00 +02:00
Thomas Raehalme
cd1094c3ad KEYCLOAK-2828: LoginStatusIframeEndpoint now sets the P3P header.
IE requires a P3P header to be present in <iframe /> response. Otherwise
cookies are forbidden. The value of the header does not seem to matter.
2016-04-19 10:24:28 +02:00
Bill Burke
cca91dd175 public/private 2016-04-12 15:19:46 -04:00
Stian Thorgersen
a4335c3eb8 Merge pull request #2502 from velias/KEYCLOAK-2670-master
KEYCLOAK-2670 for master - client app is able to push additional HTTP GET
2016-04-05 11:20:06 +02:00
Vlastimil Elias
21a2a47172 KEYCLOAK-2670 - client app is able to push additional HTTP GET
parameters in initial OpenID auth request for use in Auth flows
2016-04-05 10:41:28 +02:00
Stian Thorgersen
55c5e9a381 KEYCLOAK-2722 Check user session in token introspection endpoint 2016-04-05 09:31:39 +02:00
Bill Burke
1dd4bdf0b7 KEYCLOAK-2718 2016-03-28 11:13:02 -04:00
Bill Burke
6030a65d1b KEYCLOAK-2543 2016-03-24 08:49:08 -04:00
Stian Thorgersen
b4239c40c1 KEYCLOAK-2547 NPE in TokenEndpoint and InfinispanUserSessionProvider 2016-03-03 10:45:05 +01:00
Stian Thorgersen
3ca39801dc KEYCLOAK-2511 Rename session-state in access token response to session_state 2016-02-25 10:14:12 +01:00
Bill Burke
fd49213cb9 KEYCLOAK-2477 2016-02-17 17:02:14 -05:00
mposolda
1328531f31 KEYCLOAK-2412 Added ClusterProvider. Avoid concurrent federation sync execution by more cluster nodes at the same time.
Clustering - more progress
2016-02-17 11:02:42 +01:00
mposolda
969b8c153f KEYCLOAK-1989 Refreshing offline tokens didn't work correctly in cluster with revokeRefreshToken enabled 2016-02-12 12:54:47 +01:00
Bill Burke
00236c13ff Merge pull request #2180 from cainj13/persistentWildcard
add support for wildcard persistent nameId attribute to SAML protocol
2016-02-09 09:43:30 -05:00
Stian Thorgersen
635ccae144 KEYCLOAK-2429
Disabled Google Identity Provider still kicks in when 'Authenticate by default' is enabled
2016-02-08 19:51:21 +01:00
Josh Cain
d5d954e80a add support for wildcard persistent nameId attribute to SAML protocol 2016-02-04 11:06:14 -06:00
Stian Thorgersen
c7a8742a36 KEYCLOAK-1524
Source code headers
2016-02-03 11:20:22 +01:00
Bill Burke
6c020661e8 saml subsystem model changes 2016-01-30 07:13:13 -05:00
Bill Burke
25347cd45e browser back button 2016-01-27 22:14:28 -05:00
mposolda
3731964a2a KEYCLOAK-2351 Support for response_type=token to be OAuth2 compliant 2016-01-26 17:09:42 +01:00
Stian Thorgersen
ee847c1f20 KEYCLOAK-2390
Relative redirect uri is broken
2016-01-26 09:01:14 +01:00
Bill Burke
1b0aa8e55b saml logging 2016-01-25 17:38:29 -05:00
Stan Silvert
0de4170865 KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc.utils 2016-01-21 11:55:23 -05:00
Stan Silvert
9c33738941 KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc.mappers 2016-01-21 11:55:21 -05:00
Stan Silvert
adfc192877 KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc.endpoints 2016-01-21 11:55:20 -05:00
Stan Silvert
550e23c8f6 KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc 2016-01-21 11:55:18 -05:00
Stan Silvert
9dccd45543 KEYCLOAK-1280: i18n logging for org.keycloak.protocol 2016-01-21 11:55:17 -05:00
Bill Burke
d9487a8745 social broker reorg 2016-01-20 16:46:38 -05:00
Stian Thorgersen
bc845bed0e KEYCLOAK-2286 Remove deprecated OpenID Connect endpoints 2016-01-18 20:31:23 +01:00
Bill Burke
b0054b7682 email, login, account 2016-01-16 09:38:24 -05:00
Bill Burke
007e9530ec brute force refactr, mv protocol 2016-01-15 19:25:28 -05:00
Bill Burke
b93d55cb63 remove model-api, add server-spi 2016-01-15 18:44:17 -05:00
Stian Thorgersen
435980d776 KEYCLOAK-1809
Upgrade jackson to version 2.x
2016-01-14 16:34:30 +01:00
Stian Thorgersen
eb10d6bfd6 Merge pull request #2024 from stianst/FIX-CLIENT-INSTALLATION-TEST
Fix client installation test
2016-01-14 12:33:26 +01:00
Stian Thorgersen
a6da6e48f9 Fix client installation test 2016-01-14 11:54:39 +01:00
Bill Burke
9dc21224bd clean up most redirects 2016-01-13 16:18:24 -05:00
Pedro Igor
c9f9ee9799 [KEYCLOAK-2266] - OAuth2 Token Introspection. 2016-01-12 11:16:42 -02:00
Stian Thorgersen
ddd99c2411 KEYCLOAK-2259
Redirect URIs and token domains are matched case-sensitively
2016-01-08 15:38:00 +01:00
Bill Burke
64de96d34b installation provider 2016-01-06 16:49:58 -05:00
Bill Burke
39d5a07218 KEYCLOAK-2221 2016-01-05 10:59:13 -05:00
Bill Burke
3bacbdf6ff set framework for template config 2016-01-04 17:13:15 -05:00
Marek Posolda
6752a4f9b0 Merge pull request #1963 from mposolda/master
KEYCLOAK-1899 Added HardcodedLDAPRoleMapper
2015-12-22 20:43:09 +01:00
mposolda
41d22986d5 KEYCLOAK-1899 Added HardcodedLDAPRoleMapper 2015-12-22 16:22:02 +01:00
Pedro Igor
9172b5472e [KEYCLOAK-2202] - Removing LoginProtocol in order to reuse SAML settings. 2015-12-22 12:53:39 -02:00
Bill Burke
ea6374163d Merge pull request #1957 from stianst/master
KEYCLOAK-2043
2015-12-21 16:56:01 -05:00
Bill Burke
b90409c5e4 refactor client create 2015-12-21 16:36:13 -05:00