Commit graph

788 commits

Author SHA1 Message Date
Stefan Guilhen
579302f396 [KEYCLOAK-18878] Register the subsystem parser for older versions of the OIDC adapter schemas 2021-07-23 10:10:23 +02:00
Martin Bartoš
06077dc4ea KEYCLOAK-18466 Configure HTTP client timeouts for adapters - change property names 2021-07-22 10:54:59 +02:00
ruromero
464475caa0 [KEYCLOAK-17872] Add missing HTTPClient properties
Signed-off-by: ruromero <rromerom@redhat.com>
2021-07-22 10:54:59 +02:00
Martin Bartoš
23e3bc5f8f KEYCLOAK-18466 Configure HTTP client timeouts for adapters 2021-07-22 10:54:59 +02:00
Stefan Guilhen
8934bc82ba [KEYCLOAK-18302] Fix redirect-rewrite-rule JSON name 2021-07-07 16:44:30 +02:00
Andy Fedotov
17b374f53a [KEYCLOAK-16455][Adapter - JavaScript] Propagate 3rd party cookies check
errors outside of JS adapter
2021-06-23 08:36:26 +02:00
keycloak-bot
13f7831a77 Set version to 15.0.0-SNAPSHOT 2021-06-18 10:42:27 +02:00
Pedro Igor
b7e5db6534 [KEYCLOAK-18007] - Configure resolved paths with the method config from configuration 2021-05-25 09:48:30 -03:00
Pedro Igor
9ebbc7673c [KEYCLOAK-18111] - Error when processing path without associated resource 2021-05-20 11:15:11 -03:00
Jeff MAURY
1be81bff7a
KEYCLOAK-17400: allow installed adapter to be reused (#7853)
* KEYCLOAK-17400: allow installed adapter to be reused

Also add a close method to stop callback if response has not been received yet

Signed-off-by: Jeff MAURY <jmaury@redhat.com>
2021-05-12 09:46:00 -03:00
Bruno Oliveira da Silva
bbc8d83f64 [KEYCLOAK-17997] Upgrade Spring Security 2021-05-10 12:15:01 -03:00
keycloak-bot
4b44f7d566 Set version to 14.0.0-SNAPSHOT 2021-05-06 14:55:01 +02:00
Bruno Oliveira da Silva
4f08912071 [KEYCLOAK-17989] Update Jetty to the latest version 2021-05-04 16:56:43 -03:00
Florian Roks
640cf499cc KEYCLOAK-17804 added documentation to KeycloakConfigResolver-interface 2021-05-04 15:22:19 -03:00
David Weber
6f86241f60 KEYCLOAK-17665 Use setQueryString
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2021-04-22 12:18:09 -03:00
David Weber
5d3f80ab57 KEYCLOAK-17665 Add query parameter support for Spring 2021-04-22 12:18:09 -03:00
Manuel Rauber
30e735dd25
KEYCLOAK-17684: fix TypeScript definition of createAccountUrl parameter (#7917) 2021-04-20 14:19:15 -04:00
Martin Bartoš
b237c503ba KEYCLOAK-16913 Fix failed FuseAdapterTest 2021-04-14 09:51:02 +02:00
sma1212
e10f3b3672
[KEYCLOAK-17484] OIDC Conformance - Authorization response with Hybrid flow does not contain token_type (#7872)
* [KEYCLOAK-17484] fix oidc conformance for hybrid-flow

* [KEYCLOAK-17484] add TokenType & ExpiresIn to OAuth2Constants

* [KEYCLOAK-17484] add request validation for oidc-flows automated tests
2021-03-30 08:59:30 +02:00
Phillip Schichtel
f754b34c0c KEYCLOAK-13633 Generalize GenericPrincipalFactory to PrincipleFactory
This allows to replace java.security.acl.Group usage only where necessary while keeping legacy adapter unchanged.

Signed-off-by: Phillip Schichtel <phillip@schich.tel>
2021-03-22 15:40:51 +01:00
Pascal Keßler
52db22925c KEYCLOAK-13633 refactor(tomcat-adapter-spi): change to specific imports instead of star import 2021-03-22 15:40:51 +01:00
Pascal Keßler
b3ee471e11 KEYCLOAK-13633 refactor(tomcat-adapter-spi): remove usage of java.security.acl.Group to make jdk 15 possible
Signed-off-by: Phillip Schichtel <phillip@schich.tel>
2021-03-22 15:40:51 +01:00
Andrew Elwell
c76ca4ad13
Correct "doesn't exists" typos - fixes KEYCLOAK-14986 (#7316)
* Correct "doesn't exists" typos

* Revert changes to imported package

Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2021-03-16 11:52:36 +01:00
Thomas Darimont
d2060913be KEYCLOAK-14412 Fixed compiler error in JavascriptAdapterTests 2021-03-11 13:03:08 -03:00
Thomas Darimont
b926cd20f1 KEYCLOAK-14412 Keycloak.js should honor scopes configured in initOptions and loginOptions 2021-03-11 13:03:08 -03:00
Pedro Igor
40efbb0f9c [KEYCLOAK-13942] - Invalidate pre-defined paths when paths are invalidated 2021-03-02 15:01:42 +01:00
Pedro Igor
1434695616 [KEYCLOAK-10752] - Passing id_token_hint when login out 2021-02-11 09:42:08 -03:00
Pedro Igor
f6c3ec5d9e [KEYCLOAK-14366] - Missing check for iss claim in JWT validation on Client Authentication (Token Endpoint) 2021-02-09 13:54:06 +01:00
Katsiaryna Mikhalchanka
1c445cc4cc KEYCLOAK-16798 Add guarding condition for multi-thread usage in KeycloakDeployment.java 2021-01-19 15:18:52 +01:00
Hynek Mlnarik
acfea8ecd2 KEYCLOAK-4250 Include certificates without name for validation
Nameless certificates are now included for signature validation
in the SAML adapter when the certificate is downloaded from
metadataUrl.
2021-01-15 22:03:16 +01:00
keycloak-bot
75be33ccad Set version to 13.0.0-SNAPSHOT 2020-12-16 17:31:55 +01:00
Michal Hajas
a766a1dd16 KEYCLOAK-16074 Fix check3pCookiesSupported message callback 2020-11-13 16:01:50 -03:00
Miquel Simon
53dfa7c56b KEYCLOAK-14109. Added profiles for Spring 2.3 version.
KEYCLOAK-14737. Updated Jetty version to 9.4.29, as required per Spring 2.3.
2020-11-13 12:09:22 -03:00
Martin Bartoš
da6c59f0c3 KEYCLOAK-15242 Error in application logs when refresh token is expired. 2020-11-05 14:40:53 +01:00
Pedro Igor
e70f702bc5 [KEYCLOAK-10790] - KeycloakInstalled adapter can not logoutDesktop more than once 2020-10-23 09:23:51 +02:00
Denis Richtárik
c8d0f2c59c
KEYCLOAK-15892 Can not install 7.4.3.CR1 Fuse adapter 2020-10-20 10:47:56 +02:00
mhajas
d266165f63 KEYCLOAK-14871 Whitelist RefreshableKeycloakSecurityContext for KeycloakPrincipal serialization 2020-10-14 16:00:39 +02:00
Hynek Mlnarik
4541a1b250 KEYCLOAK-15907 Fix new host in SAML adapter cannot restore session 2020-10-12 13:23:03 +02:00
testn
269a72d672 KEYCLOAK-15184: Use static inner class where possible 2020-10-09 23:37:08 +02:00
Thomas Darimont
152588ecc4 KEYCLOAK-13915 Update Jetty 9.4.x dependency to latest version
Adapted Jetty94SessionManager to workaround Jetty 9.4 API changes.
The Method org.eclipse.jetty.server.session.SessionHandler#getHttpSession
was changed from public to protected which makes it no longer accessible.

As a workaround the method contents were inlined.
2020-10-07 11:40:18 -03:00
vmuzikar
fbe18e67c3 KEYCLOAK-15721 KeycloakPromise sometimes doesn't work 2020-09-28 15:57:46 -03:00
vmuzikar
bca73fd04a KEYCLOAK-15158 Javascript adapter init() is throwing a promise error after upgrade to 11 2020-09-22 10:56:46 -03:00
testn
2cd03569d6 KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader 2020-09-21 13:05:03 +02:00
JF Denise
6a5c1defe1 [KEYCLOAK-14953] keycloak oidc/elytron adapter galleon-pack prototype 2020-09-17 23:27:25 -07:00
mhajas
b75ad2fbd8 KEYCLOAK-15259 Avoid using "null" Origin header as a valid value 2020-09-17 23:21:49 -07:00
testn
0362d3a430 KEYCLOAK-15113: Move away from deprecated Promise.success()/error() 2020-09-01 14:26:44 -04:00
Helder Alves
541063f2ce KEYCLOAK-14940 refresh expired idtoken 2020-08-03 16:08:21 -03:00
Thomas Darimont
6806dfa4d3 KEYCLOAK-13721 Allow to configure host and port of callbackserver in KeycloakInstalled adapter 2020-07-29 10:00:36 +02:00
Gregor Tudan
5255336be2 Keycloak-14726 - release connections after fetching the OIDC-Config 2020-07-28 12:58:27 -03:00
Dan Manastireanu
1441e5d6f8 fix: Fix regex replacement for underscore and minus in parseToken. Closes #KEYCLOAK-14917 2020-07-28 10:39:45 -03:00
Alex Szczuczko
c7867c4c0d KEYCLOAK-14875 Enable path cache when maxAge is -1, or greater than 0 2020-07-28 10:13:12 -03:00
Luca Leonardo Scorcia
da6530471b KEYCLOAK-14742 SAML2NameIDPolicyBuilder: add AllowCreate and SPNameQualifier properties 2020-07-25 10:16:57 +02:00
keycloak-bot
afff0a5109 Set version to 12.0.0-SNAPSHOT 2020-07-22 14:36:15 +02:00
Jan Lieskovsky
969b09f530 [KEYCLOAK-13692] Upgrade to Wildfly "20.0.1.Final" and Infinispan "10.1.8.Final"
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2020-07-20 22:15:08 +02:00
Jon Koops
098446b070 KEYCLOAK-14652 Align custom adapter example with documentation 2020-07-08 09:32:16 -03:00
Thoralf Rickert-Wendt
541bc5124f switching to required=false 2020-07-06 11:47:41 -03:00
Thoralf Rickert-Wendt
0dd196e02a Fixing issue https://issues.redhat.com/browse/KEYCLOAK-14520 2020-07-06 11:47:41 -03:00
Christian Lutz
6abae8bccc KEYCLOAK-13807 Fix switch parameter order of mapping and url in registerConstraintMapping 2020-07-03 11:35:24 +02:00
vmuzikar
001fe9eb11 KEYCLOAK-13206 Session Status iframe cannot access cookies when 3rd party cookies are blocked
Co-authored-by: mhajas <mhajas@redhat.com>
2020-06-30 17:11:20 -03:00
Stefan Guilhen
76717134ba [KEYCLOAK-12998] Prevent duplicate resources from being added to the keycloak-saml subsystem
- Fixes an issue in parser where the closing tag of the IDP element was in the wrong place, which could break the server configuration
 - Parser now checks for duplicates of elements described with maxOccurs=1 in the schema
 - Add handler for SP and IDP now check for existing SPs or IDPs in the config, preventing addition of a duplicate resource via CLI
 - Subsystem test was enhanced so it now tests some invalid configs with duplicate elements
2020-06-23 20:03:36 +02:00
Simon Legner
3c0ecefacc fix(keycloak.d.ts): class cannot extend interface 2020-06-22 13:22:35 -04:00
Jon Koops
c0744daa5b KEYCLOAK-14496 Use KeycloakAdapter interface for 'adapter' option
Also improves documentation by adding more details and an explicit example on how to use the interface.
2020-06-18 18:09:19 -03:00
Jon Koops
6dde131609 KEYCLOAK-13739 Add missing type definition for register options 2020-06-17 15:26:15 -04:00
mhajas
5d1d75db40 KEYCLOAK-14103 Add Warn message for possibly missing SameSite configuration 2020-06-15 14:45:57 +02:00
Douglas Palmer
33863ba161 KEYCLOAK-10162 Usage of ObjectInputStream without checking the object types
Co-authored-by: mposolda <mposolda@gmail.com>
2020-06-08 13:12:08 +02:00
spurreiter
6332ed42c0 KEYCLOAK-13940 remove duplicated urlsafe decoding 2020-05-08 15:18:56 +02:00
Hynek Mlnarik
32f13016fa KEYCLOAK-12874 Align Destination field existence check with spec 2020-05-04 09:19:44 +02:00
keycloak-bot
ae20b7d3cd Set version to 11.0.0-SNAPSHOT 2020-04-29 12:57:55 +02:00
Pedro Igor
2e54ebda76 [KEYCLOAK-13579] - Ignore exceptions when shutting down loopback server 2020-04-29 12:33:35 +02:00
Stefan Guilhen
fd9c4e9228 [KEYCLOAK-12097] Fix NPE when trying to obtain the cache container name from jboss-web.xml
- check if the cache name as configured in jboss-web.xml is composite - i.e. has a 'parent.child' structure
2020-04-27 10:13:25 +02:00
Luke Nadur
74c379c3df [KEYCLOAK-13586] Fix typos related to QueryParamterTokenRequestAuthenticator 2020-04-21 21:14:03 +02:00
Jon Koops
9f3b847817 KEYCLOAK-13714 Add missing type definition for logout options 2020-04-21 11:31:16 +02:00
keycloak-bot
33314ae3ca Set version to 10.0.0-SNAPSHOT 2020-04-21 09:19:32 +02:00
Pedro Igor
acfbdf6b0e [KEYCLOAK-13187] - Concurrency issue when refreshing tokens and updating security context state 2020-04-16 12:25:42 +02:00
stianst
1f02f87a6e KEYCLOAK-13565 Add support for kc_action to keycloak.js
Co-authored-by mhajas <mhajas@redhat.com>
2020-04-14 19:23:56 +02:00
mhajas
10d92a01a6 KEYCLOAK-13577 Remove property from child class since parents class contains it 2020-03-26 09:55:52 -03:00
keycloak-bot
f6a592b15a Set version to 9.0.4-SNAPSHOT 2020-03-24 08:31:18 +01:00
Pedro Igor
84d099e48f [KEYCLOAK-11282] - Properly resolve config resolver
Co-authored-by: mhajas <mhajas@redhat.com>
2020-03-17 15:49:00 +01:00
Laure-Emmanuelle Issler
967ff939ec KEYCLOAK-13026 Set path of OAuth_Token_Request_State cookie to / 2020-03-05 16:21:24 +01:00
Pedro Igor
30b07a1ff5 [KEYCLOAK-13175] - Setting the enforcement mode when fetching lazily fetching resources 2020-03-05 13:31:21 +01:00
Hynek Mlnarik
0cf0955318 KEYCLOAK-13181 Fix NPE in EAP 6 adapter 2020-03-04 10:19:43 +01:00
Jon Koops
c1bf183998 KEYCLOAK-9346 Add new KeycloakPromise to support native promises
Co-authored-by: mhajas <mhajas@redhat.com>
2020-03-04 08:53:35 +01:00
Thomas Kuestermann
8ed355a5fe KEYCLOAK-12749 single worker/IO thread, use OAUTH2 constants 2020-03-03 12:39:19 -03:00
Thomas Kuestermann
22555371d8 KEYCLOAK-12749 fix "invalid state" error due to IE requesting favicon
Internet Explorer occasionally requests a favicon before doing the
actual redirect to localhost. This commit adds Undertow to properly
handle those unwanted requests.
2020-03-03 12:39:19 -03:00
mhajas
8061aa5217 KEYCLOAK-13161 Use iterator instead of for-each loop in ClientCredentialsProviderUtils 2020-02-28 16:22:03 +01:00
Erik Jan de Wit
8297c0c878 KEYCLOAK-11155 split on first '=' instead of all 2020-02-27 09:12:51 +01:00
keycloak-bot
d352d3fa8e Set version to 9.0.1-SNAPSHOT 2020-02-17 20:38:54 +01:00
stianst
42773592ca KEYCLOAK-9632 Improve handling of user locale 2020-02-14 08:32:20 +01:00
Pedro Igor
da0e2aaa12 [KEYCLOAK-12897] - Policy enforcer should just deny when beare is invalid 2020-02-07 15:04:45 +01:00
Stefan Guilhen
d943b8a9e3 [KEYCLOAK-12873] Fix differences between keycloak-saml.xml (adapter) and the keycloak-saml subsystem 2020-02-07 12:06:28 +01:00
Sebastian Laskawiec
9b2e7f6e2c KEYCLOAK-12650 Fix NullPointerException when creating HttpClient 2020-02-05 15:52:33 +01:00
mhajas
fc7b769b6e KEYCLOAK-6817 Ignore SniSSLSocketFactory exception for IBM jdk 2020-01-31 09:08:44 +01:00
Pedro Igor
2a82ed6eea [KEYCLOAK-9402] - 401 response when enforcement mode is DISABLED 2020-01-30 11:09:32 +01:00
Takashi Norimatsu
993ba3179c KEYCLOAK-12615 HS384 and HS512 support for Client Authentication by Client Secret Signed JWT (#6633) 2020-01-28 14:55:48 +01:00
vmuzikar
03306b87e8 KEYCLOAK-12125 Introduce SameSite attribute in cookies
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: Peter Skopek <pskopek@redhat.com>
2020-01-17 08:36:53 -03:00
root
4cbe478129 Fix KEYCLOAK-10838, use bytesRead to make sure the output stream does not get padded with null bytes. 2020-01-14 13:20:10 +01:00
vramik
3b1bdb216a KEYCLOAK-11486 Add support for system property or env variable in AllowedClockSkew in keycloak-saml subsystem 2020-01-14 13:17:13 +01:00
mhajas
a79d6289de KEYCLOAK-11416 Fix nil AttributeValue handling 2020-01-10 12:47:09 +01:00
Pedro Igor
c596647241 [KEYCLOAK-11712] - Request body not buffered when using body CIP in Undertow 2020-01-09 10:02:18 +01:00
Michael Thirion
44ab3f46b7 [KEYCLOAK-6008] - Spring Boot does not honour wildcard auth-role (#6579) 2019-12-24 19:06:55 -03:00