Commit graph

820 commits

Author SHA1 Message Date
Konstantinos Georgilakis
1fa93db1b4 KEYCLOAK-14304 Enhance SAML Identity Provider Metadata processing 2020-09-02 20:43:09 +02:00
mhajas
bdccfef513 KEYCLOAK-14973 Create GroupStorageManager 2020-09-01 10:21:39 +02:00
Martin Kanis
d59a74c364 KEYCLOAK-15102 Complement methods for accessing groups with Stream variants 2020-08-28 20:56:10 +02:00
mhajas
ae39760a62 KEYCLOAK-14972 Add independent GroupProvider interface 2020-08-13 21:13:12 +02:00
David Hellwig
ddc2c25951
KEYCLOAK-2940 - draft - Backchannel Logout (#7272)
* KEYCLOAK-2940 Backchannel Logout

Co-authored-by: Benjamin Weimer <external.Benjamin.Weimer@bosch-si.com>
Co-authored-by: David Hellwig <hed4be@bosch.com>
2020-08-12 09:07:58 -03:00
vramik
6b00633c47 KEYCLOAK-14812 Create RoleStorageManager 2020-07-31 15:11:25 -03:00
vramik
bfa21c912c KEYCLOAK-14811 Create RoleProvider and make it independent of ClientProvider and RealmProvider 2020-07-31 15:11:25 -03:00
Martin Idel
97400827d2 KEYCLOAK-14870: Fix bug where user is incorrectly imported
Bug: SerializedBrokeredIdentityContext was changed to mirror
UserModel changes. However, when creating the user in LDAP,
the username must be provided first (everything else can
be handled via attributes).
2020-07-29 11:33:41 +02:00
Martin Idel
bf411d7567 KEYCLOAK-14869: Fix nullpointer exception in FullNameLDAPStorageMapper
Setting an attribute should be possible with a list
containing no elements or a null list

This can happen e.g. when creating users via idps
using a UserAttributeStatementMapper.

Fix this unprotected access in other classes too
2020-07-28 09:54:37 +02:00
Martin Kanis
feef5b4db2 KEYCLOAK-14220 Complement methods for accessing clients with Stream variants 2020-07-27 10:38:39 +02:00
Lorent Lempereur
e82fe7d9e3
KEYCLOAK-13950 SAML2 Identity Provider - Send Subject in SAML requests 2020-07-24 21:41:57 +02:00
keycloak-bot
afff0a5109 Set version to 12.0.0-SNAPSHOT 2020-07-22 14:36:15 +02:00
Hynek Mlnarik
c566b46e8f KEYCLOAK-14549 Make ClientProvider independent of RealmProvider
Co-Authored-By: vramik <vramik@redhat.com>
2020-07-22 00:08:15 +02:00
Hynek Mlnarik
ac0011ab6f KEYCLOAK-14553 Client map store
Co-Authored-By: vramik <vramik@redhat.com>
2020-07-22 00:08:15 +02:00
Takashi Norimatsu
e0fbfa722e KEYCLOAK-14189 Client Policy : Basics 2020-07-21 07:50:08 +02:00
vmuzikar
7087c081f0 KEYCLOAK-14023 Instagram User Endpoint change
Co-authored-by: Jean-Baptiste PIN <jibet.pin@gmail.com>
2020-07-10 17:36:51 -03:00
Pedro Igor
9c4da9b3ce [KEYCLOAK-14147] - Request filter refactoring
Co-authored-by: Stian Thorgersen <stian@redhat.com>
Co-authored-by: Martin Kanis <mkanis@redhat.com>
2020-07-07 11:26:12 -03:00
Plamen Kostov
914b226d11 [KEYCLOAK-14282] Create additional filtering for GET /users endpoint for enabled/disabled users 2020-07-03 09:07:42 -03:00
Martin Idel
05b6ef8327 KEYCLOAK-14536 Migrate UserModel fields to attributes
- In order to make lastName/firstName/email/username field
  configurable in profile
  we need to store it as an attribute
- Keep database as is for now (no impact on performance, schema)
- Keep field names and getters and setters (no impact on FTL files)

Fix tests with logic changes

- PolicyEvaluationTest: We need to take new user attributes into account
- UserTest: We need to take into account new user attributes

Potential impact on users:

- When subclassing UserModel, consistency issues may occur since one can
  now set e.g. username via setSingleAttribute also
- When using PolicyEvaluations, the number of attributes has changed
2020-06-25 14:50:57 +02:00
Pedro Igor
e16f30d31f [KEYCLOAK-2343] - Allow exact user search by user attributes
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2020-06-10 12:02:50 -03:00
Yoshiyuki Tabata
f03ee2ec98 KEYCLOAK-14145 OIDC support for Client "offline" session lifespan 2020-06-04 14:24:52 +02:00
stianst
b04932ede5 KEYCLOAK-12414 Remove the need to specify defaults in config file 2020-05-13 09:02:29 -03:00
Michael Cooney
3291161954 KEYCLOAK-13818: Addressing performance issues with adding client scopes during realm creation. Removing redundant lookups by passing all scopes that need to be created at once. 2020-05-12 15:59:42 +02:00
keycloak-bot
ae20b7d3cd Set version to 11.0.0-SNAPSHOT 2020-04-29 12:57:55 +02:00
Yoshiyuki Tabata
874642fe9e KEYCLOAK-12406 Add "Client Session Max" and "Client Session Idle" for OIDC 2020-04-28 15:34:25 +02:00
Martin Idel
7e8018c7ca KEYCLOAK-11862 Add Sync mode option
- Store in config map in database and model
- Expose the field in the OIDC-IDP
- Write logic for import, force and legacy mode
- Show how mappers can be updated keeping correct legacy mode
- Show how mappers that work correctly don't have to be modified
- Log an error if sync mode is not supported

Fix updateBrokeredUser method for all mappers

- Allow updating of username (UsernameTemplateMapper)
- Delete UserAttributeStatementMapper: mapper isn't even registered
  Was actually rejected but never cleaned up: https://github.com/keycloak/keycloak/pull/4513
  The mapper won't work as specified and it's not easy to tests here
- Fixup json mapper
- Fix ExternalKeycloakRoleToRoleMapper:
  Bug: delete cannot work - just delete it. Don't fix it in legacy mode

Rework mapper tests

- Fix old tests for Identity Broker:
  Old tests did not work at all:
  They tested that if you take a realm and assign the role,
  this role is then assigned to the user in that realm,
  which has nothing to do with identity brokering
  Simplify logic in OidcClaimToRoleMapperTests
- Add SyncMode tests to most mappers
  Added tests for UsernameTemplateMapper
  Added tests to all RoleMappers
  Add test for json attribute mapper (Github as example)
- Extract common test setup(s)
- Extend admin console tests for sync mode

Signed-off-by: Martin Idel <external.Martin.Idel@bosch.io>
2020-04-24 15:54:32 +02:00
Takashi Norimatsu
8513760e25 KEYCLOAK-12176 WebAuthn: show the attestation statement format in the admin console 2020-04-23 10:01:19 +02:00
keycloak-bot
33314ae3ca Set version to 10.0.0-SNAPSHOT 2020-04-21 09:19:32 +02:00
Stefan Guilhen
d3a4bef9a4 [KEYCLOAK-8789] Fix getAttribute(String name) implementations so they never return null
- user adapter classes were violating the UserModel contract as the javadoc for the method states that null must never be returned
2020-04-14 16:35:35 +02:00
Pedro Igor
b812159193 [KEYCLOAK-10675] - Deleting an Identity Provider doesn't remove the associated IdP Mapper for that user 2020-03-26 11:41:17 +01:00
keycloak-bot
f6a592b15a Set version to 9.0.4-SNAPSHOT 2020-03-24 08:31:18 +01:00
mposolda
72e4690248 KEYCLOAK-13174 Not possible to delegate creating or deleting OTP credential to userStorage 2020-03-11 12:51:56 +01:00
mposolda
803f398dba KEYCLOAK-12876 KEYCLOAK-13148 KEYCLOAK-13149 KEYCLOAK-13151 Re-introduce some changes to preserve UserStorage SPI backwards compatibility. Added test for backwards compatibility of user storage 2020-03-11 12:51:56 +01:00
rmartinc
ad3b9fc389 KEYCLOAK-12579: LDAP groups duplicated during UI listing of user groups 2020-03-11 06:14:29 +01:00
Sebastian Schuster
99aba33980 KEYCLOAK-13163 Fixed searching for user with fine-grained permissions 2020-03-09 09:56:13 -03:00
Pedro Igor
2f489a41eb [KEYCLOAK-12192] - Missing Input Validation in IDP Authorization URLs 2020-03-05 06:32:35 +01:00
stianst
bcb542d9cc KEYCLOAK-13116 Fix backwards compatilbity changes in LocaleSelectorSPI 2020-03-04 06:39:24 +01:00
stianst
9e47022116 KEYCLOAK-8044 Clear theme caches on hot-deploy 2020-02-20 08:50:10 +01:00
keycloak-bot
d352d3fa8e Set version to 9.0.1-SNAPSHOT 2020-02-17 20:38:54 +01:00
mposolda
a76c496c23 KEYCLOAK-12860 KEYCLOAK-12875 Fix for Account REST Credentials to work with LDAP and social users 2020-02-14 20:24:42 +01:00
stianst
42773592ca KEYCLOAK-9632 Improve handling of user locale 2020-02-14 08:32:20 +01:00
Axel Messinese
b73553e305 Keycloak-11526 search and pagination for roles 2020-02-05 15:28:25 +01:00
rmartinc
5b9eb0fe19 KEYCLOAK-10884: Need clock skew for SAML identity provider 2020-02-03 22:00:44 +01:00
Marek Posolda
154bce5693
KEYCLOAK-12340 KEYCLOAK-12386 Regression in credential handling when … (#6668) 2020-02-03 19:23:30 +01:00
Leon Graser
01a42f417f Search and Filter for the count endpoint 2020-02-03 09:36:30 +01:00
Marek Posolda
d8e450719b
KEYCLOAK-12469 KEYCLOAK-12185 Implement nice design to the screen wit… (#6690)
* KEYCLOAK-12469 KEYCLOAK-12185 Add CredentialTypeMetadata. Implement the screen with authentication mechanisms and implement Account REST Credentials API by use the credential type metadata
2020-01-31 14:28:23 +01:00
Marek Posolda
d46620569a
KEYCLOAK-12174 WebAuthn: create authenticator, requiredAction and policy for passwordless (#6649) 2020-01-29 09:33:45 +01:00
Benjamin Weimer
dd9ad305ca KEYCLOAK-12757 New Identity Provider Mapper "Advanced Claim to Role Mapper" with
following features

    * Regex support for claim values.
    * Support for multiple claims.
2020-01-23 07:17:22 -06:00
Peter Skopek
530b99c933 KEYCLOAK-12281 Fix export/import for users that have custom credential algorithms with no salt
- do not swallow exception when decoding salt
2020-01-23 05:43:29 -06:00
Peter Skopek
b8a8f88764 KEYCLOAK-12281 Fix export/import for users that have custom credential algorithms with no salt
- do not swallow exception when decoding salt
2020-01-23 05:43:29 -06:00
mposolda
f0d95da52d KEYCLOAK-12281 Fix export/import for users that have custom credential algorithms with no salt 2020-01-23 05:43:29 -06:00
Stefan Guilhen
9f69386a53 [KEYCLOAK-11707] Add support for Elytron credential store vault
- Adds the elytron-cs-keystore provider that reads secrets from a keystore-backed elytron credential store
 - Introduces an abstract provider and factory that unifies code that is common to the existing implementations
 - Introduces a VaultKeyResolver interface to allow the creation of different algorithms to combine the realm
   and key names when constructing the vault entry id
 - Introduces a keyResolvers property to the existing implementation via superclass that allows for the
   configuration of one or more VaultKeyResolvers, creating a fallback mechanism in which different key formats
   are tried in the order they were declared when retrieving a secret from the vault
 - Adds more tests for the files-plaintext provider using the new key resolvers
 - Adds a VaultTestExecutionDecider to skip the elytron-cs-keystore tests when running in Undertow. This is
   needed because the new provider is available only as a Wildfly extension
2019-12-18 11:54:06 +01:00
harture
26458125cb [KEYCLOAK-12254] Fix re-evaluation of conditional flow (#6558) 2019-12-18 08:45:11 +01:00
Douglas Palmer
106e6e15a9 [KEYCLOAK-11859] Added option to always display a client in the accounts console 2019-12-17 17:12:49 -03:00
Cristian Schuszter
5c7ce775cf KEYCLOAK-11472 Pagination support for clients
Co-authored-by: stianst <stianst@gmail.com>
2019-12-05 08:17:17 +01:00
Andrei Arlou
301e76c0b9 KEYCLOAK-12214 Fix minor warnings for collections in module "server-spi" 2019-11-26 08:57:21 +01:00
Andrei Arlou
448344f5ca KEYCLOAK-12212 Remove unused imports from module "server-spi" 2019-11-26 08:41:45 +01:00
Andrei Arlou
71b17375de KEYCLOAK-12213 Fix minor warnings with modificators for methods and fields in module "server-spi" 2019-11-26 08:39:34 +01:00
keycloak-bot
76aa199fee Set version to 9.0.0-SNAPSHOT 2019-11-15 20:43:21 +01:00
stianst
3a36569e20 KEYCLOAK-9129 Don't expose Keycloak version in resource paths 2019-11-15 08:21:28 +01:00
AlistairDoswald
4553234f64 KEYCLOAK-11745 Multi-factor authentication (#6459)
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
stianst
b8881b8ea0 KEYCLOAK-11728 New default hostname provider
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2019-11-11 12:25:44 +01:00
pkokush
ff551c5545 KEYCLOAK-10307: check password history length in password verification (#6058) 2019-10-24 21:33:21 +02:00
Martin Kanis
37304fdd7d KEYCLOAK-10728 Upgrade to WildFly 18 Final 2019-10-21 14:06:44 +02:00
Takashi Norimatsu
7c75546eac KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
* KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
2019-10-01 15:17:38 +02:00
Cédric Couralet
9c37da0ee9 KEYCLOAK-8818 Support message bundle in theme resources 2019-09-11 08:03:16 +02:00
Hynek Mlnarik
6738e063f4 KEYCLOAK-11072 Mark vault SPI as a public SPI 2019-09-10 16:54:47 +02:00
Stefan Guilhen
bb9c811a65 [KEYCLOAK-10935] Add a vault transcriber implementation that can be obtained from the session.
- automatically parses ${vault.<KEY>} expressions to obtain the key that contains the secret in the vault.
 - enchances the capabilities of the VaultProvider by offering methods to convert the raw secrets into other types.
2019-09-04 22:34:08 +02:00
Takashi Norimatsu
8225157a1c KEYCLOAK-6768 Signed and Encrypted ID Token Support 2019-08-15 15:57:35 +02:00
Vlastimil Elias
4571f65d1e KEYCLOAK-10209 - AuthenticationSessionModel made available through
KeycloakContext in KeycloakSession
2019-07-30 12:36:57 +02:00
keycloak-bot
17e9832dc6 Set version to 8.0.0-SNAPSHOT 2019-07-19 19:05:03 +02:00
Martin Kanis
efdf0f1bd8 KEYCLOAK-6839 You took too long to login after SSO idle 2019-07-10 10:15:26 +02:00
Tomasz Prętki
0376e7241a KEYCLOAK-10251 New Claim JSON Type - JSON 2019-07-08 11:59:57 +02:00
keycloak-bot
49d4e935cb Set version to 7.0.0-SNAPSHOT 2019-04-17 09:48:07 +01:00
Axel Messinese
e18fb56389 KEYCLOAK-4978 Add endpoint to get groups by role 2019-03-15 06:00:17 +01:00
rmartinc
231db059b2 KEYCLOAK-8996: Provide a way to set a responder certificate in OCSP/X509 Authenticator 2019-03-07 07:57:20 +01:00
keycloak-bot
e843d84f6e Set version to 6.0.0-SNAPSHOT 2019-03-06 15:54:08 +01:00
Gideon Caranzo
4cd617bc42 KEYCLOAK-8977 Added method to return KeycloakSession from RealmCreationEvent 2019-02-21 11:21:54 +01:00
Thibault Nélis
cc79963f81 Fix typo: "credentia" -> "credential" 2019-02-21 11:20:06 +01:00
stianst
e06c705ca8 Set version 5.0.0 2019-02-21 09:35:14 +01:00
stianst
7c9f15778a Set version to 4.8.3.Final 2019-01-09 20:39:30 +01:00
stianst
7c4890152c Set version to 4.8.2 2019-01-03 14:43:22 +01:00
mposolda
c51c492996 KEYCLOAK-9050 Change LoginProtocol.authenticated to read most of the values from authenticationSession 2018-12-12 13:30:03 +01:00
Hynek Mlnarik
dad12635f6 KEYCLOAK-9014 Fix displayed applications 2018-12-10 09:59:46 +01:00
Pedro Igor
0c39eda8d2 [KECLOAK-8237] - Openshift Client Storage 2018-12-06 10:57:53 -02:00
stianst
b674c0d4d9 Prepare for 4.8.0.Final 2018-12-04 13:54:25 +01:00
mposolda
6db1f60e27 KEYCLOAK-7774 KEYCLOAK-8438 Errors when SSO authenticating to same client multiple times concurrently in more browser tabs 2018-11-21 21:51:32 +01:00
Takashi Norimatsu
0793234c19 KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 (#5603)
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

also support client signed signature verification by refactored token
verification mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

incorporate feedbacks and refactor client public key loading mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

unsigned request object not allowed

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

revert to re-support "none"
2018-11-19 14:28:32 +01:00
mposolda
0533782d90 KEYCLOAK-7275 KEYCLOAK-5479 Faster offline sessions preloading at startup. Track lastSessionRefresh timestamps more properly by support bulk update to DB 2018-11-16 14:23:28 +01:00
Leon Graser
85f11873c3 KEYCLOAK-8613 Group Membership Pagination 2018-11-15 17:54:07 +01:00
Thomas Darimont
cf57a1bc4b KEYCLOAK-1267 Add dedicated SSO timeouts for Remember-Me
Previously remember-me sessions where tied to the SSO max session
timeout which could lead to unexpected early session timeouts.
We now allow SSO timeouts to be configured separately for sessions
with enabled remember-me. This enables users to opt-in for longer
session timeouts.

SSO session timeouts for remember-me can now be configured in the
tokens tab in the realm admin console. This new configuration is
optional and will tipically host values larger than the regular
max SSO timeouts. If no value is specified for remember-me timeouts
then the regular max SSO timeouts will be used.

Work based on PR https://github.com/keycloak/keycloak/pull/3161 by
Thomas Darimont <thomas.darimont@gmail.com>
2018-11-15 06:11:22 +01:00
stianst
ecd476fb10 Prepare for 4.7.0.Final 2018-11-14 20:10:59 +01:00
mposolda
ffcd8e09e7 KEYCLOAK-8175 Possibility of clientScope not being used if user doesn't have a role 2018-10-31 18:04:41 +01:00
Graser Leon
9ef4c7fffd KEYCLOAK-8377 Role Attributes 2018-10-24 22:04:28 +02:00
Gideon Caranzo
7d85ce93bb KEYCLOAK-8555 queried only realms with user storage provider to speed up user storage sync bootstrap 2018-10-19 09:53:58 +02:00
vramik
7a96911a83 KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
stianst
86a2f28561 KEYCLOAK-8310 Add support to set fixed scheme on fixed hostname provider 2018-10-05 09:34:17 +02:00
mposolda
0d9b1e73b8 KEYCLOAK-7855 Cannot reset Client Consent Screen Text 2018-10-04 21:00:48 +02:00
mposolda
2a4cee6044 KEYCLOAK-6884 KEYCLOAK-3454 KEYCLOAK-8298 Default 'roles' and 'web-origins' client scopes. Add roles and allowed-origins to the token through protocol mappers 2018-10-04 12:00:38 +02:00
Pedro Igor
b4b3527df7 [KEYCLOAK-7950] - Fixes user pagination when using filtering users members of groups 2018-10-02 15:44:23 -03:00
stianst
c3fc9e9815 Set version to 4.6.0.Final-SNAPSHOT 2018-09-26 20:58:41 +02:00
Johannes Knutsen
d4a5c81034 KEYCLOAK-8146: Extract LocaleSelectorSPI to allow custom overrides of locale selection 2018-09-11 20:35:48 +02:00
stianst
24e60747b6 KEYCLOAK-7560 Refactor token signature SPI PR
Also incorporates:
KEYCLOAK-6770 ES256/384/512 providers
KEYCLOAK-4622 Use HS256 for refresh tokens
KEYCLOAK-4623 Use HS256 for client reg tokens
2018-09-11 08:14:10 +02:00
stianst
bf758809ba KEYCLOAK-6229 OpenShift Token Review interface 2018-09-07 08:21:28 +02:00
stianst
1fb4ca4525 Set version to 4.5.0.Final 2018-09-06 20:08:02 +02:00
vramik
8761819b24 KEYCLOAK-8176 fix export issue for required action 2018-09-05 08:40:31 +02:00
mposolda
b70468341e KEYCLOAK-7470 Ability to order client scopes 2018-08-29 14:37:27 +02:00
mposolda
959cd035ba Set version to 4.3.0.Final-SNAPSHOT 2018-08-01 22:40:05 +02:00
stianst
f99299ee39 KEYCLOAK-7967 Introduce Hostname SPI 2018-08-01 11:57:45 +02:00
Hiroyuki Wada
7c0ca9aad2 KEYCLOAK-6313 Add required action's priority for customizing the execution order 2018-07-23 22:21:04 +02:00
mposolda
d0a824dde4 Updating version to 4.2.0.Final-SNAPSHOT 2018-07-05 07:42:48 -04:00
stianst
3c5027de3c KEYCLOAK-7701 Refactor key providers to support additional algorithms 2018-06-29 14:14:25 +02:00
Takashi Norimatsu
2fb022e501 KEYCLOAK-7688 Offline Session Max for Offline Token 2018-06-26 08:25:06 +02:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support (#5076)
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes

Co-authored-by: vramik <vramik@redhat.com>

* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
2018-06-08 15:38:38 +02:00
Martin Kanis
f429469fc8 KEYCLOAK-5270 Realm cookie path for IE<=11 users (#5106) 2018-05-31 08:44:34 +02:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT (#5185) 2018-05-02 14:32:20 +02:00
stianst
07fea02146 Bump versions to 4.0.0.Beta2-SNAPSHOT 2018-03-26 18:17:38 +02:00
Pedro Igor
91bdc4bde2 [KEYCLOAK-3169] - UMA 2.0 (#4368)
* [KEYCLOAK-3169] - UMA 2.0 Support

* [KEYCLOAK-3169] - Changes to account service and more tests

* [KEYCLOAK-3169] - Code cleanup and tests

* [KEYCLOAK-3169] - Changes to account service and tests

* [KEYCLOAK-3169] - Changes to account service and tests

* [KEYCLOAK-3169] - More tests

* [KEYCLOAK-3169] - Changes to adapter configuration

* [KEYCLOAK-3169] - Reviewing UMA specs and more tests

* [KEYCLOAK-3169] - Reviewing UMA specs and more tests

* [KEYCLOAK-3169] - Changes to UMA Grant Type and refactoring

* [KEYCLOAK-3169] - Refresh tokens for RPT responses and tests

* [KEYCLOAK-3169] - Changes to account my resources and policy enforcers

* [KEYCLOAK-3169] - Realm settings flag to enable/disable user-managed access in account mgmt console

* [KEYCLOAK-3169] - More changes to my resource pages in account mgmt console

* [KEYCLOAK-3169] - Need to enable user-managed on realm to run tests

* [KEYCLOAK-3169] - Removing more UMA 1.0 related code

* [KEYCLOAK-3169] - Only submit requests if ticket exists

* [KEYCLOAK-3169] - Returning UMA 401 response when not authenticated

* [KEYCLOAK-3169] - Removing unused code

* [KEYCLOAK-3169] - Removing unused code

* [KEYCLOAK-3169] - 403 response in case ticket is not created

* [KEYCLOAK-3169] - Fixing AbstractPhotozExampleAdapterTest#testClientRoleRepresentingUserConsent

* [KEYCLOAK-3169] - 403 status code only returned for non-bearer clients
2018-02-28 08:53:10 +01:00
Bill Burke
aa089980ce
Merge pull request #4942 from mstruk/KEYCLOAK-5807
KEYCLOAK-5807 Intermittent failures in UserStorageTest
2018-02-26 12:14:38 -05:00
stianst
505cf5b251 KEYCLOAK-6519 Theme resource provider 2018-02-09 08:28:59 +01:00
Marko Strukelj
62a9d4ea91 KEYCLOAK-5807 Under daily eviction policy user entries not returned from cache when they should 2018-02-02 19:27:23 +01:00
vramik
019c3c9ef9 KEYCLOAK-6146 realm import fails when password policy is specified 2018-02-02 08:30:06 +01:00
Bill Burke
126dd70efc client stat improvement 2018-01-31 13:05:13 -05:00
Bill Burke
4bf23cc83a caching 2018-01-29 12:28:17 -05:00
Bill Burke
1d8e38f0c6 admin console 2018-01-27 13:05:02 -05:00
Bill Burke
6b84b9b4b6 done 1st iteration 2018-01-27 09:47:16 -05:00
Bill Burke
ddad1cb8af Merge remote-tracking branch 'upstream/master' into client-storage-spi 2018-01-25 10:08:37 -05:00
Bill Burke
8a17b61f4e initial work 2018-01-25 10:08:26 -05:00
Bill Burke
7c66f76858
Merge pull request #4932 from patriot1burke/per-client-flow
KEYCLOAK-6335
2018-01-25 09:55:11 -05:00
Douglas Palmer
42759be6ff [KEYCLOAK-6143] Remove Hmac prefix from algorithms in the OTP manual config pages 2018-01-25 07:10:30 +01:00
Bill Burke
a9297df89c KEYCLOAK-6335 2018-01-23 12:09:49 -05:00
stianst
35ada9d636 KEYCLOAK-6289 Add ThemeSelectorSPI 2018-01-18 09:14:13 +01:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
stianst
b303acaaba KEYCLOAK-2120 Added manual setup page for OTP 2017-12-18 11:20:20 +01:00
Hynek Mlnarik
e4a91c0706 KEYCLOAK-6042 Encode user ID before storing in auth session 2017-12-15 15:16:26 +01:00
mposolda
63efee6e15 KEYCLOAK-5938 Authentication sessions: Support for logins of multiple tabs of same client 2017-12-12 08:01:02 +01:00
Bill Burke
5d5a200413
Merge pull request #4818 from patriot1burke/master
KEYCLOAK-5926
2017-12-08 09:59:32 -05:00
Bill Burke
0dee393071 KEYCLOAK-5926 2017-12-07 19:49:10 -05:00
stianst
c055ffb083 KEYCLOAK-4215 Consider session expiration when setting token timeouts 2017-12-07 10:45:02 +01:00
mposolda
8a0fa521c4 KEYCLOAK-5915 Support for sticky sessions managed by loadbalancer. Support for KeyAffinityService 2017-12-06 13:06:54 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
mposolda
7b03eed9c8 KEYCLOAK-5797 Refactoring authenticationSessions to support login in multiple browser tabs with different clients 2017-11-30 12:56:45 +01:00
pedroigor
17748d5ba8 [KEYCLOAK-5660] - Adding UserQueryProvider.getUsersCount(realm, includeServiceAccount) method 2017-11-30 10:45:54 +01:00
Bill Burke
c66ff60c58 KEYCLOAK-5715 2017-11-17 11:34:32 -05:00
Bill Burke
485ba4a3e4 KEYCLOAK-5676 2017-11-15 10:29:02 -05:00
Bruno Oliveira
03d0488335 [KEYCLOAK-2052] Allows independently set timeouts for e-mail verification link and rest e.g. forgot password link
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2017-11-13 19:57:04 -02:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
Hynek Mlnarik
75c354fd94 KEYCLOAK-5745 Separate user and client sessions in infinispan 2017-10-26 10:39:41 +02:00
Marek Posolda
13fe9e7cf8 Merge pull request #4510 from glavoie/KEYCLOAK-3303
KEYCLOAK-3303: Allow reuse of refresh tokens.
2017-09-29 17:07:45 +02:00
mposolda
3b6e1f4e93 KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT 2017-09-29 13:20:22 +02:00
Gabriel Lavoie
134daeac7f KEYCLOAK-3303: Allow reuse of refresh tokens.
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
Bill Burke
fd025ae76b Merge pull request #4209 from guitaro/feature/group-search-and-pagination
[KEYCLOAK-2538] - groups pagination and group search
2017-09-23 20:52:19 -04:00
Antonio Howcroft Ferreira
a551195ddf KEYCLOAK-2035 update with feedback from PR by bburke 2017-09-22 15:05:49 +01:00
howcroft
e78bf5f876 Keycloak 2035
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
Léventé NAGY
503ce3a47f Merge branch 'master' into feature/group-search-and-pagination 2017-09-13 10:27:38 +02:00
Levente NAGY
db56d82dbd KEYCLOAK 2538 - UI group pagination - fix duplicate result for search + sort result 2017-09-12 11:45:37 +02:00
Hynek Mlnarik
24e9cbb292 KEYCLOAK-4899 Replace updates to user session with temporary auth session 2017-09-11 21:43:49 +02:00
Levente NAGY
2c24b39268 KEYCLOAK 2538 - UI group pagination 2017-09-07 19:39:06 +02:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
mposolda
fe5891fbdb KEYCLOAK-5293 Add notBefore to user 2017-08-23 08:58:26 +02:00
Levente NAGY
c8aa708cff Merge remote-tracking branch 'upstream/master' 2017-08-10 18:14:49 +02:00
mposolda
07e2136b3b KEYCLOAK-4187 Added UserSession support for cross-dc 2017-07-27 22:32:58 +02:00
Hynek Mlnarik
c36074c7f3 KEYCLOAK-4187 Minor updates (abstraction) 2017-07-18 15:08:06 +02:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
Josh Cain
89fcddd605 KEYCLOAK-3592 Docker auth implementation 2017-06-29 06:37:34 +02:00
Léventé NAGY
1a50e77a4d Merge branch 'master' into feature/group-search-and-pagination 2017-06-26 20:36:36 +02:00
Bill Burke
bc05560d4d Merge remote-tracking branch 'upstream/master' 2017-06-26 11:41:12 -04:00
Bill Burke
3ee86fedc7 Merge remote-tracking branch 'upstream/master' 2017-06-23 09:57:35 -04:00
Hynek Mlnarik
8f9ed32a66 KEYCLOAK-5078 ConcurrencyTest fails intermittently
This commit fixes 401 Unauthorized issues
2017-06-23 15:16:23 +02:00
Léventé NAGY
41d8d17062 Merge branch 'master' into feature/group-search-and-pagination 2017-06-22 17:41:30 +02:00
Bill Burke
d08ddade2e merge 2017-06-21 17:43:54 -04:00
Bill Burke
52e40922bc removal 2017-06-21 17:42:57 -04:00
mposolda
fc61a4e89f KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to realm model 2017-06-21 22:14:20 +02:00
mposolda
e91dd011c5 KEYCLOAK-4438 Disable kerberos flow when provider removed 2017-06-21 09:38:20 +02:00
Levente NAGY
f377a45c4e [KEYCLOAK-2538] - groups count for pagination limits 2017-06-07 20:52:22 +02:00
Levente NAGY
c4da7637d6 [KEYCLOAK-2538] - groups pagination and group search 2017-06-06 18:32:48 +02:00
Stian Thorgersen
8c53c5a90e KEYCLOAK-4888
Change default hashing provider for realm
2017-05-30 09:54:05 +02:00
mposolda
5560175888 KEYCLOAK-4626 Changed javadoc. Remove unused ClientSessionModel class 2017-05-25 18:51:05 +02:00
Stian Thorgersen
097a2267f5 KEYCLOAK-4889
Improve error messages for password policies
2017-05-23 13:18:06 +02:00
Hynek Mlnarik
b8262a9f02 KEYCLOAK-4628 Single-use cache + its functionality incorporated into reset password token. Utilize single-use cache for relevant actions in execute-actions token 2017-05-11 22:16:26 +02:00
Hynek Mlnarik
c431cc1b01 KEYCLOAK-4627 IdP email account verification + code cleanup. Fix for concurrent access to auth session notes 2017-05-11 22:16:26 +02:00
mposolda
168153c6e7 KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes 2017-05-11 22:16:26 +02:00
Hynek Mlnarik
47aaa5a636 KEYCLOAK-4627 reset credentials and admin e-mails use action tokens. E-mail verification via action tokens. 2017-05-11 22:16:26 +02:00
mposolda
e7272dc05a KEYCLOAK-4626 AuthenticationSessions - brokering works. Few other fixes and tests added 2017-05-11 22:16:26 +02:00
mposolda
a9ec69e424 KEYCLOAK-4626: AuthenticationSessions - working login, registration, resetPassword flows 2017-05-11 22:16:26 +02:00
mposolda
83b29c5080 KEYCLOAK-4626 AuthenticationSessions: start 2017-05-11 22:16:26 +02:00
Stian Thorgersen
c3a2b3a6b6 KEYCLOAK-4523 PBKDF2WithHmacSHA256 and PBKDF2WithHmacSHA512 providers 2017-05-11 11:58:22 +02:00
Eriksson Fabian
ca1152c3e5 KEYCLOAK-4204 Extend brute force protection with permanent lockout on failed attempts
- Can still use temporary brute force protection.
- After X-1 failed login attempt, if the user successfully logs in his/her fail login count is reset.
2017-04-28 09:02:10 +02:00
Stian Thorgersen
87dedb56e5 Set version to 3.2.0.CR1-SNAPSHOT 2017-04-27 14:23:03 +02:00
Stian Thorgersen
a87ee04024 Bump to 3.1.0.CR1-SNAPSHOT 2017-03-16 14:21:40 +01:00
Bill Burke
3bb29e033b KEYCLOAK-4501, KEYCLOAK-4511, KEYCLOAK-4513 2017-03-03 09:48:52 -05:00
Bill Burke
cf5e2a1d20 unlink/remoteimported 2017-02-08 19:48:22 -05:00
Bill Burke
f128be9b31 LDAP No-Import 2017-02-04 10:29:34 -05:00
Bill Burke
79dede8e78 KEYCLOAK-4363 2017-02-01 10:19:15 -05:00
Stian Thorgersen
6f22f88d85 Bump version to 3.0.0.CR1 2017-01-26 06:18:11 +01:00
mposolda
843b4b470b KEYCLOAK-2333 LDAP/MSAD password policies are not used when user changes password 2017-01-17 21:06:09 +01:00
Bill Burke
6aee6b0c46 KEYCLOAK-4220 2017-01-13 11:45:48 -05:00
Bill Burke
89e6f93fa4 KEYCLOAK-4099 2017-01-12 09:34:26 -05:00
Bill Burke
6ac1301dc2 Merge remote-tracking branch 'upstream/master' 2017-01-03 15:21:16 -05:00
Stian Thorgersen
e805ffd945 Bump version to 2.5.1.Final-SNAPSHOT 2016-12-22 08:22:18 +01:00
Bill Burke
172007f59c conflict 2016-12-20 08:56:08 -05:00
Marek Posolda
c6363aa146 Merge pull request #3630 from sldab/duplicate-email-support
KEYCLOAK-4059 Support for duplicate emails
2016-12-19 15:37:18 +01:00
Slawomir Dabek
93cec9b3ee KEYCLOAK-4059 Support for duplicate emails 2016-12-19 10:55:12 +01:00
Stian Thorgersen
f29bb7d501 KEYCLOAK-4092 key provider for HMAC signatures 2016-12-19 10:50:43 +01:00
Bruno Oliveira
15f23eb045
[KEYCLOAK-3560]: Unable to import exported users which contain terms_and_conditions required action 2016-12-06 15:29:56 -02:00
Hynek Mlnarik
3c4114091f KEYCLOAK-4035 Composite roles need to be expanded in SAML attribute mapper 2016-12-05 16:16:08 +01:00
Bill Burke
8fd7091068 KEYCLOAK-3986 2016-12-03 09:33:52 -05:00
Bill Burke
ce50b0ed29 Merge remote-tracking branch 'upstream/master' 2016-12-02 19:26:34 -05:00
Bill Burke
e88af874ca finish 2016-12-02 19:25:17 -05:00
Stian Thorgersen
5ecc8d1c71 KEYCLOAK-4006 Fix performance drop caused by changes to client session codes 2016-12-01 12:17:54 +01:00
Stian Thorgersen
b771b84f56 Bump to 2.5.0.Final-SNAPSHOT 2016-11-30 15:44:51 +01:00
Bill Burke
9e50a45b4c UserBulkUpdateProvider interface 2016-11-29 18:43:22 -05:00
mposolda
69ce1e05f0 KEYCLOAK-3822 Changing signature validation settings of an external IdP is not sometimes reflected 2016-11-28 15:27:25 +01:00
mposolda
7c6032cc84 KEYCLOAK-3825 Ability to expire publicKeys cache. Migrated OIDCBrokerWithSignatureTest to new testsuite 2016-11-25 17:45:37 +01:00
Bill Burke
ccbd8e8c70 remove User Fed SPI 2016-11-23 16:06:44 -05:00
Bill Burke
d5925b8ccf remove realm UserFed SPI methods 2016-11-23 08:31:20 -05:00
Bill Burke
045d6ef1d0 Merge remote-tracking branch 'upstream/master' 2016-11-22 11:28:09 -05:00
Stian Thorgersen
6ec82865d3 Bump version to 2.4.1.Final-SNAPSHOT 2016-11-22 14:56:21 +01:00
Bill Burke
798fd84698 Merge remote-tracking branch 'upstream/master' 2016-11-21 11:33:52 -05:00
Bill Burke
19575b2c8f port kerberos 2016-11-21 11:33:44 -05:00
mposolda
76bfbad2c4 KEYCLOAK-3895 Make UserSessionProvider and UserSessionPersisterProvider to rely on UserRemovedEvent callbacks 2016-11-18 15:58:33 +01:00
Marek Posolda
3e71aeddf3 Merge pull request #3479 from hmlnarik/KEYCLOAK-3469-UserRealmRoleMapper
KEYCLOAK-3469 Make role mappers account for user groups
2016-11-18 09:21:56 +01:00
mposolda
a27be0cee7 KEYCLOAK-3857 Clustered invalidation cache fixes and refactoring. Support for cross-DC for invalidation caches. 2016-11-16 22:29:23 +01:00
Stian Thorgersen
b4f072ed81 KEYCLOAK-3882 Move more provider factories and SPIs to private 2016-11-15 12:05:25 +01:00
Bill Burke
cc0eb47814 merge 2016-11-14 15:09:41 -05:00
Hynek Mlnarik
750e942267 KEYCLOAK-3469 Make role mappers account for user groups 2016-11-14 11:38:00 +01:00
Bill Burke
8a5f817030 ldap jpa migration 2016-11-10 16:52:18 -05:00
Stian Thorgersen
7e33f4a7d1 KEYCLOAK-3882 Split server-spi into server-spi and server-spi-private 2016-11-10 13:28:42 +01:00
Bill Burke
4880c0443c ldap port admin console 2016-11-08 12:30:20 -05:00
Bill Burke
14dc0ff92f Merge remote-tracking branch 'upstream/master' 2016-11-05 20:05:01 -04:00
Bill Burke
4302b440ee ldap port 2016-11-05 20:04:53 -04:00
Bill Burke
c75dcb90c2 ldap port 2016-11-04 21:25:47 -04:00
Pedro Igor
706c1e2660 [KEYCLOAK-3704] - Registering UserSinchronizer to remove resources when the owner is removed 2016-11-02 21:40:58 -02:00
Bill Burke
ccaac40863 Merge pull request #3437 from patriot1burke/master
disable credential type REST and admin ui
2016-10-28 11:33:16 -04:00
Stian Thorgersen
b6b567f948 Merge pull request #3441 from stianst/KEYCLOAK-3733
KEYCLOAK-3733 Set default max results for paginated endpoints
2016-10-28 10:36:24 +02:00
Stian Thorgersen
a9d47287ee KEYCLOAK-3733 Set default max results for paginated endpoints 2016-10-28 09:15:05 +02:00
Stian Thorgersen
db428dad1d KEYCLOAK-3828
Component uses wrong role
2016-10-28 07:56:44 +02:00
Bill Burke
91da6a47d7 disable cred types ui 2016-10-27 16:17:02 -04:00
Bill Burke
6e773c84e8 Merge remote-tracking branch 'upstream/master' 2016-10-26 15:48:55 -04:00
Bill Burke
73e3f2a89b REST API for disable cred type 2016-10-26 15:48:45 -04:00
Bill Burke
69dddfa73a Merge pull request #3428 from patriot1burke/master
storage link on user detail
2016-10-26 14:58:33 -04:00
Stian Thorgersen
21459d0f43 Merge pull request #3430 from stianst/KEYCLOAK-3819
KEYCLOAK-3819 Add support to change name of components
2016-10-26 11:39:27 +02:00
Stian Thorgersen
a8c844828d KEYCLOAK-3819 Add support to change name of components 2016-10-26 10:00:58 +02:00
Bill Burke
3129e392b0 storage link on user detail 2016-10-25 16:50:34 -04:00
Bill Burke
f8a78d5565 finish cache policy 2016-10-25 16:13:22 -04:00
Bill Burke
68e853b4bd Merge remote-tracking branch 'upstream/master' 2016-10-25 13:40:32 -04:00
Bill Burke
2cc4a920a0 fix 2016-10-25 13:40:24 -04:00
Bill Burke
b67cb0e97a Merge remote-tracking branch 'upstream/master' 2016-10-25 11:44:22 -04:00
Stian Thorgersen
4b27e66714 KEYCLOAK-3782 Keysize for rsa-generated should be a dropdown 2016-10-25 08:52:02 +02:00
Bill Burke
3e28ac1e46 user spi cache policy 2016-10-24 15:36:37 -04:00
mposolda
c79378ca5f KEYCLOAK-3779 ClientRegistrationPolicies test failing 2016-10-21 10:24:51 +02:00
Stian Thorgersen
4d47f758fc Merge pull request #3405 from stianst/master
Bump version
2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb Bump version 2016-10-21 07:03:15 +02:00
Stian Thorgersen
9f8fb98083 Merge pull request #3382 from stianst/KEYCLOAK-3763
KEYCLOAK-3763
2016-10-20 21:24:11 +02:00
Bill Burke
fd86f3bda8 Merge pull request #3399 from patriot1burke/master
realm cache event
2016-10-20 14:02:41 -04:00
Stian Thorgersen
772a1580ff Merge pull request #3403 from mposolda/master
KEYCLOAK-3773 Testsuite failing with mongo
2016-10-20 19:31:37 +02:00
Stian Thorgersen
5a00aaefa8 KEYCLOAK-2594
bind credential being leaked in admin tool JSON response

KEYCLOAK-2972
Keycloak leaks configuration passwords in Admin Event logs
2016-10-20 19:30:59 +02:00
mposolda
c4ad84945c KEYCLOAK-3773 Testsuite failing with mongo 2016-10-20 17:47:34 +02:00
Bill Burke
36c2422fa4 realm cache event 2016-10-20 10:35:28 -04:00
Stian Thorgersen
839c4e8ede KEYCLOAK-3772
Login with Twitter is not working
2016-10-20 15:05:07 +02:00
Bill Burke
1f00625930 Merge pull request #3386 from patriot1burke/master
test component import/export
2016-10-19 19:58:59 -04:00
Bill Burke
cdf7dd3a6c Merge pull request #3372 from patriot1burke/master
onCreate for Components
2016-10-19 16:21:20 -04:00
Bill Burke
97dd10883c test component import/export 2016-10-19 16:20:59 -04:00
mposolda
3779bfb6b4 KEYCLOAK-3666 client registration policies - polishing 2016-10-19 17:45:23 +02:00
mposolda
4136d76b7e Minor javadoc update 2016-10-19 17:45:23 +02:00
mposolda
964cd50f1d KEYCLOAK-3666 Added client reg policies for maxClients and clientDisabled 2016-10-19 17:45:23 +02:00
Bill Burke
fdb8c04ac9 Merge remote-tracking branch 'upstream/master' 2016-10-19 10:06:48 -04:00
Bill Burke
46e32b36d2 onCreate for Components 2016-10-19 10:06:09 -04:00
Stian Thorgersen
bbc1d26b72 Merge pull request #3367 from stianst/KEYCLOAK-3745
KEYCLOAK-3745 Change attributes in user rep
2016-10-19 14:01:39 +02:00
Stian Thorgersen
4efe12cb93 KEYCLOAK-3745 Change attributes in user rep 2016-10-19 12:15:13 +02:00
Stian Thorgersen
24715eabec KEYCLOAK-3737
Migration problem from version 1.9.8 to 2.2.1
2016-10-19 09:06:55 +02:00
Bill Burke
2199df71bf Merge remote-tracking branch 'upstream/master' 2016-10-18 10:14:00 -04:00
Bill Burke
4182e4d92a federated import/export 2016-10-18 10:13:51 -04:00
Marek Posolda
940237ee78 Merge pull request #3304 from hmlnarik/KEYCLOAK-2964
KEYCLOAK-2964 - Fix groups not applied for authentication of admin operations
2016-10-18 14:50:12 +02:00
mposolda
a7287aad36 KEYCLOAK-3499 More fixes for IncludeInUserInfo. Fixing tests and migration 2016-10-18 13:09:30 +02:00
mposolda
00879b39b7 KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for 'List' type instead of defaultValue 2016-10-17 21:34:21 +02:00
Geir Ole Hiåsen Stevning
95f62c6aeb KEYCLOAK-3626 - CreatedDate and lastUpdatedDate on user consent 2016-10-17 13:53:12 +02:00
mposolda
5732b2c58f KEYCLOAK-3716 Unable to start Keycloak on wildfly 2016-10-17 12:22:33 +02:00
mposolda
18e0c0277f KEYCLOAK-3666 Dynamic client registration policies 2016-10-14 20:20:40 +02:00
Bill Burke
8c8a39c833 sync and import 2016-10-13 20:49:02 -04:00
Bill Burke
0938390654 sync and import 2016-10-13 20:38:49 -04:00
Stian Thorgersen
d2cae0f8c3 KEYCLOAK-905
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
Hynek Mlnarik
03cf9bad2e KEYCLOAK-2964 - Fix groups not applied for authentication of admin operations 2016-10-11 15:21:38 +02:00
Bill Burke
74325fe133 initial sync/import spi 2016-10-06 14:48:53 -04:00
Bill Burke
c5600e888d revactor CredentialValidationOutput apis 2016-10-04 17:26:45 -04:00
Bill Burke
4af0976194 remove UserCredValueModel and hold hash providers 2016-10-04 12:34:15 -04:00
mposolda
0f9798a10d KEYCLOAK-3493 KEYCLOAK-3532 Renamed KeyStorageProvider to PublicKeyStorageProvider 2016-10-03 15:23:50 +02:00
Bill Burke
d4c3fae546 merge conflicts 2016-09-30 19:19:12 -04:00
Bill Burke
6a4e413bf4 final mongo fixes 2016-09-30 19:08:34 -04:00
Bill Burke
110f6ad549 mongo fed 2016-09-30 16:48:59 -04:00
mposolda
f9a0abcfc4 KEYCLOAK-3493 KEYCLOAK-3532 Added KeyStorageProvider. Support key rotation for OIDC clients and identity providers with JWKS url. 2016-09-30 21:28:23 +02:00
Stian Thorgersen
5d34b7e682 Merge pull request #3189 from thomasdarimont/issue/KEYCLOAK-3491-revise-scripting-support
KEYCLOAK-3491 Revise Scripting Support
2016-09-29 10:12:15 +02:00
Bill Burke
8967ca4066 refactor mongo entities, optimize imports 2016-09-28 15:25:39 -04:00
Stian Thorgersen
a58c985934 Merge pull request #3268 from stianst/REVIEW
KEYCLOAK-2438
2016-09-28 13:27:26 +02:00
Stian Thorgersen
34f62eb31d Fixes to [KEYCLOAK-2438] PR 2016-09-28 10:25:37 +02:00
Bill Burke
d65cc830eb mongo fixes 2016-09-27 17:07:16 -04:00
Bruno Oliveira
98d2fe15e8 [KEYCLOAK-2438] - Add display name to social login buttons
[KEYCLOAK-3291] - Names of social identity providers are wrongly capitalized (eg GitHub vs Github)
2016-09-26 13:36:28 -03:00
Bill Burke
ecc104719d bump pom version 2016-09-26 11:01:18 -04:00
Bill Burke
ff1326fe35 authenticator example updated 2016-09-23 16:50:08 -04:00
Bill Burke
8e65356891 creds 2016-09-22 19:57:39 -04:00
Bill Burke
7209a95dce credential refactoring 2016-09-22 08:34:45 -04:00
Thomas Darimont
8e113384aa KEYCLOAK-3491 Revise Scripting Support
Refactored the scripting infrastructure and added documentation.
Added tests and an authenticator template in JavaScript for a quickstart.
Increased height of ace code editor to 600px to avoid scrolling.
2016-09-20 14:33:39 +02:00
Martin Hardselius
04d03452bd KEYCLOAK-3422 support pairwise subject identifier in oidc 2016-09-13 09:18:45 +02:00
mposolda
bf6246f5c1 KEYCLOAK-905 Realm keys rotation support on adapters 2016-09-12 21:24:04 +02:00
Stian Thorgersen
1630b9a20c Merge pull request #3220 from abstractj/KEYCLOAK-3535
KEYCLOAK-3535 - Check if SSSD is available via DBUS
2016-09-09 08:15:11 +02:00
Bill Burke
2a5c778af5 Merge pull request #3209 from patriot1burke/master
KEYCLOAK-3440
2016-09-08 09:10:54 -04:00
Stian Thorgersen
36bb94afb8 Environment dependent provider 2016-09-08 07:40:19 -03:00
mposolda
4fd0238ca9 KEYCLOAK-3542 Not possible to enable bruteForceProtection for realm 2016-09-08 12:30:38 +02:00
Stian Thorgersen
f726caea9b Merge pull request #3205 from stianst/KEYCLOAK-3342
KEYCLOAK-3342 Add Identity Provider authenticator
2016-09-08 08:40:32 +02:00
Stian Thorgersen
1f27fc9e4b Merge pull request #3153 from cargosoft/KEYCLOAK-3327
KEYCLOAK-3327 Make realm attributes accessible via the RealmModel
2016-09-08 08:00:14 +02:00
Stian Thorgersen
7c292b1213 KEYCLOAK-3342 Add Identity Provider authenticator 2016-09-08 07:20:35 +02:00
Bill Burke
3b9a6b32e1 Revert "Revert "KEYCLOAK-3440""
This reverts commit 01e48dc4b8.
2016-09-07 23:41:32 -04:00
Bill Burke
01e48dc4b8 Revert "KEYCLOAK-3440" 2016-09-07 23:17:35 -04:00
Bill Burke
3f35234cf5 Merge remote-tracking branch 'upstream/master' 2016-09-07 23:11:38 -04:00
Bill Burke
da135389c7 KEYCLOAK-3440 2016-09-07 23:11:28 -04:00
mposolda
5a015a6518 KEYCLOAK-3494 Input elements backed by user attributes fail to update in themes 2016-09-07 20:08:09 +02:00
Bill Burke
15d31a202f Merge remote-tracking branch 'upstream/master' 2016-09-06 08:56:17 -04:00
Bill Burke
6714c1a136 cred refactor 2016-09-06 08:55:47 -04:00
mposolda
8c5b1e4892 KEYCLOAK-3525 Validation callback when creating/updating protocolMapper 2016-09-06 07:15:27 +02:00
Stian Thorgersen
f5b4efc080 Merge pull request #3131 from abstractj/removal-changeset
Removal of never used classes from the changeset package
2016-09-05 09:35:08 +02:00
mposolda
a24a43c4be KEYCLOAK-3349 Support for 'request' and 'request_uri' parameters 2016-09-02 20:20:38 +02:00
Stian Thorgersen
1bea93b1e1 KEYCLOAK-3501 Fix NPE in migration of OTP action 2016-08-31 12:05:49 +02:00
mposolda
02f28a7e8e KEYCLOAK-3416 Add support for signed Userinfo requests 2016-08-30 20:21:04 +02:00
mposolda
494d9973a6 KEYCLOAK-3460 Support for ClientUpdatedEvent 2016-08-23 14:57:31 +02:00
Stian Thorgersen
c522a20ab9 KEYCLOAK-3447 Manual upgrade of database schema 2016-08-22 10:22:08 +02:00
Dimitri Teleguin
b109ce14b0 KEYCLOAK-3327 Make realm attributes accessible via the RealmModel 2016-08-18 23:28:32 +03:00
Pedro Igor
4cd0a8e894 [KEYCLOAK-3377] - Add pagination to authorization UI 2016-08-18 13:29:54 -03:00
Bill Burke
6c44e9befa Merge remote-tracking branch 'upstream/master' 2016-08-18 11:57:25 -04:00
Bill Burke
8e9cfc4a28 creds 2016-08-18 11:52:00 -04:00
Pedro Igor
a8d2b810cf [KEYCLOAK-3144] - Add authorization settings when exporting/importing a realm. 2016-08-15 10:35:28 -03:00
mposolda
3eb9134e02 KEYCLOAK-3424 Support for save JWKS in OIDC ClientRegistration endpoint 2016-08-12 15:51:14 +02:00
Pedro Igor
27187c11f1 Merge pull request #3138 from pedroigor/KEYCLOAK-3428
[KEYCLOAK-3428] - Removing scope policies in case the resource does not match
2016-08-11 14:59:20 -03:00
Pedro Igor
0030df060b [KEYCLOAK-3428] - Removing scope policies in case the resource does not match 2016-08-11 14:58:14 -03:00
mposolda
0520d465c1 KEYCLOAK-3414 Support for client registration from trusted hosts 2016-08-11 15:55:32 +02:00
Bruno Oliveira
4d8e19eb7c
Removal of never used classes from the changeset package 2016-08-10 17:28:38 -03:00
mposolda
d52e043322 Set version to 2.2.0-SNAPSHOT 2016-08-10 08:57:18 +02:00
Bill Burke
530870f05e realm components import/export 2016-08-09 15:06:29 -04:00
Bill Burke
ff703f935f component export/import 2016-08-09 12:25:04 -04:00
Bill Burke
83306963e8 jta transaction abstraction 2016-08-08 12:32:36 -04:00
Thomas Darimont
586f6eeece KEYCLOAK-3142 - Capture ResourceType that triggers an AdminEvent
Introduced new ResourceType enum for AdminEvents which lists
the current supported ResourceTypes for which AdminEvents
can be fired.

Previously it was difficult for custom EventListeners to figure
out which ResourceType triggered an AdminEvent in order
to handle it appropriately, effectively forcing users to parse
the representation.
Having dedicated resource types as a marker on an AdminEvent helps
to ease custom EventListener code.

We now also allow filtering of admin events by ResourceType in the
admin-console.

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-04 11:30:02 +02:00
Bill Burke
70722d0d3d user storage provider jpa example 2016-08-03 19:16:11 -04:00
Bill Burke
09693eb108 component model 2016-08-02 05:48:57 +02:00
mposolda
a5cbe113fd Migration fix 2016-08-02 05:45:20 +02:00
Dmitry Telegin
fea277a7f5 KEYCLOAK-3369: Fire RealmPostCreateEvent 2016-08-01 01:00:50 +03:00
Pedro Igor
3c8ed8e3d8 [KEYCLOAK-3372] - Code cleanup 2016-07-29 05:18:38 -03:00
Bill Burke
5d9fe09599 Merge pull request #3070 from mstruk/KEYCLOAK-2571
KEYCLOAK-2571 RESET_PASSWORD_ERROR and UPDATE_PASSWORD_ERROR events not fired
2016-07-28 07:23:32 -04:00
Bill Burke
2219cd363e Merge pull request #3079 from patriot1burke/master
KEYCLOAK-3268
2016-07-28 07:22:45 -04:00
Pedro Igor
7e1b97888a [KEYCLOAK-3338] - Adding client roles to role policy and UX improvements 2016-07-27 15:15:14 -03:00
Marko Strukelj
59e0570cdf KEYCLOAK-2571 RESET_PASSWORD_ERROR and UPDATE_PASSWORD_ERROR events not fired 2016-07-26 21:32:57 +02:00
Bill Burke
69f051fb0a test user fed registration spi 2016-07-23 08:55:06 -04:00
Bill Burke
06fca9c897 Merge remote-tracking branch 'upstream/master' 2016-07-22 11:42:14 -04:00
Bill Burke
72d134748c user fed spi querying tests 2016-07-22 11:42:07 -04:00
mposolda
56e011dce4 KEYCLOAK-3318 Adapter support for prompt and max_age. Refactoring to not hardcode OIDC specifics to CookieAuthenticator 2016-07-21 18:19:53 +02:00
Bill Burke
2a05f00d0c user fed tests 2016-07-20 17:26:00 -04:00
Bill Burke
c709598fdd user fed spi simple test 2016-07-20 10:59:45 -04:00
Stian Thorgersen
f384c2340e KEYCLOAK-3266 password policy NotUsername breaks new user registration 2016-07-15 07:34:13 +02:00
Stian Thorgersen
ea44b5888b KEYCLOAK-2824 Password Policy SPI 2016-07-14 07:20:30 +02:00
mposolda
c10a005997 KEYCLOAK-3290 UserInfoEndpoint error responses don't have correct statuses 2016-07-08 12:15:07 +02:00
Bill Burke
bf2ca4008e log level info 2016-07-07 12:06:57 -04:00
Bill Burke
0040d3fc3b Merge remote-tracking branch 'upstream/master' 2016-07-07 10:35:45 -04:00
Bill Burke
7e5a5f79cf fixes for new user fed spi 2016-07-07 10:35:35 -04:00
Stan Silvert
4628946a55 Automatically migrate required action name. 2016-07-05 15:07:54 -04:00
Stan Silvert
a231c1b31b RHSSO-296: Required Action "Configure Totp" should be "Configure OTP" 2016-07-05 15:07:52 -04:00
Stian Thorgersen
7cfee80e58 KEYCLOAK-3189 KEYCLOAK-3190 Add kid and typ to JWT header 2016-07-05 08:26:26 +02:00
Stian Thorgersen
450b57c76a Merge pull request #2984 from stianst/master
KEYCLOAK-3172 Add view authorization role to existing realms
2016-07-01 12:41:09 +02:00
Bill Burke
a19469aba5 Merge remote-tracking branch 'upstream/master' 2016-06-30 17:18:17 -04:00
Bill Burke
b224917fc5 bump version 2016-06-30 17:17:53 -04:00
Bill Burke
3f1eecc4be Merge remote-tracking branch 'upstream/master' 2016-06-30 16:47:55 -04:00
Pedro Igor
afa9471c7c [KEYCLOAK-3128] - Admin Client Authorization Endpoints 2016-06-30 10:26:05 -03:00
Stian Thorgersen
1fe8da67dc KEYCLOAK-3172 Add view authorization role to existing realms 2016-06-30 08:52:18 +02:00
Bill Burke
a9f6948d74 Merge remote-tracking branch 'upstream/master' 2016-06-29 15:37:32 -04:00
Bill Burke
f51098c50b user fed refactor 2016-06-29 15:37:22 -04:00
Pedro Igor
8b0bf503c3 [KEYCLOAK-3172] - Migrating older versions with authorization services. 2016-06-29 12:07:49 -03:00
mposolda
5c731b4d14 KEYCLOAK-3149 DB update triggered before DBLock is retrieved 2016-06-21 17:14:25 +02:00
Erik Mulder
f4ead484de KEYCLOAK-2474 Possibility to add custom SPI and extend the data model 2016-06-20 10:56:33 +02:00
Stian Thorgersen
3c0f7e2ee2 Merge pull request #2617 from pedroigor/KEYCLOAK-2753
[KEYCLOAK-2753] - Fine-grained Authorization Services
2016-06-17 13:40:15 +02:00
Pedro Igor
086c29112a [KEYCLOAK-2753] - Fine-grained Authorization Services 2016-06-17 02:07:34 -03:00
Stian Thorgersen
e538394e60 KEYCLOAK-3091 Change brute force to use userId 2016-06-13 15:30:13 +02:00
Bill Burke
4c9a0b45d4 Merge pull request #2229 from thomasdarimont/issue/KEYCLOAK-2489-script-based-authenticator-definitions
KEYCLOAK-2489 - Add support for Script-based AuthenticationExecution definitions.
2016-06-05 11:12:05 -04:00
Thomas Darimont
4bc64350b2 KEYCLOAK-3021: Add Realm Display Name to the label part of the otpauth URI.
Due to the  removal of the realm-displayname as a result of changes made for KEYCLOAK-2410
 the otpauth URI no longer included the realm display name as a hint for the user to which system an
 authenticator belongs to.

We now ensure that the realm display name is again part of the label component of the otpauth URI.
This enables a user to better distinguish between user accounts for different systems.
2016-05-20 13:59:19 +02:00
Thomas Darimont
c8d47926b8 KEYCLOAK-2489 - Add support for Script-based AuthenticationExecution definitions.
This is a POC for script based authenticator support.
Introduced a ScriptBasedAuthenticator that is bootstraped via a
ScriptBasedAuthenticatorFactory can be execute a configured script
against a provided execution context.
Added an alias property to the AuthFlowExecutionRepresentation in order
to be able to differentiate multiple instances of an Authenticator
within the same AuthFlow.

For convenience editing the AngularJS bindings for the ACE editor were
added for fancy script editing - this needs to be cut down a bit wrt to
themes and supported scripts - e.g. we probably don't expect users to write
authenticator scripts in Cobol...
Removed currently not needed ACE sytax highlighting and themes.

Scripting is now available to all keycloak components that have access to the KeycloakSession.
Introduced new Scripting SPI for configurable scripting providers.
2016-04-27 14:37:13 +02:00
mposolda
afc8179cf8 KEYCLOAK-2846 export/import of clientTemplate scopes 2016-04-20 13:30:01 +02:00
mposolda
32d7464e52 KEYCLOAK-2819 Fix realm security header setup after migration 2016-04-14 10:43:48 +02:00
Bill Burke
8f7f9e0b9c KEYCLOAK-2790 2016-04-12 18:25:23 -04:00
Stian Thorgersen
1c2eafeb80 KEYCLOAK-2807 Fix server info providers page 2016-04-12 15:38:52 +02:00
Stian Thorgersen
01beff741d KEYCLOAK-2766 Add missing id to AuthenticatorConfigRepresentation 2016-04-11 07:42:55 +02:00
mposolda
90fc721315 KEYCLOAK-2614 Refactor database lock to use 'SELECT FOR UPDATE' pessimistic locking 2016-04-08 12:20:54 +02:00
Stian Thorgersen
8de8446cb5 Merge pull request #2520 from stianst/KEYCLOAK-2756
KEYCLOAK-2756
2016-04-06 19:25:53 +02:00
Stian Thorgersen
6ccf3549ad KEYCLOAK-2756
Renaming a realm breaks down the Clients
2016-04-06 15:18:49 +02:00
mposolda
72371e5d76 KEYCLOAK-1982 Some builtin objects might be missing when import JSON exported from old versions 2016-04-06 11:43:58 +02:00
Stian Thorgersen
0c829cd605 KEYCLOAK-2262 Refactor realm resource provider, remove admin resource provider and added example 2016-04-06 10:24:30 +02:00
Pedro Igor
e876a3c988 [KEYCLOAK-2262] - New SPIs to extend both Realm and Admin RESTful APIs 2016-04-06 09:43:24 +02:00
Stian Thorgersen
134c9b11c0 KEYCLOAK-2608
Timestamp resolution of 1s for Event.time is inappropriate for use with tests
2016-04-04 08:30:01 +02:00
Bill Burke
4d5ae5dd68 KEYCLOAK-2512 2016-04-01 14:50:26 -04:00
mposolda
36bc97e3cd KEYCLOAK-2661 Broken migration from Keycloak 1.5 with Mongo 3 2016-03-31 22:30:41 +02:00
Bill Burke
12bf4b498e KEYCLOAK-2691 2016-03-30 15:07:24 -04:00
mposolda
c9545e16f7 KEYCLOAK-2713 Fix error at startup 2016-03-24 15:30:53 +01:00
Thomas Darimont
fa8af64098 KEYCLOAK-2686 - Fix failing migration from 1.9.1 to 1.9.2.
Since the `Map` returned by `realm.getBrowserSecurityHeaders()` is unmodifiable
we need to add the new header setting to a copy of the map which we then set
on the realm.
2016-03-21 09:52:25 +01:00