Commit graph

4918 commits

Author SHA1 Message Date
Stefan Guilhen
84df008bc2 [KEYCLOAK-16341] Make the new stream-based methods in server-spi user interfaces default instead of the collection-based versions.
- this ensures that providing implementation for the collection-based methods is enough, which preserves
   backwards compatibility with older custom implementations.
 - alternative interfaces now allow new implementations to focus on the stream variants of the query methods.
2020-11-18 21:07:51 +01:00
Douglas Palmer
43e075afa5 [KEYCLOAK-14352] JavaScript injection vulnerability of Realm registration REST API 2020-11-18 10:48:11 -03:00
Martin Bartos
ab347df5ee KEYCLOAK-14915 Upgrade registration screen to PF4 2020-11-18 10:54:17 +01:00
Takashi Norimatsu
9ce2e9b1f7 KEYCLOAK-14193 Client Policy - Condition : Client - Client Access Type 2020-11-18 09:49:22 +01:00
Hynek Mlnarik
29e3d89f3a KEYCLOAK-16297 Fix HttpClient stale connections 2020-11-16 14:59:00 +01:00
Martin Bartoš
59aa31084e KEYCLOAK-16143 Login form expected, but registraion form is displayed 2020-11-13 21:36:51 +01:00
Michal Hajas
a766a1dd16 KEYCLOAK-16074 Fix check3pCookiesSupported message callback 2020-11-13 16:01:50 -03:00
Miquel Simon
53dfa7c56b KEYCLOAK-14109. Added profiles for Spring 2.3 version.
KEYCLOAK-14737. Updated Jetty version to 9.4.29, as required per Spring 2.3.
2020-11-13 12:09:22 -03:00
Pedro Igor
56574afbeb [KEYCLOAK-11330] - Fixing client and realm tests 2020-11-13 13:53:31 +01:00
Takashi Norimatsu
21c7af1c53 KEYCLOAK-14207 Client Policy - Executor : Enforce more secure client signature algorithm when client registration 2020-11-13 09:24:59 +01:00
Pedro Igor
7ad1c350a3 [KEYCLOAK-16245] - Update Quarkus 1.10.0.CR1 2020-11-12 13:21:08 -03:00
Takashi Norimatsu
244a1b2382 KEYCLOAK-14196 Client Policy - Condition : Client - Client Scope 2020-11-12 08:40:28 +01:00
vmuzikar
01be601dbd KEYCLOAK-14306 OIDC redirect_uri allows dangerous schemes resulting in potential XSS
(cherry picked from commit e86bec81744707f270230b5da40e02a7aba17830)

Conflicts:
    testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
    testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
    services/src/main/java/org/keycloak/validation/DefaultClientValidationProvider.java
2020-11-12 08:21:54 +01:00
Takashi Norimatsu
e35a4bcefc KEYCLOAK-14206 Client Policy - Executor : Enforce more secure state and nonce treatment for preventing CSRF 2020-11-11 21:11:34 +01:00
Hynek Mlnarik
030a077e99 KEYCLOAK-16157 Fix Unexpected I/O error message 2020-11-11 11:12:52 +01:00
Pedro Igor
852c4a57ff [KEYCLOAK-14468] - Scope permission sometimes not removed when removing scopes 2020-11-11 08:44:28 +01:00
niwde
c69f92831b
[KEYCLOAK-16215] Typo in EventConfigTest 2020-11-10 13:54:39 -03:00
Martin Kanis
d9029b06b9 KEYCLOAK-15889 Streamification of ProtocolMappers 2020-11-10 16:40:34 +01:00
Takashi Norimatsu
a0b1710735 KEYCLOAK-14198 Client Policy - Condition : Client - Client IP 2020-11-10 15:37:26 +01:00
Stefan Guilhen
aa46735173 [KEYCLOAK-15200] Complement methods for accessing users with Stream variants 2020-11-10 15:13:11 +01:00
Takashi Norimatsu
a63814da67 KEYCLOAK-14201 Client Policy - Executor : Enforce Proof Key for Code Exchange (PKCE) 2020-11-09 08:18:05 +01:00
Thomas Darimont
de20830412 KEYCLOAK-9551 KEYCLOAK-16159 Make refresh_token generation for client_credentials optional. Support for revocation of access tokens.
Co-authored-by: mposolda <mposolda@gmail.com>
2020-11-06 09:15:34 +01:00
vmuzikar
2df62369c3 KEYCLOAK-15295 User can manage resources with just "view-profile" role using new Account Console
(cherry picked from commit 1b063825755d9f5aa13e612757e8ef7299430761)
2020-11-06 08:55:57 +01:00
stianst
6b2e1cbc5f KEYCLOAK-16167 Enable Account REST API by default 2020-11-06 08:06:03 +01:00
Takashi Norimatsu
6dc136dfc0 KEYCLOAK-14199 Client Policy - Executor : Enforce more secure client authentication method when client registration 2020-11-05 20:42:49 +01:00
Martin Bartos
7522d5ac74 KEYCLOAK-15841 Upgrade rest of the minor forms to PF4 2020-11-05 17:58:41 +01:00
Hynek Mlnarik
7b8575fa1a KEYCLOAK-16090 Work around LDAPUserLoginTest false failures 2020-11-03 08:38:54 +01:00
Pedro Igor
2b9ee02adc [KEYCLOAK-11698] - Change context path of Keycloak to / for Keycloak.X 2020-11-02 15:25:11 -03:00
Christoph Leistert
e131de9574 KEYCLOAK-14855 Added realm-specific localization texts which affect texts in every part of the UI (admin console / login page / personal info page / email templates). Also new API endpoints and a new UI screen to manage the realm-specific localization texts were introduced.
Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io>
2020-10-30 08:02:43 -03:00
vramik
785f2e78bc KEYCLOAK-14977 create MapRoleProvider 2020-10-30 08:15:22 +01:00
Johannes Knutsen
23c575c236 KEYCLOAK-15399: Wrong token type in token response. bearer vs Bearer 2020-10-28 10:38:22 -03:00
Pedro Igor
24f90ca6cb [KEYCLOAK-15406] - Grant access when evaluating user-managed permission for the owner 2020-10-28 09:59:24 -03:00
Martin Bartos
a8df7d88a1 [KEYCLOAK-14139] Upgrade login screen to PF4 2020-10-27 20:24:07 +01:00
rmartinc
561ba1541d [KEYCLOAK-15940] Tomcat SAML adapter lib missing dependencies 2020-10-26 11:47:48 +01:00
Hynek Mlnarik
267f1797d4 KEYCLOAK-15735 Fix LDAPSamlIdPInitiatedVaryingLetterCaseTest failures on few DBs 2020-10-23 15:15:03 +02:00
Hynek Mlnarik
e80538c60c KEYCLOAK-15921 Fix auth server URL 2020-10-23 15:14:01 +02:00
Pedro Igor
b95ca30ec2 [KEYCLOAK-14255] - Minor fixes and improvements 2020-10-23 10:39:21 +02:00
stianst
da6f7d697f KEYCLOAK-11786 Include Keycloak.X preview dist in distribution 2020-10-23 08:46:13 +02:00
Daniel Fesenmeyer
de8d2eafa3 KEYCLOAK-14781 Extend Admin REST API with search by federated identity
- Add parameters idpAlias and idpUserId to the resource /{realm}/users and allow it to be combined with the other search parameters like username, email and so on
- Add attribute "federatedIdentities" to UserEntity to allow joining on this field
- extend integration test "UserTest"
2020-10-22 08:51:26 +02:00
Sven-Torben Janus
850d3e7fef KEYCLOAK-15511 OTP registration during login with LDAP read-only
When LDAP user federation is configured in read-only mode, it is not
possible to set required actions for users from LDAP.
Keycloak credential model allows for registering OTP devices when LDAP
ist configured with "Import Users" flag enabled. Registering OTP devices
needs to be done via the account management console and works as
expecetd. However, it fails, if a user has to register aN OTP device
during login (i.e. within the authentication flow), because the OTP Form
Authenticator tries to enforce OTP registration via setting the
corresponding required action for the user. That fails, because the user
is read-only.
To work around this, the required action is set on the authentication
session instead.
2020-10-21 17:00:11 +02:00
mposolda
7891daef73 KEYCLOAK-15998 Keycloak OIDC adapter broken when Keycloak server is on http 2020-10-21 08:36:08 +02:00
Denis Richtárik
c8d0f2c59c
KEYCLOAK-15892 Can not install 7.4.3.CR1 Fuse adapter 2020-10-20 10:47:56 +02:00
mhajas
4556e858ad KEYCLOAK-15522 Use AbstractStorageManager in UserStorageManager 2020-10-15 20:41:13 +02:00
Sven-Torben Janus
eb002c7ecd KEYCLOAK-3365 Extend test case 2020-10-15 08:43:31 +02:00
Sven-Torben Janus
5918094840 KEYCLOAK-3365 Add test case 2020-10-15 08:43:31 +02:00
mhajas
d266165f63 KEYCLOAK-14871 Whitelist RefreshableKeycloakSecurityContext for KeycloakPrincipal serialization 2020-10-14 16:00:39 +02:00
Martin Kanis
086f7b4696 KEYCLOAK-15450 Complement methods for accessing realms with Stream variants 2020-10-14 08:16:49 +02:00
Hynek Mlnarik
ec39569970 KEYCLOAK-15928 Fix EAP 6 configuration directory 2020-10-13 17:12:29 +02:00
Hynek Mlnarik
4541a1b250 KEYCLOAK-15907 Fix new host in SAML adapter cannot restore session 2020-10-12 13:23:03 +02:00
testn
269a72d672 KEYCLOAK-15184: Use static inner class where possible 2020-10-09 23:37:08 +02:00
Luca Leonardo Scorcia
f274ec447b KEYCLOAK-15697 Make the Service Provider Entity ID user configurable 2020-10-09 22:04:02 +02:00
mposolda
ff05072c16 KEYCLOAK-15770 Skip creating session for docker protocol authentication 2020-10-09 07:53:26 +02:00
mposolda
d269af1b70 KEYCLOAK-15830 Remove authentication session after failed directGrant authentication 2020-10-07 18:13:21 +02:00
vmuzikar
bb7ce62cd5 KEYCLOAK-15332 Missing CORS headers in some endpoints in Account REST API 2020-10-07 09:07:55 -03:00
mhajas
540516c6a9 KEYCLOAK-15734 Exclude tests with testingClient in remote environment 2020-10-06 20:26:24 +02:00
dashaylan
65ecfc960a Combine UserInfo KcOidcBrokerConfiguration with OidcUserInfoClaimToRoleMapperTest 2020-10-06 08:44:02 +02:00
dashaylan
787d44be78 Reduce code duplication and test count 2020-10-06 08:44:02 +02:00
dashaylan
0d6da99844 Add UserInfo check fix and associated tests. 2020-10-06 08:44:02 +02:00
Markus Till
72f73f153a UserProfile M1 2020-10-05 09:59:44 -03:00
Michito Okai
eac3341241 KEYCLOAK-15779 Authorization Server Metadata for the URL of the
authorization server's JWK Set [JWK] document
2020-10-02 11:18:31 +02:00
Thomas Darimont
12576e339d KEYCLOAK-15146 Add support for searching users by emailVerified status
We now allow to search for users by their emailVerified status.
This enables users to easily find users and deal with incomplete user accounts.
2020-09-29 08:28:59 -03:00
vmuzikar
fbe18e67c3 KEYCLOAK-15721 KeycloakPromise sometimes doesn't work 2020-09-28 15:57:46 -03:00
Takashi Norimatsu
6596811d5d KEYCLOAK-14204 FAPI-RW Client Policy - Executor : Enforce Request Object satisfying high security level 2020-09-25 08:31:14 +02:00
mhajas
e4078933f8 KEYCLOAK-14828 Disable DTD for SAML XML parser
(cherry picked from commit 37de7de78b2ae0eebee97fe917642bb849325f86)
2020-09-24 13:35:21 +02:00
Pedro Igor
76dede0f1e [KEYCLOAK-14221] - Allow to map subject to userinfo response 2020-09-23 14:33:14 +02:00
vmuzikar
bca73fd04a KEYCLOAK-15158 Javascript adapter init() is throwing a promise error after upgrade to 11 2020-09-22 10:56:46 -03:00
Frode Ingebrigtsen
0a0b7da53e KEYCLOAK-15429 Add CORS origin on permission request with invalid access token 2020-09-22 08:56:21 -03:00
Denis
50210c4d9b KEYCLOAK-14161 Regression on custom registration process 2020-09-21 20:23:39 +02:00
mhajas
12bc84322a KEYCLOAK-14974 Map group storage provider 2020-09-21 15:56:32 +02:00
testn
2cd03569d6 KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader 2020-09-21 13:05:03 +02:00
vmuzikar
790b549cf9 KEYCLOAK-15262 Logout all sessions after password change 2020-09-18 20:09:40 -03:00
mhajas
b75ad2fbd8 KEYCLOAK-15259 Avoid using "null" Origin header as a valid value 2020-09-17 23:21:49 -07:00
mhajas
f7e0af438d KEYCLOAK-14232 Add Referrer-Policy: no-referrer to each response from Keycloak
(cherry picked from commit 0b49640231abc6e465542bd2608e1c908c079ced)
2020-09-17 23:21:49 -07:00
Pedro Igor
0978d78a48 [KEYCLOAK-14255] - Initial changes to configuration 2020-09-16 20:03:52 +02:00
Luca Leonardo Scorcia
10077b1efe KEYCLOAK-15485 Add option to enable SAML SP metadata signature 2020-09-16 16:40:45 +02:00
Martin Kanis
5d5e56dde3 KEYCLOAK-15199 Complement methods for accessing roles with Stream variants 2020-09-16 16:29:51 +02:00
Benjamin Weimer
f874e9a43c KEYCLOAK-9874 include realm and client roles in user info response 2020-09-16 10:01:02 +02:00
Takashi Norimatsu
b670734eec KEYCLOAK-14205 FAPI-RW Client Policy - Executor : Enforce Response Type of OIDC Hybrid Flow 2020-09-14 20:58:25 +02:00
Hynek Mlnarik
a05066d567 KEYCLOAK-15477 Fix permission evaluation logic 2020-09-14 20:53:46 +02:00
vmuzikar
a9a719b88c KEYCLOAK-15270 Account REST API doesn't verify audience 2020-09-14 08:43:09 -03:00
vmuzikar
cb5c893d87 Add tests for KEYCLOAK-15481 2020-09-11 07:03:24 -04:00
Miquel Simon
2572b1464b KEYCLOAK-15395. Removed totp/remove (DELETE) and credentials/password (GET, POST) endpoints. 2020-09-10 18:03:03 -03:00
Takashi Norimatsu
af2f18449b KEYCLOAK-14195 FAPI-RW Client Policy - Condition : Client - Client Role 2020-09-10 18:34:19 +02:00
Clement Cureau
b19fe5c01b Finegrain admin as fallback and added some tests 2020-09-10 12:26:55 -03:00
Sebastian Laskawiec
e01159a943 KEYCLOAK-14767 OpenShift Review Endpoint audience fix 2020-09-09 11:57:24 -03:00
Takashi Norimatsu
cbb79f0430 KEYCLOAK-15448 FAPI-RW : Error Response on OIDC private_key_jwt Client Authentication Error (400 error=invalid_client) 2020-09-09 11:14:21 +02:00
Benjamin Weimer
b2934e8dd0 KEYCLOAK-15327 backchannel logout invalidate offline session even if there is no corresponding active session found 2020-09-08 11:17:20 -03:00
Martin Kanis
4e9bdd44f3 KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak 2020-09-07 13:11:55 +02:00
stianst
76f7fbb984 KEYCLOAK-14548 Add support for cached gzip encoding of resources 2020-09-07 00:58:47 -07:00
Martin Bartos
e34ff6cd9c [KEYCLOAK-14326] Identity Provider force sync is not working 2020-09-07 09:42:40 +02:00
Takashi Norimatsu
1d8230d438 KEYCLOAK-14190 Client Policy - Condition : The way of creating/updating a client 2020-09-04 09:54:55 +02:00
Luca Leonardo Scorcia
67b2d5ffdd KEYCLOAK-14961 SAML Client: Add ability to request specific AuthnContexts to remote IdPs 2020-09-03 21:25:36 +02:00
Hynek Mlnarik
1c4a2db8e1 KEYCLOAK-14510 Properly close Response object 2020-09-03 11:23:05 +02:00
Konstantinos Georgilakis
1fa93db1b4 KEYCLOAK-14304 Enhance SAML Identity Provider Metadata processing 2020-09-02 20:43:09 +02:00
Takashi Norimatsu
b93a6ed19f KEYCLOAK-14919 Dynamic registration - Scope ignored 2020-09-02 13:59:22 +02:00
Takashi Norimatsu
107a429238 KEYCLOAK-15236 FAPI-RW : Error Response on OAuth 2.0 Mutual TLS Client Authentication Error (400 error=invalid_client) 2020-09-02 09:31:20 +02:00
mhajas
3928a49c77 KEYCLOAK-14816 Reset brute-force-detection data for the user after a successful password grant type flow 2020-09-01 21:45:17 +02:00
Hynek Mlnarik
583fa07bc4 KEYCLOAK-11029 Support modification of broker username / ID for identity provider linking 2020-09-01 20:40:38 +02:00
testn
0362d3a430 KEYCLOAK-15113: Move away from deprecated Promise.success()/error() 2020-09-01 14:26:44 -04:00
mhajas
bdccfef513 KEYCLOAK-14973 Create GroupStorageManager 2020-09-01 10:21:39 +02:00