Stian Thorgersen
139e12fa5f
KEYCLOAK-4179 Fixed logic to init with token to prevent issues with timeSkew
2017-01-10 09:09:50 +01:00
Hynek Mlnarik
4df70c517d
KEYCLOAK-4141
2017-01-10 09:02:36 +01:00
Stian Thorgersen
e805ffd945
Bump version to 2.5.1.Final-SNAPSHOT
2016-12-22 08:22:18 +01:00
Stian Thorgersen
b6b3c04400
Merge pull request #3663 from sldab/autodetect-bearer-only
...
KEYCLOAK-2962 Autodetect bearer-only clients
2016-12-20 14:05:25 +01:00
Pedro Igor
18b94a2153
[KEYCLOAK-4034] - More logging.
2016-12-20 00:04:59 -02:00
Pedro Igor
0b3e867362
[KEYCLOAK-4034] - Minor changes to policy enforcer
2016-12-19 23:44:51 -02:00
Slawomir Dabek
b6d29ccd30
KEYCLOAK-2962 Autodetect bearrer-only clients
...
Suport more headers
2016-12-19 17:13:14 +01:00
Bill Burke
1c0e23db66
Merge pull request #3647 from tkyjovsk/fix-module-names
...
fixed module names
2016-12-16 08:41:01 -05:00
Hynek Mlnarik
7d51df4eed
KEYCLOAK-3971 Explicitly set encoding for SAML message processing
2016-12-15 14:04:34 +01:00
Tomas Kyjovsky
e5d744f7d5
fixed module names
2016-12-14 17:02:07 +01:00
Stian Thorgersen
c11f65720b
Merge pull request #3639 from hmlnarik/KEYCLOAK-4062-Provide-GUI-for-KeyName-format-in-identity-broker-and-client
...
KEYCLOAK-4062 - GUI changes for KeyName format + few tests
2016-12-13 11:33:16 +01:00
Hynek Mlnarik
5006fe2292
KEYCLOAK-4062 - GUI changes for KeyName format + few tests
2016-12-12 22:29:01 +01:00
mposolda
8c99a13387
Minor synchronize update
2016-12-12 13:09:19 +01:00
mhajas
081958e282
KEYCLOAK-4051 Use debug instead of debugf
2016-12-08 09:42:52 +01:00
Bill Burke
7271fdaaaa
KEYCLOAK-3509
2016-12-06 18:52:37 -05:00
Bill Burke
e3d0f8f6e5
Merge pull request #3548 from sebastienblanc/KEYCLOAK-3725
...
KEYCLOAK-3725: return Unauthorized when accessing bearer only in inte…
2016-12-03 13:46:52 -05:00
danren
87b243ed59
Fix for KEYCLOAK-3961
2016-12-02 13:30:53 +01:00
mposolda
74967737ee
KEYCLOAK-3824 Ensure sending notBefore invalidates JWKPublicKeyLocator
2016-12-01 17:07:50 +01:00
mposolda
a38544796f
KEYCLOAK-3823 KEYCLOAK-3824 Added public-key-cache-ttl for OIDC adapters. Invalidate cache when notBefore sent
2016-12-01 12:25:07 +01:00
Stian Thorgersen
c9cf7f6564
Merge pull request #3549 from RamonGebben/patch-1
...
KEYCLOAK-3993: Removed compare bug in `checkState` function
2016-12-01 07:57:29 +01:00
Stian Thorgersen
ba406d5747
Merge pull request #3332 from ebondu/master
...
fix bug https://issues.jboss.org/browse/KEYCLOAK-3474
2016-12-01 07:51:07 +01:00
Stian Thorgersen
b771b84f56
Bump to 2.5.0.Final-SNAPSHOT
2016-11-30 15:44:51 +01:00
Ramon Gebben
e5ce080fd3
Update with PR feedback
2016-11-29 09:49:58 +01:00
sebastienblanc
df93244373
keep orignal API
2016-11-26 09:30:27 +01:00
sebastienblanc
0f447fadd4
KEYCLOAK-3725: return Unauthorized when accessing bearer only in interactive mode
2016-11-25 11:59:52 +01:00
Ramon Gebben
79825dfa1d
Removed compare bug in checkState
function
2016-11-25 11:45:40 +01:00
Stian Thorgersen
6ec82865d3
Bump version to 2.4.1.Final-SNAPSHOT
2016-11-22 14:56:21 +01:00
Pedro Igor
9b2ef96b22
[KEYCLOAK-3830] - Allow to configure enforcement-mode to a path definition
2016-11-17 20:50:28 -02:00
Pedro Igor
44ee53b0d8
[KEYCLOAK-3830] - Only enforce permissions when there is a KeycloakSecurityContext.
2016-11-17 20:50:17 -02:00
Stian Thorgersen
65136fabdd
Merge pull request #3486 from hmlnarik/KEYCLOAK-3488
...
KEYCLOAK-3488 Fix typo in SamlPrincipal
2016-11-16 12:21:50 +01:00
Hynek Mlnarik
43002f7a8a
KEYCLOAK-3488 Fix typo
2016-11-09 15:11:45 +01:00
Hynek Mlnarik
025cf5ebaf
KEYCLOAK-3870 Schema for keycloak-saml.xml
...
Updated schema schema for keycloak-saml.xml (added documentation, set
up enumeration instead of free string where applicable per documentation)
and updated existing keycloak-saml.xml files with schema reference.
2016-11-09 10:45:43 +01:00
Stian Thorgersen
292777259e
Merge pull request #3472 from hmlnarik/KEYCLOAK-1881-saml-key-rotation
...
Keycloak 1881 - SAML key/cert rotation for IdP
2016-11-08 07:56:25 +01:00
Stian Thorgersen
ef48594d85
Merge pull request #3470 from sebastienblanc/KEYCLOAK-3548
...
KEYCLOAK-3548 : Send 401 when no keycloak.json for EAP6/AS7 Adapter
2016-11-08 07:37:00 +01:00
Stian Thorgersen
5b54375490
Merge pull request #3468 from sebastienblanc/KEYCLOAK-3514
...
KEYCLOAK-3514 : fix servlet logout on bearer-only client
2016-11-08 07:35:44 +01:00
Hynek Mlnarik
570d71c07b
KEYCLOAK-1881 Update client adapter configuration
...
Client adapter configuration was updated to support for customization
of HttpClient used for key retrieval similarly to OIDC. Further, it is
now possible to specify several static public keys for signature
verification in saml-client.xml.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
1ae268ec6f
KEYCLOAK-1881 Include key ID for REDIRECT and use it for validation
...
Contrary to POST binding, signature of SAML protocol message sent using
REDIRECT binding is contained in query parameters and not in the
message. This renders <dsig:KeyName> key ID hint unusable. This commit
adds <Extensions> element in SAML protocol message containing key ID so
that key ID is present in the SAML protocol message.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
10deac0b06
KEYCLOAK-1881 KeyLocator implementation for SAML descriptor
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
057cc37b60
KEYCLOAK-1881 Clone OIDC adapter HttpClient tools to SAML adapter
...
and
KEYCLOAK-1881 Extract httpclient configuration from AdapterConfig
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
5d840500af
KEYCLOAK-1881 Include key ID in <ds:KeyInfo> in SAML assertions and protocol message
...
Changes of SAML assertion creation/parsing that are required to allow
for validation of rotating realm key: signed SAML assertions and signed
SAML protocol message now contain signing key ID in XML <dsig:KeyName>
element.
2016-11-04 21:53:43 +01:00
sebastien blanc
76c37de1e8
KEYCLOAK-3545: Send 401 if no kc configuration in EAP6/AS7
2016-11-03 15:39:02 +01:00
sebastien blanc
d98c375495
KEYCLOAK-3514 : Don't call logout for bearer-only client
2016-11-02 11:39:37 +01:00
Pedro Igor
44977207e3
Merge pull request #3402 from brewers/feature/js-entitlement-request
...
KEYCLOAK-3777: Add client api for requesting entitlements with permission requests
2016-11-02 07:15:02 -02:00
Stian Thorgersen
3ea555bae6
Merge pull request #3443 from stianst/KEYCLOAK-3606
...
KEYCLOAK-3606
2016-10-28 11:51:21 +02:00
Stian Thorgersen
5f58c96258
KEYCLOAK-3606
...
keycloak.js calls localStorage.key(localStorage.length) indirectly
2016-10-28 10:05:57 +02:00
Stian Thorgersen
4cc44bc174
Merge pull request #3420 from bdalenoord/master
...
KEYCLOAK-3807: Calling 'setHandler' is forbidden
2016-10-28 06:45:47 +02:00
Stian Thorgersen
3e5f490882
Merge pull request #3424 from sebastienblanc/KEYCLOAK-3669
...
KEYCLOAK-3669: Fix Tomcat Adapter for 8.5.5
2016-10-28 06:45:01 +02:00
sebastien blanc
621d234adc
renaming fields to align with json names
2016-10-27 16:16:30 +02:00
sebastien blanc
1c2f49ab4e
KEYCLOAK-3669: Fix Tomcat Adapter for 8.5.5
2016-10-25 16:27:41 +02:00
Bas Dalenoord
859c5cbe1e
KEYCLOAK-3807: Use 'setSecurityHandler';
...
'insertHandler' is a method introduced in Jetty 9, Jetty 8 should
however be supported so 'setSecurityHandler' does the same thing but
works for both 8.x and 9.x;
2016-10-25 13:59:07 +02:00
Bas Dalenoord
f3df185bb5
KEYCLOAK-3807: Calling 'setHandler' is forbidden
...
Use 'insertHandler' as suggested in the 'setHandler's log warning.
2016-10-25 09:14:03 +02:00
Matej Lazar
036407fd90
Fix type in exception message.
2016-10-21 12:59:59 +02:00
Stian Thorgersen
4d47f758fc
Merge pull request #3405 from stianst/master
...
Bump version
2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb
Bump version
2016-10-21 07:03:15 +02:00
Stian Thorgersen
1a4f9e656d
Merge pull request #3398 from stianst/KEYCLOAK-3774
...
KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redir…
2016-10-21 06:34:43 +02:00
Stian Thorgersen
9801f09a93
KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redirect_uri
2016-10-20 21:31:25 +02:00
Cherian Mathew
94d4afa11c
Refactor entitlement request argument name
2016-10-20 17:24:41 +02:00
Cherian Mathew
d7d91cfbc0
Add client api for requesting entitlements with permission requests
2016-10-20 17:09:41 +02:00
Pulkit Gupta
8e9db1be96
fixed null pointer exception when principal is null
2016-10-20 13:39:04 +05:30
Marek Posolda
9f5acccc4f
Merge pull request #3384 from mposolda/master
...
KEYCLOAK-3753 Deploying app secured with OIDC to EAP6 results with Error
2016-10-20 08:32:58 +02:00
Stian Thorgersen
e39d28517c
Merge pull request #3381 from raehalme/KEYCLOAK-3755-master
...
KEYCLOAK-3755: isBearerTokenRequest and isBasicAuthRequest are now case-insensitive
2016-10-20 07:12:27 +02:00
Bill Burke
06c08a9cff
Merge pull request #3249 from gautric/master
...
KEYCLOAK-3602 - NPE into SAML DeploymentBuilder build
2016-10-19 20:08:16 -04:00
mposolda
7f825eb415
KEYCLOAK-3753 Deploying app secured with OIDC to EAP6 results with Error
2016-10-19 21:45:35 +02:00
Stian Thorgersen
af5e8f7b09
Merge pull request #3376 from stianst/KEYCLOAK-1862
...
KEYCLOAK-1862
2016-10-19 19:27:29 +02:00
Pedro Igor
7dee39bbaa
Merge pull request #3302 from brewers/master
...
KEYCLOAK-3703 Fix entitlement function call in authorization
2016-10-19 14:47:32 -02:00
Thomas Raehalme
e8ce9704c1
isBearerTokenRequest and isBasicAuthRequest is now case-insensitive.
2016-10-19 19:41:59 +03:00
Stian Thorgersen
61fa152e62
Merge pull request #3277 from ahus1/KEYCLOAK-2977-spring-cloud-rebinder-fix
...
KEYCLOAK-2977: fix re-binding problem with spring-cloud
2016-10-19 17:32:40 +02:00
Stian Thorgersen
7f04dd20b3
KEYCLOAK-1862
2016-10-19 17:28:22 +02:00
Stian Thorgersen
bd8e435164
KEYCLOAK-3625 Fix url
2016-10-19 17:07:01 +02:00
Alexander Schwartz
c2692cc0ac
KEYCLOAK-2977: fix re-binding problem with spring-cloud
2016-10-19 16:07:28 +02:00
Stian Thorgersen
1b24d2edd8
KEYCLOAK-3625 More work on the issue
2016-10-19 14:21:50 +02:00
sebastien blanc
32df5225cf
add check on list size
2016-10-19 14:21:41 +02:00
sebastien blanc
116f5f5795
KEYCLOAK-3625: conform to oidc specs
2016-10-19 14:21:41 +02:00
emilienbondu
0d3a50411e
Move licence at the top of the file.
2016-10-19 09:57:07 +02:00
Stian Thorgersen
9193142bb9
Merge pull request #3305 from sebastienblanc/KEYCLOAK-3683
...
KEYCLOAK-3683: Remove trustore and trustore-password check
2016-10-17 19:39:02 +02:00
Stian Thorgersen
144898c0d2
Merge pull request #3262 from vramik/KEYCLOAK-3615
...
KEYCLOAK-3615 Resolve warnings while building the effective model
2016-10-17 19:09:30 +02:00
emilienbondu
3bed84d712
fix bug https://issues.jboss.org/browse/KEYCLOAK-3474
2016-10-17 14:42:46 +02:00
Hynek Mlnarik
4a19d4cdc1
KEYCLOAK-3664 Fix for NPE in subsystem when secure-deployment is undefined for a particular deployment
2016-10-17 09:19:44 +02:00
Stian Thorgersen
d2cae0f8c3
KEYCLOAK-905
...
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
sebastienblanc
f5a5fc3458
KEYCLOAK-3683: Remove trustore and trustore-password check
2016-10-11 15:19:31 +02:00
Cherian Mathew
ac245d3c4b
Fix entitlement function call in authorization
2016-10-09 11:19:02 +02:00
mposolda
a60dd48300
KEYCLOAK-3646 Missing attributes in AS7 adapter subsystem
2016-10-04 08:30:35 +02:00
mposolda
d71fadabeb
KEYCLOAK-3634 Allow adapter subsystem to just inject dependencies
2016-10-03 17:38:41 +02:00
mposolda
7447ca7b58
KEYCLOAK-3564 Added token-minimum-time-to-live and min-time-between-jwks-requests to adapter subsystem
2016-10-03 16:06:45 +02:00
Bill Burke
d4c3fae546
merge conflicts
2016-09-30 19:19:12 -04:00
mposolda
f9a0abcfc4
KEYCLOAK-3493 KEYCLOAK-3532 Added KeyStorageProvider. Support key rotation for OIDC clients and identity providers with JWKS url.
2016-09-30 21:28:23 +02:00
Bill Burke
8967ca4066
refactor mongo entities, optimize imports
2016-09-28 15:25:39 -04:00
Bill Burke
ecc104719d
bump pom version
2016-09-26 11:01:18 -04:00
Vlasta Ramik
103fa975a1
Resolve warnings while building the effective model
2016-09-26 12:34:46 +02:00
Stian Thorgersen
06c48a2830
KEYCLOAK-3586
...
Token is not refreshed in updateToken
2016-09-21 09:13:05 +02:00
gautric
affc62460c
KEYCLOAK-3602 - NPE into SAML DeploymentBuilder build
2016-09-20 18:39:49 +02:00
gautric
cd3cd4f506
KEYCLOAK-3602 - NPE into SAML DeploymentBuilder build
2016-09-20 18:36:54 +02:00
mwcz
bd2f220736
always resolve keycloak.init's promise
2016-09-15 17:25:29 -04:00
mposolda
bf6246f5c1
KEYCLOAK-905 Realm keys rotation support on adapters
2016-09-12 21:24:04 +02:00
Stian Thorgersen
6d40e0dd07
Merge pull request #3212 from didiez/master
...
KEYCLOAK-3513 Prevent clearing all registered sessions when invalidating some by sessionId
2016-09-08 13:50:14 +02:00
didiez
df3079852e
Prevent clearing all registered sessions when invalidating some by sessionId
2016-09-08 09:19:30 +02:00
Stian Thorgersen
5d20651c66
KEYCLOAK-3475 Fixes for on token expired event
2016-09-06 13:00:37 +02:00
Stian Thorgersen
7a66b055be
KEYCLOAK-3475 Call event handlers when initialized with tokens
2016-09-06 09:00:29 +02:00
Stian Thorgersen
d9e95455a2
Merge pull request #3172 from mwcz/js-updateToken-withCredentials
...
send cookies along with keycloak.updateToken()
2016-09-05 09:37:00 +02:00
Pedro Igor
ce78cc1d1c
[KEYCLOAK-3472] - Multiple paths with the same name and tests
2016-08-31 21:04:36 -03:00