Commit graph

11953 commits

Author SHA1 Message Date
Jess Thrysoee
3b58692d7c KEYCLOAK-11596 Enable template cache when cacheTemplates attribute is true 2019-10-01 14:37:48 +02:00
David Festal
d73a2b821c Fix a NPE when using token-exchange
When using the preview token-exchange feature with the `openshit-v3` identity provider, a NPE is triggered, because it tries to extract the `metadata` field twice from the user profile:

```
13:17:13,667 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-7) Uncaught server error: java.lang.NullPointerException
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.getJsonProperty(AbstractOAuth2IdentityProvider.java:357)
	at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractUserContext(OpenshiftV3IdentityProvider.java:61)
	at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractIdentityFromProfile(OpenshiftV3IdentityProvider.java:87)
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.validateExternalTokenThroughUserInfo(AbstractOAuth2IdentityProvider.java:489)
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalUserInfoValidationOnly(AbstractOAuth2IdentityProvider.java:548)
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalImpl(AbstractOAuth2IdentityProvider.java:528)
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternal(AbstractOAuth2IdentityProvider.java:519)
	at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.exchangeExternalToken(TokenEndpoint.java:917)
	at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.tokenExchange(TokenEndpoint.java:696)
	at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGrantRequest(TokenEndpoint.java:194)
.....
13:17:28,916 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-7) Uncaught server error: java.lang.NullPointerException
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.getJsonProperty(AbstractOAuth2IdentityProvider.java:357)
	at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractUserContext(OpenshiftV3IdentityProvider.java:61)
	at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractIdentityFromProfile(OpenshiftV3IdentityProvider.java:87)
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.validateExternalTokenThroughUserInfo(AbstractOAuth2IdentityProvider.java:489)
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalUserInfoValidationOnly(AbstractOAuth2IdentityProvider.java:548)
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalImpl(AbstractOAuth2IdentityProvider.java:528)
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternal(AbstractOAuth2IdentityProvider.java:519)
	at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.exchangeExternalToken(TokenEndpoint.java:917)
	at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.tokenExchange(TokenEndpoint.java:696)
	at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGrantRequest(TokenEndpoint.java:194)
......
13:17:53,492 ERROR [org.keycloak.services.error.KeycloakErrorHandler] (default task-7) Uncaught server error: java.lang.NullPointerException
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.getJsonProperty(AbstractOAuth2IdentityProvider.java:357)
	at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractUserContext(OpenshiftV3IdentityProvider.java:61)
	at org.keycloak.social.openshift.OpenshiftV3IdentityProvider.extractIdentityFromProfile(OpenshiftV3IdentityProvider.java:87)
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.validateExternalTokenThroughUserInfo(AbstractOAuth2IdentityProvider.java:489)
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalUserInfoValidationOnly(AbstractOAuth2IdentityProvider.java:548)
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternalImpl(AbstractOAuth2IdentityProvider.java:528)
	at org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider.exchangeExternal(AbstractOAuth2IdentityProvider.java:519)
	at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.exchangeExternalToken(TokenEndpoint.java:917)
	at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.tokenExchange(TokenEndpoint.java:696)
	at org.keycloak.protocol.oidc.endpoints.TokenEndpoint.processGrantRequest(TokenEndpoint.java:194)
```
2019-10-01 14:23:46 +02:00
mhajas
f852ef157d KEYCLOAK-11470 Fix rebase issue 2019-10-01 08:20:55 +02:00
mhajas
6f097bdf89 KEYCLOAK-11470 Remove Assertj from testsuite
There is no reason to use more types of assertions and we already
heavily use hamcrest
2019-09-30 13:16:01 +02:00
vramik
67bcaf9ad7 KEYCLOAK-10155 app-server-remote tests 2019-09-30 10:29:51 +02:00
vramik
b1697a5e71 KEYCLOAK-11069 auth-server-remote tests 2019-09-30 10:29:51 +02:00
Mathieu CLAUDEL
2fb507e170 KEYCLOAK-10802 add support of SAMLv2 ForceAuthn 2019-09-27 09:55:54 +02:00
rmartinc
6283c7add3 KEYCLOAK-10975: Clock skew configuration in keycloak-saml.xml can't be found in the keycloak-saml subsystem 2019-09-27 09:35:03 +02:00
vmuzikar
1cdc5e1969 KEYCLOAK-11514 Add option to download specific WebDriver binaries versions 2019-09-26 09:54:30 -03:00
Yaroslav Kvasetskiy
622d049207 KEYCLOAK-10837 Add possibility to disable certificate verification for outgoing https connections 2019-09-26 08:12:09 -03:00
Tommy Odom
6f86c6d253 KEYCLOAK-10875 Adding quotes around the path to the JAR in case %DIRNAME% contains spaces 2019-09-26 10:28:47 +02:00
madgaet
0d12b8dd5a [KEYCLOAK-11497] OIDC Idp authentication with private_key_jwt may not always work (#6337) 2019-09-25 23:10:07 +02:00
mhajas
b126c81ae3 KEYCLOAK-11313 Ignore failure of uninstalling arquillian bundle 2019-09-25 13:48:48 +02:00
Jon Koops
ff77b549ec [KEYCLOAK-11193] Change 'disableLogging' to 'enableLogging' and default to false 2019-09-24 10:31:02 -03:00
Benjamin Weimer
2b1acb99a2 KEYCLAOK-9999 fix client import (#6136) 2019-09-23 13:08:24 +02:00
mhajas
f810e85526 KEYCLOAK-11316 Fix Photoz instabilities on windows
Error message: Cannot read property 'token_endpoint' of undefined
2019-09-20 13:12:09 +02:00
Kohei Tamura
a09b593342 KEYCLOAK-10952 Fix incorrect message when clicking revoke grant 2019-09-20 12:02:34 +02:00
Łukasz Dywicki
76e988ad18 KEYCLOAK-11308 Fallback to imported realm version.
In case of missing RH SSO version lets stick with bare Keycloak version.
2019-09-20 11:54:23 +02:00
Hynek Mlnarik
8a9152b769 KEYCLOAK-11320 Add tooltips to fields with vault support 2019-09-20 11:48:00 +02:00
Kohei Tamura
c68afdab83 KEYCLOAK-7547 Change log level of a message when deleting user
When deleting a user (who has not failed to log in yet if Brute Force Detection is not enabled), the following message is always recorded:

{noformat}
10:34:15,101 WARN  [org.keycloak.models.sessions.infinispan.changes.InfinispanChangelogBasedTransaction] (default task-7) Not present cache item for key LoginFailureKey [ realmId=568c76c7-9308-4d84-bfc1-ec3542deaf02. userId=4c011785-a39a-43bf-b0c1-43c63decf2f1 ]
{noformat}

This is noisy and should not be logged at warning level.
2019-09-20 11:37:30 +02:00
Hisanobu Okuda
da49dbce2b KEYCLOAK-10770 user-storage/{id}/sync should return 400 instead of 404 2019-09-20 11:17:09 +02:00
mhajas
37b7b595a5 KEYCLOAK-11410 Do not throw exception in PlaintextVaultProvider if unconfigured 2019-09-19 14:56:19 +02:00
rradillen
b71198af9f [KEYCLOAK-8575] oidc idp basic auth (#6268)
* [KEYCLOAK-8575] Allow to choose between basic auth and form auth for oidc idp

* uncomment ui and add tests

* move basic auth to abstract identity provider (except for getting refresh tokens)

* removed duplications
2019-09-19 14:36:16 +02:00
Stefan Guilhen
b833ce9dd3 [KEYCLOAK-11485] Add test case for the as7-eap6 SAML subsystem 2019-09-19 13:39:24 +02:00
Captain-P-Goldfish
b45f5980e0 Make password policy identifiers public
If a password policy should be modified prgorammatically the constant
key identifiers to set the values should be accessible globally
2019-09-19 12:30:15 +02:00
Jon Koops
0b9c6192a3 KEYCLOAK-11193 Allow JavaScript logging to be disabled 2019-09-19 07:09:32 -03:00
k-tamura
f35d3a8ec9 KEYCLOAK-10791 Remove duplicate lines in properties 2019-09-19 08:49:32 +02:00
rmartinc
7f54a57271 KEYCLOAK-10757: Replaying assertion with signature in SAML adapters 2019-09-18 16:49:00 +02:00
Sven-Torben Janus
1887d3b038 KEYCLOAK-10942 Incorporate comments from code review
see https://github.com/keycloak/keycloak/pull/6251/files#r325212980
2019-09-18 09:47:18 +02:00
Sven-Torben Janus
f261c43fab KEYCLOAK-10942 Support eDirectory GUID
Convert eDirectory GUID which is in binary format to a UUID in dashed
string format.
2019-09-18 09:47:18 +02:00
farmersmurf
515727c944 fix: as discussed changed to NOT_ACCEPTABLE rather than OK to prevent INTERNAL SERVER ERROR on validation 2019-09-17 16:35:42 +02:00
farmersmurf
ae74335760 KEYCLOAK-10944 Fix 500 Error Code on Update Password 2019-09-17 16:35:42 +02:00
farmersmurf
b443c8186d KEYCLOAK-10944 Fix 500 Error Code on Update Password 2019-09-17 16:35:42 +02:00
madgaet
53b28aaa7e [KEYCLOAK-9809] Support private_key_jwt authentication for external IdP 2019-09-17 16:04:23 +02:00
madgaet
c35718cb87 [KEYCLOAK-9809] Support private_key_jwt authentication for external IdP 2019-09-17 16:04:23 +02:00
Stan Silvert
69359eab23 KEYCLOAK-11426: Remove background 2019-09-17 09:37:14 -03:00
Armel Soro
f26f634887 Fix typo in client authenticator tooltip message 2019-09-17 12:21:18 +02:00
Jan Lieskovsky
63e9eec52d [KEYCLOAK-11415] Switch the 'GroupMapperConfig.PRESERVE_GROUP_INHERITANCE' setting reliably
Use own, separate context when trying to switch 'GroupMapperConfig.PRESERVE_GROUP_INHERITANCE'
group mapper config setting to 'false' (or back), across the various tests from LDAPGroupMapperSyncTest
suite. This makes the test results deterministic again (prevents 'test02_syncWithGroupInheritance()'
and 'test03_syncWithDropNonExistingGroups()' tests randomly to fail depending if attempt
to reset the 'GroupMapperConfig.PRESERVE_GROUP_INHERITANCE' back to 'true' in previous
'test01_syncNoPreserveGroupInheritance()' test succeeded, or not)

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-16 20:42:46 +02:00
Karel Hala
f8e4ccd57a KEYCLOAK-11195 Add module loading to dependencies
Use window global libraries for AMD
2019-09-13 14:47:45 -03:00
Kohei Tamura
09671aa480 KEYCLOAK-11178 Suppress incorrect warnings 2019-09-13 10:21:20 +02:00
Jan Lieskovsky
7ab854fecf [KEYCLOAK-8253] When syncing flat (all groups being the top-level ones) structure
of LDAP groups from federation provider to Keycloak, perform the search if the
currently processed group already exists in Keycloak in log(N) time

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-12 20:14:18 +02:00
Jan Lieskovsky
cfb225b499 [KEYCLOAK-8253] Improve the time complexity of LDAP groups synchronization
(in the direction from LDAP provider to Keycloak) from exponential to
linear time in the case of syncing flat LDAP groups structure

Add a corresponding test (intentionally configured as to be ignored
by CI/CD due to higher demand on time, required fo the test completion)

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-12 09:54:13 +02:00
Shiva Prasad Thagadur Prakash
ff8b790549 KEYCLOAK-10022 Fixing few admin events not raised bug 2019-09-11 18:01:10 -03:00
Cédric Couralet
9c37da0ee9 KEYCLOAK-8818 Support message bundle in theme resources 2019-09-11 08:03:16 +02:00
Juergen Lesny
c2f3350f8a KEYCLOAK-11230 Update german translation in themes 2019-09-11 07:56:05 +02:00
mhajas
2703388946 KEYCLOAK-11245 Adapt LDAPConnectionTestManager to use newly introduced LDAPContextManager 2019-09-10 22:51:19 +02:00
Hynek Mlnarik
6738e063f4 KEYCLOAK-11072 Mark vault SPI as a public SPI 2019-09-10 16:54:47 +02:00
mhajas
9c2525ec1a KEYCLOAK-11245 Use transcription object for LDAP bindCredential 2019-09-09 19:39:53 +02:00
Martin Kanis
4235422798 KEYCLOAK-11246 Use the transcription object for SMTP password 2019-09-09 13:27:11 +02:00
Hynek Mlnarik
9eb2e1d845 KEYCLOAK-11028 Use pessimistic locks to prevent DB deadlock when deleting objects 2019-09-09 10:57:49 +02:00