mposolda
3bfd999590
KEYCLOAK-3222 extend WellKnown to return supported types of client authentications. More tests
2016-07-08 15:39:13 +02:00
mposolda
c10a005997
KEYCLOAK-3290 UserInfoEndpoint error responses don't have correct statuses
2016-07-08 12:15:07 +02:00
mposolda
4dd28c0adf
KEYCLOAK-3221 Tokens should be invalidated if an attempt to reuse code is made
2016-07-08 11:04:08 +02:00
Bill Burke
bdc57d57c1
Merge pull request #3008 from patriot1burke/master
...
new User Fed SPI initial iteration
2016-07-07 14:56:38 -04:00
mposolda
a7c9e71490
KEYCLOAK-3218 Support for max_age OIDC authRequest parameter and support for auth_time in IDToken
2016-07-07 17:04:32 +02:00
Bill Burke
0040d3fc3b
Merge remote-tracking branch 'upstream/master'
2016-07-07 10:35:45 -04:00
Marek Posolda
7a161cc8bb
Merge pull request #3005 from mposolda/KEYCLOAK-3217
...
KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request sec…
2016-07-07 13:49:43 +02:00
mposolda
56e09bf189
KEYCLOAK-3147 Don't allow authRequest without redirect_uri parameter
2016-07-07 12:46:36 +02:00
mposolda
7aafbcd5d9
KEYCLOAK-3217 UserInfo endpoint wasn't accessible by POST request secured with Bearer header
2016-07-07 12:28:25 +02:00
Stian Thorgersen
7cfee80e58
KEYCLOAK-3189 KEYCLOAK-3190 Add kid and typ to JWT header
2016-07-05 08:26:26 +02:00
Stan Silvert
d90a708ceb
RHSSO-274: "Undefined" as auth flow execution
2016-07-01 10:25:14 -04:00
Bill Burke
a9f6948d74
Merge remote-tracking branch 'upstream/master'
2016-06-29 15:37:32 -04:00
Bill Burke
f51098c50b
user fed refactor
2016-06-29 15:37:22 -04:00
Pedro Igor
086c29112a
[KEYCLOAK-2753] - Fine-grained Authorization Services
2016-06-17 02:07:34 -03:00
Thomas Darimont
a2d1c8313d
KEYCLOAK-3081: Add client mapper to map user roles to token
...
Introduced two new client protocol mappers to propagate assigned user client / realm roles to a JWT ID/Access Token.
Each protocol mapper supports to use a prefix string that is prepended to each role name.
The client role protocol mapper can specify from which client the roles should be considered.
Composite Roles are resolved recursively.
Background:
Some OpenID Connect integrations like mod_auth_openidc don't support analyzing deeply nested or encoded structures.
In those scenarios it is helpful to be able to define custom client protocol mappers that allow to propagate a users's roles as a flat structure
(e.g. comma separated list) as a top-level (ID/Access) Token attribute that can easily be matched with a regex.
In order to differentiate between client specific roles and realm roles it is possible to configure
both separately to be able to use the same role names with different contexts rendered as separate token attributes.
2016-06-03 15:52:58 +02:00
Pedro Igor
60f954a497
[KEYCLOAK-2894] - Fixing saml signature validation
2016-05-26 10:48:30 -03:00
Bruno Oliveira
1cc4ca2e71
RHSSO-130: AccessTokenTest migration
2016-04-22 16:30:57 -03:00
Stian Thorgersen
5606160e70
KEYCLOAK-2828 Refactor contribution and add tests
2016-04-19 13:09:00 +02:00
Thomas Raehalme
cd1094c3ad
KEYCLOAK-2828: LoginStatusIframeEndpoint now sets the P3P header.
...
IE requires a P3P header to be present in <iframe /> response. Otherwise
cookies are forbidden. The value of the header does not seem to matter.
2016-04-19 10:24:28 +02:00
Bill Burke
cca91dd175
public/private
2016-04-12 15:19:46 -04:00
Stian Thorgersen
a4335c3eb8
Merge pull request #2502 from velias/KEYCLOAK-2670-master
...
KEYCLOAK-2670 for master - client app is able to push additional HTTP GET
2016-04-05 11:20:06 +02:00
Vlastimil Elias
21a2a47172
KEYCLOAK-2670 - client app is able to push additional HTTP GET
...
parameters in initial OpenID auth request for use in Auth flows
2016-04-05 10:41:28 +02:00
Stian Thorgersen
55c5e9a381
KEYCLOAK-2722 Check user session in token introspection endpoint
2016-04-05 09:31:39 +02:00
Bill Burke
1dd4bdf0b7
KEYCLOAK-2718
2016-03-28 11:13:02 -04:00
Bill Burke
6030a65d1b
KEYCLOAK-2543
2016-03-24 08:49:08 -04:00
Stian Thorgersen
b4239c40c1
KEYCLOAK-2547 NPE in TokenEndpoint and InfinispanUserSessionProvider
2016-03-03 10:45:05 +01:00
Stian Thorgersen
3ca39801dc
KEYCLOAK-2511 Rename session-state in access token response to session_state
2016-02-25 10:14:12 +01:00
Bill Burke
fd49213cb9
KEYCLOAK-2477
2016-02-17 17:02:14 -05:00
mposolda
1328531f31
KEYCLOAK-2412 Added ClusterProvider. Avoid concurrent federation sync execution by more cluster nodes at the same time.
...
Clustering - more progress
2016-02-17 11:02:42 +01:00
mposolda
969b8c153f
KEYCLOAK-1989 Refreshing offline tokens didn't work correctly in cluster with revokeRefreshToken enabled
2016-02-12 12:54:47 +01:00
Bill Burke
00236c13ff
Merge pull request #2180 from cainj13/persistentWildcard
...
add support for wildcard persistent nameId attribute to SAML protocol
2016-02-09 09:43:30 -05:00
Stian Thorgersen
635ccae144
KEYCLOAK-2429
...
Disabled Google Identity Provider still kicks in when 'Authenticate by default' is enabled
2016-02-08 19:51:21 +01:00
Josh Cain
d5d954e80a
add support for wildcard persistent nameId attribute to SAML protocol
2016-02-04 11:06:14 -06:00
Stian Thorgersen
c7a8742a36
KEYCLOAK-1524
...
Source code headers
2016-02-03 11:20:22 +01:00
Bill Burke
6c020661e8
saml subsystem model changes
2016-01-30 07:13:13 -05:00
Bill Burke
25347cd45e
browser back button
2016-01-27 22:14:28 -05:00
mposolda
3731964a2a
KEYCLOAK-2351 Support for response_type=token to be OAuth2 compliant
2016-01-26 17:09:42 +01:00
Stian Thorgersen
ee847c1f20
KEYCLOAK-2390
...
Relative redirect uri is broken
2016-01-26 09:01:14 +01:00
Bill Burke
1b0aa8e55b
saml logging
2016-01-25 17:38:29 -05:00
Stan Silvert
0de4170865
KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc.utils
2016-01-21 11:55:23 -05:00
Stan Silvert
9c33738941
KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc.mappers
2016-01-21 11:55:21 -05:00
Stan Silvert
adfc192877
KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc.endpoints
2016-01-21 11:55:20 -05:00
Stan Silvert
550e23c8f6
KEYCLOAK-1280: i18n logging for org.keycloak.protocol.oidc
2016-01-21 11:55:18 -05:00
Stan Silvert
9dccd45543
KEYCLOAK-1280: i18n logging for org.keycloak.protocol
2016-01-21 11:55:17 -05:00
Bill Burke
d9487a8745
social broker reorg
2016-01-20 16:46:38 -05:00
Stian Thorgersen
bc845bed0e
KEYCLOAK-2286 Remove deprecated OpenID Connect endpoints
2016-01-18 20:31:23 +01:00
Bill Burke
b0054b7682
email, login, account
2016-01-16 09:38:24 -05:00
Bill Burke
007e9530ec
brute force refactr, mv protocol
2016-01-15 19:25:28 -05:00
Bill Burke
b93d55cb63
remove model-api, add server-spi
2016-01-15 18:44:17 -05:00
Stian Thorgersen
435980d776
KEYCLOAK-1809
...
Upgrade jackson to version 2.x
2016-01-14 16:34:30 +01:00