mposolda
d269af1b70
KEYCLOAK-15830 Remove authentication session after failed directGrant authentication
2020-10-07 18:13:21 +02:00
vmuzikar
bb7ce62cd5
KEYCLOAK-15332 Missing CORS headers in some endpoints in Account REST API
2020-10-07 09:07:55 -03:00
dashaylan
0d6da99844
Add UserInfo check fix and associated tests.
2020-10-06 08:44:02 +02:00
Markus Till
f0ea7a04bd
remove unused getApplications method from user account
2020-10-05 17:02:22 -03:00
Markus Till
43206d3158
minor restructering of the userprofile impl -> add AbstractUserProfile introduced to make getId override explicit
2020-10-05 09:59:44 -03:00
Markus Till
c71ce8cd2e
refactoring add UserProfileAttributes
2020-10-05 09:59:44 -03:00
Markus Till
695db3e8ef
remove unused isCreated Flag in user profile context
2020-10-05 09:59:44 -03:00
Markus Till
7da619385c
refactore userupdate helper api
2020-10-05 09:59:44 -03:00
Markus Till
802a670cc5
have a factory like approach for profile contexts
2020-10-05 09:59:44 -03:00
Markus Till
21cfa54d4d
remove StoredUserProfile interface
2020-10-05 09:59:44 -03:00
Markus Till
72f73f153a
UserProfile M1
2020-10-05 09:59:44 -03:00
Pedro Igor
0d99e01b98
[KEYCLOAK-15807] - Wrong parsing of Cookie header
2020-10-02 08:19:24 -03:00
Michito Okai
eac3341241
KEYCLOAK-15779 Authorization Server Metadata for the URL of the
...
authorization server's JWK Set [JWK] document
2020-10-02 11:18:31 +02:00
Thomas Darimont
12576e339d
KEYCLOAK-15146 Add support for searching users by emailVerified status
...
We now allow to search for users by their emailVerified status.
This enables users to easily find users and deal with incomplete user accounts.
2020-09-29 08:28:59 -03:00
Takashi Norimatsu
6596811d5d
KEYCLOAK-14204 FAPI-RW Client Policy - Executor : Enforce Request Object satisfying high security level
2020-09-25 08:31:14 +02:00
Pedro Igor
76dede0f1e
[KEYCLOAK-14221] - Allow to map subject to userinfo response
2020-09-23 14:33:14 +02:00
Frode Ingebrigtsen
0a0b7da53e
KEYCLOAK-15429 Add CORS origin on permission request with invalid access token
2020-09-22 08:56:21 -03:00
Denis
50210c4d9b
KEYCLOAK-14161 Regression on custom registration process
2020-09-21 20:23:39 +02:00
mhajas
12bc84322a
KEYCLOAK-14974 Map group storage provider
2020-09-21 15:56:32 +02:00
testn
2cd03569d6
KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader
2020-09-21 13:05:03 +02:00
Takashi Norimatsu
bd3840c606
KEYCLOAK-15559 Client Policy - Executor : Missing Help Text of SecureResponseTypeExecutor
2020-09-21 12:40:25 +02:00
vmuzikar
790b549cf9
KEYCLOAK-15262 Logout all sessions after password change
2020-09-18 20:09:40 -03:00
mhajas
b75ad2fbd8
KEYCLOAK-15259 Avoid using "null" Origin header as a valid value
2020-09-17 23:21:49 -07:00
mhajas
f7e0af438d
KEYCLOAK-14232 Add Referrer-Policy: no-referrer to each response from Keycloak
...
(cherry picked from commit 0b49640231abc6e465542bd2608e1c908c079ced)
2020-09-17 23:21:49 -07:00
Luca Leonardo Scorcia
10077b1efe
KEYCLOAK-15485 Add option to enable SAML SP metadata signature
2020-09-16 16:40:45 +02:00
Mark Wolfe
3723d78e3c
KEYCLOAK-15460 Fix missing event types in SAML endpoint
...
A change was done in 32f13016fa
which isn't setting the type for events and causing an internal error.
2020-09-16 16:36:19 +02:00
Martin Kanis
5d5e56dde3
KEYCLOAK-15199 Complement methods for accessing roles with Stream variants
2020-09-16 16:29:51 +02:00
Benjamin Weimer
f874e9a43c
KEYCLOAK-9874 include realm and client roles in user info response
2020-09-16 10:01:02 +02:00
Takashi Norimatsu
b670734eec
KEYCLOAK-14205 FAPI-RW Client Policy - Executor : Enforce Response Type of OIDC Hybrid Flow
2020-09-14 20:58:25 +02:00
Hynek Mlnarik
a05066d567
KEYCLOAK-15477 Fix permission evaluation logic
2020-09-14 20:53:46 +02:00
mposolda
4123b7a91e
KEYCLOAK-11678 Remove dummy resource. Adding keycloak-services and liquibase to jandex indexing
2020-09-14 09:27:34 -03:00
vmuzikar
a9a719b88c
KEYCLOAK-15270 Account REST API doesn't verify audience
2020-09-14 08:43:09 -03:00
mhajas
3186f1b5a9
KEYCLOAK-15514 Update AbstractStorageManager to check capability interface types
2020-09-11 14:42:48 +02:00
Miquel Simon
2572b1464b
KEYCLOAK-15395. Removed totp/remove (DELETE) and credentials/password (GET, POST) endpoints.
2020-09-10 18:03:03 -03:00
Takashi Norimatsu
af2f18449b
KEYCLOAK-14195 FAPI-RW Client Policy - Condition : Client - Client Role
2020-09-10 18:34:19 +02:00
Clement Cureau
b19fe5c01b
Finegrain admin as fallback and added some tests
2020-09-10 12:26:55 -03:00
Clement Cureau
73378df52e
[KEYCLOAK-11621] Allow user creation via group permissions (Admin API)
...
Problem:
Using fine-grained admin permissions on groups, it is not permitted to create new users
within a group.
Cause:
The POST /{realm}/users API does not check permission for each group part of the new
user representation
Solution:
- Change access logic for POST /{realm}/users to require MANAGE_MEMBERS and
MANAGE_MEMBERSHIP permissions on each of the incoming groups
Tests:
Manual API testing performed:
1. admin user from master realm:
- POST /{realm}/users without groups => HTTP 201 user created
- POST /{realm}/users with groups => HTTP 201 user created
2. user with MANAGE_MEMBERS & MANAGE_MEMBERSHIP permissions on group1
- POST /{realm}/users without groups => HTTP 403 user NOT created
- POST /{realm}/users with group1 => HTTP 201 user created
- POST /{realm}/users with group1 & group2 => HTTP 403 user NOT created
- POST /{realm}/users with group1 & wrong group path => HTTP 400 user NOT created
3. user with MANAGE_MEMBERS permission on group1
- POST /{realm}/users without groups => HTTP 403 user NOT created
- POST /{realm}/users with group1 => HTTP 403 user NOT created
- POST /{realm}/users with group1 & group2 => HTTP 403 user NOT created
- POST /{realm}/users with group1 & wrong group path => HTTP 400 user NOT created
2020-09-10 12:26:55 -03:00
Sebastian Laskawiec
e01159a943
KEYCLOAK-14767 OpenShift Review Endpoint audience fix
2020-09-09 11:57:24 -03:00
Takashi Norimatsu
cbb79f0430
KEYCLOAK-15448 FAPI-RW : Error Response on OIDC private_key_jwt Client Authentication Error (400 error=invalid_client)
2020-09-09 11:14:21 +02:00
Benjamin Weimer
b2934e8dd0
KEYCLOAK-15327 backchannel logout invalidate offline session even if there is no corresponding active session found
2020-09-08 11:17:20 -03:00
Martin Kanis
4e9bdd44f3
KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak
2020-09-07 13:11:55 +02:00
stianst
76f7fbb984
KEYCLOAK-14548 Add support for cached gzip encoding of resources
2020-09-07 00:58:47 -07:00
Martin Bartos
e34ff6cd9c
[KEYCLOAK-14326] Identity Provider force sync is not working
2020-09-07 09:42:40 +02:00
Takashi Norimatsu
1d8230d438
KEYCLOAK-14190 Client Policy - Condition : The way of creating/updating a client
2020-09-04 09:54:55 +02:00
Luca Leonardo Scorcia
67b2d5ffdd
KEYCLOAK-14961 SAML Client: Add ability to request specific AuthnContexts to remote IdPs
2020-09-03 21:25:36 +02:00
Konstantinos Georgilakis
1fa93db1b4
KEYCLOAK-14304 Enhance SAML Identity Provider Metadata processing
2020-09-02 20:43:09 +02:00
Takashi Norimatsu
b93a6ed19f
KEYCLOAK-14919 Dynamic registration - Scope ignored
2020-09-02 13:59:22 +02:00
Takashi Norimatsu
107a429238
KEYCLOAK-15236 FAPI-RW : Error Response on OAuth 2.0 Mutual TLS Client Authentication Error (400 error=invalid_client)
2020-09-02 09:31:20 +02:00
mhajas
3928a49c77
KEYCLOAK-14816 Reset brute-force-detection data for the user after a successful password grant type flow
2020-09-01 21:45:17 +02:00
Hynek Mlnarik
583fa07bc4
KEYCLOAK-11029 Support modification of broker username / ID for identity provider linking
2020-09-01 20:40:38 +02:00