Teubner, Malte
b5f70d8a32
Add scope parameter to admin-client TokenManager.
...
Closes #10759
2022-03-31 10:56:08 -03:00
iingawal
6016b461db
Fix for "updatedAt" user attribute in "profile" client scope should use number instead of String ( #11020 )
...
Closes #10081
Co-authored-by: Indrajit Ingawale <iingawal@iingawal.pnq.csb>
2022-03-31 14:33:03 +02:00
Marek Posolda
aacae9b9ac
Support for frontchannel_logout_session_required OIDC client parameter ( #11009 )
...
* Support for frontchannel_logout_session_required OIDC client parameter
Closes #10137
2022-03-31 14:25:24 +02:00
Marek Posolda
22a16ee899
OIDC RP-Initiated logout endpoint ( #10887 )
...
* OIDC RP-Initiated logout endpoint
Closes #10885
Co-Authored-By: Marek Posolda <mposolda@gmail.com>
* Review feedback
Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
2022-03-30 11:55:26 +02:00
Andrea Peruffo
da5db5a813
Fix NPEs during realm import ( #10962 )
...
Closes #10961
2022-03-29 21:48:37 +02:00
Marcelo Daniel Silva Sales
091b1472ce
Introduce client secret rotation dynamic registration ( #10952 )
...
Closes #10609
2022-03-28 20:39:11 +02:00
Konstantinos Georgilakis
99fa6275c1
KEYCLOAK-19313 configure the name format in Attribute Importer IdP Mapper
2022-03-25 09:42:22 +01:00
Takashi Norimatsu
9c01d819cb
Client Policies : An executor rejecting all requests
...
Closes #9097
2022-03-23 12:45:38 +01:00
iingawal
b773857a80
Display email address in login-verify-email.ftl ( #10870 )
...
Closes #8873
2022-03-23 12:44:21 +01:00
Marcelo Daniel Silva Sales
6efa45f93e
Update secret rotation when the policy is enabled using jwt ( #10853 )
...
Closes #10666
2022-03-23 08:25:58 +01:00
Martin Kanis
e493b08fa7
Add expiration field to root authentication session
2022-03-23 07:47:47 +01:00
Michal Hajas
99c06d1102
Authorization services refactoring
...
Closes : #10447
* Prepare logical layer to distinguish between ResourceServer id and client.id
* Reorder Authz methods: For entities outside of Authz we use RealmModel as first parameter for each method, to be consistent with this we move ResourceServer to the first place for each method in authz
* Prepare Logical (Models/Adapters) layer for returning other models instead of ids
* Replace resourceServerId with resourceServer model in PermissionTicketStore
* Replace resourceServerId with resourceServer model in PolicyStore
* Replace resourceServerId with resourceServer model in ScopeStore
* Replace resourceServerId with resourceServer model in ResourceStore
* Fix PermissionTicketStore bug
* Fix NPEs in caching layer
* Replace primitive int with Integer for pagination parameters
2022-03-22 20:49:40 +01:00
Alexander Schwartz
fb92b95c33
Revert from getParameterCount() to getParameterTypes().length to be Java 1.7 compatible.
...
This reverts commit bc27c7c464
.
Closes #10840
2022-03-22 10:23:25 +01:00
keycloak-bot
c71aa8b711
Set version to 999-SNAPSHOT ( #10784 )
2022-03-22 09:22:48 +01:00
Martin Kanis
0faf3987f6
Hot Rod map storage: Authentication session no-downtime store
2022-03-22 09:05:52 +01:00
Pedro Igor
ffa6df5547
Fixes to hostname ( #10820 )
...
Closes #10627
Closes #10331
2022-03-22 08:11:50 +01:00
Joaquim Fellmann
92c4e6d585
KEYCLOAK-16134 Allow webauthn idless login flow ( #7860 )
...
Closes #10832
2022-03-21 11:37:33 +01:00
Clara Fang
bc27c7c464
Replace occurrences of getParameterTypes().length and getParameters().length with getParameterCount()
...
Closes #10333
2022-03-18 11:20:52 +01:00
Michal Hajas
c18a682f50
Do not store undefined values in store
...
Closes #10744
2022-03-17 16:44:33 +01:00
mposolda
9e12587181
Protocol mapper and client scope for 'acr' claim
...
Closes #10161
2022-03-11 09:23:25 +01:00
Martin Bartoš
8ee7ae24de
Make WebAuthn feature default for the product version
...
Closes #10695
2022-03-10 19:00:54 +01:00
Ivan Atanasov
5c6b123aff
Support for the Recovery codes ( #8730 )
...
Closes #9540
Co-authored-by: Zachary Witter <torquekma@gmail.com>
Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com>
2022-03-10 15:49:25 +01:00
Martin Bartoš
8a0f1ccb34
Properly execute AuthenticationFlowCallbackProviderTest with Map storage
...
Closes #10268 , Closes #10225
2022-03-10 15:00:23 +01:00
rmartinc
a7c8aa1dd3
[ #10616 ] Incorrect username logged for federated accounts ( #10662 )
...
Closes #10616
2022-03-10 13:21:39 +01:00
Marcelo Daniel Silva Sales
0c25da542c
Update secret rotation when the policy is disabled ( #10674 )
...
Closes #10667
2022-03-10 13:03:09 +01:00
Alexander Schwartz
18f391d8c4
Fix spelling error in field and classname
...
It's always a converter, unless electricity is involved.
Closes #10573
2022-03-09 08:28:52 -03:00
Marcelo Daniel Silva Sales
7335abaf08
Keycloak 10489 support for client secret rotation ( #10603 )
...
Closes #10602
2022-03-09 00:05:14 +01:00
mposolda
d394e51674
Introduce profile 'feature' for step-up authentication enabled by default
...
Closes #10315
2022-03-08 14:42:46 +01:00
rmartinc
48565832d4
[ #10608 ] Password blacklists folder
2022-03-08 08:22:34 -03:00
mposolda
93bba8e338
Replace 'Store LoA in User Session' with 'Max Age'. Refactoring of step-up authentications related to that.
...
Closes #10205
2022-03-08 10:41:05 +01:00
Martin Bartoš
2bae2d2167
DeleteAccountTest failure in the test pipeline
...
Closes #10630
2022-03-08 08:33:31 +01:00
Martin Bartoš
02d0fe82bc
Auth execution 'Condition - User Attribute' missing
...
Closes #9895
2022-03-08 08:24:48 +01:00
Michal Hajas
f77ce315bb
Disable Authz caching for new storage tests
...
Closes #10500
2022-03-07 10:22:55 -03:00
Michael Parlee
722ce950bf
Improve user search performance
...
Removes bulder.lower() from user search queries on email and username.
Closes #8893
2022-03-04 14:15:14 +01:00
Takashi Norimatsu
201277b897
Handle OIDC authz request with "response_type" missing and "response_mode=form_post"
...
Closes #10144
2022-03-04 13:31:40 +01:00
Takashi Norimatsu
92f6c75328
Nonce parameter should be required in authorizationEndpoint only when "id_token" is included in response_type
...
Closes #10143
2022-03-03 13:26:39 +01:00
Alfredo Boullosa
6801688dd4
Allow Edge tests in Admin Console
...
Closes #10539
2022-03-03 07:14:01 +01:00
wojnarfilip
700ceb77ec
Removal of invalid(depricated) SpringBootTest
...
Closes #10218
2022-03-02 09:04:47 +01:00
Daniel Gozalo
76101e3591
[ fixes #9225 ] - Get scopeIds from the AuthorizationRequestContext instead of session if DYNAMIC_SCOPES are enabled
...
Add a test to make sure ProtocolMappers run with Dynamic Scopes
Change the way we create the DefaultClientSessionContext with respect to OAuth2 scopes, and standardize the way we obtain them from the parameter
2022-03-01 13:47:58 +01:00
Martin Bartoš
e2514ea2e6
Test WebAuthn with multiple browsers
...
Closes #10062
2022-02-28 09:10:39 +01:00
stianst
5ef8265b75
Remove Tomcat 7 adapter
...
Closes #9428
2022-02-28 07:50:36 +01:00
mposolda
52712d2c82
ACR support in the javascript adapter
...
Closes #10154
2022-02-24 20:07:50 +01:00
Martin Kanis
6249e34177
Hot Rod map storage: Client scope no-downtime store
2022-02-24 13:30:27 +01:00
Michal Hajas
b4281468d0
Convert Map Realm Entities into interfaces
...
Closes #9736
2022-02-24 13:23:19 +01:00
Vlasta Ramik
aa6a131b73
Change String client.id to ClientModel client in ResourceServerStore
...
Closes #10442
2022-02-24 12:46:26 +01:00
Pedro Igor
209df44641
Fixing responses when unexpected errors occurs ( #10383 )
...
Closes #10338
2022-02-23 07:44:25 +01:00
Marek Posolda
8c3fc5a60e
Option for client to specify default acr level ( #10364 )
...
Closes #10160
2022-02-22 07:54:30 +01:00
Marek Posolda
caf37b1f70
Support for acr_values_supported in OIDC well-known endpoint ( #10265 )
...
* Support for acr_values_supported in OIDC well-known endpoint
closes #10159
2022-02-18 11:33:31 +01:00
Filipe Bojikian Rissi
323c08c8cc
KEYCLOAK-19519 Encryption algorithm RSA-OAEP with A256GCM ( #8553 )
...
Closes #10300
2022-02-17 17:41:54 +01:00
Martin Bartoš
18581ca4f7
Test more recent versions of Spring Boot
...
Closes #9934
2022-02-17 16:08:57 +01:00
Martin Bartoš
314d303a99
Possibility to ignore tests for particular browsers
...
Closes #10213
2022-02-17 09:02:11 +01:00
Pedro Igor
a9668d14ce
Proper error response when handing unexpected errors
...
Closes #10176
2022-02-16 15:35:38 -03:00
Martin Bartoš
bbe9ab38bc
Unstable AuthenticationFlowCallbackProviderTest for undertow-map
...
Closes #10225
2022-02-16 15:49:08 +01:00
Pedro Igor
7da3953435
Path parameter is missing in the get account endpoint
...
Closes #10055
2022-02-15 15:44:05 -03:00
Marek Posolda
90d4e586b6
Show error in case of an unkown essential acr claim. Make sure correc… ( #10088 )
...
* Show error in case of an unkown essential acr claim. Make sure correct acr is set after authentication flow during step-up authentication
Closes #8724
Co-authored-by: Cornelia Lahnsteiner <cornelia.lahnsteiner@prime-sign.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2022-02-15 09:02:05 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT ( #10165 )
2022-02-11 21:28:06 +01:00
Martin Kanis
26ac142b99
Hot Rod map storage: Roles no-downtime store
2022-02-11 14:31:34 +01:00
wojnarfilip
f54cd969f8
OTPPolicyTest failures resolve
...
Tests pass locally, Closes #9692
2022-02-11 14:06:17 +01:00
Michal Hajas
b50b8f883b
Implement HotRod storage for Users
...
Closes #9671
2022-02-11 10:20:36 +01:00
Douglas Palmer
340d8da197
LDAP Integration tests fail on JDK-17 #9899 ( #9980 )
2022-02-11 09:03:16 +01:00
Martin Bartoš
6c09ec6de6
Hide 'unknown' transport media type label for WebAuthn authenticators
...
Closes #10036
2022-02-11 08:28:50 +01:00
Dominik Guhr
1b77358160
Logging guide v1
...
Closes #10001
2022-02-08 18:13:05 -03:00
Mauro de Wit
2c238b9f04
session-limiting-feature ( #8260 )
...
Closes #10077
2022-02-08 19:16:06 +01:00
Martin Bartoš
571f2d5107
WebAuthnSigningInTest failures in pipeline
...
Closes #9691
2022-02-07 10:57:14 +01:00
Martin Bartoš
8573ea5fb2
KEYCLOAK-17690 Add missing test case for user email update
2022-02-07 10:56:11 +01:00
Marek Posolda
d9c8cb30a5
Closes #9498 - Fix cases when user is forced to re-authenticate ( #9580 )
2022-02-07 09:02:08 +01:00
Pedro Igor
f107f0596e
Rename h2-file and h2-mem and removing defaults from production databases
...
Closes #9973
2022-02-04 15:43:51 -03:00
Martin Bartoš
d82122b982
Store information about transport media of WebAuthn authenticator
...
Closes #9800
2022-02-04 19:36:30 +01:00
Takashi Norimatsu
07d43f31f3
Expected Scopes of ClientScopesCondition created on Admin UI are not saved onto ClientScopesCondition.Configuration
...
Closes #9371
2022-02-04 18:02:15 +01:00
Martin Kanis
0471ec4941
Cross-site validation for lazy loading of offline sessions & Switch default offline sessions to lazy loaded
2022-02-03 21:43:47 +01:00
Konstantinos Georgilakis
a1f2f77b82
Device Authorization Grant with PKCE
...
Closes #9710
2022-02-03 08:37:07 +01:00
Daniel Gozalo
db4642d250
[ fixes #9919 ] - Enable Dynamic Scopes for the resource-owner-password-credentials grant
...
Change some calls to the new AuthorizationContextUtil class and add tests for the client-credentials grant
2022-02-03 08:19:44 +01:00
Marek Posolda
d27635fb1b
Fixing for token revocation checks only ( #9707 )
...
Closes #9705
2022-02-02 15:21:44 +01:00
Martin Bartoš
191ef1874e
Complete support for Passwordless tests
...
Closes #9850
2022-02-02 09:12:46 +01:00
Daniel Gozalo
3528e7ba54
[ fixes #9224 ] - Get consented scopes from AuthorizationContext
...
Always show the consent screen when a dynamic scope is requested and show the requested parameter
Improve the code that handles dynamic scopes consent and add some log traces
Add a test to check how we show dynamic scope in the consent screen and added missing template file change
Fix merge problem in comment and improve other comments
Fix the Dynamic Scope test by assigning it to the client as optional instead of default
Change how dynamic scopes are represented in the consent screen and adapt test
2022-02-02 09:10:20 +01:00
Martin Bartoš
243b6ba552
Test scenarios for verifying of JS injection for WebAuthn Policy
...
Closes #9544
2022-02-01 11:16:12 +01:00
Martin Bartoš
47208b7a20
Extend and fix tests for Resident Keys for WebAuthn
...
Closes #9796
2022-02-01 11:11:04 +01:00
Stian Thorgersen
cc88fb2daa
Update default distribution to Quarkus ( #9839 )
...
Closes #9837
2022-02-01 09:42:09 +01:00
Martin Bartoš
c40e842b45
Verify the WebAuthn functionality and settings for authentication ( #9851 )
...
* Verify the WebAuthn functionality and settings for authentication
Closes #9504
2022-01-31 15:42:08 +01:00
Dominik Guhr
5a1f4b8889
Quarkus update to 2.7.0.Final
...
Minor and micro dependency updates, some relocations (e.g. vault, ZipUtils), so some changes were needed to make this work.
Closes #9872
2022-01-31 09:55:02 -03:00
Daniel Gozalo
dc814b85c7
Pass the UserId to the function that runs the inner function in the server as it was losing its value when defined globally for Wildfly and Quarkus
2022-01-31 13:02:22 +01:00
Martin Bartoš
2919342f3a
Add test scenarios for Passwordless Webauthn AIA
...
Closes #9795
2022-01-27 11:02:43 +01:00
bal1imb
9621d513b5
KEYCLOAK-18727 Improve user search query
2022-01-26 17:03:05 +01:00
Daniel Gozalo
4136bf7700
[ fixes #9750 ] Make sure a Dynamic scope isn't assignable to a client as a default scope, and only show non-dynamic scopes in the available client scopes client menu
2022-01-26 13:32:04 +01:00
Daniel Gozalo
dad51773ea
[ fixes #9223 ] - Create an internal representation of RAR that also handles Static and Dynamic Client Scopes
...
Parse scopes to RAR representation and validate them against the requested scopes in the AuthorizationEndpointChecker
Parse scopes as RAR representation and add the created context on the different cache models in order to store the state and make it available for mappers in the ClientSessionContext
Create a new AuthorizationRequestSpi to provide different implementations for either dynamic scopes or RAR requests parsing
Move the AuthorizationRequest objects to server-spi
Add the AuthorizationRequestContext property to the MapAuthenticationSessionEntity and configure MapAuthenticationSessionAdapter to access it
Remove the AuthorizationRequestContext object from the cache adapters and entities and instead recalculate the RAR representations from scopes every time
Refactor the way we parse dynamic scopes and put everything behind the DYNAMIC_SCOPES feature flag
Added a login test and added a function to get the requested client scopes, including the dynamic one, behind a feature flag
Add a new filter to the Access Token dynamic scopes to avoid adding scopes that are not permitted for a user
Add tests around Dynamic Scopes: replaying existing tests while enabling the DYNAMIC_SCOPES feature and adding a few more
Test how the server genereates the AuthorizationDetails object
Fix formatting, move classes to better packages and fix parent test class by making it Abstract
Match Dynamic scopes to Optional scopes only and fix tests
Avoid running these tests on remote auth servers
2022-01-26 13:19:23 +01:00
Pedro Igor
d28b54e5d5
Hide Hasicorp Vault from CLI ( #9700 )
...
Closes #9688
2022-01-25 14:24:35 +01:00
Pedro Igor
b53c5d5eee
Build command should not allow runtime options
...
Closes #9618
2022-01-23 16:30:48 -03:00
Pedro Igor
7511725af4
GHA failing due to wrong scheme when downloading ISPN server
...
Closes #9696
2022-01-20 20:44:23 +01:00
Martin Kanis
ddcabe61b2
KEYCLOAK-19571 Add indices to HotRodClientEntity fields
2022-01-20 17:46:47 +01:00
Konstantinos Georgilakis
0c9ab32cf4
Fix scope bug in device authorization request
...
Closes #9617
2022-01-19 18:13:42 +01:00
vramik
22bcdcb630
MapRoleProvider could return also client roles when searching for realm roles
...
Closes #9587
2022-01-19 16:39:59 +01:00
Pedro Igor
0a9387ff4f
Unified configuration option format and renaming keycloak.properties to keycloak.conf
...
Closes #9606
2022-01-19 08:47:15 -03:00
Konstantinos Georgilakis
db0b36460f
KEYCLOAK-19148 correct getGroupsCountByNameContaining of MapGroupProvider
2022-01-15 20:15:27 +01:00
Pedro Igor
4c747047ce
Backward compatibility for lower-case bearer type in token responses ( #9538 )
...
Closes #9537
2022-01-13 08:34:45 +01:00
Jon Koops
dea123169f
KEYCLOAK-14817 Allow JS adapter to be bundled as ES module ( #9351 )
2022-01-13 08:28:30 +01:00
Daniel Gozalo
8ea09d3816
[ fixes #9222 ] - Let users configure Dynamic Client Scopes ( #9327 )
2022-01-12 14:27:24 +01:00
Martin Bartoš
8649ca3d50
Multiple active tabs when realm name equals name of the tab in Admin console ( #9438 )
...
Closes #9421
2022-01-11 16:01:28 -05:00
Marek Posolda
8f221bb21e
Validation for CIBA binding_message parameter ( #9470 )
...
closes #9469
2022-01-11 11:19:15 +01:00
Martin Bartoš
d75d28468e
KEYCLOAK-19490 Add more details about 2FA to authenticate page ( #9252 )
...
Closes #9494
2022-01-11 09:16:22 +01:00
vramik
dd3d7be2b4
Make JpaClientMapStorage generic
...
Closes #9244
2022-01-05 07:04:05 +01:00
Martin Bartoš
4700d21298
Upgrade Arquillian Graphene for WebAuthn tests
...
Closes #9330
2021-12-23 06:46:26 -08:00
Martin Bartoš
422ae0b3db
CIAM-1693 WebAuthn tests failures on JBoss
2021-12-23 02:43:25 -08:00
Martin Bartoš
fd23d1bd06
CIAM-1694 SigningInTest failure - Missing WebAuthn category
2021-12-23 02:26:56 -08:00
Martin Bartoš
6d0b551b5e
CIAM-1692 OfflineTokenSpringBootTest is failing in pipeline due to Hamcrest dependency ( #9300 )
2021-12-22 13:59:29 +01:00
CorneliaLahnsteiner
dff79cee3c
KEYCLOAK-847 Add support for step up authentication ( #7897 )
...
KEYCLOAK-847 Fix behavior of unknown not essential acr claim
Co-authored-by: Georg Romstorfer <georg.romstorfer@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2021-12-22 12:43:12 +01:00
Ben Tatham
f201760a4a
Fixed #8892 "does not exists" language
2021-12-21 20:24:13 +01:00
Pedro Igor
4f568dff63
[ fixes #9133 ] - Allow setting JDBC driver and transaction type
2021-12-21 09:57:21 -08:00
Martin Bartoš
408687f33a
KEYCLOAK-19877 Update additional Arquillian dependencies
2021-12-21 07:58:35 -08:00
Pedro Igor
15d5a074b0
Avoid building configuration all the time when running tests
...
Closes #9262
2021-12-21 07:10:15 -08:00
keycloak-bot
9f3d4a7d42
Set version to 17.0.0-SNAPSHOT
2021-12-20 10:50:39 +01:00
Michal Hajas
30cef7aa68
Fix app-server addHttpListener failure
2021-12-20 10:40:42 +01:00
Stian Thorgersen
45e9243054
Verify fine-grained admin permissions feature is enabled before checking fine-grained permissions when creating users ( #9211 )
...
* Verify fine-grained admin permissions feature is enabled before checking fine-grained permissions when creating users
Co-authored-by: stianst <stianst@gmail.com>
* fixing test
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2021-12-17 14:45:56 +01:00
Stian Thorgersen
31345c49b1
Server-only upgrade to WildFly 25.0.1 ( #9190 )
...
* WF 25.0.1 upgrade light
* Re-enable adapters with old WF versions
* Put server-overlay and server-legacy-dist back to reduce size of PR changes
* Remove some more changes that are not needed
* Fix issues adding to provider properties
* Fix user-profile updates for tests
* tls fixes
* Set WF to 23 for adapter tests
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2021-12-17 12:12:41 +01:00
Michal Hajas
5f0b65e854
Fix Cross DC test failures caused by Keycloak not increasing failure counter for blocked users
...
Closes #9157
2021-12-15 19:13:54 +01:00
vramik
c6312e3308
KEYCLOAK-18717 KEYCLOAK-18716 KEYCLOAK-18715 KEYCLOAK-18713 KEYCLOAK-18712 KEYCLOAK-18711 JPA clients no-downtime store
2021-12-15 13:32:49 +01:00
Marcelo Sales
afeaa6f593
KEYCLOAK-19391: Fix ldap query search adding custom serach filter
2021-12-15 08:54:52 +01:00
Michal Hajas
5aa9a09b20
Closes #8969 - Add Groups HotRod storage
2021-12-13 18:12:19 +01:00
stianst
85240c9606
Remove deprecated kcinit from keycloak
...
Closes #9106
2021-12-13 15:51:51 +01:00
thomasmicro
c474e770fe
Clarify Admin UI Name of NoCookieFlowRedirectAuthenticator
...
In the Admin UI, the Authenticator was simply called Browser Redirect/Refresh which gives the impression that it is a generic redirector (which would be a cool validator).
This Quick Fix changes the Name to "Browser Redirect for Cookie free authentication" which should bring more clarity.
2021-12-13 13:14:49 +01:00
Martin Bartoš
8e8fab857e
KEYCLOAK-19486 Verify the WebAuthn registration functionality
2021-12-13 09:46:07 +01:00
Martin Bartoš
faefeccbee
KEYCLOAK-19487 Test cases for managing 2FA authenticators in account console
2021-12-12 11:36:51 +01:00
Pedro Igor
bf0f3d605c
[ fixes #9052 ] - Renaming cluster options to cache
2021-12-10 08:20:53 +01:00
Martin Bartoš
c5eeb704ee
KEYCLOAK-19881 Make module 'other' independent
2021-12-08 11:04:12 +01:00
Martin Bartoš
4f66087bf4
Fix for WebAuthn tests
2021-12-08 10:12:48 +01:00
Martin Bartoš
08fccf5a9f
Change WebAuthn tests execution in docs
2021-12-08 10:12:48 +01:00
Martin Bartoš
5283db86c4
KEYCLOAK-19489 Verify WebAuthn settings in admin console
2021-12-08 10:12:48 +01:00
Martin Bartoš
12fe5e0012
Documentation and code polishing
2021-12-06 09:42:10 +01:00
Martin Bartoš
8e1c1af5c6
Update WebAuthn section in HOW-TO-RUN.md
2021-12-06 09:42:10 +01:00
Martin Bartoš
7d04f8c071
Resolve some issues with dependencies
2021-12-06 09:42:10 +01:00
Martin Bartoš
7dc01a5a6e
KEYCLOAK-13319 Use newest WebDriver/Selenium for the WebAuthn testing
2021-12-06 09:42:10 +01:00
Alfredo Boullosa
a0b9e4f3eb
KEYCLOAK-19853 Update Arquillian version
2021-12-04 06:45:43 +01:00
Pedro Igor
9a4ab82d08
[KEYCLOAK-19847] - Optimizations and refactoring for better/stable startup time
2021-12-02 08:57:23 -08:00
Pedro Igor
7bef534392
[KEYCLOAK-19859] - Patching request filter to properly end responses
2021-12-01 09:18:56 -08:00
Yoshiyuki Tabata
b1eeb0626e
KEYCLOAK-13847 fix offline token refresh date
2021-12-01 08:30:08 +01:00
Nemanja Hiršl
c9e1e00b95
KEYCLOAK-19773 BFD and Direct Grant - inconsistent number of failures
...
Do not "failure" on temporary or permanently locked users, but "forceChallenge"
Failure increments number of failures, and forceChallenge doesn't
Test cases cover:
1. Already disabled users
2. Temporarily disabled users by BFD
3. Permanently disabled users by BFD
2021-11-24 15:28:18 +01:00
Martin Bartoš
1e1a6779be
Issue 8814: Replace deprecated hamcrest-all dependencies
2021-11-23 13:56:28 +01:00
bal1imb
661aca4452
KEYCLOAK-19283 Implemented new identity provider mapper "Advanced claim to group mapper" alongside tests.
2021-11-19 16:54:39 +01:00
Hiroyuki Wada
884471c729
KEYCLOAK-19237 Avoid using stream that has been operated
2021-11-18 17:46:35 +01:00
Takashi Norimatsu
10c3e149d3
KEYCLOAK-19699 RSA key provider with key use = enc cannot select corresponding algorithm on Admin Console
2021-11-18 13:24:50 +01:00
Olivier Boudet
ed6eea26ea
KEYCLOAK-19413 Allows to set login_hint on registration and reset-credentials pages
2021-11-18 13:17:10 +01:00
Konstantinos Georgilakis
63c9845cb9
KEYCLOAK-18276 client content screen enhancement
2021-11-18 13:15:02 +01:00
Pedro Igor
e14e56e0f3
[KEYCLOAK-19798] - Hostname support for Dist.X
...
Co-authored-by: Stian Thorgersen <stian@redhat.com>
2021-11-17 10:51:58 -03:00
Martin Bartoš
b17f0695ee
8793 User Profile multiple implementations
2021-11-15 08:46:34 +01:00
Pedro Igor
37b36decbb
[KEYCLOAK-19798] - Less verbose HTTP options and minor changes to property mappers
2021-11-12 07:50:32 -03:00
Michal Hajas
2f9a5aae0f
KEYCLOAK-19028 Add HotRod Map storage implementation
2021-11-11 14:10:00 +01:00
David Perrenoud
36da2d20e9
KEYCLOAK-17039 Local file in a webview fails when requesting with "Origin: null" since 11.0.2
2021-11-11 10:55:33 +01:00
Dominik Guhr
13a7f773a9
KEYCLOAK-19446 Use FolderThemeProviderFactory with fallback for quarkus so no need to always set config or system variable
2021-11-09 07:59:40 -03:00
rmartinc
a4c4c00d00
[KEYCLOAK-14309] Duplicate sub claim at JSON level
2021-11-08 11:54:39 +01:00
Alec Henninger
cec6a8a884
KEYCLOAK-19700: Attempt to reuse denied device authorization code results in server error
2021-11-08 11:37:51 +01:00
Takashi Norimatsu
d0493b4306
KEYCLOAK-19723 Existing ECDSA key provider's key pair is not regenerated when its curve is changed on Admin Console
2021-11-05 10:05:40 +01:00
mposolda
5740e158e3
KEYCLOAK-18744 OpenBanking Brasil fix for X509 client authentication. More flexibility in Subject DN comparison.
2021-11-05 09:10:50 +01:00
Pedro Igor
3c00dba8ad
[KEYCLOAK-19767] - Fixing testsuite to point to right persisted config
2021-11-04 15:06:49 -03:00
Dominik Guhr
579c5462b2
KEYCLOAK-19308 Grouping for help commands and refactoring of Propertymapper usage to provida a fluid API
2021-11-04 08:59:56 -03:00
Luca Leonardo Scorcia
e99b363ba0
KEYCLOAK-18879 Generate RequestedAttribute SP metadata for SAML Attribute Role Mappers
2021-11-04 11:15:32 +01:00
Bruno Oliveira da Silva
16db810b03
[KEYCLOAK-19754] - Update documentation files to remove problematic language in the main repository
2021-11-04 10:08:56 +01:00
Pedro Igor
eaa96f6147
[KEYCLOAK-18255] - Vault Support in Dist.X
2021-11-03 09:23:33 -03:00
Leonardo Brancalhão
a2a788ec39
KEYCLOAK-18401 Oracle test fixes
2021-11-02 11:55:38 +01:00
Martin Bartoš
bfce612641
KEYCLOAK-18338 Fix update user account with configured SSSD
2021-11-02 08:42:07 +01:00
Joerg Matysiak
afc5cb4d14
KEYCLOAK-19617 Simplify creation of custom user profiles
...
* DeclarativeUserProfileProvider passes its ID to DeclarativeUserProfileModel, so this also works for derived classes.
* Moved creation of declarative user profile model to a protected factory method to allow subclasses to provide their own implementation.
* Added integration tests for custom user profile
* configured declarative-user-profile as default user profile provider in test servers
* Restore previously configured default provider after test with special provider settings
* Some refactoring in SpiProviderSwitchingUtils
2021-10-28 08:26:11 -03:00
Martin Kanis
af97849feb
KEYCLOAK-19030 Implement HotRodConnectionProvider
2021-10-27 14:07:19 +02:00
Konstantinos Georgilakis
a5c8c45551
KEYCLOAK-19388 correct AttributeConsumingService bug in SAML SP metadata
2021-10-21 20:24:46 +02:00
Takashi Norimatsu
263161ff66
KEYCLOAK-19540 FAPI 2.0 Baseline : Reject Resource Owner Password Credentials Grant
2021-10-21 09:13:12 +02:00
Thomas Darimont
9857a04895
KEYCLOAK-16107 Enable ScriptBasedOIDCProtocolMapper to return JSON objects directly
...
We now allow to return JSON objects directly from a ScriptBasedOIDCProtocolMapper, by
adding support to turn objects that implement the java.util.Map into JsonNodes.
Previously returning JSON objects directly caused an exception during runtime.
2021-10-19 11:21:26 -03:00
Dominik Guhr
7b135c4dfc
KEYCLOAK-19461 Unignore OpenShiftTokenReviewEndpointTest
2021-10-18 08:56:43 -03:00
Dominik Guhr
c45a6fde12
KEYCLOAK-19547 Switch arquillian quarkus container to use autobuild to prevent timeo… ( #8576 )
...
* KEYCLOAK-19547 Switch arquillian quarkus container to use autobuild to prevent timeouts when reaugmentation is longer than 10s
Co-authored-by: Dominik Guhr <dguhr@redhat.com>
2021-10-18 08:53:12 -03:00
Douglas Palmer
73f0474008
[KEYCLOAK-19422] ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader
2021-10-18 10:23:06 +02:00
mposolda
7010017e0e
KEYCLOAK-19555 Improvements in ConsentRequiredExecutor of client policies
2021-10-16 14:11:18 +02:00
Thomas Darimont
b1bcd5d66e
KEYCLOAK-12754 Honor nested composite roles when creating roles via REST API ( #7097 )
...
* KEYCLOAK-12754 Honor nested composite roles when creating roles via REST API
- Validate composite roles when creating roles via REST API
2021-10-15 10:33:19 -03:00
Pedro Igor
982f0f93b4
[KEYCLOAK-19559] - Support for custom JPA model
2021-10-15 08:48:30 -03:00
mposolda
acd00a492b
KEYCLOAK-19556 Avoid auto-creating invalid redirect URL for FAPI clients
2021-10-15 11:17:59 +02:00
Pedro Igor
27e74c41ff
[KEYCLOAK-19459] - Enabling ClientSearchTest to Dist.X
2021-10-14 17:08:06 -03:00
Dominik
8f3940032e
KEYCLOAK-19461 Add dependency for openshift restclient to quarkus dist to make the OpenShiftClientStorageTest work.
2021-10-13 14:52:19 -03:00
Takashi Norimatsu
a4f83c569d
KEYCLOAK-19510 Nested JWT JOSE header needs to set JWT to cty field
2021-10-12 16:58:15 +02:00
Bart Monhemius
5b0986e490
[KEYCLOAK-18891] Add support for searching users by custom user attributes
...
Users can now be searched by custom attributes using 'q' in the query parameters. The implementation is roughly the same as search clients by custom attributes.
2021-10-12 13:08:47 +02:00
Dominik
ce0070508f
KEYCLOAK-19457 Unignore JsonFileImportTests now that KEYCLOAK-19521 is done
2021-10-11 16:41:07 -03:00
Dominik
00feef4dbe
KEYCLOAK-19496 Unignore ArtifactBindingCustomResolverTest and make SetDefaultProvider Annotation usable for Quarkus-based distribution
2021-10-08 15:50:59 -03:00
R Yamada
891c8e1a12
[KEYCLOAK-17653] - OIDC Frontchannel logout support
2021-10-07 15:27:19 -03:00
Dominik
97ee8832a3
KEYCLOAK-19079 Add special case for kubeadmin without uid and OCP4
2021-10-07 14:29:00 -03:00
Dominik
12d4837fa9
KEYCLOAK-19484_BasicSamlTest
2021-10-06 12:04:05 -03:00
Martin Kanis
30b3caee9f
KEYCLOAK-18445 Add support for cross-site model tests
2021-10-06 14:37:06 +02:00
Dominik
cd7a22c174
KEYCLOAK-19476: Unignore LoginTest.loginWithLongRedirectUri by adding property to authserver-quarkus
2021-10-06 08:03:34 -03:00
Tomas Kyjovsky
01a0e11c8f
KEYCLOAK-19392 pass infinispan javaVmArguments via JAVA_OPTS instead of CLI parameters
2021-10-05 09:06:50 +02:00
Dominik
021245a330
KEYCLOAK-19463 fix PasswordPolicyTest for Quarkus
2021-10-04 15:32:18 -03:00
Dominik
8cf35c9b7b
KEYCLOAK-13770 - Working DefaultThemeManagerTest
2021-10-01 11:25:17 -03:00
Michal Hajas
da0c945475
KEYCLOAK-18940 Add support for searching composite roles
2021-10-01 12:41:19 +02:00
Nathan Strobbe
64717f650b
KEYCLOAK-15167 Retrieve email from Twitter IdP
2021-10-01 09:45:20 +02:00
Pedro Igor
0210acadad
[KEYCLOAK-19424] - Rename the config command to build
2021-10-01 08:39:50 +02:00
Luca Leonardo Scorcia
43a3c676f7
KEYCLOAK-16456 X509 Auth: add option for OCSP fail-open behavior
2021-10-01 08:37:01 +02:00
Daniel Fesenmeyer
0a2f8f5b63
KEYCLOAK-17887 fix endpoint for creating or updating realm localization texts for a given locale (UnsupportedOperation was thrown because RealmAdapter tried to change unmodifiable map):
...
- fix RealmAdapter to create a new map instead of trying to change unmodifiable map
- only provide POST endpoints for creating or updating the texts (to have the endpoints consistent with other Admin API endpoints)
- add tests
2021-09-30 15:07:56 +02:00
Douglas Palmer
ff07c4891e
[KEYCLOAK-14378] Allow customization of debug settings for clustered JBoss app servers in tests.
2021-09-30 13:28:05 +02:00
stianst
f471a110cd
KEYCLOAK-19408 Better client secrets
2021-09-29 18:19:43 +02:00
Dominik
82964f7460
KEYCLOAK-13770 Working FixedHostnameTest for Quarkus
2021-09-28 11:48:50 -03:00
stianst
12c7bc7350
KEYCLOAK-19410 Compile issues in IntelliJ due to imports of sun packages
2021-09-28 14:59:33 +02:00
Dominik
20b91c7d4f
KEYCLOAK-13770 Fix Quarkus ScriptDeploymentTests, Hostnametests and tests relying on user attribute config
2021-09-27 15:19:45 -03:00
Václav Muzikář
69a146db7e
KEYCLOAK-18128 Keycloak cannot fetch group claims from openshift
2021-09-27 08:05:43 -03:00
Daniel Fesenmeyer
339224578e
KEYCLOAK-10603 adjust assignments to roles (user-role and group-role assignments, client-scope and client "scope mappings"): allow assignments of roles which are already indirectly assigned (e.g. by composite role)
...
- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
2021-09-22 13:56:29 +02:00
Vlastimil Elias
28e220fa6d
KEYCLOAK-18497 - Support different input types in built-in dynamic forms
2021-09-20 09:14:49 -03:00
Takashi Norimatsu
375e47877e
KEYCLOAK-18558 Client Policy - Endpoint : support Device Authorization Endpoint
2021-09-20 11:22:58 +02:00
chen kqing
c9809f0151
KEYCLOAK-18873 href attribute of a "Unable to scan?" tag is wrong in "Configure TOTP" page
2021-09-20 10:09:58 +02:00
Dominik
6d036a4647
KEYCLOAK-13770 Already working Tests after upgrade to Quarkus2
2021-09-17 10:03:26 -03:00
Dominik
4090114398
KEYCLOAK-16246 Revert changes from workaround made in KEYCLOAK-16244 after upgrading to quarkus 2
...
Also fixed a small type in testclass.
This reverts commit 9b2f2015f7
.
2021-09-16 15:42:48 -03:00
Sophie Tauchert
b5d477c421
[KEYCLOAK-18556] Check for federated credentials when resolving authenticators
2021-09-15 16:54:56 +02:00
Vlastimil Elias
2be5f528e4
KEYCLOAK-18700 - consistently record User profile attribute changes in
...
UPDATE_PROFILE event
2021-09-15 08:26:01 -03:00
Marek Posolda
11e5f66c60
KEYCLOAK-19056 EDIT MODE field should not be leave empty ( #8380 )
2021-09-14 20:27:09 +02:00
Luca Leonardo Scorcia
6d0708d263
KEYCLOAK-17368 Show forwarded errors when a default remote IdP is configured ( #7838 )
2021-09-14 09:44:59 +02:00
Luca Leonardo Scorcia
af8354267b
KEYCLOAK-16462 X509 Auth: add option to revalidate certificate trust
2021-09-13 12:12:38 +02:00
David Hellwig
a6cd80c933
KEYCLOAK-16076 added new warining when cookies are disabled -with new branch- ( #7632 )
...
* KEYCLOAK-16076 added new warining when cookies are disabled
Co-authored-by: David Hellwig <david.hellwig@bosch.com>
Co-authored-by: Christoph Leistert <christoph.leistert@bosch-si.com>
2021-09-13 11:30:11 +02:00
Pedro Igor
aa018295c4
[KEYCLOAK-17866] - Upgrade to Quarkus v2
2021-09-10 11:21:09 -03:00
Hynek Mlnarik
4518b3d3d1
KEYCLOAK-19143 Split note for broker and SP SAML request ID
2021-09-07 17:04:30 +02:00
Olivier Boudet
c7f8544b0c
KEYCLOAK-18454 Reset password : wrong email instructions when duplicates email is allowed
2021-09-02 14:44:18 +02:00
Martin Bartoš
a25a0d513e
KEYCLOAK-19159 KcSamlEncryptedIdTest failure for undertow
2021-09-02 11:22:53 +02:00
Martin Bartoš
7c243c8427
KEYCLOAK-18590 Save Button Enabled For Empty Attributes
2021-09-01 10:51:20 +02:00
vramik
5fe675b612
KEYCLOAK-18841 prevent deletion of default role using RoleContainerResource
2021-08-20 12:02:07 +02:00
Martin Bartos
18cef60bbd
KEYCLOAK-19037 Problems with validation of Email field that contains uppercase character
2021-08-19 11:13:42 +02:00
mposolda
418d1e3471
KEYCLOAK-19039 Sync UPDATE_PASSWORD required action to only to MSAD with WRITABLE edit mode. Add tests for MSAD mapper
2021-08-18 17:39:19 +02:00
Thomas Darimont
a7fd1bc3a9
KEYCLOAK-18954 Add test for user consent retrieval with offline access consents
...
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-08-18 10:39:44 +02:00
bal1imb
269b661b8a
KEYCLOAK-16633 Prevent deletion of internal clients.
2021-08-09 11:45:03 -03:00
Martin Kanis
b42f765c2a
KEYCLOAK-18982 Token OIDC introspection endpoint should not update any of the timestamps
2021-08-05 18:21:16 +02:00
Simen Heggestøyl
624a9a3ed7
KEYCLOAK-18509 Fix permission error when deleting client
2021-08-05 11:55:24 -03:00
Yoshiyuki Tabata
b31b60fffe
KEYCLOAK-18341 Support JWKS OAuth2 Client Metadata in the "by value" key loading method
2021-08-05 16:52:55 +02:00
Martin Bartoš
3c19fae88b
KEYCLOAK-18964 MetricsRestServiceTest contains wrong health check message
2021-08-05 16:01:01 +02:00
Hynek Mlnarik
2acb43a627
KEYCLOAK-18617 Fix index on client attributes
2021-08-05 15:35:55 +02:00
Sebastian Rose
5d9d749fbd
KEYCLOAK-18380 Fix Groups search by name returns unwanted groups
...
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-08-05 11:43:56 +02:00
Sebastian Rose
565251d5a6
KEYCLOAK-18380 Fix Groups search by name returns unwanted groups, cleanup test, skip tests on map storage provider feature
2021-08-05 11:43:56 +02:00
Thomas Darimont
17da3ee8d9
KEYCLOAK-18380 Fix Groups search by name returns unwanted groups
...
Previously the group search did not apply a given search query as filter
for groups along the group path.
We now filter the found groups with the given group search query if present.
2021-08-05 11:43:56 +02:00
mposolda
b1d39aa136
KEYCLOAK-18949 DirectGrant login should fail if authenticationSession contains some required actions
2021-08-04 08:50:27 +02:00
Yang Xie
d8cb279bc4
KEYCLOAK-17693 add config for loading custom IdMapper class
2021-08-03 17:44:47 +02:00
carlChen
a0b01b6ef4
KEYCLOAK-16703 The username returned by token introspect endpoint is null when remove or modify username mapper
2021-08-03 17:38:37 +02:00
Sebastian Kanzow
4e8e4592ca
[KEYCLOAK-18419] Support SAML 2.0 Encrypted IDs in Assertion
2021-08-03 11:55:36 +02:00
keycloak-bot
262ec3d031
Set version to 16.0.0-SNAPSHOT
2021-07-30 14:56:10 +02:00
Pedro Igor
afb0b16e43
[KEYCLOAK-18922] - Ignore empty values for internal attributes not set to user
2021-07-30 12:30:43 +02:00
Martin Bartoš
56888911b0
KEYCLOAK-18691 CIBATest.testTokenRequestAfterIntervalButNotYetAuthenticated wrong expiration
2021-07-29 17:01:51 +02:00
Pedro Igor
ff70e2e04b
[KEYCLOAK-18916] - Do not consider empty values when checking read-only attributes
2021-07-29 08:46:16 +02:00
Vlastimil Elias
32f2f095fe
KEYCLOAK-7724 User Profile default validations
2021-07-29 08:42:37 +02:00
mposolda
4dacbb9e0b
KEYCLOAK-16996 User not able to revoke his offline token for directGrant clients
2021-07-29 08:04:16 +02:00
mposolda
9b0e1fff8d
KEYCLOAK-18903 More customizable OIDC WellKnown provider
2021-07-28 18:03:23 +02:00
mposolda
05dfed721a
KEYCLOAK-18636 The mtls_endpoint_aliases claim is not advertized in the discovery document
2021-07-28 13:32:31 +02:00
Pedro Igor
ef72343a6a
[KEYCLOAK-18882] - User Profile still tech preview
2021-07-28 08:45:35 +02:00
mposolda
4520cbd38c
KEYCLOAK-18904 Support cert-bound tokens when doing client credentials grant. Client policies support for client credentials grant
2021-07-28 07:24:30 +02:00
mposolda
ce80a3ba9b
KEYCLOAK-18901 Test for update clientNotificationEndpoint to 'http' URL should fail
2021-07-27 16:22:49 +02:00
mposolda
643b3c4c5a
KEYCLOAK-18594 CIBA Ping Mode
2021-07-27 08:33:17 +02:00
Takashi Norimatsu
9018fe9fad
KEYCLOAK-18863 Global client profile for FAPI CIBA
2021-07-23 14:30:26 +02:00
Joerg Matysiak
9dff21d0a7
KEYCLOAK-18552
...
* added group as attribute metadata
* validation for groups and references to groups
* adapted template to use show attribute groups
* test and integration tests for attribute groups
2021-07-23 09:26:21 -03:00
Takashi Norimatsu
6436716514
KEYCLOAK-18834 Client Policies : ClientScopesCondition needs to be evaluated on CIBA backchannel authentication request and token request
2021-07-23 10:06:02 +02:00
Hynek Mlnarik
6b9040d18a
KEYCLOAK-18876 Fix intermittent LoginTest failures
2021-07-23 08:44:50 +02:00
Takashi Norimatsu
84e19f1c57
KEYCLOAK-18833 FAPI-CIBA-ID1 : need to only accept confidential client on Backchannel Authentication endpoint
2021-07-23 08:26:36 +02:00
Luca Leonardo Scorcia
6bd7420907
KEYCLOAK-17290 SAML Client - Generate AttributeConsumingService SP metadata section
2021-07-22 21:53:16 +02:00
Pedro Igor
8260c3c623
[KEYCLOAK-18860] - Fixing attributes returned from user api
2021-07-22 15:09:30 -03:00
Vlastimil Elias
fff27f8bd6
KEYCLOAK-18812 fixing Account REST API tests under User Profile enabled
2021-07-22 13:43:21 -03:00
Vlastimil Elias
f307c56fe1
KEYCLOAK-18812 UserProfile metadata in Account REST API
2021-07-22 08:46:30 -03:00
Pedro Igor
b4c940fe3f
[KEYCLOAK-18860] - Return attributes defined in user profile from user api
2021-07-22 08:32:47 -03:00
ruromero
464475caa0
[KEYCLOAK-17872] Add missing HTTPClient properties
...
Signed-off-by: ruromero <rromerom@redhat.com>
2021-07-22 10:54:59 +02:00
mposolda
3993b73625
KEYCLOAK-18865 CIBATests failing for auth-server-remote
2021-07-21 14:14:01 +02:00
Pedro Igor
d29d945cc4
[KEYCLOAK-18857] - Do not force default to RS256 when verifying tokens sent by clients and JWK does not hold an algorithm
2021-07-21 11:09:02 +02:00
Takashi Norimatsu
2c019c9ce5
KEYCLOAK-18832 FAPI-CIBA-ID1 conformance test : need to return 401 error=invalid_client if client authentication is not successfully completed on Backchannel Authentication endpoint
2021-07-21 10:13:55 +02:00
Takashi Norimatsu
8df36fbf28
KEYCLOAK-18828 FAPI-CIBA-ID1 conformance test : Additional checks of signed authentication request
2021-07-21 08:19:19 +02:00
Takashi Norimatsu
61fcbb307b
KEYCLOAK-18830 FAPI-CIBA-ID1 conformance test : HolderOfKeyEnforcerExecutor needs to be executed on CIBA token request
2021-07-21 08:07:50 +02:00
Pedro Igor
54a0e84070
[KEYCLOAK-18741] - Review error messages when validating PAR requests
2021-07-20 14:08:49 -03:00
Pedro Igor
7f34af4016
Revert "[KEYCLOAK-18425] - Allow mapping user profile attributes"
...
This reverts commit 3e07ca3c
2021-07-20 14:08:09 -03:00
mposolda
db7e247f7b
KEYCLOAK-18848 KEYCLOAK-18850 Enable CIBA and PAR by default
2021-07-20 15:59:06 +02:00
Takashi Norimatsu
f154b0b209
KEYCLOAK-18831 FAPI-CIBA-ID1 conformance test : need to return 400 if user authentication is not successfully completed
2021-07-20 10:46:16 +02:00
Takashi Norimatsu
e2c5fa20a2
KEYCLOAK-18849 Client Policy - Condition : ClientRolesCondition needs to be evaluated on PAR endpoint
2021-07-20 09:41:48 +02:00
Pedro Igor
396a78bcc4
[KEYCLOAK-18723] - Configurable constraints for request object encryption
2021-07-20 09:28:09 +02:00
Pedro Igor
730d4e8ac9
[KEYCLOAK-18807] - Fixing claims in JARM responses
2021-07-20 08:23:33 +02:00
Pedro Igor
13a08362d4
[KEYCLOAK-18819] - SecureResponseType executor shall allow response_type=code when using JARM and response_mode=jwt
2021-07-20 08:16:19 +02:00
Takashi Norimatsu
f76c07476c
KEYCLOAK-18827 FAPI-CIBA-ID1 conformance test : Client JWT authentication should allow Backchannel Authentication endpoint as audience
2021-07-20 06:39:28 +02:00
Takashi Norimatsu
02a9eb442d
KEYCLOAK-18829 FAPI-CIBA-ID1 conformance test : ClientRolesCondition needs to be evaluated on CIBA backchannel authentication request and token request
2021-07-20 06:31:10 +02:00
Pedro Igor
fe4e089e81
[KEYCLOAK-18745] - Client JWT authentication should allow PAR endpoint as audience
2021-07-19 14:23:53 -03:00
Vlastimil Elias
61aa4e6a70
KEYCLOAK-18750 - Set "Email Verified" to false when email changed in
...
UserProfile Provider
2021-07-19 11:19:29 -03:00
Takashi Norimatsu
f188f02d03
KEYCLOAK-18826 FAPI-CIBA-ID1 conformance test : ID Token needs to include auth_time claim
2021-07-19 15:11:23 +02:00
Takashi Norimatsu
63f04c1118
KEYCLOAK-18683 Client policy executor for check Backchannel signed request algorithms matching FAPI compliant algorithms
2021-07-19 14:48:31 +02:00
Pedro Igor
a79d28f115
[KEYCLOAK-18729] - Support JAR when using PAR
2021-07-19 11:42:20 +02:00
bal1imb
2c8d4ad9b4
KEYCLOAK-18590 Realm localizations of one realm must not affect themes displayed in context of other realms.
2021-07-16 16:12:58 +02:00
bal1imb
fbaeb18a5f
KEYCLOAK-18471 Added ID to admin event object.
2021-07-16 12:46:07 +02:00
Pedro Igor
f1face6973
[KEYCLOAK-18748] - Do not remove attributes when declarative provider is enabled
2021-07-15 12:00:39 -03:00
Daniel Fesenmeyer
a25c70784c
KEYCLOAK-18467 support unicode for realm localization texts
2021-07-15 10:30:42 +02:00
vramik
a07f3f9608
KEYCLOAK-18688 Add testing composite roles in RoleInvalidationClusterTest
2021-07-15 10:18:57 +02:00
Vlastimil Elias
7618e66136
[KEYCLOAK-18541] separate template for IDP review page
2021-07-13 21:43:52 -03:00
vramik
00017b44a3
KEYCLOAK-18311 fix creation of roles during client registration
2021-07-12 11:39:47 +02:00
Pedro Igor
1baab67f3b
[KEYCLOAK-18630] - Request object encryption support
2021-07-09 11:27:30 -03:00
Vlastimil Elias
6686482ba5
[KEYCLOAK-18591] - Support a dynamic IDP user review form
2021-07-09 10:05:26 -03:00
Martin Bartoš
f3a96b9da9
KEYCLOAK-18644 New Account Console Tests failures
2021-07-09 11:56:02 +02:00
Takashi Norimatsu
7cdcf0f93e
KEYCLOAK-18654 Client Policy - Endpoint : support Token Request by CIBA Backchannel Authentication
2021-07-09 11:24:12 +02:00
Takashi Norimatsu
43eb2b7c90
KEYCLOAK-18123 Client Policy - Executor : Enforce Backchannel Authentication Request satisfying high security level
2021-07-09 09:11:13 +02:00
Takashi Norimatsu
63b737545f
KEYCLOAK-18653 Client Policy - Endpoint : support Pushed Authorization Request Endpoint
2021-07-09 09:06:38 +02:00
Pedro Igor
4099833be8
[KEYCLOAK-18693] - Declarative profile validating read-only attribute if it exists
2021-07-08 15:22:02 -03:00
Takashi Norimatsu
dce163d3e2
KEYCLOAK-18587 CIBA signed request: Client must configure the algorithm
2021-07-08 10:16:22 +02:00
Benjamin Weimer
8c1ea60b04
* Add sid claim to ID Token
...
* deprecate session state parameter in ID Token
* remove charset=UTF-8 from backchannel logout post request Content-Type header
2021-07-06 15:30:53 -03:00
Takashi Norimatsu
2b1624390a
KEYCLOAK-17937 Client Policy - Endpoint : support CIBA Backchannel Authentication Endpoint
2021-07-03 08:57:20 +02:00
Hryhorii Hevorkian
2803685cd7
KEYCLOAK-18353 Implement Pushed Authorization Request inside the Keycloak
...
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-07-03 08:47:42 +02:00
lbortoli
e5ae113453
KEYCLOAK-18452 FAPI JARM: JWT Secured Authorization Response Mode for OAuth 2.0
2021-07-03 00:00:32 +02:00
Vlastimil Elias
04ff2c327b
[KEYCLOAK-18429] Support a dynamic update profile form
2021-07-02 10:22:47 -03:00
Vlastimil Elias
f32447bcc1
[KEYCLOAK-18424] GUI order for user profile attributes
2021-07-02 08:37:24 -03:00
Pedro Igor
b26b41332e
[KEYCLOAK-18626] - Avoid changing username when registration as email is enabled
2021-07-02 08:07:04 -03:00
Pedro Igor
3e07ca3c22
[KEYCLOAK-18425] - Allow mapping user profile attributes
2021-07-01 10:19:28 -03:00
vramik
2b9b50d50a
KEYCLOAK-18194 fix migration of default role when realm id contains apostrophe
2021-07-01 11:22:11 +02:00
lbortoli
164f3df080
KEYCLOAK-18502 - Support for additional parameters from the backchannel authentication request and backchannel authentication callback.
2021-07-01 00:31:26 +02:00
Luca Leonardo Scorcia
ae98d8ea28
KEYCLOAK-18315 SAML Client - Add parameter to request specific AttributeConsumingServiceIndex
2021-06-29 16:22:38 +02:00
Martin Bartoš
9dc7300178
KEYCLOAK-18391 CIBATest failures
2021-06-29 16:15:12 +02:00
Sebastian Rose
ca6b78b730
KEYCLOAK-18390 GroupProvider search implementation of JPA and Map delivers different results
2021-06-29 14:59:01 +02:00
Martin Bartoš
8a82130579
KEYCLOAK-18505 ConfigMigrationTest failures
2021-06-29 10:15:04 +02:00
Takashi Norimatsu
57c80483bb
KEYCLOAK-17936 FAPI-CIBA : support Signed Authentication Request
...
Co-authored-by: Pritish Joshi <pritish@banfico.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-06-29 08:07:40 +02:00
Pedro Igor
948f453e2d
[KEYCLOAK-18427] - Allowing switching to declarative provider
2021-06-28 15:50:04 -03:00
Vlastimil Elias
512bcd14f7
[KEYCLOAK-18428] - dynamic registration form
2021-06-25 17:11:15 -03:00
Pedro Igor
faadb896ea
[KEYCLOAK-18426] - Support required by role and scopes in Admin UI
2021-06-24 10:43:49 -03:00
Yoshiyuki Tabata
52ced98f92
KEYCLOAK-18503 Regex Policy for authorization service
2021-06-24 08:49:41 -03:00
Vlastimil Elias
b7a4fd8745
KEYCLOAK-18423 - Support a user-friendly name property for user profile
...
attributes
2021-06-24 08:17:06 -03:00
Michal Hajas
ccf9456bdf
KEYCLOAK-18534 Fix js tests timeout failure
2021-06-23 14:12:02 -03:00
Luca Leonardo Scorcia
cdf9621257
KEYCLOAK-18450 Add basic tests for the Identity Provider Redirector Default IdP feature
2021-06-23 08:42:14 +02:00
Andy Fedotov
17b374f53a
[KEYCLOAK-16455][Adapter - JavaScript] Propagate 3rd party cookies check
...
errors outside of JS adapter
2021-06-23 08:36:26 +02:00
Vlastimil Elias
458c841c39
[KEYCLOAK-18447] Dynamically select attributes based on requested scopes
2021-06-22 08:54:03 -03:00
Vlastimil Elias
b87d764137
[KEYCLOAK-17443] Username and email form fields kept in registration
...
form when duplicate
2021-06-22 08:46:42 -03:00
rmartinc
b8452374d2
[KEYCLOAK-18473] Add max length to password policy
2021-06-22 10:15:48 +02:00
Luca Leonardo Scorcia
f5123cb51b
KEYCLOAK-17935 SAML Client - Validate InResponseTo attribute
2021-06-21 12:25:18 +02:00
keycloak-bot
13f7831a77
Set version to 15.0.0-SNAPSHOT
2021-06-18 10:42:27 +02:00
Pedro Igor
6bb7a8894d
[KEYCLOAK-18464] - Failures when running without tls and remote
2021-06-17 14:33:35 +02:00
Lukas Hanusovsky
b1f3e5554c
KEYCLOAK-18102 - set specific jpa schema.
2021-06-17 13:02:40 +02:00
Martin Bartoš
333d279d7a
KEYCLOAK-18406 SAMLServletAdapterTest failures
2021-06-17 11:30:39 +02:00
Tomas Kyjovsky
6db1c8204a
KEYCLOAK-18393 SAMLAdapterCrossDCTest failures
2021-06-16 18:46:38 +02:00
Martin Bartoš
78b6762326
KEYCLOAK-18442 LifespanAdapterTest - duplicate resources
2021-06-15 15:32:59 +02:00
Pedro Igor
ef3a0ee06c
[KEYCLOAK-17399] - Declarative User Profile and UI
...
Co-authored-by: Vlastimil Elias <velias@redhat.com>
2021-06-14 11:28:32 +02:00
Václav Muzikář
9854f21ace
KEYCLOAK-18332 Client Scopes are reset to realm's default when Client is updated
2021-06-11 07:41:18 +02:00
mposolda
070c68e18a
KEYCLOAK-18069 Migration of client policies JSON from Keycloak 13
2021-06-10 10:40:14 +02:00
Douglas Palmer
aac0b6ec5f
[KEYCLOAK-17602] Email account verification link is wrongly encoded
2021-06-10 08:34:53 +02:00
Martin Bartoš
8ea2551d25
KEYCLOAK-18247 LifespanAdapterTest fails due to validation error on EAP
2021-06-10 07:07:35 +02:00
Martin Bartoš
07d57ca30f
KEYCLOAK-17179 IdP mappers with MultiValued property can't be saved
2021-06-10 07:02:21 +02:00
mposolda
91865fa93e
KEYCLOAK-18368 Invalidate client session after refresh token re-use
2021-06-09 14:43:29 +02:00
Benjamin Weimer
f66354a80e
KEYCLOAK-16947 add error parameters to access token response & improve logging
2021-06-07 17:53:30 +02:00
vramik
95bf912dc9
KEYCLOAK-18035 Fix update client with default default scope assigned as optional
2021-06-07 16:22:55 +02:00
Tomas Kyjovsky
b071be7799
KEYCLOAK-18260 ClientSearchTest.testQuerySearch failure on MSSQL2019
...
- removed Central European characters from the test
2021-06-07 16:20:53 +02:00
Tomas Kyjovsky
80eabcb7eb
KEYCLOAK-18249 WelcomePageTest fails on MSSQL 2019
...
- removed reference to `FK_P56CTINXXB9GSK57FO49F9TAC` from the `DropAllServlet`
2021-06-07 16:18:32 +02:00
vramik
5c007420ef
KEYCLOAK-18367 fix compilation failure
2021-06-07 12:50:23 +02:00
Martin Bartoš
4b009ebf5e
KEYCLOAK-14540 Determine project/product name
2021-06-07 11:24:29 +02:00
Václav Muzikář
6b365d7c12
KEYCLOAK-18044 Client Policy: UI tests (old Admin Console)
2021-06-07 06:43:35 +02:00
mposolda
3d16a1e8d3
KEYCLOAK-16811 Add executor for disable 'Full Scope Allowed' and add it to FAPI profiles
2021-06-04 15:46:33 +02:00
Tomas Kyjovsky
1033b272e8
KEYCLOAK-13757 fix for KEYCLOAK-18267_KEYCLOAK-17254
2021-06-03 13:52:25 +02:00
Tomas Kyjovsky
2802740101
KEYCLOAK-13757 update JDG version to 8.1 - testsuite updates
2021-06-03 13:52:25 +02:00
Jan Lieskovsky
cbd4288205
[KEYCLOAK-17254] Adaptively add the default modular JVM options
...
to the "javaVmArguments" to start the cache server container with,
if the JVM used to run the cache server is modular (JDK 9+)
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2021-06-03 10:36:53 +02:00
mposolda
12c47150e7
KEYCLOAK-18337 FAPI1Test fails in pipeline with auth-server-undertow-non-tls
2021-06-03 10:09:40 +02:00
Martin Bartoš
fc40e875b9
KEYCLOAK-14515 ModAuthMellonTest fails
2021-06-02 18:01:08 +02:00
vramik
0959475099
KEYCLOAK-18305 revisit tests - authz disabled
2021-06-02 14:26:22 +02:00
Douglas Palmer
986b69c03f
[KEYCLOAK-17405] Session auth time updated when user has not re-authenticated
2021-06-01 19:35:42 +02:00
Miquel Simon
ccad4653d8
KEYCLOAK-18324. Exclude FAPI tests for remote auth server.
2021-06-01 11:47:13 +02:00
Stian Thorgersen
c868e1b173
Update HOW-TO-RUN.md
2021-06-01 10:27:12 +02:00
mposolda
73a38997d8
KEYCLOAK-14208 Default client profiles for FAPI
2021-05-31 12:31:52 +02:00
mposolda
ab13e3e4fe
KEYCLOAK-17939 Enable Client policies feature by default
2021-05-31 12:31:52 +02:00
Michito Okai
bc6a746780
KEYCLOAK-18112 Token introspection of the revoked refresh token
2021-05-31 11:01:01 +02:00
vramik
2bf727d408
KEYCLOAK-17753 remove KeycloakModelUtils.isClientScopeUsed method
2021-05-28 21:07:14 +02:00
rmartinc
38101d01c2
[KEYCLOAK-18250] LDAPSyncTest.test09MembershipUsingDifferentAttributes fails on MySQL 8 and MariaDB 10.3
2021-05-28 00:01:57 +02:00
Michal Hajas
b216b9579c
KEYCLOAK-18264 Fix SamlLogoutTest with different consumer and provider url
2021-05-27 23:23:46 +02:00
Michal Hajas
4dcb69596b
KEYCLOAK-18146 Search for clients by client attribute when doing saml artifact resolution
2021-05-27 23:02:22 +02:00
Stian Thorgersen
2cb59e2503
KEYCLOAK-17844 Add option to disable authorization services to workaround issues with many clients
2021-05-27 22:28:56 +02:00
Martin Kanis
23aee6c210
KEYCLOAK-16616 Limit number of authSessios per rootAuthSession
2021-05-27 22:10:36 +02:00
Takashi Norimatsu
669556af71
KEYCLOAK-18296 RefreshTokenRequest returns incorrect error code during failed HoK request
2021-05-27 15:28:29 +02:00
Yoshiyuki Tabata
c52d0babce
KEYCLOAK-17491 Move the key settings to the new Keys tab
2021-05-27 15:26:40 +02:00
Martin Bartoš
2096a0f5cc
KEYCLOAK-18246 DemoFilterServletAdapterTest fails for app servers with TLS
2021-05-27 13:06:35 +02:00
vramik
3aa06c2721
KEYCLOAK-18073 avoid ModelDuplicateException during parallel starup of servers
2021-05-27 07:10:35 +02:00
Stefan Guilhen
eb631bf63b
[KEYCLOAK-8730] Ensure role mappers don't remove roles already granted by another mapper when updating a brokered user
2021-05-26 17:21:54 +02:00
Michal Hajas
5c71c3d97f
KEYCLOAK-17764 Remove all clients querying fallback ( #8077 )
2021-05-26 13:18:58 +02:00
Martin Bartoš
77fe3e9bed
KEYCLOAK-18054 EAP6Fuse6HawtioAdapterTest fails due to wrong port without TLS
2021-05-26 08:58:03 +02:00
Pedro Igor
b7e5db6534
[KEYCLOAK-18007] - Configure resolved paths with the method config from configuration
2021-05-25 09:48:30 -03:00
Luca Leonardo Scorcia
478319348b
KEYCLOAK-16450 X509 Direct Grant Auth does not verify certificate timestamp validity
2021-05-25 10:32:17 +02:00
Takashi Norimatsu
6e7898039b
KEYCLOAK-18139 SecureResponseTypeExecutor: polishing for FAPI 1 final
2021-05-25 08:32:43 +02:00
mposolda
d4374f37ae
KEYCLOAK-18258 Not possible to login with public client, which was confidential with custom client authenticator set
2021-05-24 13:17:14 +02:00
Lukas Hanusovsky
afb8da7ff0
KEYCLOAK-18056 exclude test for remote testsuite.
2021-05-24 11:27:44 +02:00
Yoshiyuki Tabata
4c49d595cb
Fix HOW-TO-RUN.md
2021-05-24 09:28:38 +02:00
Takashi Norimatsu
6532baa9a7
KEYCLOAK-18127 Option for skip return user's claims in the ID Token for hybrid flow
2021-05-24 08:02:34 +02:00
Václav Muzikář
5d578f0c90
KEYCLOAK-17905 Quarkus: ClientPoliciesImportExportTest.testSingleFileRealmExportImport failed in GHA
2021-05-21 08:27:36 +02:00
Michito Okai
cc2d6f0741
KEYCLOAK-18235 Display of options about device grant when selecting
...
"public" as the access type
2021-05-21 08:24:27 +02:00
Vlastimil Elias
4ad1687f2b
[KEYCLOAK-17399] UserProfile SPI - Validation SPI integration
2021-05-20 15:26:17 -03:00
Pedro Igor
9ebbc7673c
[KEYCLOAK-18111] - Error when processing path without associated resource
2021-05-20 11:15:11 -03:00
Thomas Darimont
c49dbd66fa
KEYCLOAK-15437 Ensure at_hash is generated for IDTokens on token-refresh
2021-05-20 16:05:11 +02:00
Pedro Igor
a0f8d2bc0e
[KEYCLOAK-17399] - Review User Profile SPI
...
Co-Authored-By: Vlastimil Elias <vlastimil.elias@worldonline.cz>
2021-05-20 08:44:24 -03:00
rmartinc
b97f177f26
[KEYCLOAK-14696] Unable to fetch list of members from a group through keycloak admin console.
2021-05-20 11:32:23 +02:00
Michal Hajas
3bb5bff8e0
KEYCLOAK-17495 Do not include principal in the reference to broker sessionId
2021-05-20 11:32:11 +02:00
mposolda
d3e9e21abd
KEYCLOAK-17906 Use auto-configure instead of is-augment. Use default-client-authenticator option in SecureClientAuthenticatorExecutor
2021-05-19 12:18:11 +02:00
vramik
4d776cd780
KEYCLOAK-18137 Fix introduced SPI name
2021-05-18 20:30:21 +02:00
Martin Bartoš
8c299b417a
KEYCLOAK-17784: Remember me - fix test
2021-05-18 16:15:30 +02:00
Bastian Ike
5c3d7f186e
KEYCLOAK-17784: URL encode Keycloak's remember-me cookie to allow non-ascii usernames.
...
International users using non-ascii symbols such as the german `äöü`
will make Keycloak set the KEYCLOAK_REMEMBER_ME cookie without URL
encoding. This will trigger an java.lang.IllegalArgumentException:
UT000173 exception in undertow's cookie parser which does not
allow non-ascii characters.
Co-authored-by: Fabian Freyer <mail@fabianfreyer.de>
2021-05-18 16:15:30 +02:00
Mathieu CLAUDEL
df714506cc
KEYCLOAK-17655 - Can't impersonate
2021-05-18 14:16:01 +02:00
mposolda
71dcbec642
KEYCLOAK-18108 Refactoring retrieve of condition/executor providers. Make sure correct configuration of executor/condition is used for particular provider
2021-05-18 12:20:47 +02:00
mposolda
b8a7750000
KEYCLOAK-18113 Refactor some executor/condition provider IDs
2021-05-18 09:17:41 +02:00
Václav Muzikář
62e6883524
KEYCLOAK-17084 KEYCLOAK-17434 Support querying clients by client attributes
2021-05-14 13:58:53 +02:00
Pedro Igor
62e17f3be7
[KEYCLOAK-17588] - Authz confirmation popping out twice
2021-05-14 07:21:06 -03:00
Tomas Kyjovsky
1292135729
KEYCLOAK-17322 Align tested databases with EAP 7.4 support matrix
2021-05-14 09:27:00 +02:00
Peter Flintholm
919899b994
KEYCLOAK-18039: Optimise offline session load on startup
...
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2021-05-13 16:26:26 +02:00
Alfredo Boullosa
716afe9404
KEYCLOAK-18075 - Remove "role_list" from expected default client scopes
2021-05-13 10:30:12 +02:00
Marek Posolda
a6d4316084
KEYCLOAK-14209 Client policies admin console support. Changing of format of JSON for client policies and profiles. Remove support for default policies ( #7969 )
...
* KEYCLOAK-14209 KEYCLOAK-17988 Client policies admin console support. Changing of format of JSON for client policies and profiles. Refactoring based on feedback and remove builtin policies
2021-05-12 16:19:55 +02:00
mhajas
f37a24dd91
KEYCLOAK-17348 Add manual pagination into UserStorageManager#query
2021-05-12 15:09:36 +02:00
Takashi Norimatsu
355a5d65fb
KEYCLOAK-18052 Client Policies : Revise SecureRequestObjectExecutor to have an option for checking nbf claim
2021-05-11 14:29:33 +02:00
rmartinc
2539bd9ed3
[KEYCLOAK-17903] idp metadata describing one entity MUST have EntityDescriptor root element
2021-05-11 13:02:13 +02:00
Takashi Norimatsu
5dced05591
KEYCLOAK-18050 Client Policies : Rename "secure-redirecturi-enforce-executor" to indicate what this executor does
2021-05-11 07:42:18 +02:00
Pedro Igor
6397671c88
[KEYCLOAK-17885] - Delete user-managed policies when removing groups
2021-05-10 16:33:23 -03:00
Takashi Norimatsu
b4e4e75743
KEYCLOAK-17928 Determine public client based on token_endpoint_auth_method during OIDC dynamic client registration
2021-05-10 08:24:18 +02:00
Takashi Norimatsu
624d300a55
KEYCLOAK-17938 Not possible to create client in the admin console when client policy with "secure-redirecturi-enforce-executor" condition is used
2021-05-07 17:52:09 +02:00
Takashi Norimatsu
b38b1eb782
KEYCLOAK-17895 SecureSigningAlgorithmEnforceExecutor: Ability to auto-configure default algorithm
2021-05-07 12:37:39 +02:00
Takashi Norimatsu
faab3183e0
KEYCLOAK-18034 Enforce SecureSigningAlgorithmForSignedJwtEnforceExecutor to private-key-jwt clients regardless their option
2021-05-07 12:26:46 +02:00
keycloak-bot
4b44f7d566
Set version to 14.0.0-SNAPSHOT
2021-05-06 14:55:01 +02:00
Bruno Oliveira da Silva
818dc40304
[KEYCLOAK-18001] Upgrade Apache Ant dependency
2021-05-06 08:55:57 -03:00
Michal Hajas
e7821bb67b
KEYCLOAK-17995 Add a warning to standalone migration scripts to perform a manual migration script if needed + fix test failures when migrating from 9.0.3
2021-05-06 11:40:01 +02:00
Hynek Mlnarik
98a88e3e8b
KEYCLOAK-17991 Introduce preview feature for map storage
2021-05-06 11:38:41 +02:00
Hynek Mlnarik
6d97a573e6
KEYCLOAK-17696 Make MapStorageFactory amphibian
2021-05-06 11:38:41 +02:00
Takashi Norimatsu
0a4fdc64f3
KEYCLOAK-17929 SecureSigningAlgorithmForSignedJwtEnforceExecutor polishing for FAPI
2021-05-06 08:41:05 +02:00
Takashi Norimatsu
b78d151a23
KEYCLOAK-16808 Client Policy : Implement existing ConsentRequiredClientRegistrationPolicy as Client Policies' executor
...
Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
2021-05-06 08:36:34 +02:00
Peter Skopek
b2ed99c70d
KEYCLOAK-16928 Fix typo in authenticatorFlow representation
2021-05-06 08:33:19 +02:00
mposolda
20fc430be0
KEYCLOAK-17874 Server cannot be started with oracle19cRAC
2021-05-05 13:12:07 +02:00
Václav Muzikář
57fca2a34f
KEYCLOAK-15170 Reset password link is not invalidated if email address is changed
2021-05-05 08:45:47 +02:00
Martin Bartoš
c2c1b482ea
KEYCLOAK-17734 LifespanAdapterTest fails due to header check
2021-05-04 12:36:33 +02:00
rmartinc
7de5e7d298
KEYCLOAK-17074 Infinite loop logging as an user or impersonating an user as admin ( #7799 )
2021-05-03 21:05:12 -04:00
Christoph Leistert
61bdc92ad9
KEYCLOAK-17387: 403 response on localization endpoint for cross realm users
...
- add ForbiddenPage class for the assertion at the selenium test
- add assertion to selenium test
- GET requests for localization texts require at least one role for the realm
- Make GET requests for localization texts public, to display the admin UI correctly, even if the role view-realm is missing
2021-05-03 13:29:11 -03:00
Václav Muzikář
315b9e3c29
KEYCLOAK-17835 Account Permanent Lockout and login error messages
2021-05-03 09:39:34 +02:00
Takashi Norimatsu
65c48a4183
KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA) ( #7679 )
...
* KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA)
Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
Co-authored-by: Christophe Lannoy <c4r1570p4e@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-04-29 15:56:39 +02:00
Jan Lieskovsky
9a76ccce86
[KEYCLOAK-17818] Upgrade Keycloak to Wildfly 23.0.1.Final / Wildfly Core 15.0.1.Final
...
[KEYCLOAK-17227] Return the versions of Wildfly deprecated module in the Arquillian
testsuite to those defined by Wildfly 21
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2021-04-29 12:36:03 +02:00
Jan Lieskovsky
6df5ba0f1c
[KEYCLOAK-17227] Wildfly 23 upgrade
...
Base fixes:
* [KEYCLOAK-17228] Upgrade Keycloak to Wildfly 23.0.0.Final / Wildfly Core 15.0.0.Final
Other (related) fixes:
* [KEYCLOAK-17477] Update org.wildfly.common to 1.5.4.Final
* [KEYCLOAK-17478] Update wildfly-galleon-maven-plugin to 5.1.0.Final
* [KEYCLOAK-17479] Keycloak Galleon Feature Pack: Adapter fails to build on top of Wildfly 23
* [KEYCLOAK-17482] Sync Wildfly 23 model changes to Keycloak
* [KEYCLOAK-17508] Apply workaround for WFCORE-5335
* [KEYCLOAK-17231] Update org.keycloak.testsuite.metrics.MetricsRestServiceTest
to work with org.wildfly.extension.health
* [KEYCLOAK-17585] Fix Quarkus startup failure post applying Wildfly 23 upgrade changes
* [KEYCLOAK-17583] Fix ConfigMigrationTest post applying Wildfly 23 model changes
* [KEYCLOAK-17584] Fix ActionTokenCrossDCTest#sendResetPasswordEmailSuccessWorksInCrossDc
test failure post applying Wildfly 23 upgrade changes
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2021-04-29 12:36:03 +02:00
Jan Lieskovsky
16ba4c0104
[KEYCLOAK-16723] Upgrade to Wildfly 22
...
Base fixes:
* [KEYCLOAK-16724] Upgrade Keycloak to Wildfly 22.0.0.Beta1 / Wildfly Core 14.0.0.Beta4
* [KEYCLOAK-16822] Upgrade Keycloak to Wildfly 22.0.0.Final / Wildfly Core 14.0.0.Final
* [KEYCLOAK-17158] Upgrade Keycloak to Wildfly 22.0.1.Final / Wildfly Core 14.0.1.Final
Other (related) fixes:
* [KEYCLOAK-16174] Upgrade (RH-SSO adapters) to EAP CD 21
* [KEYCLOAK-16202] Don't upgrade versions of httpclient and httpcore in the Fuse adapter
as part of the Wildfly upgrade script run
* [KEYCLOAK-16737] Keycloak core depends on org.bouncycastle:bcprov-jdk15on:1.65, which
suffers from CVE-2020-28052
* [KEYCLOAK-16907] ConfigMigrationTest fails after upgrade to Wildfly 22.0.0.Final
* [KEYCLOAK-17156] org.keycloak.test.config.migration.ConfigMigrationTest fails with
'illegal reflective access to method com.sun.net.ssl.internal.ssl.Provider.isFIPS()'
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2021-04-29 12:36:03 +02:00
vramik
de79493294
KEYCLOAK-17896 Add maven profile for map storage
2021-04-28 21:05:42 +02:00
vramik
162043beec
KEYCLOAK-17615 Move database initialization from KeycloakApplication to JpaConnectionProviderFactory
2021-04-28 13:43:48 +02:00
Martin Kanis
515bfb5064
KEYCLOAK-16378 User / client session map store
...
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2021-04-28 09:09:15 +02:00
Martin Bartoš
5c4753ef20
KEYCLOAK-17873 FuseUtils - No bundles found for Fuse 7.x
2021-04-28 08:44:54 +02:00
Yoshiyuki Tabata
45202bd49a
KEYCLOAK-17637 Client Scope Policy for authorization service
2021-04-26 08:58:33 -03:00
Ayat Bouchouareb
8255cba930
KEYCLOAK-17612- Invalid SAML Response : Invalid Destination
2021-04-26 11:15:28 +02:00
Pedro Igor
068a1811f2
[KEYCLOAK-17452] - Removing policies created from a user-managed policy
2021-04-21 11:30:57 -03:00
Pedro Igor
228de42859
[KEYCLOAK-17598] - Changing root path check when resolving resource by uri
2021-04-21 11:30:07 -03:00
Takashi Norimatsu
190b60c5cd
KEYCLOAK-17827 Client Policy - Condition : Client - Client Host : Removing Option
2021-04-21 15:16:00 +02:00
i7a7467
ada7f37430
KEYCLOAK-16918 Set custom user attribute to Name ID Format for a SAML client
...
https://issues.redhat.com/browse/KEYCLOAK-16918
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2021-04-20 10:29:17 +02:00
Martin Bartoš
ca019c36e8
KEYCLOAK-17457 Failed OfflineServletsAdapterTest
2021-04-19 16:58:38 -03:00
AlistairDoswald
8b3e77bf81
KEYCLOAK-9992 Support for ARTIFACT binding in server to client communication
...
Co-authored-by: AlistairDoswald <alistair.doswald@elca.ch>
Co-authored-by: harture <harture414@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2021-04-16 12:15:59 +02:00
Michal Hajas
64ccbda5d5
KEYCLOAK-17323 Compute token expiration using Time.currentTime() instead of userSession.getStarted()
2021-04-14 12:58:45 +02:00
Martin Bartoš
b237c503ba
KEYCLOAK-16913 Fix failed FuseAdapterTest
2021-04-14 09:51:02 +02:00
Martin Bartoš
5a9068e732
KEYCLOAK-16401 Deny/Allow access in a conditional context
2021-04-09 12:04:45 +02:00
Alfredo Boullosa
cd342ad571
KEYCLOAK-17620 - Fix ClientClientScopesTest
2021-04-08 15:56:51 +02:00
Alfredo Boullosa
2f0f99c204
KEYCLOAK-17619 - Fix DefaultRolesTest
2021-04-08 12:17:53 +02:00
Michito Okai
d9ebbe4958
KEYCLOAK-17202 Restrict Issuance of Refresh tokens to specific clients
2021-04-08 11:51:25 +02:00
Takashi Norimatsu
8b0b657a8f
KEYCLOAK-17682 Client Policy - Executor : remove inner config class for executor without any config
2021-04-08 09:22:16 +02:00
Takashi Norimatsu
3221708499
KEYCLOAK-17667 Client Policy - Executor : Only Accept Confidential Client
2021-04-08 09:17:10 +02:00
Takashi Norimatsu
e9035bb7b3
KEYCLOAK-17681 Client Policy - Executor : Limiting available period of Request Object with its configuration
2021-04-08 09:12:20 +02:00
Daniel Fesenmeyer
a48d04bfe0
KEYCLOAK-16082 save attributes when role is created (with REST POST request)
...
- add missing mapping code to RoleContainerResource#createRole
- extend ClientRolesTest and RealmRolesTest to check that now the attributes are saved when a role is created
- remove no longer needed code which updated roles because attributes were not saved on creation
2021-04-07 14:08:49 -03:00
Lukas Hanusovsky
e0d660d815
KEYCLOAK-17311 - exclude for Remote testsuite
2021-04-07 13:37:38 +02:00
Lukas Hanusovsky
17b19b2e36
KEYCLOAK-17302 - exclude for Remote testsuite
2021-04-07 13:35:47 +02:00
Takashi Norimatsu
7b227ae47c
KEYCLOAK-17666 Client Policy - Executor : Limiting available period of Request Object
2021-04-07 08:36:26 +02:00
Takashi Norimatsu
42dec08f3c
KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation) ( #7780 )
...
* KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation)
* support tests using auth-server-quarkus
* Configuration changes for ClientPolicyExecutorProvider
* Change VALUE of table REALM_ATTRIBUTES to NCLOB
* add author tag
* incorporate all review comments
Co-authored-by: mposolda <mposolda@gmail.com>
2021-04-06 16:31:10 +02:00
vramik
d1ad905407
KEYCLOAK-17640 fix MultiVersionClusterTest.verifyFailureOn* tests
2021-04-06 12:55:26 +02:00
Miquel Simon
5f551e018d
KEYCLOAK-17310. Disabled test in remote environment. ( #7898 )
2021-04-06 09:03:04 +02:00
vramik
185075d373
KEYCLOAK-14552 Realm Map Store
2021-03-31 15:49:03 +02:00
Konstantinos Georgilakis
ec5c256562
KEYCLOAK-5657 Support for transient NameIDPolicy and AllowCreate in SAML IdP
2021-03-31 14:45:39 +02:00
rmartinc
0a0caa07d6
KEYCLOAK-17215 Slowness issue while hitting /auth/admin/realms/$REALM/clients?viewableOnly=true after DELETE a role
2021-03-31 12:57:17 +02:00
vramik
c3b9c66941
KEYCLOAK-17460 invalidate client when assigning scope
2021-03-30 10:58:16 +02:00
sma1212
e10f3b3672
[KEYCLOAK-17484] OIDC Conformance - Authorization response with Hybrid flow does not contain token_type ( #7872 )
...
* [KEYCLOAK-17484] fix oidc conformance for hybrid-flow
* [KEYCLOAK-17484] add TokenType & ExpiresIn to OAuth2Constants
* [KEYCLOAK-17484] add request validation for oidc-flows automated tests
2021-03-30 08:59:30 +02:00
devopsix
590ee1b1a2
KEYCLOAK-15459 Fix serialization of locale in admin console's “whoami” ( #7397 )
...
call.
2021-03-29 18:37:26 -04:00
Bodo Graumann
0033b7daf7
[KEYCLOAK-17166] Use radio buttons for otp select
2021-03-29 15:46:34 +02:00
Thomas Darimont
7ec6a54e22
KEYCLOAK-17581 Prevent empty group names
...
Create / Update operations in `GroupResource ` and `GroupsResource#addTopLevelGroup`
did not validate the given group name. This allowed the creation of groups with empty names.
We now prevent the creation of groups with empty names.
2021-03-25 19:10:38 -03:00
Hynek Mlnarik
a36fafe04e
KEYCLOAK-17409 Support for amphibian (both component and standalone) provider
2021-03-25 13:28:20 +01:00
Jan Lieskovsky
5fac80b05e
[KEYCLOAK-17100] Testsuite Wildfly initialization error on Windows
...
[KEYCLOAK-17392] Java CLASSPATH is wrongly parsed on Windows
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-Authored-By: Peter Zaoral <pzaoral@redhat.com>
2021-03-25 09:21:34 +01:00
Alfredo Boullosa
e126969f82
Add Retry
2021-03-24 15:15:02 +01:00
Pedro Igor
fca65ac644
Adding a test when custom policies are used
2021-03-24 08:24:43 -03:00
Xiangjiaox
ca81e6ae8c
KEYCLOAK-15015 Extend KeyWrapper to add whole certificate chain in x5c parameter ( #7643 )
...
* [KEYCLOAK-15015] - Publishing the x5c for JWK
Co-authored-by: Vetle Bergstad <vetle.bergstad@evry.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2021-03-23 08:37:50 -03:00
cgeorgilakis
18afdea392
KEYCLOAK-16048 SAML Client import - add md:RequestedAttribute as "User Attribute" ProtocolMapper
2021-03-22 21:55:32 +01:00
Stan Silvert
717d9515fa
KEYCLOAK-16890: Stored XSS attack on new acct console ( #7867 )
2021-03-22 11:24:12 +01:00
Stan Silvert
3b80eee5bf
KEYCLOAK-17033: Reflected XSS attack with referrer in new account
...
console
2021-03-22 11:22:23 +01:00
Clement Cureau
0b68f24a09
[KEYCLOAK-14046] Include groups in user creation via Admin Console ( #7035 )
...
* [KEYCLOAK-14046] Include groups in user creation via Admin Console
Since the POST /users API now supports providing groups membership, here is the UI
part!
- Added a field in the user creation UI to specify groups the newly created user
will be joining
- Added associated messages in english language
* Added UI integration tests
* Fixed UI tests
* Flatten nested groups in user creation groups searchbox
* Filtering out searched groups
* Removed unused injection
* Fixed UI tests
Co-authored-by: Clement Cureau <clement.cureau@cdiscount.com>
2021-03-19 13:55:45 +01:00
mposolda
853a6d7327
KEYCLOAK-17000 Adding server tmp directory inside the auth-server home directory
2021-03-17 10:06:48 +01:00
Pascal Euhus
82fc401298
[KEYCLOAK-9841] use LDAPUser UUID as an identifier instead of username
2021-03-16 17:55:24 +01:00
Andrew Elwell
c76ca4ad13
Correct "doesn't exists" typos - fixes KEYCLOAK-14986 ( #7316 )
...
* Correct "doesn't exists" typos
* Revert changes to imported package
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2021-03-16 11:52:36 +01:00
Yang Xie
db30b470c4
KEYCLOAK-17342 Make the default value of default signature algorithm show up in the admin console
2021-03-16 09:15:22 +01:00
Michito Okai
298ab0bc3e
KEYCLOAK-7675 Support for Device Authorization Grant
2021-03-15 10:09:20 -03:00
Łukasz Dywicki
319195236b
Fix failing test, cause oauth device flow is encoded using realm attributes.
2021-03-15 10:09:20 -03:00
Hiroyuki Wada
9d57b88dba
KEYCLOAK-7675 Prototype Implementation of Device Authorization Grant.
...
Author: Hiroyuki Wada <h2-wada@nri.co.jp>
Date: Thu May 2 00:22:24 2019 +0900
Signed-off-by: Łukasz Dywicki <luke@code-house.org>
2021-03-15 10:09:20 -03:00
Thomas Darimont
d2060913be
KEYCLOAK-14412 Fixed compiler error in JavascriptAdapterTests
2021-03-11 13:03:08 -03:00
Thomas Darimont
b926cd20f1
KEYCLOAK-14412 Keycloak.js should honor scopes configured in initOptions and loginOptions
2021-03-11 13:03:08 -03:00
Hynek Mlnarik
4946484cb6
KEYCLOAK-17377 Fix invalidation cluster tests (do not hide failures)
2021-03-11 16:14:59 +01:00
Miquel Simon
1d54dd5e8b
KEYCLOAK-16006. Fixed Spring Boot tests with new offset value.
2021-03-11 09:51:28 +01:00
Alfredo Boullosa
95d9cd2b38
KEYCLOAK-17376 - Fix DeviceActivityTest, SigningInTest and PermissionsTest
2021-03-10 09:00:30 +01:00
Lukas Hanusovsky
b3ea6f74be
KEYCLOAK-16212 - Exclude Remote execution for the LDAPVaultCredentialsTest, fixed broken exclude Remote execution for the LDAPUserLoginTest.
2021-03-10 07:27:43 +01:00
Yang Xie
2605eddbe7
KEYCLOAK-17300 Add a method to check if the token revocation request has duplicate parameters
2021-03-09 18:27:38 +01:00
Alfredo Boullosa
3d76e2b775
KEYCLOAK-17378 - Fix DisableAuthorizationSettingsTest
2021-03-09 16:09:53 +01:00
Lukas Hanusovsky
ef57714eaa
KEYCLOAK-17301 - fix -> added org.infinispan.commons module into jboss-deployment-structure.xml
2021-03-09 11:05:17 +01:00
vramik
6e501946b1
KEYCLOAK-17021 Client Scope map store
2021-03-08 21:59:28 +01:00
Michal Hajas
fc29a39e5a
KEYCLOAK-16592 Do not require destination with SOAP binding
2021-03-05 19:52:00 +01:00
mposolda
99c1ee7f5a
KEYCLOAK-16793 KEYCLOAK-16948 Cors on error responses for logoutEndpoint and tokenEndpoint
2021-03-05 14:14:53 +01:00
Martin Bartoš
d452041d7d
KEYCLOAK-17304 ClientPoliciesTest - exclude mTLS tests for non-required SSL
2021-03-05 12:24:37 +01:00
Martin Bartoš
da6a017e86
KEYCLOAK-17307 ResetPasswordTest - wrong redirect URIs
2021-03-05 08:49:34 +01:00
Pavel Drozd
8203c4451e
KEYCLOAK-14766 - Removed setting default password for LDAPRule configuration
2021-03-04 12:56:45 +01:00
Denis
23bfaef4bb
KEYCLOAK-15535 Account Log of user login with realm not available details when update profile
2021-03-04 08:06:36 +01:00
Yang Xie
78754d1127
KEYCLOAK-17259 Add a method to check if the introspection request has duplicate parameters
2021-03-03 16:23:27 +01:00
Pedro Igor
0f30b3118a
[KEYCLOAK-16676] - Client attributes should not be stored if null or empty
2021-03-03 15:37:05 +01:00
Pedro Igor
40efbb0f9c
[KEYCLOAK-13942] - Invalidate pre-defined paths when paths are invalidated
2021-03-02 15:01:42 +01:00
Takashi Norimatsu
882f5ffea4
KEYCLOAK-15533 Client Policy : Extends Policy Interface to Migrate Client Registration Policies
...
Co-authored-by: Hryhorii Hevorkian <hhe@adorsys.com.ua>
Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
2021-03-02 09:26:04 +01:00
i7a7467
b83064b142
KEYCLOAK-16679 Add algorithm settings for client assertion signature in OIDC identity broker
2021-03-01 18:11:25 +01:00
Takashi Norimatsu
c4bf8ecdf0
KEYCLOAK-16880 Client Policy - Condition : Negative Logic Support
2021-03-01 14:27:39 +01:00
mposolda
41dc94fead
KEYCLOAK-14483 Broker state param fix
2021-02-24 19:07:58 -03:00
Alfredo Boullosa
52a939f61a
KEYCLOAK-17125 Update Arquillian drone version to 2.5.2
2021-02-24 08:51:47 +01:00
mposolda
6f409d088a
KEYCLOAK-15239 Reset Password Success Message not shown when Kerberos is Enabled
2021-02-23 16:15:50 -03:00
Pedro Igor
dbc6514bfc
[KEYCLOAK-17206] - Avoid removing attributes when updating user and profile
2021-02-23 08:41:41 +01:00
Juan Manuel Rodriguez Alvarado
6255ebe6b5
[KEYCLOAK-16536] Implement Audit Events for Authorization Services requests
2021-02-22 17:28:59 -03:00
mposolda
ed8d5a257f
KEYCLOAK-16517 Make sure that just real clients with standardFlow or implicitFlow enabled are considered for redirectUri during logout
2021-02-22 14:30:32 +01:00
mposolda
0058011265
KEYCLOAK-16006 User should not be required to re-authenticate after revoking consent to an application
2021-02-22 14:29:42 +01:00
Pedro Igor
1dc0b005fe
[KEYCLOAK-17087] - X509 OCSP Validation Not Checking Intermediate CAs
2021-02-22 13:50:19 +01:00
Lukas Hanusovsky
4a2830bc2e
KEYCLOAK-15849 : auth-remote-server exclude -> removed duplicated annotation, fixed @Test(timeout) bug -> replaced by lambda expression.
2021-02-22 13:40:47 +01:00
Pedro Igor
9356843c6c
[KEYCLOAK-16521] - Fixing secret for non-confidential clients
2021-02-19 08:38:49 +01:00
Torsten Roemer
750f5fdb0a
KEYCLOAK-14577 OIDCIdentityProvider incorrectly sets firstName and lastName in BrokeredIdentityContext
2021-02-18 19:50:27 +01:00
Torsten Roemer
00ee6bb9fa
KEYCLOAK-14577 OIDCIdentityProvider incorrectly sets firstName and lastName in BrokeredIdentityContext
2021-02-18 19:50:27 +01:00
rmartinc
056b52fbbe
KEYCLOAK-16800 userinfo fails with 500 Internal Server Error for service account token
2021-02-18 19:37:52 +01:00
Pedro Igor
431f137c37
[KEYCLOAK-17123] - Avoid validation and updates for read-only attributes during updates
2021-02-17 17:57:46 +01:00
stefvdwel
b97f5eb128
Added PermissionTicket count test.
2021-02-17 09:40:19 -03:00
Pedro Igor
2593c3dbc4
[KEYCLOAK-15893] - Incorrect resource match is returned for some cases when using wildcard in uri
2021-02-17 12:51:26 +01:00
mposolda
80bf0b6bad
KEYCLOAK-16708 Unexpected exceptions during client authentication
2021-02-12 18:27:54 +01:00
Pedro Igor
ca2a761d4b
[KEYCLOAK-16886] - Updating user account removes attributes
2021-02-12 12:01:50 -03:00
Michito Okai
33bb1fda38
KEYCLOAK-16931 Authorization Server Metadata of
...
introspection_endpoint_auth_methods_supported and
introspection_endpoint_auth_signing_alg_values_supported
2021-02-11 14:53:49 +01:00
Pedro Igor
7a4733acc9
[KEYCLOAK-14034] - Adding tests for matching uris once updated
2021-02-11 09:44:43 -03:00
mposolda
456cdc51f2
KEYCLOAK-15719 CORS headers missing on userinfo error response
2021-02-11 13:37:42 +01:00
diodfr
cb12fed96e
KEYCLOAK-4544 Detect existing user before granting user autolink
2021-02-11 11:06:49 +01:00
Lukas Hanusovsky
223d0ea456
KEYCLOAK-16625 : Testsuite -> auth.server.remote: adding keystore file to a build directory.
2021-02-09 15:22:43 +01:00
Pedro Igor
f6c3ec5d9e
[KEYCLOAK-14366] - Missing check for iss claim in JWT validation on Client Authentication (Token Endpoint)
2021-02-09 13:54:06 +01:00
Pedro Igor
ab9a38ec27
[KEYCLOAK-13115] - Unable to add a role to a user if username query matches multiple acounts
2021-02-09 13:49:25 +01:00
Pedro Igor
eb37a1ed69
[KEYCLOAK-17031] - ClientInvalidationClusterTest failing on Quarkus due to unreliable comparison
2021-02-05 16:09:27 +01:00
mposolda
f4b5942c6c
KEYCLOAK-16755 ClearExpiredUserSessions optimization. Rely on infinispan expiration rather than Keycloak own background task.
2021-02-04 08:49:42 +01:00
Yang Xie
cffe24f815
KECLOAK-16009 Add a method to check if the token request has duplicate parameters
2021-02-03 16:10:41 +01:00
Florian Apolloner
eeec82dea3
KEYCLOAK-16656 Only set execution authenticator for form flows.
2021-01-29 17:19:15 +01:00
Martin Kanis
8432513daa
KEYCLOAK-16908 Refactor UserSessionPersisterProvider
2021-01-29 09:29:00 +01:00
Pedro Igor
922d7da3ae
[KEYCLOAK-16497] - AuthzClient.create() fails when env variables are used in auth-server-url
2021-01-28 12:07:58 -03:00
Hynek Mlnarik
60e4bd622f
KEYCLOAK-16828 Fix HttpClient failures and close HttpResponses
2021-01-28 08:38:34 +01:00
rmartinc
f3a4991b6a
KEYCLOAK-15975 NPE in DefaultThemeManager.loadTheme() if theme directory is absent
2021-01-27 22:05:19 +01:00
Pedro Igor
0c501f8302
[KEYCLOAK-16837] - Authz client still relying on refresh tokens when doing client credentials
2021-01-27 12:23:32 -03:00
mposolda
99a70267d9
KEYCLOAK-16801 Improve performance of ClearExpiredEvents background task
2021-01-27 09:57:46 +01:00
Takashi Norimatsu
b89edabcfc
KEYCLOAK-16889 Client Policy : Refactor Test Class
2021-01-27 09:06:08 +01:00
Martin Kanis
9f580e3ed8
KEYCLOAK-15695 Streamification cleanup
2021-01-20 14:39:53 +01:00
Thomas Darimont
6315fe5d22
KEYCLOAK-16464 Test mapping of enabled and emailVerified user model attribute to LDAP attributes
2021-01-20 09:24:06 +01:00
Takashi Norimatsu
bcf313f321
KEYCLOAK-16858 Client Policy - Improper retainAll operation in Client Scope Condition and other minor bugs
2021-01-20 09:10:21 +01:00
Martin Bartoš
9df7fdbc55
KEYCLOAK-14718 Adding test case for User Client Role Mapper
2021-01-19 17:49:36 +01:00
Michal Hajas
ba8e2fef6b
KEYCLOAK-15524 Cleanup user related interfaces
2021-01-18 16:56:10 +01:00
mposolda
dae4a3eaf2
KEYCLOAK-16468 Support for deny list of metadata attributes not updateable by account REST and admin REST
...
(cherry picked from commit 79db549c9d561b8d5efe3596370190c4da47e4e1)
(cherry picked from commit bf4401cddd5d3b0033820b1cb4904bd1c8b56db9)
2021-01-18 13:17:51 +01:00
mposolda
eac3329d22
KEYCLOAK-14019 Improvements for request_uri parameter
...
(cherry picked from commit da38b36297a5bd9890f7df031696b516268d6cff)
2021-01-18 13:05:09 +01:00
Pedro Igor
c631013031
[KEYCLOAK-16515] - Scope permissions not added to result if previous permission is granted
2021-01-14 17:08:05 +01:00
Takashi Norimatsu
5f445ec18e
KEYCLOAK-14200 Client Policy - Executor : Enforce Holder-of-Key Token
...
Co-authored-by: Hryhorii Hevorkian <hhe@adorsys.com.ua>
2021-01-12 11:21:41 +01:00
Takashi Norimatsu
f423c0dc51
KEYCLOAK-16249 Client Policy - Condition : Client - Any Client
2021-01-08 17:29:50 +01:00
vramik
1402d021de
KEYCLOAK-14846 Default roles processing
2021-01-08 13:55:48 +01:00
Takashi Norimatsu
05dfac75ca
KEYCLOAK-14202 Client Policy - Executor : Enforce secure signature algorithm for Signed JWT client authentication
...
Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
2021-01-06 08:58:20 +01:00
Thomas Darimont
1a7600e356
KEYCLOAK-13923 Support PKCE for OIDC based Identity Providers ( #7381 )
...
* KEYCLOAK-13923 - Support PKCE for Identity Provider
We now support usage of PKCE for OIDC based Identity Providers.
* KEYCLOAK-13923 Warn if PKCE information cannot be found code-to-token request in OIDCIdentityProvider
* KEYCLOAK-13923 Pull up PKCE handling from OIDC to OAuth IdentityProvider infrastructure
* KEYCLOAK-13923 Adding test for PKCE support for OAuth Identity providers
* KEYCLOAK-13923 Use URI from KeycloakContext instead of HttpRequest
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2021-01-05 10:59:59 -03:00
mposolda
d4a36d0d9c
KEYCLOAK-16350 invalid_scope error response should be displayed for openid-connect/auth
2021-01-05 12:55:53 +01:00
vramik
dfa27b9f0f
KEYCLOAK-14856 fix migration, add ssl for migration server
2021-01-05 11:05:18 +01:00
keycloak-bot
75be33ccad
Set version to 13.0.0-SNAPSHOT
2020-12-16 17:31:55 +01:00
vramik
2ed8ed2543
KEYCLOAK-15390 fix ClientMappersOIDCTest
2020-12-16 15:14:35 +01:00
Stefan Guilhen
d6422e415c
[KEYCLOAK-16508] Complement methods for accessing user sessions with Stream variants
2020-12-15 19:52:31 +01:00
Takashi Norimatsu
edabbc9449
KEYCLOAK-14203 Client Policy - Executor : Enforce HTTPS URIs
2020-12-15 09:31:20 +01:00
Martin Bartoš
24f1a9c5c4
KEYCLOAK-16583 Ignore tests which directly use WebAuthn Chrome testing feature
2020-12-14 16:39:32 +01:00
Martin Bartoš
cfc035ee42
KEYCLOAK-15066 Internal Server error when calling random idp endpoint
2020-12-14 16:37:53 +01:00
Cédric Couralet
f4abc86a66
KEYCLOAK-16112 don't remove username attribute
2020-12-14 15:46:25 +01:00
Takashi Norimatsu
200b53ed1e
KEYCLOAK-14192 Client Policy - Condition : Author of a client - User Role
2020-12-14 15:37:05 +01:00
Michal Hajas
8e376aef51
KEYCLOAK-15847 Add MapUserProvider
2020-12-10 08:57:53 +01:00
Martin Kanis
3ddedc49f5
KEYCLOAK-11417 Internal server error on front channel logout with expired session
2020-12-09 14:45:04 +01:00