Benjamin Weimer
fdcfa6e13e
KEYCLOAK-15156 backchannel logout offline session handling
2020-08-13 08:09:59 -03:00
David Hellwig
ddc2c25951
KEYCLOAK-2940 - draft - Backchannel Logout ( #7272 )
...
* KEYCLOAK-2940 Backchannel Logout
Co-authored-by: Benjamin Weimer <external.Benjamin.Weimer@bosch-si.com>
Co-authored-by: David Hellwig <hed4be@bosch.com>
2020-08-12 09:07:58 -03:00
Dillon Sellars
25bb2e3ba2
KEYCLOAK-14529 Signed and Encrypted ID Token Support : RSA-OAEP-256 Key Management Algorithm
2020-07-30 15:20:51 +02:00
Yoshiyuki Tabata
cd76ed0d74
KEYCLOAK-14289 OAuth Authorization Server Metadata for Token Revocation
2020-07-29 11:41:56 +02:00
keycloak-bot
afff0a5109
Set version to 12.0.0-SNAPSHOT
2020-07-22 14:36:15 +02:00
Thomas Vitale
4cd5ace800
KEYCLOAK-9321 Remove invalid token_introspection_endpoint
...
The discovery document is advertizing both token_introspection_endpoint
and introspection_endpoint. The former has been removed as it is not
defined by OAuth2/OIDC.
2020-07-17 11:41:28 +02:00
Douglas Palmer
1434f14663
[KEYCLOAK-14346] Base URL for applications is broken
2020-06-23 15:26:07 -03:00
Hiroyuki Wada
f73b51818b
KEYCLOAK-14113 Support for exchanging to SAML 2.0 token
2020-06-19 22:08:42 +02:00
Douglas Palmer
33863ba161
KEYCLOAK-10162 Usage of ObjectInputStream without checking the object types
...
Co-authored-by: mposolda <mposolda@gmail.com>
2020-06-08 13:12:08 +02:00
Yoshiyuki Tabata
f03ee2ec98
KEYCLOAK-14145 OIDC support for Client "offline" session lifespan
2020-06-04 14:24:52 +02:00
Denis
8d6f8d0465
EYCLOAK-12741 Add name and description edit functionality to Authentication and Execution Flows
2020-06-04 08:08:52 +02:00
cachescrubber
3382682115
KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation … ( #6962 )
...
* KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation (RFC-3062).
* KEYCLOAK-10927 - Introduce getLDAPSupportedExtensions(). Use result instead of configuration.
Co-authored-by: Lars Uffmann <lars.uffmann@vitroconnect.de>
Co-authored-by: Kevin Kappen <kevin.kappen@vitroconnect.de>
Co-authored-by: mposolda <mposolda@gmail.com>
2020-05-20 21:04:45 +02:00
Takashi Norimatsu
c057b994e7
KEYCLOAK-13104 Signed and Encrypted ID Token Support : AES 192bit and 256bit key support
2020-05-20 09:01:59 +02:00
Takashi Norimatsu
be0ba79daa
KEYCLOAK-7997 Implement Client Registration Metadata based on Mutual TLS
2020-05-19 17:00:41 +02:00
stianst
b04932ede5
KEYCLOAK-12414 Remove the need to specify defaults in config file
2020-05-13 09:02:29 -03:00
Álvaro Gómez Giménez
666832d1be
KEYCLOAK-13066 Include resourceType in ScopePermissionRepresentation
2020-05-12 17:11:35 -03:00
Pedro Igor
c4a6f0830e
[KEYCLOAK-14076] - Authorization context not always considering scope when checking permission
2020-05-07 08:48:07 +02:00
keycloak-bot
ae20b7d3cd
Set version to 11.0.0-SNAPSHOT
2020-04-29 12:57:55 +02:00
Yoshiyuki Tabata
874642fe9e
KEYCLOAK-12406 Add "Client Session Max" and "Client Session Idle" for OIDC
2020-04-28 15:34:25 +02:00
Yoshiyuki Tabata
b40c12c712
KEYCLOAK-5325 Provide OAuth token revocation capability
2020-04-28 15:25:22 +02:00
keycloak-bot
33314ae3ca
Set version to 10.0.0-SNAPSHOT
2020-04-21 09:19:32 +02:00
keycloak-bot
f6a592b15a
Set version to 9.0.4-SNAPSHOT
2020-03-24 08:31:18 +01:00
Martin Kanis
e6e0e6945d
KEYCLOAK-12156 LogoutEndpoint does not verify token type of id_token_hint
...
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2020-03-24 05:31:36 +01:00
Thomas Darimont
cd51ff3474
KEYCLOAK-13186 Remove role information from RefreshTokens
...
We now no longer expose role assignment information into the RefreshToken.
Previously RefreshTokens contained information about the realm and
client specific roles which are assigned to a user. Since the role
information is usually either taken from the AccessToken, IDToken or
the User-Info endpoint and the RefreshToken is an internal format which
is opaque to the client, it would be a waste of space to keep that
information in the RefreshToken.
See:
https://lists.jboss.org/pipermail/keycloak-dev/2019-April/011936.html
2020-03-11 06:28:22 +01:00
stianst
75a772f52b
KEYCLOAK-10967 Add JSON body methods for test ldap and smtp connections. Deprecate old form based methods.
2020-03-05 10:07:58 +01:00
Kohei Tamura
6eef8b5dd4
KEYCLOAK-12899 Fix incorrect exception message in JWE
2020-02-25 14:53:01 +01:00
stianst
536824beb6
KEYCLOAK-12960 Use Long for time based values in JsonWebToken
2020-02-19 15:46:05 +01:00
keycloak-bot
d352d3fa8e
Set version to 9.0.1-SNAPSHOT
2020-02-17 20:38:54 +01:00
mabartos
a5d02d62c1
KEYCLOAK-12908 TOTP not accepted in request for Access token
2020-02-07 13:17:05 +01:00
Marek Posolda
d46620569a
KEYCLOAK-12174 WebAuthn: create authenticator, requiredAction and policy for passwordless ( #6649 )
2020-01-29 09:33:45 +01:00
vramik
a2b3747d0e
KEYCLOAK-7014 - Correctly handle null-values in UserAttributes
2020-01-10 12:44:52 +01:00
Tom Billiet
0f8d988d58
[KEYCLOAK-12299] JWKS parsing: fallback to RS256 for RSA keys without alg field
2020-01-09 10:12:34 +01:00
Pedro Igor
709cbfd4b7
[KEYCLOAK-10705] - Return full resource representation when querying policies by id
2020-01-09 10:00:24 +01:00
Pedro Igor
946088d48d
[KEYCLOAK-12109] - Resolving authz discovery url using KeycloakUriBuilder
2019-12-19 14:18:21 +01:00
Douglas Palmer
106e6e15a9
[KEYCLOAK-11859] Added option to always display a client in the accounts console
2019-12-17 17:12:49 -03:00
Douglas Palmer
f9fa5b551d
[KEYCLOAK-5628] Added application endpoint
2019-12-11 13:06:04 -03:00
Pedro Igor
cee884e4a7
[KEYCLOAK-8406] - Remove Drools/Rules Policy
2019-11-22 15:38:51 +01:00
keycloak-bot
76aa199fee
Set version to 9.0.0-SNAPSHOT
2019-11-15 20:43:21 +01:00
AlistairDoswald
4553234f64
KEYCLOAK-11745 Multi-factor authentication ( #6459 )
...
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
Stan Silvert
d439f4181a
KEYCLOAK-6503: Linked Accounts Page
2019-11-14 07:39:43 -03:00
Andrei Arlou
38b48c6dd3
KEYCLOAK-11985 Fix minor warnings in tests module core
2019-11-11 09:39:17 +01:00
Andrei Arlou
5ff0da319a
KEYCLOAK-11983 Use diamond operator for collections in module core
2019-11-11 09:36:03 +01:00
Andrei Arlou
7c295c1d43
KEYCLOAK-11992 Use StandartCharsets.UTF-8 for strings in module core
2019-11-11 09:33:39 +01:00
Andrei Arlou
43c0dd01ec
KEYCLOAK-11984 Remove unused fields and imports from module core
2019-11-11 09:30:58 +01:00
Stian Thorgersen
f14f92ab0b
KEYCLOAK-6073 Make adapters use discovery endpoint for URLs instead of hardcoding ( #6412 )
2019-11-06 10:34:35 +01:00
Stan Silvert
041229f9ca
KEYCLOAK-7429: Linked Accounts REST API
2019-11-05 16:03:21 -05:00
Peter Skopek
d0386dab85
KEYCLOAK-8785 remove k_version endpoint ( #6428 )
2019-11-05 11:35:55 +01:00
Pedro Igor
bb4ff55229
[KEYCLOAK-10868] - Deploy JavaScript code directly to Keycloak server
...
Conflicts:
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java
(cherry picked from commit 338fe2ae47a1494e786030eb39f908c964ea76c4)
2019-10-22 10:34:24 +02:00
Takashi Norimatsu
7c75546eac
KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
...
* KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
2019-10-01 15:17:38 +02:00
Pedro Igor
a1d8850373
[KEYCLOAK-7416] - Device Activity
2019-09-05 11:43:27 -03:00
Leon Graser
0ce10a3249
[KEYCLOAK-10653] Manage Consent via the Account API
2019-08-20 06:24:44 -03:00
Takashi Norimatsu
8225157a1c
KEYCLOAK-6768 Signed and Encrypted ID Token Support
2019-08-15 15:57:35 +02:00
keycloak-bot
17e9832dc6
Set version to 8.0.0-SNAPSHOT
2019-07-19 19:05:03 +02:00
Hynek Mlnarik
3d4283fac9
KEYCLOAK-9987 Upgrade to Wildfly17
...
Co-Authored-By: hmlnarik <hmlnarik@redhat.com>
2019-07-16 08:05:46 +02:00
Sven-Torben Janus
c883c11e7e
KEYCLOAK-10158 Use PEM cert as X.509 user identity
...
Allows to use the full PEM encoded X.509 certificate from client cert
authentication as a user identity. Also allows to validate that user's
identity against LDAP in PEM (String and binary format). In addition,
a new custom attribute mapper allows to validate against LDAP when
certificate is stored in DER format (binay, Octet-String).
KEYCLOAK-10158 Allow lookup of certs in binary adn DER format from LDAP
2019-07-08 11:58:26 +02:00
Pedro Igor
0cdd23763c
[KEYCLOAK-10443] - Define a global decision strategy for resource servers
2019-07-02 09:14:37 -03:00
Pedro Igor
fdc0943a92
[KEYCLOAK-8060] - My Resources REST API
2019-06-11 14:23:26 -03:00
Hynek Mlnarik
65326ce16a
KEYCLOAK-9629 Update cookie type
2019-04-24 07:18:41 +01:00
keycloak-bot
49d4e935cb
Set version to 7.0.0-SNAPSHOT
2019-04-17 09:48:07 +01:00
Takashi Norimatsu
9b3e297cd0
KEYCLOAK-9756 PS256 algorithm support for token signing and validation
2019-04-09 20:52:02 +02:00
Pedro Igor
b39cf1c736
[KEYCLOAK-9353] - Final field failing to be set when running quarkus in native mode
2019-04-09 09:49:05 -03:00
Mark Stickel
d5cc18b960
KEYCLOAK-9868 x5t and x5t#S256 JWK parameters
2019-03-27 19:05:57 +01:00
Yaser Abouelenein
404ac1d050
KEYCLOAK-8701 changes needed to include x5c property in jwks
2019-03-15 06:01:15 +01:00
keycloak-bot
e843d84f6e
Set version to 6.0.0-SNAPSHOT
2019-03-06 15:54:08 +01:00
Lars Wilhelmsen
9b1ab0f992
KEYCLOAK-9116: Fixes JWK serialization of ECDSA public key coordinates.
...
Signed-off-by: Lars Wilhelmsen <lars@sral.org>
2019-02-25 09:53:09 -03:00
stianst
e06c705ca8
Set version 5.0.0
2019-02-21 09:35:14 +01:00
Sebastian Laskawiec
ee41a0450f
KEYCLOAK-8349 KEYCLOAK-8659 Use TLS for all tests in the suite
2019-02-08 08:57:48 -02:00
stianst
7c9f15778a
Set version to 4.8.3.Final
2019-01-09 20:39:30 +01:00
stianst
7c4890152c
Set version to 4.8.2
2019-01-03 14:43:22 +01:00
mposolda
061693a8c9
KEYCLOAK-9089 IllegalArgumentException when trying to use ES256 as OIDC access token signature
2018-12-14 21:01:03 +01:00
stianst
b674c0d4d9
Prepare for 4.8.0.Final
2018-12-04 13:54:25 +01:00
mposolda
6db1f60e27
KEYCLOAK-7774 KEYCLOAK-8438 Errors when SSO authenticating to same client multiple times concurrently in more browser tabs
2018-11-21 21:51:32 +01:00
Takashi Norimatsu
0793234c19
KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 ( #5603 )
...
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
also support client signed signature verification by refactored token
verification mechanism
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
incorporate feedbacks and refactor client public key loading mechanism
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
unsigned request object not allowed
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256
revert to re-support "none"
2018-11-19 14:28:32 +01:00
Thomas Darimont
cf57a1bc4b
KEYCLOAK-1267 Add dedicated SSO timeouts for Remember-Me
...
Previously remember-me sessions where tied to the SSO max session
timeout which could lead to unexpected early session timeouts.
We now allow SSO timeouts to be configured separately for sessions
with enabled remember-me. This enables users to opt-in for longer
session timeouts.
SSO session timeouts for remember-me can now be configured in the
tokens tab in the realm admin console. This new configuration is
optional and will tipically host values larger than the regular
max SSO timeouts. If no value is specified for remember-me timeouts
then the regular max SSO timeouts will be used.
Work based on PR https://github.com/keycloak/keycloak/pull/3161 by
Thomas Darimont <thomas.darimont@gmail.com>
2018-11-15 06:11:22 +01:00
stianst
ecd476fb10
Prepare for 4.7.0.Final
2018-11-14 20:10:59 +01:00
scranen
5880efe775
KEYCLOAK-4342 Make naming consistent
2018-11-06 10:28:06 -02:00
scranen
0c6b20e862
[KEYCLOAK-4342] Make adapter state cookie path configurable
2018-11-06 10:28:06 -02:00
Graser Leon
9ef4c7fffd
KEYCLOAK-8377 Role Attributes
2018-10-24 22:04:28 +02:00
mposolda
c36b577566
KEYCLOAK-8483 Remove application from the aud claim of accessToken and refreshToken
2018-10-23 13:52:09 +02:00
Pedro Igor
6f8f8e6a28
[KEYCLOAK-8449] - Option to automatically map HTTP verbs to scopes when configuring the policy enforcer
2018-10-23 08:40:54 -03:00
vramik
7a96911a83
KEYCLOAK-8300 KEYCLOAK-8301 Wildfly 14 upgrade
...
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2018-10-17 20:01:07 +02:00
stianst
11374a2707
KEYCLOAK-8556 Improvements to profile
2018-10-12 12:26:37 +02:00
Leon Graser
066bef744f
KEYCLOAK-6658 Fine Grain Permissions via Java Client
...
Signed-off-by: Leon Graser <leon.graser@bosch-si.com>
2018-10-11 09:44:57 -03:00
mposolda
5b51c000af
KEYCLOAK-8481 Don't include empty resource_access in access token
2018-10-11 08:04:07 +02:00
mposolda
2a4cee6044
KEYCLOAK-6884 KEYCLOAK-3454 KEYCLOAK-8298 Default 'roles' and 'web-origins' client scopes. Add roles and allowed-origins to the token through protocol mappers
2018-10-04 12:00:38 +02:00
stianst
c3fc9e9815
Set version to 4.6.0.Final-SNAPSHOT
2018-09-26 20:58:41 +02:00
mposolda
3777dc45d0
KEYCLOAK-3058 Support for validation of "aud" in adapters through verify-token-audience configuration switch
2018-09-21 11:17:05 +02:00
mposolda
99a16dcc1f
KEYCLOAK-6638 Support for adding audiences to tokens
2018-09-13 21:40:16 +02:00
stianst
24e60747b6
KEYCLOAK-7560 Refactor token signature SPI PR
...
Also incorporates:
KEYCLOAK-6770 ES256/384/512 providers
KEYCLOAK-4622 Use HS256 for refresh tokens
KEYCLOAK-4623 Use HS256 for client reg tokens
2018-09-11 08:14:10 +02:00
Takashi Norimatsu
5b6036525c
KEYCLOAK-7560 Refactor Token Sign and Verify by Token Signature SPI
2018-09-11 08:14:10 +02:00
stianst
1fb4ca4525
Set version to 4.5.0.Final
2018-09-06 20:08:02 +02:00
Pedro Igor
6a0a1031a1
[KEYCLOAK-7754] - Fixing compat issues with UMA spec in RPT Introspection Provider
2018-09-04 11:41:09 -03:00
Stefan Guilhen
0b95cdacb8
[KEYCLOAK-7885] Add user policy support to the policy API
2018-08-13 22:09:17 -03:00
Pedro Igor
80e5227bcd
[KEYCLOAK-4902] - Refactoring and improvements to processing of authz requests
2018-08-07 10:53:40 -03:00
mposolda
959cd035ba
Set version to 4.3.0.Final-SNAPSHOT
2018-08-01 22:40:05 +02:00
Hynek Mlnarik
f57cc3a9c0
KEYCLOAK-5257 Clarify usage of TokenVerifier
2018-08-01 13:38:31 +02:00
mposolda
a2afe7c205
KEYCLOAK-7977 Release failing due the NPE during swagger2markup-maven-plugin execution
2018-07-31 22:05:34 +02:00
ssilvert@win.redhat.com
0844aa8d68
KEYCLOAK-7857: Fix notifications
2018-07-25 08:59:25 -04:00
Hiroyuki Wada
7c0ca9aad2
KEYCLOAK-6313 Add required action's priority for customizing the execution order
2018-07-23 22:21:04 +02:00
Pedro Igor
8b6979ac18
[KEYCLOAK-7849] - Improvements to RPT upgrade
2018-07-18 16:40:55 -03:00