Commit graph

2625 commits

Author SHA1 Message Date
wyvie
1450a7fad4 [KEYCLOAK-7569] support for authentication flow update
Added support for the PUT method of the authentication flow endpoint in
the admin API.

Now it's possible to run the 'update' method for authentication/flows in
kcadm.sh.
2018-07-03 10:31:23 +02:00
stianst
3c5027de3c KEYCLOAK-7701 Refactor key providers to support additional algorithms 2018-06-29 14:14:25 +02:00
Johannes Knutsen
fc3ca33033 Set hardcoded user session attribute after IDP first login flow 2018-06-26 10:31:55 +02:00
Takashi Norimatsu
2fb022e501 KEYCLOAK-7688 Offline Session Max for Offline Token 2018-06-26 08:25:06 +02:00
vramik
b478472b35 KEYCLOAK-7478 Add key query param to change locale url 2018-06-26 08:19:25 +02:00
Hynek Mlnarik
6b968796ce KEYCLOAK-7667 Fix namespace handling when decrypting assertion 2018-06-21 13:09:18 +02:00
Hiroyuki Wada
c2012a595b KEYCLOAK-7650 Don't display disabled identity providers 2018-06-19 08:55:24 -04:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support (#5076)
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes

Co-authored-by: vramik <vramik@redhat.com>

* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
2018-06-08 15:38:38 +02:00
Pedro Igor
aa128d6c07
Merge pull request #5240 from pedroigor/KEYCLOAK-7353
[KEYCLOAK-7353] Support Policy Management in Protection API
2018-06-07 11:05:49 -03:00
Ola Bergefall
c8c76cc03f KEYCLOAK-7316: Default back to false if isPassive is missing in request. 2018-06-07 08:50:32 +02:00
Federico M. Facca
5a9bfea419 [KEYCLOAK-7353] Support Policy Management in Protection API
See https://issues.jboss.org/browse/KEYCLOAK-7353
2018-06-06 19:36:42 -03:00
Hynek Mlnarik
7ff18ca14b KEYCLOAK-7331 Fix NPE when SAML Issuer not set in AuthnRequest 2018-06-06 16:21:18 +02:00
Takashi Norimatsu
c586c63533 KEYCLOAK-6771 Holder of Key mechanism
OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access
Tokens
2018-06-05 08:18:29 +02:00
Pedro Igor
f8919f8baa
Merge pull request #5211 from pedroigor/KEYCLOAK-7367
[KEYCLOAK-7367] - User-Managed Policy Provider
2018-06-04 09:35:13 -03:00
Jared Blashka
65c39763eb KEYCLOAK-7356 Code to Token flow fails if initial redirect_uri contains a session_state parameter 2018-05-31 08:53:11 +02:00
Martin Kanis
f429469fc8 KEYCLOAK-5270 Realm cookie path for IE<=11 users (#5106) 2018-05-31 08:44:34 +02:00
Takashi Norimatsu
eb97151476 KEYCLOAK-7451 OAuth Authorization Server Metadata for Proof Key for Code Exchange 2018-05-28 22:15:43 +02:00
Pedro Igor
2b6597e9f1 [KEYCLOAK-7367] - User-Managed Policy Provider 2018-05-25 16:18:15 -03:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00
Pedro Igor
e5d997a6c0
Merge pull request #5203 from martel-innovate/separate-ticket-permission-and-uma-permission-API
[KEYCLOAK-7354] - Split ticket management and permission endpoint
2018-05-17 15:22:55 -03:00
Federico M. Facca
76076cdb3c [KEYCLOAK-7354] split ticket management and permission endpoint
see (https://issues.jboss.org/browse/KEYCLOAK-7354)

* created new endpoint for ticket management /permission/ticket
* removed unused class
* support for direct creation of ticket by resource owner
* fix DELETE ticket
2018-05-16 15:10:39 +02:00
Timo Knapp
487539542a KEYCLOAK-7325: Fix Issue regarding HTTP 500 Server Error for resource_set Endpoint in ProtectionService (#5196)
* KEYCLOAK-7325: Fix Issue regarding HTTP 500 Server Error for resource_set Endpoint in ProctectionService
2018-05-15 14:57:33 -03:00
Federico M. Facca
5cbe595fe3 This commit implement feature KEYCLOAK-7337
* return requester

when returnNames=true

* return requesterName
* return owernName
2018-05-11 21:08:16 +02:00
Pedro Igor
e84acd9898
Merge pull request #5177 from pedroigor/KEYCLOAK-7206
[KEYCLOAK-7206] - Search by user id on admin console
2018-05-04 09:11:49 -03:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT (#5185) 2018-05-02 14:32:20 +02:00
Martin Kanis
9505925363 Revert "KEYCLOAK-5270 Realm cookie path for IE<=11 users (#5106)" (#5183)
This reverts commit a67da7bc59.
2018-05-02 09:31:42 +02:00
pedroigor
ddceaaf3d5 [KEYCLOAK-7206] - Search by user id on admin console 2018-04-30 11:44:33 -03:00
Pedro Igor
e960642399
Merge pull request #5144 from pedroigor/KEYCLOAK-4903
[KEYCLOAK-4903] - Pushed Claims
2018-04-26 15:59:13 -03:00
Stan Silvert
35154db50f
KEYCLOAK-7123: l10n dropdowns (#5170)
* KEYCLOAK-7196: Add kc_locale to keycloak.js

* KEYCLOAK-7123: Localization dropdowns

* Update keycloak-service to latest keycloak.js
2018-04-25 15:04:12 -04:00
pedroigor
035ebc881a [KEYCLOAK-4903] - Claim Information point Provider SPI and configuration 2018-04-25 10:16:41 -03:00
pedroigor
e813fcd9c8 [KEYCLOAK-4903] - Pushing claims when obtaining a permission ticket 2018-04-24 19:47:28 -03:00
mposolda
634e7170e3 KEYCLOAK-7158 RestartLoginCookie throws error when KC_RESTART cookie created by Keycloak 1.9 2018-04-23 21:56:13 +02:00
Martin Kanis
7efa45126c KEYCLOAK-6991 NPE when importing realm from file 2018-04-19 14:26:50 +02:00
Oskars
3bef6d5066 KEYCLOAK-4538 Configurable clock skew when validating tokens (#5014)
* [master]: fix type for checkLoginIframeInterval

* [master]: KEYCLOAK-4538 Feature to tolerate a configurable amount of seconds of clock skew when validating tokens

* [master]: KEYCLOAK-4538 Fix unit test scenarios for token clock skew

* [master]: KEYCLOAK-4538 Reverted wildcard imports

* [master]: fix unit test to use longer intervals to make test less fragile.
2018-04-16 11:09:25 +02:00
Vlastimil Eliáš
c1311e4619 KEYCLOAK-6849 - LinkedIn social login provider updated to new LinkedIn OAuth2 endpoint (#5125)
* KEYCLOAK-6849 - LinkedIn social login provider updated to new LinkedIn
OAuth2 endpoint

* KEYCLOAK-6849 - LinkedIn social login provider test updated

* KEYCLOAK-6849 - LinkedIn social login provider test updated to
conditionally handle consent page when shown only

* Simplify the LinkedIn app authorization

This reverts commit c12359e7a13d9ff231fe2e25cddba66ad679a9cd.
2018-04-13 08:09:27 +02:00
Stan Silvert
095fec95e5
KEYCLOAK-7022 Fix l10n on Welcome page (#5143) 2018-04-11 12:05:07 -04:00
Hugo Guerrero
fac3118b0a KEYCLOAK-6448 - implement instagram social broker (#4963)
* KEYCLOAK-6448 - implement instagram social broker

* Instagram SocialLogin Tests
2018-04-09 17:30:27 +02:00
Martin Kanis
a67da7bc59 KEYCLOAK-5270 Realm cookie path for IE<=11 users (#5106) 2018-04-06 09:26:29 +02:00
Bill Burke
ffd9d957f4
Merge pull request #5123 from patriot1burke/kcadm-token
KEYCLOAK-7044 KEYCLOAK-7046
2018-04-04 17:22:17 -04:00
Stefan Guilhen
87abe5e648 [KEYCLOAK-6853] Make TimePolicyProvider use the kc.date.time_date contextual attribute when evaluating policies 2018-04-04 14:37:03 -03:00
Stan Silvert
701c318b60
KEYCLOAK-7047: Fix RegistrationEmailAsUsername and EditUserNameAllowed (#5122)
on personal info page.
2018-04-04 09:31:38 -04:00
Bill Burke
8a5428808e KEYCLOAK-7044 KEYCLOAK-7046 2018-04-03 21:29:31 -04:00
Bill Burke
4078e84fb6 server driven success page 2018-03-31 10:16:44 -04:00
Bill Burke
f4a5e49b63 initial 2018-03-29 17:14:36 -04:00
Pedro Igor
5cae1bb134
Merge pull request #5093 from pedroigor/KEYCLOAK-4102
[KEYCLOAK-4102] - Support lazy load paths
2018-03-29 09:16:34 -03:00
Bill Burke
8d3dc790df
Merge pull request #5087 from patriot1burke/kcinit
KEYCLOAK-6813
2018-03-28 17:35:33 -04:00
Bill Burke
f5bacb79c1 review changes 2018-03-28 16:45:52 -04:00
pedroigor
4a425c2674 [KEYCLOAK-4102] - Support lazy loading of paths via policy enforcer config 2018-03-28 09:23:59 -03:00
Bill Burke
c38b6d585e KEYCLOAK-528 (#5103) 2018-03-28 11:15:37 +02:00
Bill Burke
ad5f3fefc5 Merge remote-tracking branch 'upstream/master' into kcinit 2018-03-27 16:38:35 -04:00
Stan Silvert
80feb67fc2
KEYCLOAK-6494: Address load time of new acct mgt console (#5100)
* Optimize loading. min bundles, stop double-loading, rxjs-system instead of
plain rxjs, clean up 404's

* Create module loading hierarchy.  Allows for lazy loading.

* Upgrade NG, remove jquery, load keycloak.js only from auth/js

* Delay systemjs loading.  Load home page instead of account.

* KEYCLOAK-6496: Cleanup and polish code after optimizations.

* Fix message bundle to be back the way it was.

* Remove unused png's. Remove comments in index.ftl. Remove javaMessages.
2018-03-27 12:42:13 -04:00
pedroigor
e9e376419d [KEYCLOAK-4102] - Removing create-resources configuration option 2018-03-27 09:51:13 -03:00
Pedro Igor
ffeb0420bf
Merge pull request #5079 from pedroigor/KEYCLOAK-6529
[KEYCLOAK-6529] - Resource Attributes
2018-03-27 09:30:38 -03:00
stianst
07fea02146 Bump versions to 4.0.0.Beta2-SNAPSHOT 2018-03-26 18:17:38 +02:00
wyvie
d40e9bd3c1 [KEYCLOAK-6814] check if HMAC exists during session restart 2018-03-26 10:05:39 +02:00
Bill Burke
f000cedcbb Merge remote-tracking branch 'upstream/master' into kcinit 2018-03-20 16:49:43 -04:00
Jérôme Blanchard
f11c24e359 [KEYCLOAK-6147] Include Nonce in OIDC authentication 2018-03-20 10:51:44 +01:00
Bill Burke
8926837a3e tests 2018-03-19 16:47:13 -04:00
Áron Bustya
82ba2b1b0d remove changes from standard OIDC client registration, move constants 2018-03-19 19:31:22 +01:00
Áron Bustya
57f57f5c75 set request object mandatory for client, restrict delivery mode
handle new attribute in client representation


add to UI
2018-03-19 19:31:22 +01:00
pedroigor
08896ee9c9 [KEYCLOAK-6529] - Resource Attributes 2018-03-19 13:21:39 -03:00
Bill Burke
4bba11cd94 kcinit 2018-03-16 12:11:57 -04:00
Alex Szczuczko
e4781b8aa3 KEYCLOAK-6828 Drop jcenter repository from services/pom.xml
swagger2markup-maven-plugin depends transitively on markdown_to_asciidoc, which
is inexplicably not in Central. This causes issues during productisation, as
it's reasonably assumed that all third party artifacts will be in Central.

Stian has already asked the community project to get their artifacts in Central
( bodiam/markdown-to-asciidoc#26 ), and they haven't done anything in almost a
year. So, I've added the artifacts under my own namespace, and changed the pom
to use those instead. The artifacts are unchanged from the ones on jcenter,
except the pom was expanded slightly to meet the minimum requirements of
Central.

I'm making this change now, as I hit the problem when trying to set up
continuous productization builds from master.
2018-03-16 08:36:04 +01:00
Douglas Palmer
fed1b62c5d [KEYCLOAK-6301] Remove service account when it is disabled from the client 2018-03-14 15:09:42 +01:00
Takashi Norimatsu
5b1e65c23e KEYCLOAK-6700 Financial API Read and Write API Security Profile : state
hash value (s_hash) to protect state parameter
2018-03-13 16:40:34 +01:00
Takashi Norimatsu
e72756d01a KEYCLOAK-6700 Financial API Read and Write API Security Profile : state hash value (s_hash) to protect state parameter 2018-03-13 16:40:34 +01:00
Pedro Igor
2aa71d1737
Merge pull request #5051 from pedroigor/KEYCLOAK-6787
[KEYCLOAK-6787] - Wrong validation of resources with same name and different owners
2018-03-12 11:41:49 -03:00
pedroigor
0a4fd79b22 [KEYCLOAK-6116] - Get email attribute from 'subject alternative name' using X509 certificate 2018-03-09 10:56:35 -03:00
Martin Hardselius
8549bd70b7 Add pairwise sub support to authorization services
Identity token verification will now fetch the user from the session
state instead of relying on the sub provided in the token. Also done in
KeycloakIdentity.

Resolves: KEYCLOAK-6659
2018-03-02 13:08:27 +01:00
pedroigor
1e1de85685 [KEYCLOAK-6787] - Wrong validation of resources with same name and different owners 2018-03-01 16:50:05 -03:00
pedroigor
cb531056a6 [KEYCLOAK-6621] - Fixing cache and queries of policies with type scope 2018-02-28 16:33:45 -03:00
Pedro Igor
91bdc4bde2 [KEYCLOAK-3169] - UMA 2.0 (#4368)
* [KEYCLOAK-3169] - UMA 2.0 Support

* [KEYCLOAK-3169] - Changes to account service and more tests

* [KEYCLOAK-3169] - Code cleanup and tests

* [KEYCLOAK-3169] - Changes to account service and tests

* [KEYCLOAK-3169] - Changes to account service and tests

* [KEYCLOAK-3169] - More tests

* [KEYCLOAK-3169] - Changes to adapter configuration

* [KEYCLOAK-3169] - Reviewing UMA specs and more tests

* [KEYCLOAK-3169] - Reviewing UMA specs and more tests

* [KEYCLOAK-3169] - Changes to UMA Grant Type and refactoring

* [KEYCLOAK-3169] - Refresh tokens for RPT responses and tests

* [KEYCLOAK-3169] - Changes to account my resources and policy enforcers

* [KEYCLOAK-3169] - Realm settings flag to enable/disable user-managed access in account mgmt console

* [KEYCLOAK-3169] - More changes to my resource pages in account mgmt console

* [KEYCLOAK-3169] - Need to enable user-managed on realm to run tests

* [KEYCLOAK-3169] - Removing more UMA 1.0 related code

* [KEYCLOAK-3169] - Only submit requests if ticket exists

* [KEYCLOAK-3169] - Returning UMA 401 response when not authenticated

* [KEYCLOAK-3169] - Removing unused code

* [KEYCLOAK-3169] - Removing unused code

* [KEYCLOAK-3169] - 403 response in case ticket is not created

* [KEYCLOAK-3169] - Fixing AbstractPhotozExampleAdapterTest#testClientRoleRepresentingUserConsent

* [KEYCLOAK-3169] - 403 status code only returned for non-bearer clients
2018-02-28 08:53:10 +01:00
wyvie
f8022a5c2f [KEYCLOAK-6585] hybrid flow: removed token_type and expires_in paramters from oidc auth response 2018-02-27 15:31:12 +01:00
vmuzikar
a2cc7bd4b9 KEYCLOAK-6709 Fix OpenShift IdP doesn't fetch user's full name 2018-02-27 12:28:42 +01:00
wyvie
52acd959e0 [KEYCLOAK-6584] removed not-before-policy parameter from authorization response 2018-02-26 17:41:18 +01:00
Josh Cain
24132c8f5b Return location for execution and flow creation in admin interface. Also allow for retrieval of execution by ID 2018-02-26 17:00:17 +01:00
Hynek Mlnarik
e7cdb8ad54 KEYCLOAK-6473 KEYCLOAK-6472 SAML parser refactor + protocol parsers 2018-02-23 08:16:14 +01:00
Stian Thorgersen
9ef1f1b73c KEYCLOAK-3482 2018-02-22 09:42:45 -03:00
Erlend Hamnaberg
208ecbc3f7 KEYCLOAK-6676: Fix NPE if the redirect_uri parameter is missing 2018-02-21 19:44:22 +01:00
mposolda
fc463ae50b KEYCLOAK-6617 Offline token logout did not invalidate user session 2018-02-19 08:49:05 +01:00
cgol
86a8addf49 KEYCLOAK-6615 Remove offline session from database on offline token logout
remove offline token from database on offline session logout
2018-02-19 08:49:05 +01:00
stianst
9b63cd35f0 KEYCLOAK-6431 2018-02-13 19:38:46 +01:00
Hynek Mlnarik
84ea3f8cb1 KEYCLOAK-4315 Remove some dead/duplicate classes 2018-02-13 15:41:36 +01:00
Bill Burke
5d5373454c
Merge pull request #4991 from patriot1burke/challenge-support
KEYCLOAK-6355
2018-02-13 09:38:45 -05:00
Bill Burke
87ee15a081 fix 2018-02-12 16:52:55 -05:00
Bill Burke
d6788a0839 finish 2018-02-10 13:38:39 -05:00
stianst
505cf5b251 KEYCLOAK-6519 Theme resource provider 2018-02-09 08:28:59 +01:00
Bill Burke
5ea4ef9e55 change code query params to session_code 2018-02-08 17:37:27 -05:00
Douglas Palmer
e8de4655ac KEYCLOAK-6344 Use POST instead of GET for LDAP connection tests 2018-02-08 21:18:03 +01:00
Jochen Preusche
8325151e16
Extract findLocale to LocaleNegotiator, add tests
* Improve Testability of Locale Negotiation
 * Add test for Locale Negotiation
 * Fix Locale Negotiation for omitted Country Code
2018-02-06 09:50:04 +01:00
Serhii Shymkiv
c2fe500eb8 [KEYCLOAK-4721] Consider Session Language of Realm Also In ReCaptcha 2018-02-02 13:57:03 +01:00
vramik
019c3c9ef9 KEYCLOAK-6146 realm import fails when password policy is specified 2018-02-02 08:30:06 +01:00
Thomas Darimont
77334af34e KEYCLOAK-6222 Check syntax for errors on ScriptBasedOIDCProtocolMapper validation
We now explicitly check for syntax errors
during validation of ScriptBasedOIDCProtocolMappers.
2018-02-02 08:28:27 +01:00
Bill Burke
8f09efab9d
Merge pull request #4949 from patriot1burke/client-storage-spi
KEYCLOAK-6228
2018-02-01 08:59:02 -05:00
Bill Burke
126dd70efc client stat improvement 2018-01-31 13:05:13 -05:00
Bill Burke
a571781240 hynek db changes 2018-01-30 17:00:55 -05:00
Vlastimil Elias
a5f675d693 KEYCLOAK-4937 - convert time units in emails into human-friendly format 2018-01-30 06:38:57 +01:00
Bill Burke
1d8e38f0c6 admin console 2018-01-27 13:05:02 -05:00
Bill Burke
dd4c0d448c Merge remote-tracking branch 'upstream/master' into client-storage-spi 2018-01-27 09:47:41 -05:00