Marek Posolda
8c3fc5a60e
Option for client to specify default acr level ( #10364 )
...
Closes #10160
2022-02-22 07:54:30 +01:00
Marek Posolda
90d4e586b6
Show error in case of an unkown essential acr claim. Make sure correc… ( #10088 )
...
* Show error in case of an unkown essential acr claim. Make sure correct acr is set after authentication flow during step-up authentication
Closes #8724
Co-authored-by: Cornelia Lahnsteiner <cornelia.lahnsteiner@prime-sign.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
2022-02-15 09:02:05 +01:00
keycloak-bot
d9f1a9b207
Set version to 18.0.0-SNAPSHOT ( #10165 )
2022-02-11 21:28:06 +01:00
Francis PEROT
623aaf1e8b
Fixes collection comparison ignoring order
...
Use of containsAll() does not permit to compare if 2 lists are equals
(ignoring order)
Previous implementation of CollectionUtil.collectionEquals(...) was not taking care of specific cases where you can have [ A, A, B ] and [ A, B, B ] and complexity was O(n²)
Using Map, complexity is now O(n)
Closes #9920
2022-02-11 10:01:41 +01:00
Mauro de Wit
2c238b9f04
session-limiting-feature ( #8260 )
...
Closes #10077
2022-02-08 19:16:06 +01:00
Stian Thorgersen
2e5cb103ee
Update to UA Parser 1.5.2 ( #10030 )
2022-02-08 11:28:59 +01:00
Marek Posolda
d9c8cb30a5
Closes #9498 - Fix cases when user is forced to re-authenticate ( #9580 )
2022-02-07 09:02:08 +01:00
Konstantinos Georgilakis
a1f2f77b82
Device Authorization Grant with PKCE
...
Closes #9710
2022-02-03 08:37:07 +01:00
Daniel Gozalo
3528e7ba54
[ fixes #9224 ] - Get consented scopes from AuthorizationContext
...
Always show the consent screen when a dynamic scope is requested and show the requested parameter
Improve the code that handles dynamic scopes consent and add some log traces
Add a test to check how we show dynamic scope in the consent screen and added missing template file change
Fix merge problem in comment and improve other comments
Fix the Dynamic Scope test by assigning it to the client as optional instead of default
Change how dynamic scopes are represented in the consent screen and adapt test
2022-02-02 09:10:20 +01:00
Alexander Schwartz
df7ddbf9b3
Added ModelIllegalStateException to handle lazy loading exception.
...
Closes #9645
2022-01-31 10:10:41 +01:00
Takashi Norimatsu
ef134390c2
Client Policies : Condition's negative logic configuration is not shown in Admin Console's form view
...
Closes #9447
2022-01-27 09:55:22 +01:00
vramik
873a44459a
Convert MapClientScopeEntity to interface
...
Closes #9657
2022-01-23 16:56:25 +01:00
Thomas Darimont
438fc2865f
Fix embedded theme-resources lookup in Keycloak.X
...
Previously lookups for embedded theme-resources did not work for Keycloak.X because of a missing
`ClasspathThemeResourceProvider` registration.
This PR ensures that a `ClasspathThemeResourceProvider` is registered in Keycloak.X based deployments.
Added empty constructors to ClasspathThemeResourceProvider to enable dynamic instantiation by Quarkus.
Fixes #9653
2022-01-21 09:52:26 -03:00
Daniel Gozalo
8ea09d3816
[ fixes #9222 ] - Let users configure Dynamic Client Scopes ( #9327 )
2022-01-12 14:27:24 +01:00
CorneliaLahnsteiner
dff79cee3c
KEYCLOAK-847 Add support for step up authentication ( #7897 )
...
KEYCLOAK-847 Fix behavior of unknown not essential acr claim
Co-authored-by: Georg Romstorfer <georg.romstorfer@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2021-12-22 12:43:12 +01:00
keycloak-bot
9f3d4a7d42
Set version to 17.0.0-SNAPSHOT
2021-12-20 10:50:39 +01:00
vramik
e61da278ba
When ternary conditional operator uses primitive type it could throw NPE in some cases
...
Closes #9137
2021-12-15 10:25:54 +01:00
Hynek Mlnarik
2785cab596
Simplify component model overrides
...
Fixes #9021
2021-12-08 10:58:56 +01:00
Hynek Mlnarik
95614e8b40
Fix NPE for component creation when realm unset but config known
...
Fixes #9019
2021-12-07 20:15:05 +01:00
Martin Bartoš
1e1a6779be
Issue 8814: Replace deprecated hamcrest-all dependencies
2021-11-23 13:56:28 +01:00
bal1imb
661aca4452
KEYCLOAK-19283 Implemented new identity provider mapper "Advanced claim to group mapper" alongside tests.
2021-11-19 16:54:39 +01:00
Takashi Norimatsu
10c3e149d3
KEYCLOAK-19699 RSA key provider with key use = enc cannot select corresponding algorithm on Admin Console
2021-11-18 13:24:50 +01:00
Alec Henninger
cec6a8a884
KEYCLOAK-19700: Attempt to reuse denied device authorization code results in server error
2021-11-08 11:37:51 +01:00
Pedro Igor
eaa96f6147
[KEYCLOAK-18255] - Vault Support in Dist.X
2021-11-03 09:23:33 -03:00
Martin Bartoš
bfce612641
KEYCLOAK-18338 Fix update user account with configured SSSD
2021-11-02 08:42:07 +01:00
R Yamada
891c8e1a12
[KEYCLOAK-17653] - OIDC Frontchannel logout support
2021-10-07 15:27:19 -03:00
stianst
f471a110cd
KEYCLOAK-19408 Better client secrets
2021-09-29 18:19:43 +02:00
Daniel Fesenmeyer
339224578e
KEYCLOAK-10603 adjust assignments to roles (user-role and group-role assignments, client-scope and client "scope mappings"): allow assignments of roles which are already indirectly assigned (e.g. by composite role)
...
- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
2021-09-22 13:56:29 +02:00
Nikolas Laskaris
8f09d34272
KEYCLOAK-18288 ( #8096 )
...
RealmsAdminResource now returns also a brief representation (not by default, to be backwards compatible) for realms[] if the appropriate flag is sent.
2021-09-20 15:32:15 -04:00
Vlastimil Elias
28e220fa6d
KEYCLOAK-18497 - Support different input types in built-in dynamic forms
2021-09-20 09:14:49 -03:00
Vlastimil Elias
2be5f528e4
KEYCLOAK-18700 - consistently record User profile attribute changes in
...
UPDATE_PROFILE event
2021-09-15 08:26:01 -03:00
David Hellwig
a6cd80c933
KEYCLOAK-16076 added new warining when cookies are disabled -with new branch- ( #7632 )
...
* KEYCLOAK-16076 added new warining when cookies are disabled
Co-authored-by: David Hellwig <david.hellwig@bosch.com>
Co-authored-by: Christoph Leistert <christoph.leistert@bosch-si.com>
2021-09-13 11:30:11 +02:00
Martin Bartoš
7c243c8427
KEYCLOAK-18590 Save Button Enabled For Empty Attributes
2021-09-01 10:51:20 +02:00
Thomas Darimont
fd2787ae7d
KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock skew
...
Make TimeBasedOTP#clockSkewIndexToDelta private.
2021-09-01 10:45:50 +02:00
Thomas Darimont
af892d469c
KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock skew
...
Add test case
2021-09-01 10:45:50 +02:00
Thomas Darimont
5898f9c390
KEYCLOAK-18880 TimeBasedOTP should use look-around to mitigate clock skew
...
Previously the TimeBasedOTP only looked behind to mitigate clock skew.
We now look around (look ahead + look behind) to better accommodate clock skew.
2021-09-01 10:45:50 +02:00
Martin Bartos
18cef60bbd
KEYCLOAK-19037 Problems with validation of Email field that contains uppercase character
2021-08-19 11:13:42 +02:00
Vlastimil Elias
afa6e31d36
[KEYCLOAK-19006] User Profile: Patched handling of the "whitespace-only"
...
texts in pattern and length validators
2021-08-10 08:43:58 -03:00
Simen Heggestøyl
624a9a3ed7
KEYCLOAK-18509 Fix permission error when deleting client
2021-08-05 11:55:24 -03:00
Thomas Darimont
17da3ee8d9
KEYCLOAK-18380 Fix Groups search by name returns unwanted groups
...
Previously the group search did not apply a given search query as filter
for groups along the group path.
We now filter the found groups with the given group search query if present.
2021-08-05 11:43:56 +02:00
keycloak-bot
262ec3d031
Set version to 16.0.0-SNAPSHOT
2021-07-30 14:56:10 +02:00
Vlastimil Elias
32f2f095fe
KEYCLOAK-7724 User Profile default validations
2021-07-29 08:42:37 +02:00
mposolda
643b3c4c5a
KEYCLOAK-18594 CIBA Ping Mode
2021-07-27 08:33:17 +02:00
Joerg Matysiak
9dff21d0a7
KEYCLOAK-18552
...
* added group as attribute metadata
* validation for groups and references to groups
* adapted template to use show attribute groups
* test and integration tests for attribute groups
2021-07-23 09:26:21 -03:00
Vlastimil Elias
61aa4e6a70
KEYCLOAK-18750 - Set "Email Verified" to false when email changed in
...
UserProfile Provider
2021-07-19 11:19:29 -03:00
bal1imb
fbaeb18a5f
KEYCLOAK-18471 Added ID to admin event object.
2021-07-16 12:46:07 +02:00
Pedro Igor
f1face6973
[KEYCLOAK-18748] - Do not remove attributes when declarative provider is enabled
2021-07-15 12:00:39 -03:00
Pedro Igor
1baab67f3b
[KEYCLOAK-18630] - Request object encryption support
2021-07-09 11:27:30 -03:00
Vlastimil Elias
6686482ba5
[KEYCLOAK-18591] - Support a dynamic IDP user review form
2021-07-09 10:05:26 -03:00
Pedro Igor
4099833be8
[KEYCLOAK-18693] - Declarative profile validating read-only attribute if it exists
2021-07-08 15:22:02 -03:00
Dmitry Telegin
3b3a61dfba
KEYCLOAK-18639 Token Exchange SPI Milestone 1
2021-07-06 15:48:45 -03:00
Hryhorii Hevorkian
2803685cd7
KEYCLOAK-18353 Implement Pushed Authorization Request inside the Keycloak
...
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-07-03 08:47:42 +02:00
Vlastimil Elias
04ff2c327b
[KEYCLOAK-18429] Support a dynamic update profile form
2021-07-02 10:22:47 -03:00
Vlastimil Elias
f32447bcc1
[KEYCLOAK-18424] GUI order for user profile attributes
2021-07-02 08:37:24 -03:00
lbortoli
164f3df080
KEYCLOAK-18502 - Support for additional parameters from the backchannel authentication request and backchannel authentication callback.
2021-07-01 00:31:26 +02:00
Vlastimil Elias
bcfa6e4309
KEYCLOAK-18592 - put attribute validators configuration into freemarker
...
template for user profile pages
2021-06-30 09:01:12 -03:00
Takashi Norimatsu
57c80483bb
KEYCLOAK-17936 FAPI-CIBA : support Signed Authentication Request
...
Co-authored-by: Pritish Joshi <pritish@banfico.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-06-29 08:07:40 +02:00
Pedro Igor
948f453e2d
[KEYCLOAK-18427] - Allowing switching to declarative provider
2021-06-28 15:50:04 -03:00
Vlastimil Elias
512bcd14f7
[KEYCLOAK-18428] - dynamic registration form
2021-06-25 17:11:15 -03:00
Vlastimil Elias
b7a4fd8745
KEYCLOAK-18423 - Support a user-friendly name property for user profile
...
attributes
2021-06-24 08:17:06 -03:00
Vlastimil Elias
458c841c39
[KEYCLOAK-18447] Dynamically select attributes based on requested scopes
2021-06-22 08:54:03 -03:00
rmartinc
b8452374d2
[KEYCLOAK-18473] Add max length to password policy
2021-06-22 10:15:48 +02:00
keycloak-bot
13f7831a77
Set version to 15.0.0-SNAPSHOT
2021-06-18 10:42:27 +02:00
Pedro Igor
ef3a0ee06c
[KEYCLOAK-17399] - Declarative User Profile and UI
...
Co-authored-by: Vlastimil Elias <velias@redhat.com>
2021-06-14 11:28:32 +02:00
mposolda
070c68e18a
KEYCLOAK-18069 Migration of client policies JSON from Keycloak 13
2021-06-10 10:40:14 +02:00
mposolda
ab13e3e4fe
KEYCLOAK-17939 Enable Client policies feature by default
2021-05-31 12:31:52 +02:00
vramik
2bf727d408
KEYCLOAK-17753 remove KeycloakModelUtils.isClientScopeUsed method
2021-05-28 21:07:14 +02:00
Michal Hajas
4dcb69596b
KEYCLOAK-18146 Search for clients by client attribute when doing saml artifact resolution
2021-05-27 23:02:22 +02:00
Stian Thorgersen
2cb59e2503
KEYCLOAK-17844 Add option to disable authorization services to workaround issues with many clients
2021-05-27 22:28:56 +02:00
Hynek Mlnarik
3d8f152787
KEYCLOAK-17747 KEYCLOAK-17754 Optimize getClients() calls
2021-05-27 22:12:56 +02:00
Martin Kanis
122fbe1bc6
KEYCLOAK-18298 ClearExpiredUserSessions timeouts with large number of sessions
2021-05-27 16:31:10 +02:00
vramik
3aa06c2721
KEYCLOAK-18073 avoid ModelDuplicateException during parallel starup of servers
2021-05-27 07:10:35 +02:00
Stefan Guilhen
eb631bf63b
[KEYCLOAK-8730] Ensure role mappers don't remove roles already granted by another mapper when updating a brokered user
2021-05-26 17:21:54 +02:00
Martin Kanis
1ab0d585a9
KEYCLOAK-11019 Initial support for lazy offline user-session loading
...
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
Co-authored-by: Thomas Darimont <thomas.darimont@gmail.com>
2021-05-26 09:54:28 +02:00
Vlastimil Elias
4ad1687f2b
[KEYCLOAK-17399] UserProfile SPI - Validation SPI integration
2021-05-20 15:26:17 -03:00
Pedro Igor
a0f8d2bc0e
[KEYCLOAK-17399] - Review User Profile SPI
...
Co-Authored-By: Vlastimil Elias <vlastimil.elias@worldonline.cz>
2021-05-20 08:44:24 -03:00
Vlastimil Eliáš
0913a22c30
KEYCLOAK-2045 Simple Validation SPI for UserProfile SPI ( #8053 )
...
* KEYCLOAK-2045 Simple Validation API
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-05-19 13:57:34 -03:00
vramik
4d776cd780
KEYCLOAK-18137 Fix introduced SPI name
2021-05-18 20:30:21 +02:00
Hynek Mlnarik
c2e2cbe180
KEYCLOAK-17749 Remove need for iterating by all clients
2021-05-18 09:28:42 +02:00
Peter Flintholm
919899b994
KEYCLOAK-18039: Optimise offline session load on startup
...
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2021-05-13 16:26:26 +02:00
Marek Posolda
a6d4316084
KEYCLOAK-14209 Client policies admin console support. Changing of format of JSON for client policies and profiles. Remove support for default policies ( #7969 )
...
* KEYCLOAK-14209 KEYCLOAK-17988 Client policies admin console support. Changing of format of JSON for client policies and profiles. Refactoring based on feedback and remove builtin policies
2021-05-12 16:19:55 +02:00
Pedro Igor
6397671c88
[KEYCLOAK-17885] - Delete user-managed policies when removing groups
2021-05-10 16:33:23 -03:00
keycloak-bot
4b44f7d566
Set version to 14.0.0-SNAPSHOT
2021-05-06 14:55:01 +02:00
Hynek Mlnarik
6d97a573e6
KEYCLOAK-17696 Make MapStorageFactory amphibian
2021-05-06 11:38:41 +02:00
Hynek Mlnarik
e46a5484c5
KEYCLOAK-17695 Split MapStorage provider and provider factory
2021-05-06 11:38:41 +02:00
Peter Skopek
b2ed99c70d
KEYCLOAK-16928 Fix typo in authenticatorFlow representation
2021-05-06 08:33:19 +02:00
Václav Muzikář
315b9e3c29
KEYCLOAK-17835 Account Permanent Lockout and login error messages
2021-05-03 09:39:34 +02:00
Takashi Norimatsu
65c48a4183
KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA) ( #7679 )
...
* KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA)
Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
Co-authored-by: Christophe Lannoy <c4r1570p4e@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-04-29 15:56:39 +02:00
Martin Kanis
515bfb5064
KEYCLOAK-16378 User / client session map store
...
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2021-04-28 09:09:15 +02:00
Pedro Igor
068a1811f2
[KEYCLOAK-17452] - Removing policies created from a user-managed policy
2021-04-21 11:30:57 -03:00
Michal Hajas
1e2db74d86
KEYCLOAK-16932 Authorization map storage
2021-04-16 17:26:16 +02:00
AlistairDoswald
8b3e77bf81
KEYCLOAK-9992 Support for ARTIFACT binding in server to client communication
...
Co-authored-by: AlistairDoswald <alistair.doswald@elca.ch>
Co-authored-by: harture <harture414@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2021-04-16 12:15:59 +02:00
stianst
a09142c43a
KEYCLOAK-17678 Fix getting client scope by name resulting in listing clients
2021-04-12 21:10:38 +02:00
Martin Bartoš
5a9068e732
KEYCLOAK-16401 Deny/Allow access in a conditional context
2021-04-09 12:04:45 +02:00
Takashi Norimatsu
42dec08f3c
KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation) ( #7780 )
...
* KEYCLOAK-16805 Client Policy : Support New Admin REST API (Implementation)
* support tests using auth-server-quarkus
* Configuration changes for ClientPolicyExecutorProvider
* Change VALUE of table REALM_ATTRIBUTES to NCLOB
* add author tag
* incorporate all review comments
Co-authored-by: mposolda <mposolda@gmail.com>
2021-04-06 16:31:10 +02:00
vramik
185075d373
KEYCLOAK-14552 Realm Map Store
2021-03-31 15:49:03 +02:00
vramik
c3b9c66941
KEYCLOAK-17460 invalidate client when assigning scope
2021-03-30 10:58:16 +02:00
Hynek Mlnarik
a36fafe04e
KEYCLOAK-17409 Support for amphibian (both component and standalone) provider
2021-03-25 13:28:20 +01:00
Andrew Elwell
c76ca4ad13
Correct "doesn't exists" typos - fixes KEYCLOAK-14986 ( #7316 )
...
* Correct "doesn't exists" typos
* Revert changes to imported package
Co-authored-by: Stian Thorgersen <stianst@gmail.com>
2021-03-16 11:52:36 +01:00
Joaquim Fellmann
d2c98b20f3
KEYCLOAK-17404: LDAPS connection tests not working when protocol set in upper case
2021-03-16 10:10:59 +01:00
Yang Xie
db30b470c4
KEYCLOAK-17342 Make the default value of default signature algorithm show up in the admin console
2021-03-16 09:15:22 +01:00
Michito Okai
298ab0bc3e
KEYCLOAK-7675 Support for Device Authorization Grant
2021-03-15 10:09:20 -03:00
Hiroyuki Wada
5edf14944e
KEYCLOAK-7675 SPI and default implementation for Device User Code.
...
Author: Hiroyuki Wada <h2-wada@nri.co.jp>
Date: Sun May 12 15:47:15 2019 +0900
Signed-off-by: Łukasz Dywicki <luke@code-house.org>
2021-03-15 10:09:20 -03:00
Hiroyuki Wada
9d57b88dba
KEYCLOAK-7675 Prototype Implementation of Device Authorization Grant.
...
Author: Hiroyuki Wada <h2-wada@nri.co.jp>
Date: Thu May 2 00:22:24 2019 +0900
Signed-off-by: Łukasz Dywicki <luke@code-house.org>
2021-03-15 10:09:20 -03:00
vramik
6e501946b1
KEYCLOAK-17021 Client Scope map store
2021-03-08 21:59:28 +01:00
Denis
23bfaef4bb
KEYCLOAK-15535 Account Log of user login with realm not available details when update profile
2021-03-04 08:06:36 +01:00
Takashi Norimatsu
c4bf8ecdf0
KEYCLOAK-16880 Client Policy - Condition : Negative Logic Support
2021-03-01 14:27:39 +01:00
mposolda
41dc94fead
KEYCLOAK-14483 Broker state param fix
2021-02-24 19:07:58 -03:00
Juan Manuel Rodriguez Alvarado
6255ebe6b5
[KEYCLOAK-16536] Implement Audit Events for Authorization Services requests
2021-02-22 17:28:59 -03:00
Oleksandr Kochubei
63b19389c1
KEYCLOAK-17189 - fixed NPE during migration due to missed "account" client
2021-02-19 22:21:58 +01:00
Pedro Igor
9356843c6c
[KEYCLOAK-16521] - Fixing secret for non-confidential clients
2021-02-19 08:38:49 +01:00
Pedro Igor
431f137c37
[KEYCLOAK-17123] - Avoid validation and updates for read-only attributes during updates
2021-02-17 17:57:46 +01:00
stefvdwel
5a500055f6
Added permission ticket /count endpoint. Todo: testing
2021-02-17 09:40:19 -03:00
Stefan Guilhen
bea3410357
[KEYCLOAK-17080] Fix ConcurrentModificationException in the migration to 8.0.0 that was introduced by the streamification work
2021-02-12 11:12:56 +01:00
Réda Housni Alaoui
6da396821a
KEYCLOAK-17014 Searching all users from admin console is very slow
2021-02-03 21:54:46 +01:00
Pedro Igor
cdf0ead957
[KEYCLOAK-16780] - Allow batching writes to storage when running migration ( #7717 )
...
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
Co-authored-by: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2021-01-29 09:35:19 -03:00
Martin Kanis
8432513daa
KEYCLOAK-16908 Refactor UserSessionPersisterProvider
2021-01-29 09:29:00 +01:00
Hynek Mlnarik
60e4bd622f
KEYCLOAK-16828 Fix HttpClient failures and close HttpResponses
2021-01-28 08:38:34 +01:00
mposolda
99a70267d9
KEYCLOAK-16801 Improve performance of ClearExpiredEvents background task
2021-01-27 09:57:46 +01:00
Martin Kanis
9f580e3ed8
KEYCLOAK-15695 Streamification cleanup
2021-01-20 14:39:53 +01:00
Michal Hajas
ba8e2fef6b
KEYCLOAK-15524 Cleanup user related interfaces
2021-01-18 16:56:10 +01:00
Pedro Igor
c631013031
[KEYCLOAK-16515] - Scope permissions not added to result if previous permission is granted
2021-01-14 17:08:05 +01:00
Albert-Jan Verhees
b0ac44cf7d
Applied PR suggestion: added resourceType and changed operation types
2021-01-13 16:23:31 +01:00
vramik
1402d021de
KEYCLOAK-14846 Default roles processing
2021-01-08 13:55:48 +01:00
Hynek Mlnarik
8af4a5fc85
KEYCLOAK-16648 Fix migration to 12
2020-12-18 08:58:59 +01:00
keycloak-bot
75be33ccad
Set version to 13.0.0-SNAPSHOT
2020-12-16 17:31:55 +01:00
Michal Hajas
8e376aef51
KEYCLOAK-15847 Add MapUserProvider
2020-12-10 08:57:53 +01:00
Stefan Guilhen
edef93cd49
[KEYCLOAK-16232] Streamify the UserCredentialStore and UserCredentialManager interfaces
2020-12-07 19:48:35 +01:00
Stefan Guilhen
73d0bb34c4
[KEYCLOAK-16232] Replace usages of deprecated collection-based methods with the respective stream variants
2020-12-07 19:48:35 +01:00
vramik
cd9e01af90
KEYCLOAK-16502 Migration of DELETE_ACCOUNT role
2020-12-01 13:10:20 +01:00
zak905
4f330f4a57
KEYCLOAK-953: add allowing user to delete his own account feature
2020-11-24 15:50:07 +01:00
st
a7666d4ccf
KEYCLOAK-11699 add support for 127.0.0.1 for native app
2020-11-20 11:03:29 +01:00
Stefan Guilhen
84df008bc2
[KEYCLOAK-16341] Make the new stream-based methods in server-spi user interfaces default instead of the collection-based versions.
...
- this ensures that providing implementation for the collection-based methods is enough, which preserves
backwards compatibility with older custom implementations.
- alternative interfaces now allow new implementations to focus on the stream variants of the query methods.
2020-11-18 21:07:51 +01:00
nkkumawat
43baf1bea7
KEYCLOAK-16381: error text moved to constants file
2020-11-18 21:05:58 +01:00
vmuzikar
01be601dbd
KEYCLOAK-14306 OIDC redirect_uri allows dangerous schemes resulting in potential XSS
...
(cherry picked from commit e86bec81744707f270230b5da40e02a7aba17830)
Conflicts:
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
services/src/main/java/org/keycloak/validation/DefaultClientValidationProvider.java
2020-11-12 08:21:54 +01:00
Dmitry Polienko
12d8247288
[KEYCLOAK-15571] Fix IdentityProviderFactory.createConfig signature
2020-11-11 17:30:35 +01:00
Martin Kanis
d9029b06b9
KEYCLOAK-15889 Streamification of ProtocolMappers
2020-11-10 16:40:34 +01:00
Stefan Guilhen
aa46735173
[KEYCLOAK-15200] Complement methods for accessing users with Stream variants
2020-11-10 15:13:11 +01:00
Martin Kanis
8d6577d66c
KEYCLOAK-15898 Streamification of Keymanager
2020-11-10 14:43:23 +01:00
Thomas Darimont
de20830412
KEYCLOAK-9551 KEYCLOAK-16159 Make refresh_token generation for client_credentials optional. Support for revocation of access tokens.
...
Co-authored-by: mposolda <mposolda@gmail.com>
2020-11-06 09:15:34 +01:00
Hynek Mlnarik
925f089d62
KEYCLOAK-16077 Remove need for MapStorage.replace
2020-10-29 15:40:47 +01:00
Pedro Igor
24f90ca6cb
[KEYCLOAK-15406] - Grant access when evaluating user-managed permission for the owner
2020-10-28 09:59:24 -03:00
Martin Kanis
086f7b4696
KEYCLOAK-15450 Complement methods for accessing realms with Stream variants
2020-10-14 08:16:49 +02:00
testn
269a72d672
KEYCLOAK-15184: Use static inner class where possible
2020-10-09 23:37:08 +02:00
Markus Till
f0ea7a04bd
remove unused getApplications method from user account
2020-10-05 17:02:22 -03:00
Markus Till
c71ce8cd2e
refactoring add UserProfileAttributes
2020-10-05 09:59:44 -03:00
Markus Till
695db3e8ef
remove unused isCreated Flag in user profile context
2020-10-05 09:59:44 -03:00
Markus Till
802a670cc5
have a factory like approach for profile contexts
2020-10-05 09:59:44 -03:00
Markus Till
21cfa54d4d
remove StoredUserProfile interface
2020-10-05 09:59:44 -03:00
Markus Till
72f73f153a
UserProfile M1
2020-10-05 09:59:44 -03:00
Martin Kanis
053f5bad1f
KEYCLOAK-15608 JsonFileImport...MigrationTest fails for map store
2020-09-22 12:29:24 +02:00
testn
2cd03569d6
KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader
2020-09-21 13:05:03 +02:00
mhajas
f7e0af438d
KEYCLOAK-14232 Add Referrer-Policy: no-referrer to each response from Keycloak
...
(cherry picked from commit 0b49640231abc6e465542bd2608e1c908c079ced)
2020-09-17 23:21:49 -07:00
Martin Kanis
5d5e56dde3
KEYCLOAK-15199 Complement methods for accessing roles with Stream variants
2020-09-16 16:29:51 +02:00
Martin Kanis
4e9bdd44f3
KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak
2020-09-07 13:11:55 +02:00
Zack Powers
0001a930b4
KEYCLOAK-15068: Fix 15068 by parameterizing ProviderFactory with LoginFormsProvider.
2020-09-01 12:17:17 +02:00
mhajas
bdccfef513
KEYCLOAK-14973 Create GroupStorageManager
2020-09-01 10:21:39 +02:00
Martin Kanis
d59a74c364
KEYCLOAK-15102 Complement methods for accessing groups with Stream variants
2020-08-28 20:56:10 +02:00
Thomas Darimont
300b15e604
KEYCLOAK-15214 Improve SimpleHTTP
...
- Added support for configuring socket, connect and request timeouts on request level.
- Added support for HTTP HEAD and HTTP PATCH methods
- Small refactorings
2020-08-26 10:34:11 +02:00
Martin Kanis
4be99772d8
KEYCLOAK-14967 Closing streams obtained from JPA layer
2020-08-25 21:47:24 +02:00
Thomas Darimont
df94cefbc1
KEYCLOAK-12729 Revise password policy not-email tests
...
- Added missing cleanup to RegisterTest
- Revised test-setup for AccountFormServiceTest
2020-08-21 14:55:07 +02:00
Thomas Darimont
0f967b7acb
KEYCLOAK-12729 Add password policy not-email
...
Added test cases and initial translations
2020-08-21 14:55:07 +02:00
Pratik Somanagoudar
f486e97c18
KEYCLOAK-15087 : Reduce get client and get roles calls in realm create
2020-08-20 08:49:51 -03:00
mhajas
ae39760a62
KEYCLOAK-14972 Add independent GroupProvider interface
2020-08-13 21:13:12 +02:00
David Hellwig
ddc2c25951
KEYCLOAK-2940 - draft - Backchannel Logout ( #7272 )
...
* KEYCLOAK-2940 Backchannel Logout
Co-authored-by: Benjamin Weimer <external.Benjamin.Weimer@bosch-si.com>
Co-authored-by: David Hellwig <hed4be@bosch.com>
2020-08-12 09:07:58 -03:00
testn
d634ca3885
KEYCLOAK-14978: Optimize addDefaultClientScopes() when there is no default scopes
...
This eliminates an extra database call to check whether the scopes already exist
2020-08-06 10:42:30 -03:00
zak905
8597edba8e
KEYCLOAK-14851: make AIA max auth age configurable per AIA
2020-08-04 13:30:37 -04:00
vramik
6b00633c47
KEYCLOAK-14812 Create RoleStorageManager
2020-07-31 15:11:25 -03:00
vramik
bfa21c912c
KEYCLOAK-14811 Create RoleProvider and make it independent of ClientProvider and RealmProvider
2020-07-31 15:11:25 -03:00
Martin Idel
97400827d2
KEYCLOAK-14870: Fix bug where user is incorrectly imported
...
Bug: SerializedBrokeredIdentityContext was changed to mirror
UserModel changes. However, when creating the user in LDAP,
the username must be provided first (everything else can
be handled via attributes).
2020-07-29 11:33:41 +02:00
Martin Kanis
feef5b4db2
KEYCLOAK-14220 Complement methods for accessing clients with Stream variants
2020-07-27 10:38:39 +02:00
keycloak-bot
afff0a5109
Set version to 12.0.0-SNAPSHOT
2020-07-22 14:36:15 +02:00
Hynek Mlnarik
8fae2997c9
KEYCLOAK-14553 Improve logging
2020-07-22 00:08:15 +02:00
Hynek Mlnarik
c566b46e8f
KEYCLOAK-14549 Make ClientProvider independent of RealmProvider
...
Co-Authored-By: vramik <vramik@redhat.com>
2020-07-22 00:08:15 +02:00
Hynek Mlnarik
ac0011ab6f
KEYCLOAK-14553 Client map store
...
Co-Authored-By: vramik <vramik@redhat.com>
2020-07-22 00:08:15 +02:00
Pedro Igor
7501e42969
[KEYCLOAK-14646] - Improving permission resolution and evaluation
2020-07-21 14:22:09 +02:00
Takashi Norimatsu
e0fbfa722e
KEYCLOAK-14189 Client Policy : Basics
2020-07-21 07:50:08 +02:00
Jan Lieskovsky
969b09f530
[KEYCLOAK-13692] Upgrade to Wildfly "20.0.1.Final" and Infinispan "10.1.8.Final"
...
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
2020-07-20 22:15:08 +02:00
vmuzikar
7087c081f0
KEYCLOAK-14023 Instagram User Endpoint change
...
Co-authored-by: Jean-Baptiste PIN <jibet.pin@gmail.com>
2020-07-10 17:36:51 -03:00
Schlier, Fabian
9a7b91bdc2
KEYCLOAK-14310 Replaced string by constant after review amendment
2020-07-09 09:53:02 +02:00
Schlier, Fabian
ad836d1768
KEYCLOAK-14310 Added fix that considers Content-Type for data encoding and added corresponding test
2020-07-09 09:53:02 +02:00
testn
78a1c6cf23
KEYCLOAK-14687: Pbkdf2PasswordHashProviderFactory does not use DEFAULT_ITERATIONS
2020-07-08 14:00:32 +02:00
Eric Rodrigues Pires
de9a0a0a4a
[KEYCLOAK-13044] Fix owner name representations of UMA tickets for client-owned resources
2020-07-01 18:15:22 -03:00
Martin Idel
05b6ef8327
KEYCLOAK-14536 Migrate UserModel fields to attributes
...
- In order to make lastName/firstName/email/username field
configurable in profile
we need to store it as an attribute
- Keep database as is for now (no impact on performance, schema)
- Keep field names and getters and setters (no impact on FTL files)
Fix tests with logic changes
- PolicyEvaluationTest: We need to take new user attributes into account
- UserTest: We need to take into account new user attributes
Potential impact on users:
- When subclassing UserModel, consistency issues may occur since one can
now set e.g. username via setSingleAttribute also
- When using PolicyEvaluations, the number of attributes has changed
2020-06-25 14:50:57 +02:00
Tero Saarni
3c82f523ff
[KEYCLOAK-14343] Truststore SPI support for LDAP with StartTLS
...
Signed-off-by: Tero Saarni <tero.saarni@est.tech>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-06-11 18:07:53 +02:00
Yoshiyuki Tabata
f03ee2ec98
KEYCLOAK-14145 OIDC support for Client "offline" session lifespan
2020-06-04 14:24:52 +02:00
stianst
90b29b0e31
KEYCLOAK-14107 Admin page content blocked on v10.0.0 due to content security policy
2020-05-29 13:57:38 +02:00
cachescrubber
3382682115
KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation … ( #6962 )
...
* KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation (RFC-3062).
* KEYCLOAK-10927 - Introduce getLDAPSupportedExtensions(). Use result instead of configuration.
Co-authored-by: Lars Uffmann <lars.uffmann@vitroconnect.de>
Co-authored-by: Kevin Kappen <kevin.kappen@vitroconnect.de>
Co-authored-by: mposolda <mposolda@gmail.com>
2020-05-20 21:04:45 +02:00
mposolda
12d965abf3
KEYCLOAK-13047 LDAP no-import fixes. Avoid lost updates - dont allow update attributes, which are not mapped to LDAP
2020-05-19 16:58:25 +02:00
Thomas Darimont
6211fa90e0
KEYCLOAK-10932 Honor given_name and family_name in OIDC brokering
...
Previously firstname and lastname were derived from the name claim.
We now use direct mappings to extract firstname and lastname from
given_name and family_name claims.
Added test to KcOidcFirstBrokerLoginTest
Marked org.keycloak.broker.provider.BrokeredIdentityContext#setName
as deprecated to avoid breaking existing integrations.
2020-05-19 09:10:43 +02:00
Michael Cooney
3291161954
KEYCLOAK-13818: Addressing performance issues with adding client scopes during realm creation. Removing redundant lookups by passing all scopes that need to be created at once.
2020-05-12 15:59:42 +02:00
mposolda
a878bec60f
KEYCLOAK-14007 Missing RHSSO 7.4 version in MigrationModelManager
2020-04-30 08:38:40 +02:00
keycloak-bot
ae20b7d3cd
Set version to 11.0.0-SNAPSHOT
2020-04-29 12:57:55 +02:00
Yoshiyuki Tabata
874642fe9e
KEYCLOAK-12406 Add "Client Session Max" and "Client Session Idle" for OIDC
2020-04-28 15:34:25 +02:00
stianst
5b017e930d
KEYCLOAK-13128 Security Headers SPI and response filter
2020-04-28 15:28:24 +02:00
Pedro Igor
dacbe22d53
[KEYCLOAK-9896] - Authorization Scope modified improperly when updating Resource
2020-04-27 08:38:55 +02:00
Martin Idel
7e8018c7ca
KEYCLOAK-11862 Add Sync mode option
...
- Store in config map in database and model
- Expose the field in the OIDC-IDP
- Write logic for import, force and legacy mode
- Show how mappers can be updated keeping correct legacy mode
- Show how mappers that work correctly don't have to be modified
- Log an error if sync mode is not supported
Fix updateBrokeredUser method for all mappers
- Allow updating of username (UsernameTemplateMapper)
- Delete UserAttributeStatementMapper: mapper isn't even registered
Was actually rejected but never cleaned up: https://github.com/keycloak/keycloak/pull/4513
The mapper won't work as specified and it's not easy to tests here
- Fixup json mapper
- Fix ExternalKeycloakRoleToRoleMapper:
Bug: delete cannot work - just delete it. Don't fix it in legacy mode
Rework mapper tests
- Fix old tests for Identity Broker:
Old tests did not work at all:
They tested that if you take a realm and assign the role,
this role is then assigned to the user in that realm,
which has nothing to do with identity brokering
Simplify logic in OidcClaimToRoleMapperTests
- Add SyncMode tests to most mappers
Added tests for UsernameTemplateMapper
Added tests to all RoleMappers
Add test for json attribute mapper (Github as example)
- Extract common test setup(s)
- Extend admin console tests for sync mode
Signed-off-by: Martin Idel <external.Martin.Idel@bosch.io>
2020-04-24 15:54:32 +02:00
keycloak-bot
33314ae3ca
Set version to 10.0.0-SNAPSHOT
2020-04-21 09:19:32 +02:00
vramik
307c9be89d
KEYCLOAK-13247 NPE during migration when manage-account role missing
2020-04-16 12:26:39 +02:00
vramik
2b3810606e
KEYCLOAK-13303 NPE importing realm if authenticatorConfig has null alias
2020-04-14 19:24:48 +02:00