Commit graph

13348 commits

Author SHA1 Message Date
Thomas Darimont
c49dbd66fa KEYCLOAK-15437 Ensure at_hash is generated for IDTokens on token-refresh 2021-05-20 16:05:11 +02:00
Hynek Mlnarik
860fc4c06c KEYCLOAK-17756 KEYCLOAK-17757 Optimize IdP-first lookup 2021-05-20 14:44:55 +02:00
Pedro Igor
a0f8d2bc0e [KEYCLOAK-17399] - Review User Profile SPI
Co-Authored-By: Vlastimil Elias <vlastimil.elias@worldonline.cz>
2021-05-20 08:44:24 -03:00
vramik
1c283cdebc KEYCLOAK-14301 OTP secrets migrated incorrectly 2021-05-20 13:19:27 +02:00
rmartinc
b97f177f26 [KEYCLOAK-14696] Unable to fetch list of members from a group through keycloak admin console. 2021-05-20 11:32:23 +02:00
Michal Hajas
3bb5bff8e0 KEYCLOAK-17495 Do not include principal in the reference to broker sessionId 2021-05-20 11:32:11 +02:00
vramik
3913526934 KEYCLOAK-18031 Update to 13.0.0 fails due to liquibase error 2021-05-20 11:29:02 +02:00
Václav Muzikář
d0f01740be KEYCLOAK-18043 Client Policy UI Improvements: Navigation 2021-05-20 07:54:53 +02:00
Vlastimil Eliáš
0913a22c30
KEYCLOAK-2045 Simple Validation SPI for UserProfile SPI (#8053)
* KEYCLOAK-2045 Simple Validation API

Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-05-19 13:57:34 -03:00
mhajas
e609949264 KEYCLOAK-17267 Add index to user attribute name and value to support user sync from ldap 2021-05-19 13:38:11 +02:00
mposolda
d3e9e21abd KEYCLOAK-17906 Use auto-configure instead of is-augment. Use default-client-authenticator option in SecureClientAuthenticatorExecutor 2021-05-19 12:18:11 +02:00
Václav Muzikář
23fef24fe1 KEYCLOAK-18042 Client Policy UI Improvements: Add delete confirmation modal dialog 2021-05-19 11:57:14 +02:00
Hynek Mlnarik
c02a706a86 KEYCLOAK-17748 Optimize validation of redirect URIs in logout endpoint
Reimplementation of KEYCLOAK-17718
2021-05-18 20:31:21 +02:00
vramik
4d776cd780 KEYCLOAK-18137 Fix introduced SPI name 2021-05-18 20:30:21 +02:00
Bruno Oliveira da Silva
008fa8c2b1 [KEYCLOAK-18030] Upgrade Freemarker 2021-05-18 12:59:40 -03:00
Martin Bartoš
8c299b417a KEYCLOAK-17784: Remember me - fix test 2021-05-18 16:15:30 +02:00
Bastian Ike
5c3d7f186e KEYCLOAK-17784: URL encode Keycloak's remember-me cookie to allow non-ascii usernames.
International users using non-ascii symbols such as the german `äöü`
will make Keycloak set the KEYCLOAK_REMEMBER_ME cookie without URL
encoding. This will trigger an java.lang.IllegalArgumentException:
UT000173 exception in undertow's cookie parser which does not
allow non-ascii characters.

Co-authored-by: Fabian Freyer <mail@fabianfreyer.de>
2021-05-18 16:15:30 +02:00
Václav Muzikář
65fbf3f68c KEYCLOAK-18079 Client Policy UI Improvements: JSON error handling 2021-05-18 16:12:48 +02:00
Mathieu CLAUDEL
df714506cc KEYCLOAK-17655 - Can't impersonate 2021-05-18 14:16:01 +02:00
mposolda
71dcbec642 KEYCLOAK-18108 Refactoring retrieve of condition/executor providers. Make sure correct configuration of executor/condition is used for particular provider 2021-05-18 12:20:47 +02:00
Hynek Mlnarik
c2e2cbe180 KEYCLOAK-17749 Remove need for iterating by all clients 2021-05-18 09:28:42 +02:00
mposolda
b8a7750000 KEYCLOAK-18113 Refactor some executor/condition provider IDs 2021-05-18 09:17:41 +02:00
Nikolas Laskaris
35601aaaba
KEYCLOAK-17140 (#7781) 2021-05-17 14:49:26 -04:00
Gregor Tudan
10f7ea01d4 KEYCLOAK-16091: only persist webauthn-authentication count if the authenticator increments it beyond zero
Fixes an issue with Apple Keys stored in the secure enclave. They don's support counters and recommend attestation instead. This is a valid design choice according to the Webauthn-Spec (counters are mentioned as SHOULD)
2021-05-17 08:42:50 +02:00
Václav Muzikář
62e6883524 KEYCLOAK-17084 KEYCLOAK-17434 Support querying clients by client attributes 2021-05-14 13:58:53 +02:00
Pedro Igor
62e17f3be7 [KEYCLOAK-17588] - Authz confirmation popping out twice 2021-05-14 07:21:06 -03:00
Pedro Igor
927c359693
[KEYCLOAK-18086] - cluster-stack setting not working (#8037) 2021-05-14 09:54:01 +02:00
Tomas Kyjovsky
1292135729 KEYCLOAK-17322 Align tested databases with EAP 7.4 support matrix 2021-05-14 09:27:00 +02:00
Bruno Oliveira da Silva
a6ab3119d6
[KEYCLOAK-18059] Upgrade dev dependencies for the new Account Console (#8020) 2021-05-13 19:37:22 -04:00
vramik
d78d4a8d47 KEYCLOAK-17760 deprecate ScopeMappedResource.getScopeMappings() 2021-05-13 16:56:42 +02:00
Peter Flintholm
919899b994 KEYCLOAK-18039: Optimise offline session load on startup
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2021-05-13 16:26:26 +02:00
Bruno Oliveira da Silva
87282ad18d [KEYCLOAK-18060] Upgrade commons-io 2021-05-13 10:22:17 -03:00
Alfredo Boullosa
716afe9404 KEYCLOAK-18075 - Remove "role_list" from expected default client scopes 2021-05-13 10:30:12 +02:00
Marek Posolda
a6d4316084
KEYCLOAK-14209 Client policies admin console support. Changing of format of JSON for client policies and profiles. Remove support for default policies (#7969)
* KEYCLOAK-14209 KEYCLOAK-17988 Client policies admin console support. Changing of format of JSON for client policies and profiles. Refactoring based on feedback and remove builtin policies
2021-05-12 16:19:55 +02:00
mhajas
f37a24dd91 KEYCLOAK-17348 Add manual pagination into UserStorageManager#query 2021-05-12 15:09:36 +02:00
Hynek Mlnarik
8feefe94ac KEYCLOAK-18074 Ignore server version for MySQL in ChangeLogHistoryService 2021-05-12 15:01:30 +02:00
Jeff MAURY
1be81bff7a
KEYCLOAK-17400: allow installed adapter to be reused (#7853)
* KEYCLOAK-17400: allow installed adapter to be reused

Also add a close method to stop callback if response has not been received yet

Signed-off-by: Jeff MAURY <jmaury@redhat.com>
2021-05-12 09:46:00 -03:00
Takashi Norimatsu
355a5d65fb KEYCLOAK-18052 Client Policies : Revise SecureRequestObjectExecutor to have an option for checking nbf claim 2021-05-11 14:29:33 +02:00
Hynek Mlnarik
f25de94ae1 KEYCLOAK-18070 Report test coverage for model tests 2021-05-11 14:28:17 +02:00
rmartinc
2539bd9ed3 [KEYCLOAK-17903] idp metadata describing one entity MUST have EntityDescriptor root element 2021-05-11 13:02:13 +02:00
Takashi Norimatsu
5dced05591 KEYCLOAK-18050 Client Policies : Rename "secure-redirecturi-enforce-executor" to indicate what this executor does 2021-05-11 07:42:18 +02:00
Pedro Igor
6397671c88 [KEYCLOAK-17885] - Delete user-managed policies when removing groups 2021-05-10 16:33:23 -03:00
Pedro Igor
1855a5e17c [KEYCLOAK-17923] - No marshaller registered for clustered sessions in Keycloak.X 2021-05-10 16:15:24 -03:00
Bruno Oliveira da Silva
bbc8d83f64 [KEYCLOAK-17997] Upgrade Spring Security 2021-05-10 12:15:01 -03:00
Tjeu Kayim
0bf347e26d KEYCLOAK-17897 Parse CLI arguments with multiple =
To support cases like --db-url=jdbc:mariadb://localhost/kc?a=1
Reverts a part of commit 04415d34ea
2021-05-10 10:12:40 -03:00
Yoshiyuki Tabata
ce4f31a8c3 KEYCLOAK-17801 Help message for DB is incorrect 2021-05-10 08:09:01 -03:00
Takashi Norimatsu
b4e4e75743 KEYCLOAK-17928 Determine public client based on token_endpoint_auth_method during OIDC dynamic client registration 2021-05-10 08:24:18 +02:00
Takashi Norimatsu
624d300a55 KEYCLOAK-17938 Not possible to create client in the admin console when client policy with "secure-redirecturi-enforce-executor" condition is used 2021-05-07 17:52:09 +02:00
Takashi Norimatsu
b38b1eb782 KEYCLOAK-17895 SecureSigningAlgorithmEnforceExecutor: Ability to auto-configure default algorithm 2021-05-07 12:37:39 +02:00
Takashi Norimatsu
faab3183e0 KEYCLOAK-18034 Enforce SecureSigningAlgorithmForSignedJwtEnforceExecutor to private-key-jwt clients regardless their option 2021-05-07 12:26:46 +02:00