Takashi Norimatsu
244a1b2382
KEYCLOAK-14196 Client Policy - Condition : Client - Client Scope
2020-11-12 08:40:28 +01:00
vmuzikar
01be601dbd
KEYCLOAK-14306 OIDC redirect_uri allows dangerous schemes resulting in potential XSS
...
(cherry picked from commit e86bec81744707f270230b5da40e02a7aba17830)
Conflicts:
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
services/src/main/java/org/keycloak/validation/DefaultClientValidationProvider.java
2020-11-12 08:21:54 +01:00
Takashi Norimatsu
e35a4bcefc
KEYCLOAK-14206 Client Policy - Executor : Enforce more secure state and nonce treatment for preventing CSRF
2020-11-11 21:11:34 +01:00
Pedro Igor
852c4a57ff
[KEYCLOAK-14468] - Scope permission sometimes not removed when removing scopes
2020-11-11 08:44:28 +01:00
niwde
c69f92831b
[KEYCLOAK-16215] Typo in EventConfigTest
2020-11-10 13:54:39 -03:00
Martin Kanis
d9029b06b9
KEYCLOAK-15889 Streamification of ProtocolMappers
2020-11-10 16:40:34 +01:00
Takashi Norimatsu
a0b1710735
KEYCLOAK-14198 Client Policy - Condition : Client - Client IP
2020-11-10 15:37:26 +01:00
Stefan Guilhen
aa46735173
[KEYCLOAK-15200] Complement methods for accessing users with Stream variants
2020-11-10 15:13:11 +01:00
Takashi Norimatsu
a63814da67
KEYCLOAK-14201 Client Policy - Executor : Enforce Proof Key for Code Exchange (PKCE)
2020-11-09 08:18:05 +01:00
Thomas Darimont
de20830412
KEYCLOAK-9551 KEYCLOAK-16159 Make refresh_token generation for client_credentials optional. Support for revocation of access tokens.
...
Co-authored-by: mposolda <mposolda@gmail.com>
2020-11-06 09:15:34 +01:00
vmuzikar
2df62369c3
KEYCLOAK-15295 User can manage resources with just "view-profile" role using new Account Console
...
(cherry picked from commit 1b063825755d9f5aa13e612757e8ef7299430761)
2020-11-06 08:55:57 +01:00
stianst
6b2e1cbc5f
KEYCLOAK-16167 Enable Account REST API by default
2020-11-06 08:06:03 +01:00
Takashi Norimatsu
6dc136dfc0
KEYCLOAK-14199 Client Policy - Executor : Enforce more secure client authentication method when client registration
2020-11-05 20:42:49 +01:00
Martin Bartos
7522d5ac74
KEYCLOAK-15841 Upgrade rest of the minor forms to PF4
2020-11-05 17:58:41 +01:00
Hynek Mlnarik
7b8575fa1a
KEYCLOAK-16090 Work around LDAPUserLoginTest false failures
2020-11-03 08:38:54 +01:00
Christoph Leistert
e131de9574
KEYCLOAK-14855 Added realm-specific localization texts which affect texts in every part of the UI (admin console / login page / personal info page / email templates). Also new API endpoints and a new UI screen to manage the realm-specific localization texts were introduced.
...
Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io>
2020-10-30 08:02:43 -03:00
vramik
785f2e78bc
KEYCLOAK-14977 create MapRoleProvider
2020-10-30 08:15:22 +01:00
Johannes Knutsen
23c575c236
KEYCLOAK-15399: Wrong token type in token response. bearer vs Bearer
2020-10-28 10:38:22 -03:00
Pedro Igor
24f90ca6cb
[KEYCLOAK-15406] - Grant access when evaluating user-managed permission for the owner
2020-10-28 09:59:24 -03:00
Martin Bartos
a8df7d88a1
[KEYCLOAK-14139] Upgrade login screen to PF4
2020-10-27 20:24:07 +01:00
Hynek Mlnarik
267f1797d4
KEYCLOAK-15735 Fix LDAPSamlIdPInitiatedVaryingLetterCaseTest failures on few DBs
2020-10-23 15:15:03 +02:00
Hynek Mlnarik
e80538c60c
KEYCLOAK-15921 Fix auth server URL
2020-10-23 15:14:01 +02:00
Daniel Fesenmeyer
de8d2eafa3
KEYCLOAK-14781 Extend Admin REST API with search by federated identity
...
- Add parameters idpAlias and idpUserId to the resource /{realm}/users and allow it to be combined with the other search parameters like username, email and so on
- Add attribute "federatedIdentities" to UserEntity to allow joining on this field
- extend integration test "UserTest"
2020-10-22 08:51:26 +02:00
Sven-Torben Janus
850d3e7fef
KEYCLOAK-15511 OTP registration during login with LDAP read-only
...
When LDAP user federation is configured in read-only mode, it is not
possible to set required actions for users from LDAP.
Keycloak credential model allows for registering OTP devices when LDAP
ist configured with "Import Users" flag enabled. Registering OTP devices
needs to be done via the account management console and works as
expecetd. However, it fails, if a user has to register aN OTP device
during login (i.e. within the authentication flow), because the OTP Form
Authenticator tries to enforce OTP registration via setting the
corresponding required action for the user. That fails, because the user
is read-only.
To work around this, the required action is set on the authentication
session instead.
2020-10-21 17:00:11 +02:00
mposolda
7891daef73
KEYCLOAK-15998 Keycloak OIDC adapter broken when Keycloak server is on http
2020-10-21 08:36:08 +02:00
mhajas
4556e858ad
KEYCLOAK-15522 Use AbstractStorageManager in UserStorageManager
2020-10-15 20:41:13 +02:00
Sven-Torben Janus
eb002c7ecd
KEYCLOAK-3365 Extend test case
2020-10-15 08:43:31 +02:00
Sven-Torben Janus
5918094840
KEYCLOAK-3365 Add test case
2020-10-15 08:43:31 +02:00
mhajas
d266165f63
KEYCLOAK-14871 Whitelist RefreshableKeycloakSecurityContext for KeycloakPrincipal serialization
2020-10-14 16:00:39 +02:00
Martin Kanis
086f7b4696
KEYCLOAK-15450 Complement methods for accessing realms with Stream variants
2020-10-14 08:16:49 +02:00
Hynek Mlnarik
4541a1b250
KEYCLOAK-15907 Fix new host in SAML adapter cannot restore session
2020-10-12 13:23:03 +02:00
Luca Leonardo Scorcia
f274ec447b
KEYCLOAK-15697 Make the Service Provider Entity ID user configurable
2020-10-09 22:04:02 +02:00
mposolda
ff05072c16
KEYCLOAK-15770 Skip creating session for docker protocol authentication
2020-10-09 07:53:26 +02:00
mposolda
d269af1b70
KEYCLOAK-15830 Remove authentication session after failed directGrant authentication
2020-10-07 18:13:21 +02:00
vmuzikar
bb7ce62cd5
KEYCLOAK-15332 Missing CORS headers in some endpoints in Account REST API
2020-10-07 09:07:55 -03:00
mhajas
540516c6a9
KEYCLOAK-15734 Exclude tests with testingClient in remote environment
2020-10-06 20:26:24 +02:00
dashaylan
65ecfc960a
Combine UserInfo KcOidcBrokerConfiguration with OidcUserInfoClaimToRoleMapperTest
2020-10-06 08:44:02 +02:00
dashaylan
787d44be78
Reduce code duplication and test count
2020-10-06 08:44:02 +02:00
dashaylan
0d6da99844
Add UserInfo check fix and associated tests.
2020-10-06 08:44:02 +02:00
Markus Till
72f73f153a
UserProfile M1
2020-10-05 09:59:44 -03:00
Michito Okai
eac3341241
KEYCLOAK-15779 Authorization Server Metadata for the URL of the
...
authorization server's JWK Set [JWK] document
2020-10-02 11:18:31 +02:00
Thomas Darimont
12576e339d
KEYCLOAK-15146 Add support for searching users by emailVerified status
...
We now allow to search for users by their emailVerified status.
This enables users to easily find users and deal with incomplete user accounts.
2020-09-29 08:28:59 -03:00
vmuzikar
fbe18e67c3
KEYCLOAK-15721 KeycloakPromise sometimes doesn't work
2020-09-28 15:57:46 -03:00
Takashi Norimatsu
6596811d5d
KEYCLOAK-14204 FAPI-RW Client Policy - Executor : Enforce Request Object satisfying high security level
2020-09-25 08:31:14 +02:00
mhajas
e4078933f8
KEYCLOAK-14828 Disable DTD for SAML XML parser
...
(cherry picked from commit 37de7de78b2ae0eebee97fe917642bb849325f86)
2020-09-24 13:35:21 +02:00
Pedro Igor
76dede0f1e
[KEYCLOAK-14221] - Allow to map subject to userinfo response
2020-09-23 14:33:14 +02:00
vmuzikar
bca73fd04a
KEYCLOAK-15158 Javascript adapter init() is throwing a promise error after upgrade to 11
2020-09-22 10:56:46 -03:00
Frode Ingebrigtsen
0a0b7da53e
KEYCLOAK-15429 Add CORS origin on permission request with invalid access token
2020-09-22 08:56:21 -03:00
Denis
50210c4d9b
KEYCLOAK-14161 Regression on custom registration process
2020-09-21 20:23:39 +02:00
mhajas
12bc84322a
KEYCLOAK-14974 Map group storage provider
2020-09-21 15:56:32 +02:00