Mauro de Wit
2c238b9f04
session-limiting-feature ( #8260 )
...
Closes #10077
2022-02-08 19:16:06 +01:00
alisonbruno97
d1b64f47fa
Update Portuguese (Brazil) translations #9892 ( #9893 )
2022-02-08 12:35:31 +01:00
Alexander Schwartz
100dbb8781
Rework escaping of special characters in message properties for account console ( #9995 )
...
Closes #9503
2022-02-07 14:47:03 -05:00
Martin Bartoš
5494848f3f
Not possible to register webauthn key on Firefox
...
Closes #10020
2022-02-07 12:21:22 +01:00
Marek Posolda
d9c8cb30a5
Closes #9498 - Fix cases when user is forced to re-authenticate ( #9580 )
2022-02-07 09:02:08 +01:00
Martin Bartoš
d82122b982
Store information about transport media of WebAuthn authenticator
...
Closes #9800
2022-02-04 19:36:30 +01:00
Daniel Gozalo
3528e7ba54
[ fixes #9224 ] - Get consented scopes from AuthorizationContext
...
Always show the consent screen when a dynamic scope is requested and show the requested parameter
Improve the code that handles dynamic scopes consent and add some log traces
Add a test to check how we show dynamic scope in the consent screen and added missing template file change
Fix merge problem in comment and improve other comments
Fix the Dynamic Scope test by assigning it to the client as optional instead of default
Change how dynamic scopes are represented in the consent screen and adapt test
2022-02-02 09:10:20 +01:00
Andreas Rühl
99213ab042
hardcoded string replaced with localization ( #9543 )
...
Co-authored-by: Andreas Ruehl <ar@asuar.de>
2022-01-31 15:15:32 -05:00
Andreas Ruehl
f11b049e52
Missing translation of webauthn-doAuthenticate added
...
closes #9424
2022-01-28 17:48:10 +01:00
Daniel Gozalo
4136bf7700
[ fixes #9750 ] Make sure a Dynamic scope isn't assignable to a client as a default scope, and only show non-dynamic scopes in the available client scopes client menu
2022-01-26 13:32:04 +01:00
Christoph Leistert
e751626ac8
Closes #9418 : Admin UI: sort the realm localization texts alphabetically ( #9419 )
2022-01-21 10:49:22 -05:00
Pedro Igor
4c747047ce
Backward compatibility for lower-case bearer type in token responses ( #9538 )
...
Closes #9537
2022-01-13 08:34:45 +01:00
Daniel Gozalo
8ea09d3816
[ fixes #9222 ] - Let users configure Dynamic Client Scopes ( #9327 )
2022-01-12 14:27:24 +01:00
Yoshiyuki Tabata
1ff558bd9e
Closes #9488
2022-01-12 09:06:48 +01:00
Martin Bartoš
8649ca3d50
Multiple active tabs when realm name equals name of the tab in Admin console ( #9438 )
...
Closes #9421
2022-01-11 16:01:28 -05:00
Martin Bartoš
d75d28468e
KEYCLOAK-19490 Add more details about 2FA to authenticate page ( #9252 )
...
Closes #9494
2022-01-11 09:16:22 +01:00
Yoshiyuki Tabata
baad104673
KEYCLOAK-18880 change "look ahead window" to "look around window" ( #9341 )
...
Closes #9340
2022-01-05 20:04:50 +01:00
CorneliaLahnsteiner
dff79cee3c
KEYCLOAK-847 Add support for step up authentication ( #7897 )
...
KEYCLOAK-847 Fix behavior of unknown not essential acr claim
Co-authored-by: Georg Romstorfer <georg.romstorfer@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2021-12-22 12:43:12 +01:00
Ben Tatham
f201760a4a
Fixed #8892 "does not exists" language
2021-12-21 20:24:13 +01:00
Yoshiyuki Tabata
db60f56fe8
Translate the title of the login screen into Japanese ( #9266 )
2021-12-21 13:00:17 +01:00
Joaquim Fellmann
cdd5c47ed7
Update french translation for account console
2021-12-15 08:09:50 +01:00
aznamier
04da528b35
KEYCLOAK-19371 - fix for UI crash when logged in user has access to ( #9088 )
...
multiple realms and at the same time that user has only limited role
(eg: view-users) which does not allow to see realm details. Crash was
happening on switching the realm.
2021-12-14 14:10:50 -05:00
Pedro Igor
74970ac043
[ fixes #9128 ] - Enable new admin console to Dist.X
2021-12-14 07:24:03 -08:00
Martin Bartoš
faefeccbee
KEYCLOAK-19487 Test cases for managing 2FA authenticators in account console
2021-12-12 11:36:51 +01:00
Seán McGowan
38174212f9
Fix issue where Patternfly background clashes with Keycloak one ( #8422 )
2021-12-10 15:51:53 -05:00
Martin Bartoš
3c3c33038a
KEYCLOAK-19550 Completely remove Zocial CSS components ( #8581 )
2021-12-10 15:46:28 -05:00
Martin Bartoš
5283db86c4
KEYCLOAK-19489 Verify WebAuthn settings in admin console
2021-12-08 10:12:48 +01:00
Martin Bartoš
7dc01a5a6e
KEYCLOAK-13319 Use newest WebDriver/Selenium for the WebAuthn testing
2021-12-06 09:42:10 +01:00
Jon Koops
6a766884f6
[KEYCLOAK-17867] Update to latest version of NodeJS and Frontend Plugin ( #7962 )
2021-11-23 15:20:52 -05:00
Martin Bartoš
0d478206eb
KEYCLOAK-18980 Keycloak locale dropdown is active over whole form ( #8561 )
2021-11-22 20:20:37 -05:00
Sony Huang
743abf0fb1
KEYCLOAK-17522 fixed bug that keycloak instance not recognized by Safari ( #7880 )
2021-11-22 20:09:12 -05:00
bal1imb
661aca4452
KEYCLOAK-19283 Implemented new identity provider mapper "Advanced claim to group mapper" alongside tests.
2021-11-19 16:54:39 +01:00
Olivier Boudet
38448f3779
KEYCLOAK-19229 : french translation of emailInstructionUsername
2021-11-19 07:45:16 +01:00
Konstantinos Georgilakis
63c9845cb9
KEYCLOAK-18276 client content screen enhancement
2021-11-18 13:15:02 +01:00
Bruno Oliveira da Silva
2f8c5dd05e
[KEYCLOAK-19616] Update Keycloak themes dependencies for the account and admin console ( #8645 )
2021-11-12 12:30:50 -05:00
Rémy DUTHU
951a232b24
Update messages_es.properties
...
Add `loginAccountTitle` locale to `messages_es.properties`
2021-11-11 12:42:52 +01:00
Thomas Darimont
93d286fdc7
KEYCLOAK-19777 Fix typos in admin-console messages
...
overriden -> overridden
mesasge -> message
Username the Service Account -> Username of the Service Account
Signed-off-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-11-05 10:06:50 +01:00
mposolda
5740e158e3
KEYCLOAK-18744 OpenBanking Brasil fix for X509 client authentication. More flexibility in Subject DN comparison.
2021-11-05 09:10:50 +01:00
Konstantinos Georgilakis
a5c8c45551
KEYCLOAK-19388 correct AttributeConsumingService bug in SAML SP metadata
2021-10-21 20:24:46 +02:00
Miklín Vojtěch
44ec565109
KEYCLOAK-19522: update login messages_cs
2021-10-20 19:13:37 +02:00
OskarsPakers
65ec15efc7
Convert utf8 code to symbols
2021-10-19 15:34:23 +02:00
OskarsPakers
01b92220d2
[feature/KEYCLOAK-15976]: KEYCLOAK-15976 Latvian language support
2021-10-19 15:34:23 +02:00
mposolda
c5432e71ad
KEYCLOAK-19557 Misleading label for client parameter 'Pushed Authorization Request Enabled'
2021-10-15 08:56:20 +02:00
R Yamada
891c8e1a12
[KEYCLOAK-17653] - OIDC Frontchannel logout support
2021-10-07 15:27:19 -03:00
stianst
12157bb66c
KEYCLOAK-19467 Add noopener/noreferrer to links
2021-10-05 15:00:05 +02:00
Thomas Darimont
9e6d6398b9
KEYCLOAK-11364 Revise Service Account roles page ( #7098 )
...
* KEYCLOAK-11364 Add link to service-account user in Service Account roles page
* KEYCLOAK-11364 Revise service-account page
2021-09-30 14:55:44 -04:00
Victor Häggqvist
d92bb7df65
fix typos in sv login messages
2021-09-30 13:34:01 +02:00
Daniel Fesenmeyer
339224578e
KEYCLOAK-10603 adjust assignments to roles (user-role and group-role assignments, client-scope and client "scope mappings"): allow assignments of roles which are already indirectly assigned (e.g. by composite role)
...
- extend RoleMapperModel with method hasDirectRole(RoleModel), which only checks for direct assignment in contrast to the existing method hasRole(RoleModel)
- extend ScopeContainerModel with method hasDirectScope(RoleModel), which only checks for direct scope mapping in contrast to the existing method hasScope(RoleModel)
- use the new hasDirectRole and hasDirectScope methods to check whether a role is in the "available" list and whether it can be assigned (previously, the hasRole method was used for this purpose)
- add hint to UI that available roles contain effectively assigned roles which are not directly assigned
- adjust and extend tests
2021-09-22 13:56:29 +02:00
Nikolas Laskaris
8f09d34272
KEYCLOAK-18288 ( #8096 )
...
RealmsAdminResource now returns also a brief representation (not by default, to be backwards compatible) for realms[] if the appropriate flag is sent.
2021-09-20 15:32:15 -04:00
Vlastimil Elias
28e220fa6d
KEYCLOAK-18497 - Support different input types in built-in dynamic forms
2021-09-20 09:14:49 -03:00
Miklín Vojtěch
78d3e2ebad
KEYCLOAK-19300 Update Czech translation of email messages
2021-09-15 16:59:45 +02:00
Jeswin Simon
daf39e2a63
KEYCLOAK-19281 Added missing closing div tag in login-username template ( #8435 )
2021-09-15 16:52:11 +02:00
Miklín Vojtěch
24811f1ef5
KEYCLOAK-19288 Update Czech translation of login messages
2021-09-15 15:01:16 +02:00
Marek Posolda
11e5f66c60
KEYCLOAK-19056 EDIT MODE field should not be leave empty ( #8380 )
2021-09-14 20:27:09 +02:00
David Hellwig
a6cd80c933
KEYCLOAK-16076 added new warining when cookies are disabled -with new branch- ( #7632 )
...
* KEYCLOAK-16076 added new warining when cookies are disabled
Co-authored-by: David Hellwig <david.hellwig@bosch.com>
Co-authored-by: Christoph Leistert <christoph.leistert@bosch-si.com>
2021-09-13 11:30:11 +02:00
Olivier Boudet
c7f8544b0c
KEYCLOAK-18454 Reset password : wrong email instructions when duplicates email is allowed
2021-09-02 14:44:18 +02:00
Martin Bartoš
7c243c8427
KEYCLOAK-18590 Save Button Enabled For Empty Attributes
2021-09-01 10:51:20 +02:00
mposolda
3e0f8aed30
KEYCLOAK-19038 Reload user after being updated
2021-08-17 19:28:18 +02:00
Yoshiyuki Tabata
b31b60fffe
KEYCLOAK-18341 Support JWKS OAuth2 Client Metadata in the "by value" key loading method
2021-08-05 16:52:55 +02:00
cedric guindon
1ad34c6ab0
[KEYCLOAK-18498] French i18n contains wrong param
2021-08-03 12:37:13 +02:00
Miklín Vojtěch
e44a7af0e4
KEYCLOAK-18913 Update messages_cs.properties
...
Czech translations for base login theme:
themes/src/main/resources-community/theme/base/login/messages/messages_cs.properties
Co-Authored-By: dklika <78177642+dklika@users.noreply.github.com>
Co-Authored-By: Hynek Mlnařík <hmlnarik@users.noreply.github.com>
2021-07-29 21:18:41 +02:00
Vlastimil Elias
32f2f095fe
KEYCLOAK-7724 User Profile default validations
2021-07-29 08:42:37 +02:00
mposolda
4dacbb9e0b
KEYCLOAK-16996 User not able to revoke his offline token for directGrant clients
2021-07-29 08:04:16 +02:00
Pedro Igor
7efc3e8170
[KEYCLOAK-18875] - Minor improvements to attribute group UI
2021-07-28 12:07:39 -03:00
Pedro Igor
ef72343a6a
[KEYCLOAK-18882] - User Profile still tech preview
2021-07-28 08:45:35 +02:00
Joerg Matysiak
acb2ac1c8d
KEYCLOAK-18875 UI for managing group of attributes
2021-07-28 08:42:30 +02:00
mposolda
643b3c4c5a
KEYCLOAK-18594 CIBA Ping Mode
2021-07-27 08:33:17 +02:00
Martin Bartoš
2418e31952
KEYCLOAK-18685 Style in RH-SSO login screen is broken
2021-07-26 11:25:23 +02:00
Joerg Matysiak
9dff21d0a7
KEYCLOAK-18552
...
* added group as attribute metadata
* validation for groups and references to groups
* adapted template to use show attribute groups
* test and integration tests for attribute groups
2021-07-23 09:26:21 -03:00
Luca Leonardo Scorcia
6bd7420907
KEYCLOAK-17290 SAML Client - Generate AttributeConsumingService SP metadata section
2021-07-22 21:53:16 +02:00
Pedro Igor
7f34af4016
Revert "[KEYCLOAK-18425] - Allow mapping user profile attributes"
...
This reverts commit 3e07ca3c
2021-07-20 14:08:09 -03:00
Paulo Mateus
f1ee2826c1
[KEYCLOAK-18805] - Update Portuguese (Brazil) translations
...
- Fix `oauthGrantTitle` typo error
2021-07-20 12:26:29 -03:00
Pedro Igor
396a78bcc4
[KEYCLOAK-18723] - Configurable constraints for request object encryption
2021-07-20 09:28:09 +02:00
Martin Bartoš
8c49478628
KEYCLOAK-18699 Brand logo is not found for admin console ( #8255 )
2021-07-19 12:33:49 -04:00
Daniel Kobras
47f736f819
KEYCLOAK-17646 tool tip for krb5 multi-SPN config
...
The specified server principal is eventually passed to
createJaasConfigurationForServer() in
com.sun.security.auth.module.Krb5LoginModule, which accepts a special value of
'*' to indicate that tickets for all service principals contained in the given
keytab file should be accepted. This is the only way to allow more than one
service principal name (eg. for a multi-homes setup), and this setting is not
obvious without knowledge of the underlying API.
Signed-off-by: Daniel Kobras <kobras@puzzle-itc.de>
2021-07-15 21:10:42 +02:00
Jerome Marchand
108bd91edc
KEYCLOAK-15909 Add sort in tables
2021-07-15 09:39:02 +02:00
Branden Cash
9d0c7ba488
Fix storeToken label association for gitlab idp
2021-07-15 09:31:25 +02:00
Vlastimil Elias
7618e66136
[KEYCLOAK-18541] separate template for IDP review page
2021-07-13 21:43:52 -03:00
Pedro Igor
1baab67f3b
[KEYCLOAK-18630] - Request object encryption support
2021-07-09 11:27:30 -03:00
Pedro Igor
4099833be8
[KEYCLOAK-18693] - Declarative profile validating read-only attribute if it exists
2021-07-08 15:22:02 -03:00
Hryhorii Hevorkian
2803685cd7
KEYCLOAK-18353 Implement Pushed Authorization Request inside the Keycloak
...
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-07-03 08:47:42 +02:00
lbortoli
e5ae113453
KEYCLOAK-18452 FAPI JARM: JWT Secured Authorization Response Mode for OAuth 2.0
2021-07-03 00:00:32 +02:00
Vlastimil Elias
04ff2c327b
[KEYCLOAK-18429] Support a dynamic update profile form
2021-07-02 10:22:47 -03:00
Vlastimil Elias
f32447bcc1
[KEYCLOAK-18424] GUI order for user profile attributes
2021-07-02 08:37:24 -03:00
Pedro Igor
3e07ca3c22
[KEYCLOAK-18425] - Allow mapping user profile attributes
2021-07-01 10:19:28 -03:00
Vlastimil Elias
7af2133924
KEYCLOAK-18542 - User Profile Admin UI - hide unused configurations for
...
username and email attributes
2021-07-01 10:07:08 -03:00
Luca Leonardo Scorcia
ae98d8ea28
KEYCLOAK-18315 SAML Client - Add parameter to request specific AttributeConsumingServiceIndex
2021-06-29 16:22:38 +02:00
Takashi Norimatsu
57c80483bb
KEYCLOAK-17936 FAPI-CIBA : support Signed Authentication Request
...
Co-authored-by: Pritish Joshi <pritish@banfico.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-06-29 08:07:40 +02:00
Pedro Igor
948f453e2d
[KEYCLOAK-18427] - Allowing switching to declarative provider
2021-06-28 15:50:04 -03:00
Vlastimil Elias
512bcd14f7
[KEYCLOAK-18428] - dynamic registration form
2021-06-25 17:11:15 -03:00
Benjamin Weimer
6e4a0044fd
KEYCLOAK-15371 Dont show backchannel logout options for bearer only clients in admin ui
2021-06-24 14:13:32 -03:00
Pedro Igor
faadb896ea
[KEYCLOAK-18426] - Support required by role and scopes in Admin UI
2021-06-24 10:43:49 -03:00
Yoshiyuki Tabata
52ced98f92
KEYCLOAK-18503 Regex Policy for authorization service
2021-06-24 08:49:41 -03:00
Vlastimil Elias
b7a4fd8745
KEYCLOAK-18423 - Support a user-friendly name property for user profile
...
attributes
2021-06-24 08:17:06 -03:00
Clement Cureau
b102c892fa
[KEYCLOAK-14046] Allow finegrain group admins to create users in console
...
- enable "Create" button and "Save" button in Admin Console Users views (list
and details)
The flag used to enable those button is computed as follow, since there's no computed flag
from backend on "admin user has fine grain admin permission on at least 1 group" :
== (existing condition) || (feature "finegrain admin" is enabled && access.queryUsers)
If the admin user hasn't the correct permission on the right groups for the new user he's
trying to create, backend will forbid the creation by returning a 403
This change is following PR #7035 , which added the Groups field in the User creation form
2021-06-22 18:26:31 -03:00
Vlastimil Elias
82491ae5d2
KEYCLOAK-17446 - Prefill username in "Forgot Your Password" form if
...
called from Login form
2021-06-22 08:48:43 -03:00
rmartinc
b8452374d2
[KEYCLOAK-18473] Add max length to password policy
2021-06-22 10:15:48 +02:00
Pedro Igor
ef3a0ee06c
[KEYCLOAK-17399] - Declarative User Profile and UI
...
Co-authored-by: Vlastimil Elias <velias@redhat.com>
2021-06-14 11:28:32 +02:00
Stan Silvert
b152d89e22
KEYCLOAK-18373: Cut and Paste in Groups broken
2021-06-10 08:33:42 +02:00
Martin Bartoš
07d57ca30f
KEYCLOAK-17179 IdP mappers with MultiValued property can't be saved
2021-06-10 07:02:21 +02:00
Gregor Tudan
628274dee2
KEYCLOAK-16075: always show the register-button during webauthn-registration.
...
Safari will fail to register if the action has not been triggered by a user gesture.
2021-06-01 10:48:16 +02:00
Gregor Tudan
14407a631c
KEYCLOAK-16075: show a button instead of logging in automatically with WebAuthn onLoad.
...
Safari will fail to use TouchID/FaceID if it is not triggered by an explicit user interaction. There is an open discussion in the WebAuthn-Spec to make this a mandatory behavior and quiet a few other auth-servers have adopted this behavior.
2021-06-01 10:48:16 +02:00
Václav Muzikář
20b29f7b99
UI fixes
2021-05-31 12:31:52 +02:00
mposolda
73a38997d8
KEYCLOAK-14208 Default client profiles for FAPI
2021-05-31 12:31:52 +02:00
mposolda
6e139b8fda
KEYCLOAK-18280 Issues with boolean properties of executors
2021-05-31 12:31:52 +02:00
Stian Thorgersen
2cb59e2503
KEYCLOAK-17844 Add option to disable authorization services to workaround issues with many clients
2021-05-27 22:28:56 +02:00
Yoshiyuki Tabata
c52d0babce
KEYCLOAK-17491 Move the key settings to the new Keys tab
2021-05-27 15:26:40 +02:00
Takashi Norimatsu
6532baa9a7
KEYCLOAK-18127 Option for skip return user's claims in the ID Token for hybrid flow
2021-05-24 08:02:34 +02:00
Michito Okai
cc2d6f0741
KEYCLOAK-18235 Display of options about device grant when selecting
...
"public" as the access type
2021-05-21 08:24:27 +02:00
Vlastimil Elias
4ad1687f2b
[KEYCLOAK-17399] UserProfile SPI - Validation SPI integration
2021-05-20 15:26:17 -03:00
Václav Muzikář
7c2341f1ed
KEYCLOAK-18041 Client Policy UI Improvements: Action column for built-in profile
2021-05-20 16:38:26 +02:00
Václav Muzikář
d0f01740be
KEYCLOAK-18043 Client Policy UI Improvements: Navigation
2021-05-20 07:54:53 +02:00
Vlastimil Eliáš
0913a22c30
KEYCLOAK-2045 Simple Validation SPI for UserProfile SPI ( #8053 )
...
* KEYCLOAK-2045 Simple Validation API
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-05-19 13:57:34 -03:00
Václav Muzikář
23fef24fe1
KEYCLOAK-18042 Client Policy UI Improvements: Add delete confirmation modal dialog
2021-05-19 11:57:14 +02:00
Václav Muzikář
65fbf3f68c
KEYCLOAK-18079 Client Policy UI Improvements: JSON error handling
2021-05-18 16:12:48 +02:00
mposolda
b8a7750000
KEYCLOAK-18113 Refactor some executor/condition provider IDs
2021-05-18 09:17:41 +02:00
Nikolas Laskaris
35601aaaba
KEYCLOAK-17140 ( #7781 )
2021-05-17 14:49:26 -04:00
Pedro Igor
62e17f3be7
[KEYCLOAK-17588] - Authz confirmation popping out twice
2021-05-14 07:21:06 -03:00
Bruno Oliveira da Silva
a6ab3119d6
[KEYCLOAK-18059] Upgrade dev dependencies for the new Account Console ( #8020 )
2021-05-13 19:37:22 -04:00
Marek Posolda
a6d4316084
KEYCLOAK-14209 Client policies admin console support. Changing of format of JSON for client policies and profiles. Remove support for default policies ( #7969 )
...
* KEYCLOAK-14209 KEYCLOAK-17988 Client policies admin console support. Changing of format of JSON for client policies and profiles. Refactoring based on feedback and remove builtin policies
2021-05-12 16:19:55 +02:00
Erik Jan de Wit
e318d24301
KEYCLOAK-17098 use open boolean per section for mobile kebab ( #7949 )
2021-05-06 09:11:35 -04:00
rmartinc
7de5e7d298
KEYCLOAK-17074 Infinite loop logging as an user or impersonating an user as admin ( #7799 )
2021-05-03 21:05:12 -04:00
Christoph Leistert
b75648bda2
KEYCLOAK-17284 Evaluate ID-Token and UserInfo-Endpoint:
...
- add additional REST endpoints for evaluation:
- for ID Token: GET /realm/clients/id/evaluate-scopes/generate-example-id-token
- for UserInfo-Endpoint: GET /realm/clients/id/evaluate-scopes/generate-example-userinfo
- extend UI: add additional tabs "Generated ID Token" and "Generated User Info" to the client scopes evaluation screen
Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io>
2021-04-29 16:45:30 +02:00
Takashi Norimatsu
65c48a4183
KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA) ( #7679 )
...
* KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA)
Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
Co-authored-by: Christophe Lannoy <c4r1570p4e@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-04-29 15:56:39 +02:00
Yoshiyuki Tabata
45202bd49a
KEYCLOAK-17637 Client Scope Policy for authorization service
2021-04-26 08:58:33 -03:00
Réda Housni Alaoui
ae9df51438
KEYCLOAK-17608 Missing french translation for loginAccountTitle
2021-04-23 10:15:26 +02:00
i7a7467
ada7f37430
KEYCLOAK-16918 Set custom user attribute to Name ID Format for a SAML client
...
https://issues.redhat.com/browse/KEYCLOAK-16918
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2021-04-20 10:29:17 +02:00
AlistairDoswald
8b3e77bf81
KEYCLOAK-9992 Support for ARTIFACT binding in server to client communication
...
Co-authored-by: AlistairDoswald <alistair.doswald@elca.ch>
Co-authored-by: harture <harture414@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2021-04-16 12:15:59 +02:00
Martin Bartoš
5a9068e732
KEYCLOAK-16401 Deny/Allow access in a conditional context
2021-04-09 12:04:45 +02:00
Michito Okai
d9ebbe4958
KEYCLOAK-17202 Restrict Issuance of Refresh tokens to specific clients
2021-04-08 11:51:25 +02:00
Martin Bartoš
f203e4808d
KEYCLOAK-16898 Locale dropdown is broken in IE11 ( #7808 )
2021-04-06 10:23:39 +02:00
Konstantinos Georgilakis
ec5c256562
KEYCLOAK-5657 Support for transient NameIDPolicy and AllowCreate in SAML IdP
2021-03-31 14:45:39 +02:00
Bodo Graumann
0033b7daf7
[KEYCLOAK-17166] Use radio buttons for otp select
2021-03-29 15:46:34 +02:00
Stan Silvert
717d9515fa
KEYCLOAK-16890: Stored XSS attack on new acct console ( #7867 )
2021-03-22 11:24:12 +01:00
Stan Silvert
3b80eee5bf
KEYCLOAK-17033: Reflected XSS attack with referrer in new account
...
console
2021-03-22 11:22:23 +01:00
Katharina Marzok
6e3dbfcb3d
KEYCLOAK-16660 Fix typo in 'applicationName'
2021-03-22 11:18:10 +01:00
Clement Cureau
0b68f24a09
[KEYCLOAK-14046] Include groups in user creation via Admin Console ( #7035 )
...
* [KEYCLOAK-14046] Include groups in user creation via Admin Console
Since the POST /users API now supports providing groups membership, here is the UI
part!
- Added a field in the user creation UI to specify groups the newly created user
will be joining
- Added associated messages in english language
* Added UI integration tests
* Fixed UI tests
* Flatten nested groups in user creation groups searchbox
* Filtering out searched groups
* Removed unused injection
* Fixed UI tests
Co-authored-by: Clement Cureau <clement.cureau@cdiscount.com>
2021-03-19 13:55:45 +01:00
Michito Okai
298ab0bc3e
KEYCLOAK-7675 Support for Device Authorization Grant
2021-03-15 10:09:20 -03:00
Hiroyuki Wada
9d57b88dba
KEYCLOAK-7675 Prototype Implementation of Device Authorization Grant.
...
Author: Hiroyuki Wada <h2-wada@nri.co.jp>
Date: Thu May 2 00:22:24 2019 +0900
Signed-off-by: Łukasz Dywicki <luke@code-house.org>
2021-03-15 10:09:20 -03:00
Douglas Palmer
852593310f
[KEYCLOAK-14913] GitLab Identity Provider shouldn't request for 'api' scope
2021-03-05 14:23:34 +01:00
i7a7467
b83064b142
KEYCLOAK-16679 Add algorithm settings for client assertion signature in OIDC identity broker
2021-03-01 18:11:25 +01:00
Eric Rodrigues Pires
37cb1ba310
[KEYCLOAK-17170] Update Portuguese (Brazil) translations
...
- Update `account`, `email`, and `login` components of the `base` theme
- Update `account` component of the `keycloak.v2` theme
2021-02-22 10:17:04 -03:00
diodfr
cb12fed96e
KEYCLOAK-4544 Detect existing user before granting user autolink
2021-02-11 11:06:49 +01:00
i7a7467
b1a16e4654
KEYCLOAK-17075 The tooltip for "Use PKCE" in Identity Provider is not displayed correctly
...
https://issues.redhat.com/browse/KEYCLOAK-17075
2021-02-11 11:03:29 +01:00
Boris Stumm
c0beca7744
KEYCLOAK-16832: using realm name instead of id
...
in order to get localization texts
2021-01-29 11:40:05 -03:00
sirkrypt0
6e9722b446
KEYCLOAK-16803 Update German translations
2021-01-21 09:51:16 +01:00
Martin Bartoš
3de53f6488
KEYCLOAK-15846 Upgrade locale dropdown to PF4 ( #7644 )
2021-01-20 14:21:30 -05:00
Tomas Kyjovsky
dd4adc231d
KEYCLOAK-16683 removing reference to a nonexistent resource in the login theme ( #7692 )
2021-01-20 13:39:26 -05:00
zywj
8cbfeef5b5
KEYCLOAK-16870 Translation error
...
`登陆` means `landing`
`登录` means `login`
2021-01-20 15:34:46 +01:00
mposolda
dae4a3eaf2
KEYCLOAK-16468 Support for deny list of metadata attributes not updateable by account REST and admin REST
...
(cherry picked from commit 79db549c9d561b8d5efe3596370190c4da47e4e1)
(cherry picked from commit bf4401cddd5d3b0033820b1cb4904bd1c8b56db9)
2021-01-18 13:17:51 +01:00
mposolda
eac3329d22
KEYCLOAK-14019 Improvements for request_uri parameter
...
(cherry picked from commit da38b36297a5bd9890f7df031696b516268d6cff)
2021-01-18 13:05:09 +01:00
n0emis
10294f4e2b
KEYCLOAK-16660: Fix typo in translation-string for account.v2 ( #7687 )
2021-01-13 10:56:56 -05:00
mildis
de09bdf32d
messages_fr to use linkExpirationFormatter
2021-01-12 21:15:38 +01:00
moritz.hilberg
70a20ef50d
KEYCLOAK-16566 Display Idp displayName if available
2021-01-12 20:56:18 +01:00
ltressens
0fecf1546a
KEYCLOAK-16790 Attempt to translate 'impersonate'
2021-01-12 20:30:59 +01:00
vramik
1402d021de
KEYCLOAK-14846 Default roles processing
2021-01-08 13:55:48 +01:00
Thomas Darimont
1a7600e356
KEYCLOAK-13923 Support PKCE for OIDC based Identity Providers ( #7381 )
...
* KEYCLOAK-13923 - Support PKCE for Identity Provider
We now support usage of PKCE for OIDC based Identity Providers.
* KEYCLOAK-13923 Warn if PKCE information cannot be found code-to-token request in OIDCIdentityProvider
* KEYCLOAK-13923 Pull up PKCE handling from OIDC to OAuth IdentityProvider infrastructure
* KEYCLOAK-13923 Adding test for PKCE support for OAuth Identity providers
* KEYCLOAK-13923 Use URI from KeycloakContext instead of HttpRequest
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2021-01-05 10:59:59 -03:00
Réda Housni Alaoui
24522c298e
KEYCLOAK-16657 New Account Console: missing french translation ( #7688 )
2021-01-04 14:17:53 -05:00
Réda Housni Alaoui
c917ae5ded
KEYCLOAK-16652 New Account Console: When langage is not english, no user name displayed at the upper right
2021-01-04 09:04:46 -05:00
Fabricio Oliveira
019f27abdb
Correct label is 'Dependent Permissions' ( #7672 )
...
The label refers to the list 'permissions' dependent on the 'policy'.
2020-12-16 07:59:29 -03:00
Przemyslaw Sztoch
33ec2fe069
KEYCLOAK-14492 More polish translation and fixed language name translation
...
Language name should not be translated!
You search your language name in native.
New messages for lack fields from OpenID connect scopes.
2020-12-07 08:36:08 +01:00
Peter Zaoral
c8a2f82a50
KEYCLOAK-14138 Upgrade OTP login screen
...
* edited related css and ftl theme resources
* added tile component
* fixed IE11 compatibility
* fixed affected tests
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2020-12-03 16:00:36 +01:00
Joaquim Fellmann
6a6dba5d6e
KEYCLOAK-15634: Prevent federated user removal with new account console
2020-11-27 13:44:36 +01:00
Peter Zaoral
ad940a861a
KEYCLOAK-14137 Upgrade Authentication selector screen
...
* edited related css and ftl theme resources
* added IE11 compatibility support
* fixed affected tests
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2020-11-27 08:40:06 +01:00
zak905
4f330f4a57
KEYCLOAK-953: add allowing user to delete his own account feature
2020-11-24 15:50:07 +01:00
Stan Silvert
0afd55f32c
KEYCLOAK-14547: Make New Account Console the default.
2020-11-23 20:56:05 +01:00
Stan Silvert
36fa3d555a
KEYCLOAK-16354: Update serialize-javascript dependency
2020-11-23 14:40:16 +01:00
Martin Bartos
ab347df5ee
KEYCLOAK-14915 Upgrade registration screen to PF4
2020-11-18 10:54:17 +01:00
vmuzikar
01be601dbd
KEYCLOAK-14306 OIDC redirect_uri allows dangerous schemes resulting in potential XSS
...
(cherry picked from commit e86bec81744707f270230b5da40e02a7aba17830)
Conflicts:
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
services/src/main/java/org/keycloak/validation/DefaultClientValidationProvider.java
2020-11-12 08:21:54 +01:00
rmartinc
e6bd12b174
[KEYCLOAK-16139] Serialize the calls for groups tab on admin console
2020-11-10 15:41:16 +01:00
Thomas Darimont
de20830412
KEYCLOAK-9551 KEYCLOAK-16159 Make refresh_token generation for client_credentials optional. Support for revocation of access tokens.
...
Co-authored-by: mposolda <mposolda@gmail.com>
2020-11-06 09:15:34 +01:00
Martin Bartos
7522d5ac74
KEYCLOAK-15841 Upgrade rest of the minor forms to PF4
2020-11-05 17:58:41 +01:00
Peter Zaoral
4fbc6389b5
KEYCLOAK-15386 Some icons are not displayed properly
...
* pficon.woff/woff2 - updated PatternFly font resource
* pficon.css - css that contains @font-face rule
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2020-11-02 20:21:38 +01:00
Christoph Leistert
e131de9574
KEYCLOAK-14855 Added realm-specific localization texts which affect texts in every part of the UI (admin console / login page / personal info page / email templates). Also new API endpoints and a new UI screen to manage the realm-specific localization texts were introduced.
...
Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io>
2020-10-30 08:02:43 -03:00
Martin Bartos
2e59d5c232
KEYCLOAK-14679 Unable to log in with WebAuthn on unsupported browsers
2020-10-29 14:03:17 +01:00
Martin Bartos
a8df7d88a1
[KEYCLOAK-14139] Upgrade login screen to PF4
2020-10-27 20:24:07 +01:00
Grandys
c122e72178
[KEYCLOAK-15850] Removed references to unminimized versions of javascript libraries in base admin template
2020-10-23 10:57:32 +02:00
Roland Werner
d544b132f9
KEYCLOAK-15806:
...
Extension to SignatureAlgorithm to support more Algorithms (RSA_SHA256_MGF1, RSA_SHA512_MGF1).
Also included in clients.js and realms.js so it can be chosen as signature algorithm when connecting as SAML client and when brokering through SAML.
2020-10-15 20:55:27 +02:00
Jonathan Buzzetti
a2efb84e00
KEYCLOAK-15978 Update spanish email verification message
...
For it to be similar to its english counterpart
2020-10-15 16:46:24 +02:00
Luca Leonardo Scorcia
0621e4ceb9
KEYCLOAK-15697 Fix config entry tooltip
2020-10-14 07:39:49 +02:00
Elisabeth Schulz
4c4750f1d9
KEYCLOAK-13983 Include algorithm parameters
...
Restore accidental change
2020-10-12 10:12:01 +02:00
Elisabeth Schulz
9143bc748f
KEYCLOAK-13983 Include algorithm parameters
...
Include suggestions made by @mposolda to enable more generic
usage
2020-10-12 10:12:01 +02:00
Luca Leonardo Scorcia
f274ec447b
KEYCLOAK-15697 Make the Service Provider Entity ID user configurable
2020-10-09 22:04:02 +02:00
vmuzikar
790b549cf9
KEYCLOAK-15262 Logout all sessions after password change
2020-09-18 20:09:40 -03:00
Luca Leonardo Scorcia
c6608c1561
KEYCLOAK-15383 Translation strings escaped twice in saml-post-form.ftl
2020-09-16 21:31:51 +02:00
Luca Leonardo Scorcia
10077b1efe
KEYCLOAK-15485 Add option to enable SAML SP metadata signature
2020-09-16 16:40:45 +02:00
Joaquim Fellmann
be4780243b
KEYCLOAK-15483 Replace badly displayed HTML message with simple text message for french locale (align with en, de, pt, po, tr, nl locales)
2020-09-15 17:09:53 -04:00
Stan Silvert
952e8fecee
KEYCLOAK-15481: Display forbidden screen
2020-09-11 07:03:24 -04:00
Clement Cureau
73378df52e
[KEYCLOAK-11621] Allow user creation via group permissions (Admin API)
...
Problem:
Using fine-grained admin permissions on groups, it is not permitted to create new users
within a group.
Cause:
The POST /{realm}/users API does not check permission for each group part of the new
user representation
Solution:
- Change access logic for POST /{realm}/users to require MANAGE_MEMBERS and
MANAGE_MEMBERSHIP permissions on each of the incoming groups
Tests:
Manual API testing performed:
1. admin user from master realm:
- POST /{realm}/users without groups => HTTP 201 user created
- POST /{realm}/users with groups => HTTP 201 user created
2. user with MANAGE_MEMBERS & MANAGE_MEMBERSHIP permissions on group1
- POST /{realm}/users without groups => HTTP 403 user NOT created
- POST /{realm}/users with group1 => HTTP 201 user created
- POST /{realm}/users with group1 & group2 => HTTP 403 user NOT created
- POST /{realm}/users with group1 & wrong group path => HTTP 400 user NOT created
3. user with MANAGE_MEMBERS permission on group1
- POST /{realm}/users without groups => HTTP 403 user NOT created
- POST /{realm}/users with group1 => HTTP 403 user NOT created
- POST /{realm}/users with group1 & group2 => HTTP 403 user NOT created
- POST /{realm}/users with group1 & wrong group path => HTTP 400 user NOT created
2020-09-10 12:26:55 -03:00
Luca Leonardo Scorcia
67b2d5ffdd
KEYCLOAK-14961 SAML Client: Add ability to request specific AuthnContexts to remote IdPs
2020-09-03 21:25:36 +02:00
Simon Legner
bed664e4fe
KEYCLOAK-15186 Sort user federation table
2020-09-02 17:40:41 -04:00
stianst
a92bf0c3be
KEYCLOAK-15091 Fix issue with custom favicon.ico
2020-09-02 23:18:49 +02:00
Konstantinos Georgilakis
1fa93db1b4
KEYCLOAK-14304 Enhance SAML Identity Provider Metadata processing
2020-09-02 20:43:09 +02:00
Takashi Norimatsu
aad3bdcb88
KEYCLOAK-15251 keycloak-themes build fails in windows
2020-09-02 12:40:07 -04:00
testn
0362d3a430
KEYCLOAK-15113: Move away from deprecated Promise.success()/error()
2020-09-01 14:26:44 -04:00
Iavael
f021f72fcd
[KEYCLOAK-14663] Fix spelling in RU translation
...
https://en.wiktionary.org/wiki/%D0%BF%D1%80%D0%B8%D0%B2%D0%B8%D0%BB%D0%B5%D0%B3%D0%B8%D1%8F
2020-09-01 12:01:13 +02:00
Luca Leonardo Scorcia
03c07bd2d7
KEYCLOAK-14902 Replace SAML SP metadata export with link to descriptor
2020-08-31 22:26:30 +02:00
Martin Bartos
9c847ab176
[KEYCLOAK-14432] Unhandled NPE in identity broker auth response
2020-08-31 14:14:42 +02:00
kaibo-ondruska
6d45d715d3
KEYCLOAK-15369 fix Czech translation
...
"Přihlasovací" should be "Přihlašovací"
2020-08-28 14:54:50 +02:00
Thomas Darimont
0f967b7acb
KEYCLOAK-12729 Add password policy not-email
...
Added test cases and initial translations
2020-08-21 14:55:07 +02:00
Stan Silvert
35931d60eb
KEYCLOAK-15137: Move PF4 css files to keycloak/common
2020-08-20 08:46:28 -04:00
Benjamin Weimer
fdcfa6e13e
KEYCLOAK-15156 backchannel logout offline session handling
2020-08-13 08:09:59 -03:00
David Hellwig
ddc2c25951
KEYCLOAK-2940 - draft - Backchannel Logout ( #7272 )
...
* KEYCLOAK-2940 Backchannel Logout
Co-authored-by: Benjamin Weimer <external.Benjamin.Weimer@bosch-si.com>
Co-authored-by: David Hellwig <hed4be@bosch.com>
2020-08-12 09:07:58 -03:00
Lorent Lempereur
9200195f25
[KEYCLOAK-13950] SAML2 Identity Provider - Send Subject in SAML requests (missing translations)
2020-08-06 10:35:03 -03:00
Peter Valdemar Mørch
7217b597f3
KEYCLOAK-8493: Added danish translation from abandoned PR-5567
...
This is based on:
Author: Thomas Sørensen <tvs@flexdanmark.dk>
Date: Thu Sep 13 14:24:43 2018 +0200
Added danish translation. by FuKe · Pull Request #5567
https://github.com/keycloak/keycloak/pull/5567
However, I:
* Fixed up a couple of theme.properties merge conflicts compared to
current master
* Fixed some spelling mistakes and added missing entries
* Introduced Danish to list of locales in messages_en.properties
* Squashed it all into a single commit as pr.
https://github.com/keycloak/keycloak/blob/master/CONTRIBUTING.md
2020-08-04 13:25:18 -04:00
Stan Silvert
1e6c37e423
KEYCLOAK-14787: Update dependencies for new account console
2020-08-03 14:08:08 -04:00
Réda Housni Alaoui
47f5b56a9a
KEYCLOAK-14747 LDAP pooling should include SSL protocol by default
2020-07-28 18:59:42 +02:00
Erik Jan de Wit
0ba9055d28
KEYCLOAK-14709 removed circular dependency
2020-07-27 16:24:17 -04:00
Erik Jan de Wit
34dcbe8533
KEYCLOAK-14707 use native promises
2020-07-27 16:20:26 -04:00
Luca Leonardo Scorcia
7b112e5f7b
KEYCLOAK-14734 Field SAML Signature Key Name is empty on IdP creation
...
Makes sure the SAML Signature Key Name field is initialized with a valid default value
2020-07-25 00:02:53 +02:00
Lorent Lempereur
e82fe7d9e3
KEYCLOAK-13950 SAML2 Identity Provider - Send Subject in SAML requests
2020-07-24 21:41:57 +02:00
Marcel Hoppe
344003264a
[KEYCLOAK-14677] - Add french time units
2020-07-24 15:03:27 -04:00
lmorocz
c3271bbe51
KEYCLOAK-14691 Hungarian translation to account, email and login themes
2020-07-24 14:59:28 -04:00
Marcel Hoppe
955b8cec56
[KEYCLOAK-14677] - Add german time units
2020-07-24 14:53:55 -04:00
Bruno Oliveira da Silva
a080111515
[KEYCLOAK-14755] Update dependencies for package-lock.json file - Removal of unused file
2020-07-21 18:09:18 +02:00
Erik Jan de Wit
7d77969617
KEYCLOAK-14680 added header and smaller link
2020-07-13 09:30:02 -04:00
Alessandro Ricchiuti
30e708d958
KEYCLOAK-13246 Update Italian translations
2020-07-13 10:22:14 +02:00
Erik Jan de Wit
6cf62b71a5
KEYCLOAK-14689 remove headings better symantic
2020-07-12 14:14:29 -04:00
Erik Jan de Wit
162c8a4974
KEYCLOAK-14692 added aria labels
2020-07-12 13:59:40 -04:00
Jeff Tian
90cf478f13
KEYCLOAK-14084: fix zh-CN translation for bearerOnlyMessage
2020-07-09 09:37:40 +02:00
Erik Jan de Wit
2f5397a199
KEYCLOAK-14602 fixed the session time out test
...
reverts part of #7163 as the app needs to refresh that token, but only when user performs an action
2020-07-06 10:05:46 -04:00
Stan Silvert
556c61160c
KEYCLOAK-14574: Update angularjs to 1.8.0
2020-07-02 16:50:14 -03:00
Stan Silvert
f4596d6816
KEYCLOAK-14245: Upgrade jquery
2020-07-02 10:30:58 -03:00
Bartosz Siemieńczuk
e2040f5d13
KEYCLOAK-14006 Allow administrator to add additional fields to be fetched with Facebook profile request
2020-07-01 18:27:04 -03:00
Eric Rodrigues Pires
de9a0a0a4a
[KEYCLOAK-13044] Fix owner name representations of UMA tickets for client-owned resources
2020-07-01 18:15:22 -03:00
Erik Jan de Wit
4a88c6472e
KEYCLOAK-14576 fixed NPE in undertow
2020-07-01 11:58:24 -04:00
Stan Silvert
3b4ebb3141
KEYCLOAK-14585: effectiveUrl wrongly formatted
2020-06-29 09:42:50 -03:00
Douglas Palmer
5e44bb781b
[KEYCLOAK-14344] Cannot revoke offline access for an app if the app doesn't require consent
2020-06-26 14:56:08 -04:00
Jakub Knejzlik
5f500f478e
KEYCLOAK-6304: Czech translation
2020-06-26 12:56:12 +02:00
Erik Jan de Wit
ed1aacb623
KEYCLOAK-13981 use a dropdown on smaller devices
2020-06-25 10:39:33 -03:00
Erik Jan de Wit
8a31c331f5
KEYCLOAK-14566 dynamic hidden on WelcomeScreen
2020-06-24 11:40:16 -04:00
Erik Jan de Wit
08da208fcd
KEYCLOAK-14562 icon nd descriptionLabel can be undefined
2020-06-23 15:47:37 -03:00
Douglas Palmer
1434f14663
[KEYCLOAK-14346] Base URL for applications is broken
2020-06-23 15:26:07 -03:00
Erik Jan de Wit
55291bad76
KEYCLOAK-14531 Welcome cards should be driven by content.json
...
`content.js` is now `content.json` it's used in freemarker to create the cards
2020-06-22 11:29:20 -04:00
Dirk Weinhardt
08dca9e89f
KEYCLOAK-13205 Apply locale resolution strategy to admin console.
2020-06-19 10:27:13 -04:00
Erik Jan de Wit
f37fa31639
KEYCLOAK-13978 onTokenExpired + onAuthRefreshError
...
implemented handlers and use context for "services"
2020-06-18 18:12:05 -03:00
Erik Jan de Wit
c191ae373a
KEYCLOAK-14499 added toggle menu back on welcome screen
2020-06-18 18:02:24 -03:00
Julián Berbel Alt
75b50439d2
Fix typos in es locales
2020-06-18 18:01:33 -03:00
Eric Rodrigues Pires
9679c32a61
[KEYCLOAK-14482] Fixed rendering for "Resources shared with me" on missing baseUri
2020-06-18 17:25:00 -03:00
Stan Silvert
3f7ebb21f6
KEYCLOAK-14490: Use snowpack optimze flag
2020-06-17 15:14:56 -04:00
Erik Jan de Wit
e239699b81
KEYCLOAK-14476 revert location change of base64url.js
2020-06-17 14:49:17 -04:00
Erik Jan de Wit
c20766f2d7
KEYCLOAK-14140 added more test cases
...
Co-authored-by: vmuzikar <vmuzikar@redhat.com>
2020-06-17 13:56:11 -04:00
External Frank Thiele
206ccb3f13
KEYCLOAK-14370 Client selection shortcut
2020-06-16 20:12:46 -04:00
CarlosVilla
3d5e976097
Update user-credentials.html
...
fix style on specific @media resolution
2020-06-15 14:51:21 -04:00
Dirk Weinhardt
63e6e13cd3
KEYCLOAK-14218 Fixes some missing localizations in admin console;
...
KEYCLOAK-10927 Fixes use of language features not supported in Internet Explorer.
2020-06-09 14:15:33 -04:00
Martin Bartos
f70af83fb6
[KEYCLOAK-14307] Page for create client registration policy is broken
2020-06-08 20:05:11 +02:00
Erik Jan de Wit
8b0760a6d1
KEYCLOAK-14158 Polished the My Resource page
...
empty state
change case
added dropdown menu instead of buttons
now on edit you can add and remove permissions
changed how the actions work
updated success messages
use live region alerts toast alerts
username or email search
labels for the buttons
margin between accecpt and deny button
fixed test and types
changed to bigger distance with split component
changed to use seperate empty state component
2020-06-08 09:05:30 -04:00
Stan Silvert
4c7f4a8d9e
KEYCLOAK-11268: Change project layout
2020-06-07 12:42:44 -04:00
k-tamura
8a528a0a59
KEYCLOAK-14226 Update Japanese translation for 10.0.1
2020-06-05 10:04:52 +02:00
Yoshiyuki Tabata
f03ee2ec98
KEYCLOAK-14145 OIDC support for Client "offline" session lifespan
2020-06-04 14:24:52 +02:00
Denis
8d6f8d0465
EYCLOAK-12741 Add name and description edit functionality to Authentication and Execution Flows
2020-06-04 08:08:52 +02:00
Torsten Juergeleit
6005503a3d
Namespace support to group-ldap-mapper
...
Previously, Keycloak did only support syncing groups from LDAP federation provider as top-level KC groups.
This approach has some limitations:
- If using multiple group mappers then there’s no way to isolate the KC groups synched by each group mapper.
- If the option "Drop non-existing groups during sync” is activated then all KC groups (including the manually created ones) are deleted.
- There’s no way to inherit roles from a parent KC group.
This patch introduces support to specify a prefix for the resulting group path, which effectively serves as a namespace for a group.
A path prefix can be specified via the newly introduced `Groups Path` config option on the mapper. This groups path defaults to `/` for top-level groups.
This also enables to have multiple `group-ldap-mapper`'s which can manage groups within their own namespace.
An `group-ldap-mapper` with a `Group Path` configured as `/Applications/App1` will only manage groups under that path. Other groups, either manually created or managed by other `group-ldap-mapper` are not affected.
2020-05-26 17:37:29 +02:00
Stan Silvert
6a96576296
KEYCLOAK-14267: Update readme for New Account Console
2020-05-20 16:33:15 -04:00
cachescrubber
3382682115
KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation … ( #6962 )
...
* KEYCLOAK-10927 - Implement LDAPv3 Password Modify Extended Operation (RFC-3062).
* KEYCLOAK-10927 - Introduce getLDAPSupportedExtensions(). Use result instead of configuration.
Co-authored-by: Lars Uffmann <lars.uffmann@vitroconnect.de>
Co-authored-by: Kevin Kappen <kevin.kappen@vitroconnect.de>
Co-authored-by: mposolda <mposolda@gmail.com>
2020-05-20 21:04:45 +02:00
Stan Silvert
13d0491ff3
KEYCLOAK-14038: Re-allow special characters for Roles only
2020-05-20 07:53:23 -04:00
mposolda
12d965abf3
KEYCLOAK-13047 LDAP no-import fixes. Avoid lost updates - dont allow update attributes, which are not mapped to LDAP
2020-05-19 16:58:25 +02:00
Kohei Tamura
0a4db5b3b5
KEYCLOAK-14227 Remove unnecessary double quotations
2020-05-19 09:44:45 +02:00
stianst
d99d65eb92
KEYCLOAK-14163 Common resources are not loaded from common path
2020-05-18 15:08:34 +02:00
Stan Silvert
a827d20a90
KEYCLOAK-11201: Use snowpack instead of SystemJs.
...
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2020-05-15 08:58:26 +02:00
Neon Ngo
141eeb1f49
KEYCLOAK-13939 Remove unused mixed-case themes/.../rcue/.../git-Logo.svg
2020-05-11 12:06:07 +02:00
vmuzikar
098ec91dd2
KEYCLOAK-12045 Improve UX for the Credentials tab in Admin Console
2020-05-07 14:14:54 -04:00
Charles-Eric Giraud
3ebfdb59ab
[KEYCLOAK-13854] Fixing client role creation with configure permission
2020-05-07 16:41:19 +02:00
Takashi Norimatsu
3716bd96ad
KEYCLOAK-14093 Specify Signature Algorithm in Signed JWT with Client Secret
2020-05-07 11:28:39 +02:00
Stan Silvert
deead471a9
KEYCLOAK-12852: Internal query params not removed after AIA
2020-05-06 16:07:21 -03:00
Takashi Norimatsu
0d0617d44a
KEYCLOAK-13720 Specify Signature Algorithm in Signed JWT Client Authentication
2020-05-05 17:43:00 +02:00
stianst
7c97c25ede
KEYCLOAK-14060 Update links to user ml
2020-05-05 13:50:49 +02:00
Johann Schmitz
600fd83078
Remove impersonation button on user detail page if feature is disabled
...
The impersonation button in the user list is already removed when the impersonation feature is disabled. Remove the button from the detail page too.
2020-05-04 15:10:53 -04:00
Erik Jan de Wit
1f462a2ae2
KEYCLOAK-12916 add name or username in toolbar
...
Update testsuite/integration-arquillian/tests/other/base-ui/src/test/java/org/keycloak/testsuite/ui/account2/page/fragment/LoggedInPageHeader.java
Co-Authored-By: Václav Muzikář <vaclav@muzikari.cz>
Moved concatenation to messages_en.properties
fix: renamed loggedInUser to landingLoggedInUser
for the welcome page
moved `loggedInUserName` to WelcomePageScrips
2020-05-04 14:58:27 -04:00
Erik Jan de Wit
5102e26865
KEYCLOAK-12987 "Sign In" instead of "Log In"
2020-05-04 07:34:22 -04:00
Erik Jan de Wit
b19b3a40ad
KEYCLOAK-14004 fixed the test
2020-04-30 12:47:18 -04:00
Yoshiyuki Tabata
874642fe9e
KEYCLOAK-12406 Add "Client Session Max" and "Client Session Idle" for OIDC
2020-04-28 15:34:25 +02:00
stianst
06d8a0a4c4
KEYCLOAK-13929 Fix path to text-security.css
2020-04-28 09:50:00 -03:00
Erik Jan de Wit
5bb4ee5375
KEYCLOAK-13976 limit field lenght
2020-04-27 16:11:12 -04:00
Stan Silvert
09b54a9473
KEYCLOAK-12776: Make it easier to change the logo and logo link.
2020-04-27 12:29:38 -04:00
Erik Jan de Wit
ab2d1546b4
fix merge errors
2020-04-27 09:09:31 -04:00
Erik Jan de Wit
bbc2169127
fix: removes the dependency on parse-link-header
2020-04-27 09:09:31 -04:00
Erik Jan de Wit
e093fa218d
Fixed console for test
2020-04-27 09:09:31 -04:00
Erik Jan de Wit
7580be8708
KEYCLOAK-13121 added the basic functionality
2020-04-27 09:09:31 -04:00
Erik Jan de Wit
db8cb63565
KEYCLOAK-12936 only change the locale in the AccountPage.
2020-04-27 07:04:06 -04:00
Michiel Meeuwissen
54d24327ad
'Bevestiging' is raar dar.
2020-04-24 16:26:15 +02:00
Martin Idel
7e8018c7ca
KEYCLOAK-11862 Add Sync mode option
...
- Store in config map in database and model
- Expose the field in the OIDC-IDP
- Write logic for import, force and legacy mode
- Show how mappers can be updated keeping correct legacy mode
- Show how mappers that work correctly don't have to be modified
- Log an error if sync mode is not supported
Fix updateBrokeredUser method for all mappers
- Allow updating of username (UsernameTemplateMapper)
- Delete UserAttributeStatementMapper: mapper isn't even registered
Was actually rejected but never cleaned up: https://github.com/keycloak/keycloak/pull/4513
The mapper won't work as specified and it's not easy to tests here
- Fixup json mapper
- Fix ExternalKeycloakRoleToRoleMapper:
Bug: delete cannot work - just delete it. Don't fix it in legacy mode
Rework mapper tests
- Fix old tests for Identity Broker:
Old tests did not work at all:
They tested that if you take a realm and assign the role,
this role is then assigned to the user in that realm,
which has nothing to do with identity brokering
Simplify logic in OidcClaimToRoleMapperTests
- Add SyncMode tests to most mappers
Added tests for UsernameTemplateMapper
Added tests to all RoleMappers
Add test for json attribute mapper (Github as example)
- Extract common test setup(s)
- Extend admin console tests for sync mode
Signed-off-by: Martin Idel <external.Martin.Idel@bosch.io>
2020-04-24 15:54:32 +02:00
Erik Jan de Wit
d3e5bf48f0
KEYCLOAK-12431 don't use user agent but patternfly
2020-04-23 16:30:21 -04:00
Erik Jan de Wit
3cdfb422ad
KEYCLOAK-12173 removed escaping of '&'
2020-04-23 16:10:57 -04:00
Erik Jan de Wit
4fa29948b6
use the child components
2020-04-23 16:07:56 -04:00
Erik Jan de Wit
3987ce7d94
KEYCLOAK-13740 use children as Msg parameters
2020-04-23 16:07:56 -04:00
Stan Silvert
020ffd37ee
KEYCLOAK-13635: Can't make mapper with certain chars
2020-04-15 09:57:08 +02:00
Pedro Igor
9eeeb10587
[KEYCLOAK-13589] - Can't add user in admin console when 'Email as username' is enabled
2020-04-14 19:29:48 +02:00
mposolda
9ec137a50c
KEYCLOAK-13397 Creating role-ldap-mapper for realm-management client id in ldap user federation fails - alternative
2020-03-26 15:45:35 +01:00
mposolda
5ddd605ee9
KEYCLOAK-13259
2020-03-24 05:32:41 +01:00
vmuzikar
03bce36b48
KEYCLOAK-13388 Trailing comma in tsconfig.json
2020-03-23 12:51:58 -04:00
Erik Jan de Wit
4279f5b54f
KEYCLOAK-13379 added now excluded project files
2020-03-23 08:57:39 -04:00
Dmitry Telegin
3b24465141
KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking ( #6828 )
...
* KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking
* KEYCLOAK-12870: always allow to choose user if password reset is called from first broker login flow
* KEYCLOAK-12870: remove "already authenticated as different user" check and message
* KEYCLOAK-12870: translations
* KEYCLOAK-12870: fix tests
2020-03-20 07:41:35 +01:00
Stan Silvert
fff8571cfd
KEYCLOAK-12768: Prevent reserved characters in URLs
2020-03-18 07:40:24 +01:00
Stan Silvert
256bbff769
KEYCLOAK-12844: keycloak.d.ts does not belong in new account console
2020-03-17 15:39:06 -03:00
mposolda
72e4690248
KEYCLOAK-13174 Not possible to delegate creating or deleting OTP credential to userStorage
2020-03-11 12:51:56 +01:00
stianst
db26520046
KEYCLOAK-13237 Allow look ahead window set to 0 for otp policy
2020-03-10 16:01:57 +01:00
stianst
097a9b6e2e
KEYCLOAK-13233 Fix missing text-security files
2020-03-10 15:50:00 +01:00
vmuzikar
a840d6ff9a
KEYCLOAK-13260 Fix "Test authentication" button for LDAP User Federation
2020-03-09 13:36:57 +01:00
mabartos
a1bbab9eb2
KEYCLOAK-12799 Missing Cancel button on The WebAuthn setup screen when using AIA
2020-03-05 15:04:38 +01:00
stianst
75a772f52b
KEYCLOAK-10967 Add JSON body methods for test ldap and smtp connections. Deprecate old form based methods.
2020-03-05 10:07:58 +01:00
Douglas Palmer
dfb67c3aa4
[KEYCLOAK-12980] Username not updated when "Email as username" is enabled
2020-03-03 10:26:35 +01:00
Helder dos Santos Alves
1ca417c2c0
KEYCLOAK-13085 minor fixes
2020-03-02 15:06:23 -03:00
Helder dos Santos Alves
80a95eb520
KEYCLOAK-13085 pt_BR messages for login and email
2020-03-02 15:06:23 -03:00
Stan Silvert
c78087c3ed
KEYCLOAK-12817: Password form is stretched if IdP is configured
2020-02-28 09:18:46 -03:00
Bart Monhemius
b6d945aaa8
[i18n nl] Add translations for link expiration
2020-02-27 10:47:46 +01:00
Erik Jan de Wit
b19355dd76
KEYCLOAK-10673 updated text-security to 2.0
2020-02-27 10:27:19 +01:00
Martin Bartoš
eaaff6e555
KEYCLOAK-12958 Preview feature profile for WebAuthn ( #6780 )
...
* KEYCLOAK-12958 Preview feature profile for WebAuthn
* KEYCLOAK-12958 Ability to enable features having EnvironmentDependent providers without restart server
* KEYCLOAK-12958 WebAuthn profile product/project
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2020-02-26 08:45:26 +01:00
stianst
04903666d1
KEYCLOAK-12597 Fix admin console with base theme
2020-02-19 15:46:38 +01:00
mposolda
a76c496c23
KEYCLOAK-12860 KEYCLOAK-12875 Fix for Account REST Credentials to work with LDAP and social users
2020-02-14 20:24:42 +01:00
Douglas Palmer
876086c846
[KEYCLOAK-12161] "Back to Application" link is shown with link to current page
2020-02-14 10:37:32 -03:00
stianst
42773592ca
KEYCLOAK-9632 Improve handling of user locale
2020-02-14 08:32:20 +01:00
Pedro Igor
421ec34557
[KEYCLOAK-8049] - Prevent users from not choosing a group
2020-02-13 10:10:46 +01:00
Peter Zaoral
b0ffea699e
KEYCLOAK-12186 Improve the OTP login form
...
-created and implemented login form design, where OTP device can be selected
-implemented selectable-card-view logic in jQuery
-edited related css and ftl theme resources
-fixed affected BrowserFlow tests
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2020-02-12 11:25:02 +01:00
Stan Silvert
b236cae7f7
KEYCLOAK-12875: User w/o pswd can't set pswd in new acct console.
2020-02-10 14:03:16 -05:00
Erik Jan de Wit
41bf0b78be
KEYCLOAK-11631 reset to default befor loading new
2020-02-10 12:55:14 -05:00
Dmitry Telegin
b6c5acef25
KEYCLOAK-7969 - SAML users should not be identified by SAML:NameID
2020-02-06 08:53:31 +01:00
Martin Bartoš
7dec314ed0
KEYCLOAK-12900 NullPointerException during WebAuthn Registration ( #6732 )
2020-02-05 17:01:36 +01:00
Axel Messinese
b73553e305
Keycloak-11526 search and pagination for roles
2020-02-05 15:28:25 +01:00
Martin Bartoš
b0c4913587
KEYCLOAK-12177 KEYCLOAK-12178 WebAuthn: Improve usability ( #6710 )
2020-02-05 08:35:47 +01:00
vmuzikar
0801cfb01f
KEYCLOAK-12105 Add UI tests for Single page to manage credentials
2020-02-04 15:18:52 -03:00
Stan Silvert
a2ac8e940d
KEYCLOAK-12867: Cred title should be visible if cred type disabled
2020-02-04 07:28:15 -05:00
Douglas Palmer
dc97a0af92
[KEYCLOAK-12107] Add tests for Applications page
2020-02-04 09:26:42 -03:00
rmartinc
5b9eb0fe19
KEYCLOAK-10884: Need clock skew for SAML identity provider
2020-02-03 22:00:44 +01:00
Thomas Darimont
a9572e6ee9
KEYCLOAK-12102 Show proper error messages in new account console
...
Previously error codes were not properly translated in the account theme.
2020-02-03 15:55:10 -05:00
Jan Lieskovsky
b532570747
[KEYCLOAK-12168] Various setup TOTP screen usability improvements ( #6709 )
...
On both the TOTP account and TOTP login screens perform the following:
* Make the "Device name" label optional if user registers the first
TOTP credential. Make it mandatory otherwise,
* Denote the "Authenticator code" with asterisk, so it's clear it's
required field (always),
* Add sentence to Step 3 of configuring TOTP credential explaining
the user to provide device name label,
Also perform other CSS & locale / messages file changes, so the UX is
identical when creating OTP credentials on both of these pages
Add a corresponding testcase
Also address issues pointed out by mposolda's review. Thanks, Marek!
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-02-03 19:34:28 +01:00
Marek Posolda
154bce5693
KEYCLOAK-12340 KEYCLOAK-12386 Regression in credential handling when … ( #6668 )
2020-02-03 19:23:30 +01:00
Marek Posolda
d8e450719b
KEYCLOAK-12469 KEYCLOAK-12185 Implement nice design to the screen wit… ( #6690 )
...
* KEYCLOAK-12469 KEYCLOAK-12185 Add CredentialTypeMetadata. Implement the screen with authentication mechanisms and implement Account REST Credentials API by use the credential type metadata
2020-01-31 14:28:23 +01:00
Stan Silvert
6ac5a2a17e
[KEYCLOAK-12744] rh-sso-preview theme for product build
...
* change logo for RH-SSO
* Small fixes to rh-sso-preview theme
* rh-sso-preview theme
Co-authored-by: Erik Jan de Wit <erikjan.dewit@gmail.com>
2020-01-31 08:16:52 -03:00
Bruno Oliveira da Silva
22bd945332
[KEYCLOAK-10304] Configure JS Adapter to use PKCE for new Account Management
2020-01-30 09:26:27 -05:00
Bruno Oliveira da Silva
a9c3e4b8bd
Update node_modules folder
2020-01-30 14:25:29 +01:00
Bruno Oliveira da Silva
c36bcc8701
[KEYCLOAK-12439] Update to Angular 1.7.9
2020-01-30 14:25:29 +01:00
Erik Jan de Wit
8a022da30d
KEYCLOAK-10303 configure JS Adapter to use PKCE
2020-01-30 10:29:06 +01:00
stianst
c38baa32ba
KEYCLOAK-12685 Set callback URI for identity providers to use frontend URL
2020-01-29 14:05:48 +01:00
Marek Posolda
d46620569a
KEYCLOAK-12174 WebAuthn: create authenticator, requiredAction and policy for passwordless ( #6649 )
2020-01-29 09:33:45 +01:00
Alex Szczuczko
7dd7686635
KEYCLOAK-11293 Run mvn clean package -Pnpm-update
2020-01-29 05:26:55 -03:00
Alex Szczuczko
52d8b759d3
KEYCLOAK-11293 Update theme build for keycloak-preview
...
`npm install` is changed to run at build time, removing the need for commiting
the js modules, which are getting a bit silly in size with the introduction of
account2. Appropriate changes to prod-arguments.json are included that should
enable the product build to function properly. The community and developer
builds will continue to work without the proxying PNC provides.
This also changes the themes pom to work with more than one `package.json`
file. The only other one at the moment is for the new account console /
account2.
The documentation file has been updated.
Since we're building directly out of the source directories, it is possible in
a local dev environment for unintended files (e.g. old compiled .js files),
placed within src/main/resources/, to be included in the themes jar. This
shouldn't be a problem for actual builds though, which use a fresh clone.
Other small changes include refactoring the npm setup stuff to a global
definition, and the introduction of some properties to avoid duplicating path
definitions everywhere.
This commit does not include the churn that would result from deleting the
existing commited modules.
2020-01-29 05:26:55 -03:00
Erik Jan de Wit
3beef2a4c0
KEYCLOAK-8098 use html5 email validation
2020-01-27 15:16:05 -05:00
Denis Richtárik
24c6e2ba08
KEYCLOAK-12742 Authentication -> WebAuthn Policy: Unable to delete the Acceptable AAGUIDS via the provided minus (-) button, once set ( #6695 )
2020-01-24 11:55:20 +01:00
Thomas Darimont
303861f7e8
KEYCLOAK-10003 Fix handling of request parameters for SMTP Connection Test
...
We now transfer the SMTP connection configuration via HTTP POST
request body parameters instead of URL parameters.
The improves handling of SMTP connection configuration values with
special characters. As a side effect sensitive information like SMTP
credentials are now longer exposed via URL parameters.
Previously the SMTP connection test send the connection parameters
as encoded URL parameters in combination with parameters in the request body.
However the server side endpoint did only look at the URL parameters.
Certain values, e.g. passwords with + or ; could lead to broken URL parameters.
2020-01-23 13:19:31 -06:00
Leon Graser
f1ddd5016f
KEYCLOAK-11821 Add account api roles to the client on creation
...
Co-authored-by: stianst <stianst@gmail.com>
2020-01-23 13:10:04 -06:00
Benjamin Weimer
dd9ad305ca
KEYCLOAK-12757 New Identity Provider Mapper "Advanced Claim to Role Mapper" with
...
following features
* Regex support for claim values.
* Support for multiple claims.
2020-01-23 07:17:22 -06:00
Stan Silvert
210fd92d23
KEYCLOAK-11550: Signing In page
2020-01-23 07:35:09 -05:00
Tobias Oort
910324e4eb
minor changes (punctuation, caps)
2020-01-20 06:51:08 -06:00
Tobias Oort
632925cc06
[i18n nl] Updated totpStep1 - removed a-href tags
...
A tags are not rendered as-is - they are escaped. This fixes html output as plaintext in the dutch translation.
2020-01-20 06:51:08 -06:00
Stan Silvert
922c9260a4
KEYCLOAK-12526: Fix when switch is displayed
2020-01-17 08:35:01 -03:00
Stan Silvert
568b1586a6
KEYCLOAK-12526: Add 'Always Display in Console' to admin console
2020-01-17 08:35:01 -03:00
Martin Bartos RH
d3f6937a23
[KEYCLOAK-12426] Add username to the login form + ability to reset login
2020-01-17 09:40:13 +01:00
mposolda
85dc1b3653
KEYCLOAK-12426 Add username to the login form + ability to reset login - NOT DESIGN YET
2020-01-17 09:40:13 +01:00
Alex Szczuczko
3ac4992808
KEYCLOAK-12478 Remove all html and css files under keycloak-preview
2020-01-16 15:26:13 -05:00
Martin Bartoš
5aab03d915
[KEYCLOAK-12184] Remove BACK button from login forms ( #6657 )
2020-01-15 12:25:37 +01:00