Commit graph

4415 commits

Author SHA1 Message Date
AlistairDoswald
4553234f64 KEYCLOAK-11745 Multi-factor authentication (#6459)
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
Andy Munro
e7e49c13d5 KEYCLOAK-11413 Update UI messages
Co-authored-by: stianst <stianst@gmail.com>

Made a couple more spelling corrections.
2019-11-14 12:31:05 +01:00
Martin Kanis
25511d4dbf KEYCLOAK-9651 Wrong ECDSA signature R and S encoding 2019-11-13 15:32:51 +01:00
sarveshtamba
0525fb43b9 Update pom.xml 2019-11-11 11:16:07 -03:00
stianst
b8881b8ea0 KEYCLOAK-11728 New default hostname provider
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2019-11-11 12:25:44 +01:00
Patrick Teubner
b3d87b52c2 KEYCLOAK-11888 Fix inconsistent pagination of groups by ordering the results of 'getTopLevelGroupIds' query 2019-11-11 09:22:51 +01:00
stianst
062841a059 KEYCLOAK-11898 Refactor AIA implementation 2019-11-08 16:03:07 -03:00
Martin Bartoš
bf8184221a KEYCLOAK-11838: Fixed unstable RefreshTokenTest (#6455) 2019-11-08 08:53:23 +01:00
Pedro Igor
28b41623eb [KEYCLOAK-11929] - Aggregated Policy Console tests failing due to upload_scripts feature 2019-11-08 08:16:59 +01:00
vramik
701ba1a408 KEYCLOAK-11891 Update How-TO-RUN file with instruction regarding remote server testing 2019-11-07 14:08:07 +01:00
mhajas
b74f69c5ac KEYCLOAK-11779 Make feature controller which takes care of enabling/disabling features including restarting container if needed 2019-11-07 09:35:11 +01:00
vmuzikar
b13fa2d16a KEYCLOAK-11602 Add token exchange test to OpenShift 3 social login test 2019-11-06 06:49:10 -03:00
vmuzikar
bf5cca52a4 KEYCLOAK-11675 Fix unstable Google Social Login test 2019-11-06 06:49:10 -03:00
Stan Silvert
041229f9ca KEYCLOAK-7429: Linked Accounts REST API 2019-11-05 16:03:21 -05:00
Peter Skopek
d0386dab85 KEYCLOAK-8785 remove k_version endpoint (#6428) 2019-11-05 11:35:55 +01:00
Douglas Palmer
a32c8c5190 [KEYCLOAK-11185] Fixed build with JDK 11 2019-11-04 10:56:07 -03:00
Martin Bartoš
e3d755fe9d KEYCLOAK-11729: ExtendingThemeTest is failing with auth-server-wildfly (#6410) 2019-11-04 11:27:03 +01:00
mhajas
e3fdfeb040 KEYCLOAK-11706 Add tests for spring version 2.2.0 2019-10-31 10:19:51 +01:00
Martin Kanis
25689d2a07 KEYCLOAK-9985 Removal of org.apache.commons in WildFly affects distribution 2019-10-29 23:13:44 +01:00
Benjamin Bentmann
d6f56e58c1 KEYCLOAK-11806 Fix SAML adapter to not fail upon receiving a login response without the optional Destination attribute 2019-10-29 23:12:15 +01:00
pkokush
ff551c5545 KEYCLOAK-10307: check password history length in password verification (#6058) 2019-10-24 21:33:21 +02:00
Takashi Norimatsu
1905260eac KEYCLOAK-11251 ES256 or PS256 support for Client Authentication by Signed JWT (#6414) 2019-10-24 17:58:54 +02:00
Hynek Mlnarik
783545572a KEYCLOAK-11684 Add support to display passwords in password fields
Add UI tests for KEYCLOAK-11684

Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: vmuzikar <vmuzikar@redhat.com>
2019-10-23 15:30:11 +02:00
mposolda
0cb8730df8 KEYCLOAK-11474 Fix LDAPGroupMapper tests with MySQL and MariaDB 2019-10-23 14:55:33 +02:00
Hynek Mlnarik
f0685cc246 KEYCLOAK-11739 Ensure unique / PK constraint in JPA is on par with Liquibase 2019-10-23 14:53:17 +02:00
Pedro Igor
bb4ff55229 [KEYCLOAK-10868] - Deploy JavaScript code directly to Keycloak server
Conflicts:
	testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/adapter/example/authorization/AbstractPhotozExampleAdapterTest.java

(cherry picked from commit 338fe2ae47a1494e786030eb39f908c964ea76c4)
2019-10-22 10:34:24 +02:00
Pedro Igor
bad9e29c15 [KEYCLOAK-10870] - Deprecate support for JavaScript policy support from UMA policy endpoint
Conflicts:
	testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/authz/UserManagedPermissionServiceTest.java

(cherry picked from commit 13923a7683cb666d2842bc61429c23409c1493b6)
2019-10-22 10:34:24 +02:00
Jan Lieskovsky
f2e5f9dedd [KEYCLOAK-11717] Drop the public key credential related elements (#6407)
from the Edit Account screen of the Account console

Add a testcase for it

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-10-21 19:54:39 +02:00
Martin Kanis
37304fdd7d KEYCLOAK-10728 Upgrade to WildFly 18 Final 2019-10-21 14:06:44 +02:00
Martin Reinhardt
5ad05c9317 [KEYCLOAK-6376] Directly create group 2019-10-21 10:41:04 +02:00
Martin Reinhardt
21a62a2670 [KEYCLOAK-6376] Reorganize imports and revert pom changes 2019-10-21 10:41:04 +02:00
Martin Reinhardt
28748ebf3f [KEYCLOAK-6376] Fix NPE and test setup 2019-10-21 10:41:04 +02:00
Martin Reinhardt
f18c8b9da5 [KEYCLOAK-6376] Switching to arquillian end2end tests 2019-10-21 10:41:04 +02:00
k-tamura
4a8065ec6b Add test method pointed out on review 2019-10-21 10:36:16 +02:00
Kohei Tamura
59ba874e1d KEYCLOAK-10945 Avoid lockout when clicking login twice 2019-10-21 10:36:16 +02:00
Pedro Igor
6acb87bd7a [KEYCLOAK-10822] - Prevent access to users from another realm 2019-10-21 10:32:50 +02:00
Martin Bartoš
ad9641722f KEYCLOAK-11613 Chrome Testing API (#6385) 2019-10-18 10:50:28 +02:00
stianst
31ed01a6de KEYCLOAK-11754 Prevent AbstractKeycloakTest from inititating backchannel logout on cleanup 2019-10-17 12:56:31 +02:00
mhajas
9cb2f1afdc KEYCLOAK-11530 Do not enable/disable vault before/after test method but before/after class 2019-10-17 09:55:06 +02:00
Pedro Igor
17785dac08 [KEYCLOAK-10714] - Add filtering support in My Resources endpoint by name 2019-10-16 16:26:55 +02:00
Tomas Kyjovsky
c2273e8f49 KEYCLOAK-11547 (#6341)
- Fixing `X509OCSPResponderTest.loginOKOnOCSPResponderRevocationCheckWithoutCA` test case on Windows
2019-10-15 15:56:29 +02:00
mposolda
f0a506a143 KEYCLOAK-11691 Broker tests re-structure 2019-10-14 11:38:09 +02:00
stianst
52085da520 KEYCLOAK-11702 Remove RestEasy 4 dependencies from core codebase 2019-10-11 15:03:34 +02:00
vramik
5c56a8493b KEYCLOAK-11568 Some properties are not propagated if specified via command line 2019-10-10 10:25:48 -03:00
mhajas
2f44c58a0d KEYCLOAK-11495 Change name of PlaintextVaultProvider to FilesPlaintextVaultProvider 2019-10-09 14:48:00 +02:00
Pedro Igor
f0fb48fb76 [KEYCLOAK-11326] - Refactoring to support different versions of resteasy 2019-10-09 12:01:34 +02:00
Pedro Igor
a2e98b57f4 [KEYCLOAK-11326] - Refactoring to use types from JAX-RS API 2019-10-09 12:01:34 +02:00
Hisanobu Okuda
75a44696a2 KEYCLOAK-10636 Large Login timeout causes login failure
KEYCLOAK-10637 Large Login Action timeout causes login failure
2019-10-07 13:27:20 +02:00
Cédric Couralet
5f006b283a KEYCLOAK-8316 Add an option to ldap provider to trust emails on import
Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>
2019-10-04 16:28:02 +02:00
Axel Messinese
f3607fd74d KEYCLOAK-10712 get groups full representation endpoint 2019-10-03 11:26:30 +02:00
Takashi Norimatsu
66de87a211 KEYCLOAK-11253 Advertise acr claim in claims_supported Server Metadata 2019-10-03 11:25:45 +02:00
Vincent Letarouilly
6b36e57593 KEYCLOAK-6698 - Add substitution of system properties and environment variables in theme.properties file 2019-10-01 16:34:54 +02:00
Takashi Norimatsu
6c9cf346c6 KEYCLOAK-11252 Implement Server Metadata of OAuth 2.0 Mutual TLS Client Authentication 2019-10-01 15:27:59 +02:00
Takashi Norimatsu
7c75546eac KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
* KEYCLOAK-9360 Two factor authentication with W3C Web Authentication - 1st impl phase
2019-10-01 15:17:38 +02:00
mhajas
f852ef157d KEYCLOAK-11470 Fix rebase issue 2019-10-01 08:20:55 +02:00
mhajas
6f097bdf89 KEYCLOAK-11470 Remove Assertj from testsuite
There is no reason to use more types of assertions and we already
heavily use hamcrest
2019-09-30 13:16:01 +02:00
vramik
67bcaf9ad7 KEYCLOAK-10155 app-server-remote tests 2019-09-30 10:29:51 +02:00
vramik
b1697a5e71 KEYCLOAK-11069 auth-server-remote tests 2019-09-30 10:29:51 +02:00
Mathieu CLAUDEL
2fb507e170 KEYCLOAK-10802 add support of SAMLv2 ForceAuthn 2019-09-27 09:55:54 +02:00
vmuzikar
1cdc5e1969 KEYCLOAK-11514 Add option to download specific WebDriver binaries versions 2019-09-26 09:54:30 -03:00
mhajas
b126c81ae3 KEYCLOAK-11313 Ignore failure of uninstalling arquillian bundle 2019-09-25 13:48:48 +02:00
Benjamin Weimer
2b1acb99a2 KEYCLAOK-9999 fix client import (#6136) 2019-09-23 13:08:24 +02:00
mhajas
f810e85526 KEYCLOAK-11316 Fix Photoz instabilities on windows
Error message: Cannot read property 'token_endpoint' of undefined
2019-09-20 13:12:09 +02:00
Hisanobu Okuda
da49dbce2b KEYCLOAK-10770 user-storage/{id}/sync should return 400 instead of 404 2019-09-20 11:17:09 +02:00
mhajas
37b7b595a5 KEYCLOAK-11410 Do not throw exception in PlaintextVaultProvider if unconfigured 2019-09-19 14:56:19 +02:00
rradillen
b71198af9f [KEYCLOAK-8575] oidc idp basic auth (#6268)
* [KEYCLOAK-8575] Allow to choose between basic auth and form auth for oidc idp

* uncomment ui and add tests

* move basic auth to abstract identity provider (except for getting refresh tokens)

* removed duplications
2019-09-19 14:36:16 +02:00
rmartinc
7f54a57271 KEYCLOAK-10757: Replaying assertion with signature in SAML adapters 2019-09-18 16:49:00 +02:00
madgaet
c35718cb87 [KEYCLOAK-9809] Support private_key_jwt authentication for external IdP 2019-09-17 16:04:23 +02:00
Jan Lieskovsky
63e9eec52d [KEYCLOAK-11415] Switch the 'GroupMapperConfig.PRESERVE_GROUP_INHERITANCE' setting reliably
Use own, separate context when trying to switch 'GroupMapperConfig.PRESERVE_GROUP_INHERITANCE'
group mapper config setting to 'false' (or back), across the various tests from LDAPGroupMapperSyncTest
suite. This makes the test results deterministic again (prevents 'test02_syncWithGroupInheritance()'
and 'test03_syncWithDropNonExistingGroups()' tests randomly to fail depending if attempt
to reset the 'GroupMapperConfig.PRESERVE_GROUP_INHERITANCE' back to 'true' in previous
'test01_syncNoPreserveGroupInheritance()' test succeeded, or not)

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-16 20:42:46 +02:00
Jan Lieskovsky
7ab854fecf [KEYCLOAK-8253] When syncing flat (all groups being the top-level ones) structure
of LDAP groups from federation provider to Keycloak, perform the search if the
currently processed group already exists in Keycloak in log(N) time

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-12 20:14:18 +02:00
Jan Lieskovsky
cfb225b499 [KEYCLOAK-8253] Improve the time complexity of LDAP groups synchronization
(in the direction from LDAP provider to Keycloak) from exponential to
linear time in the case of syncing flat LDAP groups structure

Add a corresponding test (intentionally configured as to be ignored
by CI/CD due to higher demand on time, required fo the test completion)

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2019-09-12 09:54:13 +02:00
Cédric Couralet
9c37da0ee9 KEYCLOAK-8818 Support message bundle in theme resources 2019-09-11 08:03:16 +02:00
mhajas
2703388946 KEYCLOAK-11245 Adapt LDAPConnectionTestManager to use newly introduced LDAPContextManager 2019-09-10 22:51:19 +02:00
mhajas
9c2525ec1a KEYCLOAK-11245 Use transcription object for LDAP bindCredential 2019-09-09 19:39:53 +02:00
Martin Kanis
4235422798 KEYCLOAK-11246 Use the transcription object for SMTP password 2019-09-09 13:27:11 +02:00
Hynek Mlnarik
9eb2e1d845 KEYCLOAK-11028 Use pessimistic locks to prevent DB deadlock when deleting objects 2019-09-09 10:57:49 +02:00
Stefan Guilhen
60205845a8 [KEYCLOAK-7264] Add a RoleMappingsProvider SPI to allow for the configuration of custom role mappers in the SAML adapters.
- Provides a default implementation based on mappings loaded from a properties file.
 - Role mappers can also be configured in the keycloak-saml susbsytem.
2019-09-09 05:24:25 -03:00
rmartinc
a726e625e9 KEYCLOAK-10782: Credentials tab on clients can only be displayed with view-realm 2019-09-06 16:45:08 -03:00
Martin Kanis
b1be6c2bdd KEYCLOAK-11247 Use the transcription object for Identity providers password 2019-09-06 15:29:11 +02:00
Pedro Igor
a1d8850373 [KEYCLOAK-7416] - Device Activity 2019-09-05 11:43:27 -03:00
Sebastian Laskawiec
69d6613ab6 KEYCLOAK-10169 OpenShift 4 Identity Provider 2019-09-05 16:33:59 +02:00
vmuzikar
2f9d875840 KEYCLOAK-11286 Fix tests in "other" module 2019-09-05 16:29:09 +02:00
vramik
ca6fbac599 KEYCLOAK-11150 testsuite dependency with auth-server-remote 2019-09-05 08:34:22 +02:00
Stefan Guilhen
bb9c811a65 [KEYCLOAK-10935] Add a vault transcriber implementation that can be obtained from the session.
- automatically parses ${vault.<KEY>} expressions to obtain the key that contains the secret in the vault.
 - enchances the capabilities of the VaultProvider by offering methods to convert the raw secrets into other types.
2019-09-04 22:34:08 +02:00
mposolda
3a19db0c9d KEYCLOAK-10921 Fix unstable RefreshTokenTest 2019-09-04 05:54:26 -03:00
Martin Bartos RH
a0ba6e593e [KEYCLOAK-11024] RulesPolicyManagementTest failing with auth-server-undertow in universal pipeline 2019-09-02 11:58:30 +02:00
Niko Köbler
49e9cd759b KEYCLOAK-10734 Let the check-sso feature do the check in hidden iframe 2019-08-20 15:41:09 -03:00
vmuzikar
b3004482fb KEYCLOAK-10235 Fix ClientClientScopes Admin Console test 2019-08-20 14:10:21 -03:00
Pedro Igor
e12c245355 [KEYCLOAK-10779] - CSRF check to My Resources
(cherry picked from commit dbaba6f1b8c043da4a37c906dc0d1700956a0869)
2019-08-20 06:35:00 -03:00
Hynek Mlnarik
97811fdd51 KEYCLOAK-10786 Check signature presence in SAML broker
(cherry picked from commit ba9f73aaff22eb34c7dec16f4b76d36d855d569b)
2019-08-20 06:35:00 -03:00
Leon Graser
0ce10a3249 [KEYCLOAK-10653] Manage Consent via the Account API 2019-08-20 06:24:44 -03:00
Pedro Igor
3f2a38936c [KEYCLOAK-11154] - Unstable Photoz Adapter Tests 2019-08-19 16:04:24 -03:00
mhajas
78ee5adfe8 KEYCLOAK-10034 Replace pause with waitForPageToLoad 2019-08-19 10:18:15 +02:00
Tomas Kyjovsky
fe18e93ba4 KEYCLOAK-10904 ExportImportTest unstable
- adding an exception for realm-management clients into the client confidentiality check
- fixing some performance test datasets to only enable authz for confidential clients
2019-08-16 16:08:08 -03:00
Nemanja Hiršl
411ea331f6 KEYCLOAK-10785 X.509 Authenticator - Update user identity source mappers
Update user identity sources and the way how X.509 certificates are mapped to the user to:
1. Include "Serial number + Issuer DN" as described in RFC 5280
2. Include "Certificate's SHA256-Thumbprint"
3. Exclude "Issuer DN"
4. Exclude "Issuer Email"

Add an option to represent serial number in hexadecimal format.

Documentation PR created: https://github.com/keycloak/keycloak-documentation/pull/714
KEYCLOAK-10785 - Documentation for new user identity source mappers
2019-08-16 11:35:50 -03:00
Takashi Norimatsu
8225157a1c KEYCLOAK-6768 Signed and Encrypted ID Token Support 2019-08-15 15:57:35 +02:00
mposolda
67df6d03af KEYCLOAK-10449 KEYCLOAK-10550 Fix manual DB migration test with MSSQL 2019-08-15 14:19:27 +02:00
Martin Bartos RH
925864530a KEYCLOAK-10457 Merge preview features test: SocialLoginTest 2019-08-14 22:09:59 +02:00
Peter Skopek
71eed3af06 KEYCLOAK-10792 MigrationTest fails in pipeline: fix log file checker to start from the right position after server restart 2019-08-12 15:41:56 +02:00
Grzegorz Grzybek
f8ee7cc0f6 [KEYCLOAK-10918] For Fuse itests, update org.apache.karaf.management PID before restarting hawtio 2019-08-08 10:52:55 +02:00