Pedro Igor
eec712a259
[KEYCLOAK-3135] - Role and user policies apis
2017-04-12 00:52:14 -03:00
Pedro Igor
d60dcb4c62
[KEYCLOAK-3135] - Some more tests and making policy type rest api more generic
2017-04-12 00:52:13 -03:00
Pedro Igor
8e64bc3e4d
Tests for new permission management rest api
2017-04-12 00:52:13 -03:00
Bill Burke
201d2c6aac
Merge remote-tracking branch 'upstream/master'
2017-04-06 10:44:43 -04:00
Bill Burke
31074c3c8d
KEYCLOAK-4727 KEYCLOAK-4652
2017-04-06 10:44:33 -04:00
Stian Thorgersen
e74f037732
KEYCLOAK-4658 Updates client-cli
2017-03-24 09:41:56 +01:00
Peter Nalyvayko
b2f10359c8
KEYCLOAK-4335: x509 client certificate authentication
...
Started on implementing cert thumbprint validation as a part of x509 auth flow. Added a prompt screen to give users a choice to either log in based on the identity extracted from X509 cert or to continue with normal browser login flow authentication; clean up some of the comments
x509 authentication for browser and direct grant flows. Implemented certificate to user mapping based on user attribute
Implemented CRL and OCSP certificate revocation checking and added corresponding configuration settings to set up responderURI (OCSP), a location of a file containing X509CRL entries and switiches to enable/disable revocation checking; reworked the certificate validation; removed superflous logging; changed the certificate authentication prompt page to automatically log in the user after 10 seconds if no response from user is received
Support for loading CRL from LDAP directory; finished the CRL checking using the distribution points in the certificate; updated the instructions how to add X509 authentication to keycloak authentication flows; minor styling changes
Stashing x509 unit test related changes; added the steps to configure mutual SSL in WildFly to the summary document
A minor fix to throw a security exception when unable to check cert revocation status using OCSP; continue working on README
Changes to the formating of the readme
Added a list of features to readme
Fixed a potential bug in X509 cert user authenticator that may cause NPE if the client certificate does not define keyusage or extended key usage extensions
Fixed compile time errors in X509 validators caused by the changes to the user credentials model in upstream master
Removed a superfluous file created when merging x509 and main branches
X509 authentication: removed the PKIX path validation as superflous
Reverted changes to the AbstractAttributeMapper introduced during merging of x509 branch into main
Merge the unit tests from x509 branch
added mockito dependency to services project; changes to the x509 authenticators to expose methods in order to support unit tests; added a default ctor to CertificateValidator class to support unit testing; updated the direct grant and browser x509 authenticators to report consistent status messages; unit tests to validate X509 direct grant and browser authenticators; fixed OCSP validation to throw an exception if the certificate chain contains a single certificate; fixed the CRL revocation validation to only use CRL distribution point validation only if configured
CRL and OSCP mock tests using mock netty server. Changed the certificate validator to better support unit testing.
changes to the mockserver dependency to explicitly exclude xercesImpl that was causing SAMLParsingTest to fail
Added a utility class to build v3 certificates with optional extensions to facilitate X509 unit testing; removed supoerfluous certificate date validity check (undertow should be checking the certificate dates during PKIX path validation anyway)
X509: changes to make configuring the user identity extraction simplier for users - new identity sources to map certificate CN and email (E) attributes from X500 subject and issuer names directly rather than using regular expressions to parse them
X509 fixed a compile error caused by the changes to the user model in master
Integration tests to validate X509 client certificate authentication
Minor tweaks to X509 client auth related integration tests
CRLs to support x509 client cert auth integration tests
X509: reverted the changes to testrealm.json and updated the test to configure the realm at runtime
X509 - changes to the testsuite project configuration to specify a path to a trust store used to test x509 direct grant flow; integration tests to validate x509 authentication in browser and direct grant flows; updated the client certificate to extend its validatity dates; x509 integration tests and authenticators have been refactored to use a common configuration class
X509 separated the browser and direct grant x509 authenction integration tests
x509 updated the authenticator provider test to remove no longer supported cert thumbprint authenticator
x509 removed the dependency on mockito
x509 re-implemented OCSP certificate revocation client used to check revocation status when logging in with x509 certificate to work around the dependency on Sun OCSP implementation; integration tests to verify OCSP revocation requests
index.txt.attr is needed by openssl to run a simple OCSP server
x509: minor grammar fixes
Add OCSP stub responder to integration tests
This commit adds OCSP stub responder needed for the integration tests,
and eliminates the need to run external OCSP responder in order to run
the OCSP in X509OCSPResponderTest.
Replace printStackTrece with logging
This commit replaces call to printStackTrace that will end up going to
the stderr with logging statement of WARN severity.
Remove unused imports
Removed unused imports in
org.keycloak.authentication.authenticators.x509 package.
Parameterized Hashtable variable
Removed unused CertificateFactory variable
Declared serialVersionUID for Serializable class
Removed unused CertificateBuilder class
The CertificateBuilder was not used anywhere in the code, removing it to
prevent technical debt.
Removing unused variable declaration
`response` variable is not used in the test, removed it.
Made sure InputStreams are closed
Even though the InputStreams are memory based, added try-with-resources
to make sure that they are closed.
Removed deprecated usage of URLEncoder
Replaced invocation of deprecated method from URLEncoder with Encode
from Keycloak util package.
Made it more clear how to control OCSP stub responder in the tests
X509 Certificate user authentication: moved the integration unit tests into their own directory to fix a failing travis test job
KEYCLOAK-4335: reduced the logging level; added the instructions how to run X.509 related tests to HOW-TO-RUN.md doc; removed README.md from x509 folder; removed no longer used ocsp profile and fixed the exclusion filter; refactored the x509 base test class that was broken by the recent changes to the integration tests
KEYCLOAK-4335: fixed a few issues after rebasing
2017-03-17 05:24:57 -04:00
Stian Thorgersen
a87ee04024
Bump to 3.1.0.CR1-SNAPSHOT
2017-03-16 14:21:40 +01:00
Bill Burke
cf5e2a1d20
unlink/remoteimported
2017-02-08 19:48:22 -05:00
Marko Strukelj
3e13ffda65
KEYCLOAK-4324 Upgrade and unify Aesh version to 0.66.12
2017-01-26 18:08:48 +01:00
Stian Thorgersen
6f22f88d85
Bump version to 3.0.0.CR1
2017-01-26 06:18:11 +01:00
Bill Burke
c6dab26769
KEYCLOAK-4289
2017-01-25 16:30:30 -05:00
mposolda
93157e49d5
KEYCLOAK-4201 Offline tokens become useless when accessing admin REST API
2017-01-13 09:06:53 +01:00
mposolda
c32620b718
KEYCLOAK-4175 Provide a way to set the connect and read timeout for ldap connections
2017-01-09 21:35:58 +01:00
Marko Strukelj
9ab44b79ce
KEYCLOAK-4146 Admin CLI enhancements
...
- Added -b, --body and composite roles support
- Added a test that performs a demo session
2017-01-03 11:14:12 +01:00
Stian Thorgersen
e805ffd945
Bump version to 2.5.1.Final-SNAPSHOT
2016-12-22 08:22:18 +01:00
Pedro Igor
40591cff25
Merge pull request #3662 from pedroigor/KEYCLOAK-4034
...
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 16:49:10 -02:00
Pedro Igor
c9c9f05e29
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 11:22:37 -02:00
Marko Strukelj
ad11d6e76b
KEYCLOAK-912 Admin CLI
...
- Fix relative URI resolution not working for https
2016-12-19 11:39:18 +01:00
Marko Strukelj
c3d9859c6e
KEYCLOAK-912 Admin CLI
2016-12-19 01:05:03 +01:00
Bill Burke
5f07fa8057
KEYCLOAK-2806
2016-12-08 16:28:22 -05:00
Bill Burke
68c8bfa0e1
KEYCLOAK-2705
2016-12-06 17:32:41 -05:00
Bill Burke
88d08c4f38
component query and remove provider alis fix
2016-12-03 11:34:48 -05:00
Stian Thorgersen
b771b84f56
Bump to 2.5.0.Final-SNAPSHOT
2016-11-30 15:44:51 +01:00
Bill Burke
f6a080729a
javadoc
2016-11-28 12:25:54 -05:00
Bill Burke
1dacddb7e3
KEYCLOAK-3980
2016-11-28 12:20:40 -05:00
mposolda
7c6032cc84
KEYCLOAK-3825 Ability to expire publicKeys cache. Migrated OIDCBrokerWithSignatureTest to new testsuite
2016-11-25 17:45:37 +01:00
Bill Burke
d5925b8ccf
remove realm UserFed SPI methods
2016-11-23 08:31:20 -05:00
Stian Thorgersen
6ec82865d3
Bump version to 2.4.1.Final-SNAPSHOT
2016-11-22 14:56:21 +01:00
Marko Strukelj
408850e7bd
KEYCLOAK-3767 kcreg should show hint for help if required arguments are missing
2016-10-28 11:54:48 +02:00
Marko Strukelj
5925a99800
KEYCLOAK-3766 kcreg should display help when no arguments are passed to command
2016-10-27 11:08:36 +02:00
Marko Strukelj
4ee759d9ec
KEYCLOAK-3789 KcRegTests are failing on CI
2016-10-26 01:06:33 +02:00
Marko Strukelj
e24b27c79e
KEYCLOAK-3801 Remove --unsafe from 'kcreg update'
2016-10-24 11:33:06 +02:00
Stian Thorgersen
4d47f758fc
Merge pull request #3405 from stianst/master
...
Bump version
2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb
Bump version
2016-10-21 07:03:15 +02:00
Marko Strukelj
db0024d857
KEYCLOAK-3740 kcreg.sh doesn't support symlinking
...
- fix buggy patch
2016-10-20 15:05:17 +02:00
Marko Strukelj
584d2e700d
KEYCLOAK-3740 kcreg.sh doesn't support symlinking
2016-10-20 10:14:42 +02:00
Marko Strukelj
85db8ea44f
KEYCLOAK-3743 kcreg.sh without any options exists with 0
2016-10-19 21:23:31 +02:00
Marek Posolda
2acea2b2ee
Merge pull request #3370 from mposolda/master
...
Client registration policies - polishing
2016-10-19 20:06:29 +02:00
mposolda
3779bfb6b4
KEYCLOAK-3666 client registration policies - polishing
2016-10-19 17:45:23 +02:00
Marko Strukelj
79f53c5513
KEYCLOAK-3742 kcreg config prints null
...
- proper no args check across the board
- added --help option to all commands
2016-10-19 16:36:25 +02:00
Marko Strukelj
c912f941e7
KEYCLOAK-2084 Client Registration CLI
2016-10-18 12:33:02 +02:00
mposolda
18e0c0277f
KEYCLOAK-3666 Dynamic client registration policies
2016-10-14 20:20:40 +02:00
Stian Thorgersen
d2cae0f8c3
KEYCLOAK-905
...
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
Bill Burke
8967ca4066
refactor mongo entities, optimize imports
2016-09-28 15:25:39 -04:00
Bill Burke
ecc104719d
bump pom version
2016-09-26 11:01:18 -04:00
Pedro Igor
517413d38e
[KEYCLOAK-3129] - Add authorization services endpoints to PermissionsTest
2016-09-06 17:32:37 -03:00
mposolda
0520d465c1
KEYCLOAK-3414 Support for client registration from trusted hosts
2016-08-11 15:55:32 +02:00
mposolda
a8fb988e31
KEYCLOAK-3406 OIDC dynamic client registrations specs fixes
2016-08-11 15:54:51 +02:00
mposolda
d52e043322
Set version to 2.2.0-SNAPSHOT
2016-08-10 08:57:18 +02:00
Bill Burke
530870f05e
realm components import/export
2016-08-09 15:06:29 -04:00
Bill Burke
b224917fc5
bump version
2016-06-30 17:17:53 -04:00
Pedro Igor
afa9471c7c
[KEYCLOAK-3128] - Admin Client Authorization Endpoints
2016-06-30 10:26:05 -03:00
Stian Thorgersen
e538394e60
KEYCLOAK-3091 Change brute force to use userId
2016-06-13 15:30:13 +02:00
Marko Strukelj
ec258c6515
KEYCLOAK-2879 UserResource
2016-06-02 15:23:18 +02:00
Marko Strukelj
ebc184bf94
KEYCLOAK-2863 ClientAttributeCertificateResource
2016-05-11 15:22:39 +02:00
Stian Thorgersen
d43b230b93
KEYCLOAK-2880 Refactor PermissionTest to not require Java8
2016-05-09 07:25:03 +02:00
mposolda
bea2678e85
KEYCLOAK-2862 AuthenticationManagementResource tests
2016-05-06 20:19:58 +02:00
Stian Thorgersen
0ca117b8e9
KEYCLOAK-2865 Extend coverage of client admin endpoints
2016-05-06 08:08:52 +02:00
Marko Strukelj
f337085ed0
KEYCLOAK-2869 IdentityProvidersResource/IdentityProviderResource
2016-05-05 17:04:45 +02:00
Stian Thorgersen
2355db57da
KEYCLOAK-2880 Permissions tests for admin endpoints
2016-05-04 08:25:05 +02:00
Stian Thorgersen
95724e36f3
KEYCLOAK-2871 Extend coverage on RealmAdminResource
2016-04-27 10:29:24 +02:00
mposolda
e0aedfb93d
KEYCLOAK-2878 UserFederation mapper testing
2016-04-22 14:03:42 +02:00
mposolda
afcdce6b71
Simplified calling of AuthenticationManagementResource.getExecutions()
2016-04-21 23:11:25 +02:00
mposolda
f6a718f10a
KEYCLOAK-2878 Testing of UserFederation admin REST endpoints
2016-04-21 23:11:14 +02:00
Stian Thorgersen
34d5e85316
KEYCLOAK-2873 / KEYCLOAK-2875 Test RoleContainerResource
2016-04-21 10:58:46 +02:00
Stian Thorgersen
4f5b71d81a
KEYCLOAK-2872 Test RoleByIdResource
2016-04-21 07:09:25 +02:00
Stian Thorgersen
86dfcecef6
KEYCLOAK-2861 Test AttackDetectionResource
2016-04-20 16:21:57 +02:00
Stian Thorgersen
f64ffcbefe
KEYCLOAK-2818
...
Fix poms not updated by versions plugin
2016-04-14 08:16:07 +02:00
mposolda
3c3bbdbbdb
KEYCLOAK-2809 NPE when removing role, which is in scope of some ClientTemplate
2016-04-13 11:49:29 +02:00
mposolda
e4f75409c9
KEYCLOAK-2802 NPE during identity broker cancelled from account mgmt
2016-04-11 23:31:24 +02:00
mposolda
98ad9b7e7c
KEYCLOAK-2801 Redirected to login theme error page after failed social linking from account management
2016-04-11 23:30:18 +02:00
Guus der Kinderen
38670df49a
KEYCLOAK-2785: Admin client should be able to delete a user.
...
The delete user service should be exposed in the admin client.
2016-04-08 16:34:46 +02:00
Konstantin Gribov
974c5615af
Revert accidentally removed ResteasyClient configuration in admin
...
Fixes accidentally removed in PR #2449 ResteasyClient pool size parameter in
`org.keycloak.admin.client.Keycloak`.
2016-04-07 20:24:57 +03:00
Stian Thorgersen
e8932bbea0
Merge pull request #2449 from grossws/KEYCLOAK-2236
...
KEYCLOAK-2236 add service account support to keycloak-admin-client
2016-04-07 15:45:10 +02:00
Konstantin Gribov
96424536a7
Add service account support to Keycloak admin client
...
Added grant_type=client_credentials support to keycloak-admin-client
so `keycloak-admin-client` can be used with service client account.
Fixes #KEYCLOAK-2236
2016-04-07 15:24:07 +03:00
Guus der Kinderen
be578684b9
KEYCLOAK-2767: Should return a primitive if possible.
...
A JSON primitive is valid JSON. There is no need to construct a JSON object
just for the sake of being JSON complient. This keeps things nice and simple.
2016-04-07 13:19:29 +02:00
Stian Thorgersen
6dc1194247
Merge pull request #2508 from guusdk/KEYCLOAK-2731
...
KEYCLOAK-2731: Improve thread safety of TokenManager
2016-04-07 07:36:22 +02:00
Stian Thorgersen
a7c956bf10
Merge pull request #2505 from guusdk/KEYCLOAK-2746
...
KEYCLOAK-2746: By default, allow for concurrent usage
2016-04-07 07:35:39 +02:00
Stian Thorgersen
0907feb508
Merge pull request #2446 from guusdk/KEYCLOAK-2726
...
KEYCLOAK-2726: Invalidate token upon failure
2016-04-07 07:24:03 +02:00
Stian Thorgersen
30e2709bd0
Merge pull request #2443 from guusdk/KEYCLOAK-2721
...
KEYCLOAK-2721: Do not recreate TokenService proxy
2016-04-07 07:20:46 +02:00
Guus der Kinderen
804dd13abd
KEYCLOAK-2731: Improve thread safety of TokenManager
...
This commit guards access to the non-final fields of TokenManager by its intrinsic lock.
2016-04-05 15:01:37 +02:00
Guus der Kinderen
120b880427
KEYCLOAK-2746: By default, allow for concurrent usage
...
The nature of Keycloak makes it very plausible that it is used in
a concurrent setting. With that in mind, it would make sense to,
by default, allow for more than one concurrent Resteasy connection
in the admin client code.
2016-04-05 11:34:02 +02:00
Stian Thorgersen
48551d362a
KEYCLOAK-2704
...
User count missing in REST admin endpoint
2016-04-05 07:48:20 +02:00
Bill Burke
545fb8b849
KEYCLOAK-2716
2016-03-30 18:15:11 -04:00
Guus der Kinderen
ad7a6c4854
KEYCLOAK-2726: Invalidate token upon failure
...
When a token managed by TokenManager is known to be invalid, it should no
longer be used. This commit adds a response listener to the only filter
using TokenManager, which causes, upon authentication failure, to
invalidate the token that was used.
2016-03-30 15:33:58 +02:00
Guus der Kinderen
89158c9dcf
KEYCLOAK-2721: Do not recreate TokenService proxy
...
By re-using the service proxy, classloading issues can be prevented.
2016-03-29 11:11:35 +02:00
Stian Thorgersen
28fe13a800
Next is 2.0.0.CR1
2016-03-10 08:13:00 +01:00
Stian Thorgersen
d722e53108
Next is 1.9.2.Final
2016-03-10 07:28:27 +01:00
Stian Thorgersen
56c3d53a24
Merge pull request #2324 from ssilvert/client-tests
...
KEYCLOAK-2535: ClientResource endpoint tests
2016-03-07 06:13:55 +01:00
Bruno Oliveira
4a027d97b0
Client registration won't compile without these changes
2016-03-04 12:46:57 -03:00
Stan Silvert
2c79456e72
KEYCLOAK-2535: ClientResource endpoint tests
2016-03-04 07:41:24 -05:00
Stian Thorgersen
24328fdc47
KEYCLOAK-2555 ForbiddenException when importing test realm or creating test user
2016-02-29 10:09:06 +01:00
Stan Silvert
3383b044b2
KEYCLOAK-2316: Sync admin client with endpoints for Client. First commit.
2016-02-23 13:29:12 -05:00
Stian Thorgersen
a1d9753ec2
Next is 1.9.1.Final-SNAPSHOT
2016-02-23 08:48:26 +01:00
Stian Thorgersen
4fd97091ff
Version bump to 2.0.0.CR1-SNAPSHOT
2016-02-22 11:36:56 +01:00
Stian Thorgersen
7841c5f07b
Merge pull request #2232 from abstractj/cli-registration-parent
...
Fixes the parent for Keycloak client registration cli module
2016-02-17 07:45:15 +00:00
Bruno Oliveira
f3752f804f
Fixes the parent for Keycloak client registration cli module
2016-02-16 15:33:49 -02:00
Stan Silvert
17e09a557b
Fix conflict.
2016-02-11 15:38:58 -05:00
Stan Silvert
dd9cf3be39
KEYCLOAK-2481: Create admin client endpoint for partial endpoint + tests
2016-02-11 15:26:52 -05:00
Marko Strukelj
dadb470609
KEYCLOAK-1967 Add support for authentication flows into admin-rest-client
2016-02-11 12:18:01 +01:00
Stian Thorgersen
77912b2117
KEYCLOAK-2475
...
Move client registration endpoints
2016-02-10 14:23:04 +01:00
Stan Silvert
e89f511465
KEYCLOAK-1976: Add support for events into admin-rest-client. Also,
...
arquillian tests for events.
2016-02-05 18:45:25 -05:00
Stian Thorgersen
579ab56a5a
Bump version to 1.9.0.Final-SNAPSHOT
2016-02-04 15:55:11 +01:00
Stian Thorgersen
c7a8742a36
KEYCLOAK-1524
...
Source code headers
2016-02-03 11:20:22 +01:00
Stian Thorgersen
59c7cfcc97
KEYCLOAK-2312 Move client-registration libs into integration
2016-01-21 09:06:23 +01:00
Bill Burke
d9487a8745
social broker reorg
2016-01-20 16:46:38 -05:00
Stian Thorgersen
73db7a0ea9
KEYCLOAK-2323 Revert changes
2016-01-20 14:34:59 +01:00
Stian Thorgersen
ded919c0a6
Merge pull request #2033 from ahus1/ahus1_location_fragment_lost_on_logout
...
Handle URL fragments when redirect from logout / KEYCLOAK-2323
2016-01-18 09:52:37 +01:00
Stian Thorgersen
504218470b
Merge pull request #2032 from ahus1/ahus1_timeskew_for_init
...
set timeSkew when passing tokens to init()
2016-01-15 16:38:38 +01:00
Alexander Schwartz
b7ac2548f1
Handle URL fragments when redirect from logout / KEYCLOAK-2323
2016-01-14 23:06:16 +01:00
Alexander Schwartz
9b8c80e83f
set timeSkew when passing tokens to init(), also allow timeSkew to be passed as a parameter / KEYCLOAK-2322
2016-01-14 22:37:29 +01:00
Stian Thorgersen
435980d776
KEYCLOAK-1809
...
Upgrade jackson to version 2.x
2016-01-14 16:34:30 +01:00
Stian Thorgersen
ddb41e2c58
Merge pull request #2017 from mposolda/master
...
KEYCLOAK-2270 Use sub instead of iss for clientId in JWTClientAuthent…
2016-01-13 11:10:09 +01:00
mposolda
4642876323
KEYCLOAK-2270 Use sub instead of iss for clientId in JWTClientAuthenticator
2016-01-13 10:12:20 +01:00
Stian Thorgersen
0193c696ab
Version bump
2016-01-13 09:20:38 +01:00
Bill Burke
f7ac5fae2a
Merge pull request #1945 from raehalme/KEYCLOAK-1579
...
KEYCLOAK-1579: Replaced AdapterDeploymentContextBean with AdapterDeploymentContextFactoryBean
2016-01-04 17:15:25 -05:00
Bill Burke
d939b6a431
template scope
2015-12-18 17:15:27 -05:00
Thomas Raehalme
566a58b5d8
Replaced AdapterDeploymentContextBean with AdapterDeploymentContextFactoryBean and added support for KeycloakConfigResolver.
2015-12-15 11:53:10 +02:00
Bill Burke
96e1813b34
client templates backend
2015-12-11 10:31:42 -05:00
Stian Thorgersen
34c3ffaae1
Ported AdminApiTest to use admin client
2015-12-03 08:24:23 +01:00
Stian Thorgersen
ff806eae08
Version bump
2015-12-01 19:54:28 +01:00
Stian Thorgersen
2c5510284d
Merge pull request #1891 from mstruk/wildfly-modules-rename
...
KEYCLOAK-2099 WildFly 10 adapter subsystem
2015-11-30 09:48:15 +01:00
mposolda
57b60797ce
KEYCLOAK-1129 Implicit flow: more work
2015-11-28 00:15:41 +01:00
mposolda
ef80b64d1c
KEYCLOAK-1129 Implicit flow and Hybrid flow support
2015-11-27 22:28:38 +01:00
Marko Strukelj
373fc23fc0
KEYCLOAK-2099 WildFly 10 adapter subsystem
2015-11-27 20:46:20 +01:00
Stian Thorgersen
c83e3bd2d1
KEYCLOAK-2106 HTTP 500 for unparsable refresh tokens
2015-11-27 08:59:23 +01:00
Bill Burke
d6e2bccb16
Merge pull request #1840 from velias/KEYCLOAK-2075
...
KEYCLOAK-2075 KEYCLOAK-2107 - support for SAML IsPassive mode
2015-11-25 10:35:00 -05:00
Bill Burke
0c8f3f734d
Merge pull request #1855 from Smartling/KEYCLOAK-1391
...
KEYCLOAK-1391: Return an HTTP 401 for API requests
2015-11-25 08:57:05 -05:00
Vlastimil Elias
e3060e5e58
rebased to latest master
2015-11-25 13:46:29 +01:00
Vlastimil Elias
18fa03bf97
KEYCLOAK-2107 - support IsPassive mode in SAML SP adapter library
...
KEYCLOAK-2075 - added integration tests for both server and adapter side
2015-11-25 08:39:55 +01:00
Stian Thorgersen
3685a185d4
Merge pull request #1859 from stianst/reset-pass
...
KEYCLOAK-1758 add-user script
2015-11-25 06:56:35 +01:00
Bill Burke
ff63c5552a
sendError() handling'
2015-11-24 16:48:24 -05:00
Stian Thorgersen
cfc28b861b
KEYCLOAK-1758 add-user script
2015-11-24 21:54:58 +01:00
Scott Rossillo
f1c3295cec
KEYCLOAK-1391: Return an HTTP 401 for API requests
...
Non browser HTTP requests shouldn't redirect to the Keycloak login
page. Instead, return an HTTP 401 with a proper WWW-Authenticate
header.
2015-11-23 10:46:14 -05:00
Bill Burke
ac1baa059f
Merge pull request #1797 from raehalme/KEYCLOAK-2041
...
KEYCLOAK-2041 Use sendError instead of setStatus to report errors
2015-11-20 11:50:37 -05:00
Bill Burke
98958a2bc4
default groups
2015-11-18 19:40:30 -05:00
Bill Burke
6989589e72
Merge remote-tracking branch 'upstream/master'
2015-11-18 15:24:45 -05:00
Bill Burke
41331111da
resolve conflicts
2015-11-18 09:39:19 -05:00
Bill Burke
bff334d365
group token/assertion and tests
2015-11-18 09:36:47 -05:00
Stian Thorgersen
764c20d748
KEYCLOAK-2085 Initial access tokens for client registration
2015-11-18 10:33:24 +01:00
Stian Thorgersen
1df741a307
Merge pull request #1826 from lkubik/changeAllJettyToProvided
...
KEYCLOAK-2081
2015-11-16 20:23:31 +01:00
Lukas Kubik
13a52c1bb2
KEYCLOAK-2081
...
Change scope of jetty dependencies to provided
2015-11-13 15:43:11 +01:00
Thomas Darimont
c4416a25e0
KEYCLOAK-2068 - Fix Potential NPE when using Servlet-Filter Adapter.
...
When using the `org.keycloak.adapters.servlet.KeycloakOIDCFilter` a `NullPointerException`
can be thrown in the `org.keycloak.adapters.servlet.FilterSessionStore` within the `getParam`
method of the generated wrapper in `buildWrapper` when the `content-type` is not set.
Since the `content-type` is only used to parse the body. We just check whether the `body`
is `null` and if so avoid touching the `content-type` which prevents the NPE.
If the `body` is null we return an empty `MultivaluedHashMap` for the parameters.
2015-11-13 00:14:34 +01:00
Bruno Oliveira
9203971809
KEYCLOAK-2064: Update pax-web to make use of SecureRandom
2015-11-12 09:46:45 -02:00
Stian Thorgersen
64baa28301
Merge pull request #1810 from lkubik/updateJettyScope
...
Change scope of jetty dependencies in jetty-adapter-spi
2015-11-12 09:23:44 +01:00
Stian Thorgersen
1891019067
Merge pull request #1802 from equinux/pr/fix-js-parameter-encoding
...
Fix parameter encoding in JS adapter
2015-11-12 09:19:21 +01:00
Bill Burke
33ac048c8c
resolve conflicts
2015-11-11 18:06:39 -05:00
Lukas Kubik
825a68c6c9
Change scope of jetty dependencies in jetty-adapter-spi.
2015-11-11 17:01:46 +01:00
Lukas Kubik
1f75f85a20
Unify jetty version in keycloak-jetty-adapter-spi with other versions
2015-11-11 13:58:22 +01:00
Dominique d'Argent
7ef747e7c4
Fix parameter encoding in JS adapter
...
- fixes https://issues.jboss.org/browse/KEYCLOAK-2047
- relates to keycloak/keycloak-js-bower#7
2015-11-10 11:20:06 +01:00
Thomas Raehalme
68edf9ce48
Errors are now reported using sendError instead of setStatus.
...
This change was made to enable the use of error pages defined in web.xml.
2015-11-06 10:53:18 +02:00
Thomas Raehalme
7b7fbd3257
Added sendError(int) to HttpFacade.Response.
2015-11-06 10:47:08 +02:00
Bill Burke
151c56a304
conflicts
2015-11-02 11:21:10 -05:00
Bill Burke
d896800ec6
groups initial
2015-10-29 16:33:02 -04:00
agolPl
9755d79879
extract keycloak configuration file name
2015-10-25 00:26:18 +02:00
Ramiro Sánchez
ebd02a1a7f
Changed query parameter from kc_locale to ui_locales as suggested by stianst
2015-10-23 14:21:59 +02:00
Ramiro Sánchez
a5dc91f9a6
Added support to indicate desired locale on login
2015-10-23 12:23:24 +02:00
Stian Thorgersen
3f8312427a
Version bump
2015-10-19 16:15:29 +02:00
mposolda
4587fd23b6
KEYCLOAK-1929 Change package names. Fix Fuse demo
2015-10-16 16:30:42 +02:00
Bill Burke
235ffb2ff6
KEYCLOAK-1960
2015-10-15 18:56:56 -04:00
Bill Burke
181fdeb0d0
KEYCLOAK-1960
2015-10-15 18:54:57 -04:00
Bill Burke
0ad29c9737
node registration
2015-10-09 18:11:38 -04:00
Bill Burke
9ced56d8d7
saml and oidc filters
2015-10-09 18:07:50 -04:00
Bill Burke
d39aee0a72
Merge remote-tracking branch 'upstream/master'
2015-10-08 16:19:56 -04:00
Bill Burke
7c600e2f4b
SAML SP Filter
2015-10-08 16:19:43 -04:00
Stian Thorgersen
7fec1677ee
Merge pull request #1679 from lkrzyzanek/KEYCLOAK-1904
...
Add 'register' and 'createRegisterUrl' methods to Javascript Adapter API
2015-10-08 11:51:18 +02:00
Libor Krzyzanek
f29aff4bed
Add 'register' and 'createRegisterUrl' methods to Javascript Adapter API. fixes #KEYCLOAK-1904
2015-10-07 13:53:25 +02:00
Stian Thorgersen
9c0c8e37b6
Merge pull request #1676 from Smartling/KEYCLOAK-1901
...
KEYCLOAK-1901: Add a Keycloak client builder
2015-10-07 09:06:19 +02:00
Stian Thorgersen
7a3b4823b0
Merge pull request #1662 from Smartling/KEYCLOAK-1892
...
WrappedHttpServletRequest may throw an exception returning cookies
2015-10-06 14:58:54 +02:00
Scott Rossillo
332e3f6099
KEYCLOAK-1901: Add a Keycloak client builder
...
Adds support for creating a Keycloak client using the builder
pattern and supports customizing the underlying ResteasyClient
used for connecting to the Keycloak server.
2015-10-05 14:56:38 -04:00
mposolda
7816f053a6
KEYCLOAK-1856 KEYCLOAK-1860 Fix onoffswitchvalue directive
2015-10-02 11:09:54 +02:00
Bill Burke
75343986b0
keycloak-common
2015-10-01 14:27:51 -04:00
Scott Rossillo
05bd51ac1c
WrappedHttpServletRequest may throw an exception returning cookies
...
HttpServletRequest.getCookies() may return null
2015-09-30 14:31:15 -04:00
Stian Thorgersen
55deedd3b8
KEYCLOAK-1868 Import clients through admin console
...
KEYCLOAK-1869 Add root url to clients that should be used to resolve relative urls
2015-09-29 12:16:05 +02:00
Bill Burke
0a42a28eeb
Merge remote-tracking branch 'upstream/master'
2015-09-25 15:12:34 -04:00
Bill Burke
88355d7eb4
tomcat6 adapter
2015-09-25 15:12:14 -04:00
Stian Thorgersen
75c0d5089f
KEYCLOAK-1878
...
Add Base64 to Keycloak core
2015-09-25 07:02:25 +02:00
Bill Burke
791a740f32
Merge remote-tracking branch 'upstream/master'
2015-09-24 12:05:24 -04:00
Bill Burke
546cdd7d8f
fix modules for refactor
2015-09-24 12:05:12 -04:00
Stian Thorgersen
4eaf893492
Merge pull request #1610 from raehalme/KEYCLOAK-1828
...
KEYCLOAK-1828 attemptAuthentication throws KeycloakAuthenticationException if authentication fails
2015-09-24 06:32:27 +02:00
Stian Thorgersen
0ba6ab198a
Merge pull request #1611 from raehalme/KEYCLOAK-1829
...
KEYCLOAK-1829 unsuccessfulAuthentication now returns HTTP response status 401 instead of 403
2015-09-24 06:31:33 +02:00
Bill Burke
c14d3d7963
merge conflicts
2015-09-23 21:01:47 -04:00
Bill Burke
1e9c09d23a
more complete
2015-09-23 17:54:16 -04:00
mposolda
7ec3f86efb
KEYCLOAK-904 Offline tokens
2015-09-21 10:28:30 +02:00
mposolda
c11539cccb
docs and javadoc fixes
2015-09-21 10:13:41 +02:00
Bill Burke
861a13501a
merge
2015-09-17 14:25:16 -04:00
Bill Burke
0f24bd2ea4
merge
2015-09-17 14:06:33 -04:00
Bill Burke
cb8ca619ae
saml sp
2015-09-17 14:00:57 -04:00
Tomas Kyjovsky
ac91deac96
Removed occurences of serialVersionUID from all classes.
2015-09-17 17:27:39 +02:00
Lukas Kubik
b7e49dc88d
Unify jetty 8.1 artifacts version with fabric8-bom-1.2.0.redhat-133.pom
2015-09-16 17:14:29 +02:00
Stian Thorgersen
85df0b6a67
Merge pull request #1613 from raehalme/KEYCLOAK-1832
...
KEYCLOAK-1832 Added check for null authentication on the logout method
2015-09-16 13:34:51 +02:00
Thomas Raehalme
e0eac89e5a
Added check for null authentication on the logout method.
2015-09-10 12:30:07 +03:00
Thomas Raehalme
90d34bfd06
unsuccessfulAuthentication now returns HTTP response status 401 instead of 403.
2015-09-09 18:31:25 +03:00
Thomas Raehalme
e58b5762f3
attemptAuthentication now throws KeycloakAuthenticationException if authentication fails.
...
Also authenticationFailureHandler is by default set to SimpleUrlAuthenticationFailureHandler
with default login url set to /sso/login.
2015-09-09 15:45:13 +03:00
Stian Thorgersen
3fd4d23bed
Version bump
2015-09-09 11:27:21 +02:00
mposolda
149ef706dd
KEYCLOAK-1824 ClientIdAndSecretCredentialsProvider not found when deploying Fuse examples
2015-09-08 22:55:43 +02:00
mposolda
050c65a520
KEYCLOAK-1811 Pluggable client authentication config through adapter subsystem
2015-09-07 23:30:08 +02:00
Bill Burke
be0c359160
adapter refactor
2015-09-07 10:27:57 -04:00
Bill Burke
3f792030d3
adapter refactor
2015-09-07 10:26:25 -04:00
Bill Burke
333ad0efac
refactor adapters
2015-09-04 15:56:28 -04:00
Marko Strukelj
b0095154d1
KEYCLOAK-1779 NPE due to missing web.xml/jboss-web.xml
...
- improved code readability and npe fix
2015-09-04 14:18:57 +02:00
William DeCoste
e6745532ce
KEYCLOAK-1779
2015-09-04 13:52:25 +02:00
Bill Burke
7d4b93e01e
client session required actions
2015-09-02 16:30:16 -04:00
mposolda
be8394158f
KEYCLOAK-1780 documentation + Generic client authentication screen
2015-09-01 13:17:14 +02:00
Bill Burke
7492ae2990
Merge pull request #1567 from patriot1burke/master
...
refactor recover password
2015-08-31 10:53:29 -04:00
Bill Burke
6edf890699
Merge pull request #1549 from ahus1/ahus1_jetty_contenttype
...
KEYCLOAK-1776 / JettySessionTokenStore sets content type on restoring form values
2015-08-31 10:34:16 -04:00
Bill Burke
22ebb81650
refactor recover password
2015-08-31 10:13:42 -04:00
Bill Burke
3a64c4d582
Merge pull request #1543 from raehalme/KEYCLOAK-1775
...
KEYCLOAK-1775 Basic auth no longer redirects on Spring Security
2015-08-21 21:06:00 -04:00
Marek Posolda
76209dd899
Merge pull request #1555 from mposolda/master
...
KEYCLOAK-1295 Fixes and javadoc
2015-08-21 20:41:21 +02:00
Bill Burke
6f463196ef
Merge pull request #1554 from patriot1burke/master
...
adapter fixes
2015-08-21 13:21:02 -04:00
mposolda
b0e2624343
KEYCLOAK-1295 Fixes and javadoc
2015-08-21 19:00:31 +02:00
Bill Burke
457039d7ba
fix NPE in adapter for invalid cors requests
2015-08-21 11:29:38 -04:00
Bill Burke
eb4ffbca29
co-existence of bearer and basic auth
2015-08-21 11:02:56 -04:00
mposolda
d8d6348f67
KEYCLOAK-1295 Adapter support. Fixes
2015-08-21 08:26:12 +02:00
Stian Thorgersen
5ca3a48094
KEYCLOAK-1723 Allow aud to be single field or array
2015-08-20 15:55:52 +02:00
Stian Thorgersen
0295824923
KEYCLOAK-1747
...
Deal with time inconsistency in keycloak.js
2015-08-20 13:29:32 +02:00
Alexander Schwartz
7b0a3989e2
JettySessionTokenStore sets content type on restoring form values
...
Closes: KEYCLOAK-1776
2015-08-18 15:32:27 +02:00
mposolda
7028496601
KEYCLOAK-1295 pluggable client authentication. Support authenticate clients with signed JWT
2015-08-17 23:21:23 +02:00
Thomas Raehalme
3a4897c7d2
Separated the error message for Bearer token and Basic authentication failures.
2015-08-17 22:36:59 +03:00
Thomas Raehalme
b3f142d715
KeycloakAuthenticationProcessingFilter now handles Basic Authentication the same way as Bearer token.
2015-08-17 18:05:49 +03:00
Stian Thorgersen
f32b38cdbc
KEYCLOAK-1702 KEYCLOAK-1703 Make Infinispan default user session and cache provider
2015-07-29 10:08:15 +02:00
Stian Thorgersen
f3bfb06dec
Version bump
2015-07-28 10:20:40 +02:00
Scott Rossillo
1839b24b90
Support for loading keycloak.json from the classpath
...
Spring Boot and non-web based applications don't have a WEB-INF
directory. Support loading Spring Security adapter's keycloak.json
from the class path.
2015-07-19 12:10:33 -04:00
Stian Thorgersen
1642ac2394
KEYCLOAK-1385 Introduce end-of-line normalization
2015-07-17 13:46:51 +02:00
Marko Strukelj
fc7ba85639
KEYCLOAK-1345 Remove distribution/subsystem-war
2015-07-17 12:41:00 +02:00
Marko Strukelj
7ae62c1060
KEYCLOAK-1529 Drop InfinispanCacheActivator and make subsystem do it
2015-07-07 16:40:03 +02:00
Stian Thorgersen
5af4785ba1
KEYCLOAK-1507
...
Tomcat Adapter throws NPE under certain conditions
2015-07-02 09:08:40 +02:00
Marko Strukelj
d00e128920
KEYCLOAK-1448 Cannot configure an authenticator for method KEYCLOAK
2015-06-16 14:51:31 +02:00
Stian Thorgersen
001b874903
Add missing ExampleDS
2015-06-16 14:40:19 +02:00
Stian Thorgersen
1b0c4e5d1f
KEYCLOAK-1468
...
Infinispan cache not available in JNDI
2015-06-16 13:31:51 +02:00
Stian Thorgersen
4c98b04ab7
KEYCLOAK-1447 LinkageError deploying oauth-client-cdi to WildFly 8.2.0.Final
2015-06-15 13:22:36 +02:00
Stian Thorgersen
38c1945ce4
Bump version
2015-06-12 14:35:34 +02:00
Stian Thorgersen
cc2de52a1a
Revert to old RestEasy until we can drop support for EAP 6.4
2015-06-12 14:20:08 +02:00
Stian Thorgersen
5bd53804f9
Fix admin-api to show that users are retrieved by ip, not username
2015-06-12 13:32:30 +02:00
Stian Thorgersen
5993d40fab
Merge pull request #1353 from Smartling/KEYCLOAK-1438
...
Fix Spring Security adapter logout handling
2015-06-12 07:50:00 +01:00
Marko Strukelj
9a37696d29
Fixed pom issues that were generating tons of Maven warnings
2015-06-11 16:57:33 +02:00
Marko Strukelj
92e17f4b40
KEYCLOAK-1412 Server-overlay for EAP 6.4
...
- Added as7-server-subsystem
- Added eap6-server-overlay
- Moved modules to eap6-server-modules
- Renamed wildfly-server-subsystem to wf9-server-subsystem for consistency
2015-06-11 09:40:47 +02:00
Scott Rossillo
abfec23404
Fix Spring Security adapter logout handling
...
Stops KeycloakLogoutHandler from throwing an exception if the
authentication is not of type KeycloakAuthenticationToken.
Fixes KEYCLOAK-1438.
2015-06-10 12:22:18 -04:00
Marko Strukelj
3643e76a06
Cleanup, and simplify keycloak-server-subsystem
...
- KEYCLOAK-1346 Remove support for overlays in server subsystem
- KEYCLOAK-1347 Remove support for multiple auth-servers
- KEYCLOAK-1348 Simplify server subsystem definition
2015-06-08 15:33:34 +02:00
mposolda
35e4a5e56d
KEYCLOAK-1368 allow forwarding to error page in bearer-only deployments. Adding DeploymentBuilder
2015-06-03 12:34:56 +02:00
Marko Strukelj
3df504b6b4
KEYCLOAK-1304 WF9 server subsystem
...
- remove unnecessary dependencies
2015-06-01 16:07:59 +02:00
Stian Thorgersen
5f787028df
KEYCLOAK-1327 Updated for users
2015-05-29 15:29:04 +01:00
Stian Thorgersen
e1e65af8ea
Merge pull request #1301 from mstruk/wf9
...
KEYCLOAK-1303 WF9 adapter subsystem
2015-05-29 15:23:28 +01:00
Marko Strukelj
2077a2a3af
KEYCLOAK-1303 WF9 adapter subsystem
...
- not dependent on distribution/modules any more
- keycloak-adapter-subsystem moved to keycloak-wf9-subsystem
- still installed as <extension module="org.keycloak.keycloak-adapter-subsystem"/>
2015-05-29 15:17:41 +02:00
Stian Thorgersen
a953b52eac
KEYCLOAK-1327 Updated for client stats
2015-05-29 13:15:35 +01:00
Stian Thorgersen
6f164f0ee9
KEYCLOAK-1327 Updated for clients
2015-05-29 13:15:34 +01:00
Marko Strukelj
4f270bffd0
Refactor EAP 6 adapter distribution
...
- not dependent on distribution/modules any more
- uses the same modules as AS7
- again use <extension module="org.keycloak.keycloak-adapter-subsystem"/>
2015-05-28 23:56:11 +02:00
Marko Strukelj
fa90602aa0
Refactor AS 7 adapter distribution
...
- not dependent on distribution/modules any more
- again use <extension module="org.keycloak.keycloak-adapter-subsystem"/>
2015-05-28 23:56:11 +02:00
behana
bbc3e99bb5
KEYCLOAK-1353 Option to pass client_id to resetPasswordMail
2015-05-28 00:10:36 +02:00