Commit graph

371 commits

Author SHA1 Message Date
Stan Silvert
bc818367a1 KEYCLOAK-10854: App-initiated actions Phase I 2019-07-26 14:56:29 -03:00
Stan Silvert
6c79bdee41 KEYCLOAK-10854: App initiated actions phase I 2019-07-26 14:56:29 -03:00
keycloak-bot
17e9832dc6 Set version to 8.0.0-SNAPSHOT 2019-07-19 19:05:03 +02:00
vramik
74f6e362af KEYCLOAK-10878 Realm exports may fail with future community releases 2019-07-18 10:50:34 -03:00
Pedro Igor
5f5cb6cb7b [KEYCLOAK-10808] - Do not show authorization tab when client is not confidential 2019-07-15 10:07:31 -03:00
mposolda
5f9feee3f8 KEYCLOAK-9846 Verifying signatures on CRL during X509 authentication 2019-07-08 20:20:38 +02:00
rmartinc
bd5dec1830 KEYCLOAK-10112: Issues in loading offline session in a cluster environment during startup 2019-07-03 13:17:45 +02:00
Pedro Igor
0cdd23763c [KEYCLOAK-10443] - Define a global decision strategy for resource servers 2019-07-02 09:14:37 -03:00
Hisanobu Okuda
1ac51611d3 KEYCLOAK-10664 correct the error message when no SAML request provided 2019-06-18 08:47:35 +02:00
Pedro Igor
fdc0943a92 [KEYCLOAK-8060] - My Resources REST API 2019-06-11 14:23:26 -03:00
Pedro Igor
61eb94c674 [KEYCLOAK-8915] - Support resource type in authorization requests 2019-06-04 21:02:54 -03:00
Ian Duffy
de0ee474dd Review feedback 2019-05-27 21:30:01 +02:00
Ian Duffy
54909d3ef4 [KEYCLOAK-10230] Support for LDAP with Start TLS
This commit sends the STARTTLS on LDAP 389 connections is specified.
STARTTLS doesn't work with connection pooling so connection pooling will
be disabled should TLS be enabled.
2019-05-27 21:30:01 +02:00
Réda Housni Alaoui
72d6ac518c User password cache is not refreshed after updating the user with hashed credential 2019-05-23 14:16:40 +02:00
vramik
d64f716a20 KEYCLOAK-2709 SAML Identity Provider POST Binding request page shown to user is comletely blank with nonsense title 2019-05-20 09:51:04 +02:00
Hynek Mlnarik
b8aa1916d8 KEYCLOAK-10195 Fix role lookup to address roles with dots 2019-05-14 13:00:04 +02:00
Stefan Guilhen
f1acdc000e [KEYCLOAK-10168] Handle microprofile-jwt client scope migration 2019-05-06 15:14:27 -03:00
Jan Lieskovsky
9eb400262f KEYCLOAK-6055 Include X.509 certificate data in audit logs
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2019-04-30 11:31:04 +02:00
Sebastian Loesch
96250c9685 [KEYCLOAK-9573] Allow AdminEvents for custom resource types 2019-04-26 09:57:28 +01:00
mposolda
5b663dbc69 KEYCLOAK-9713 Warning in the log during export/import on current master 2019-04-24 10:56:43 +02:00
mposolda
7a671052a3 KEYCLOAK-9988 Fix unstable UserSessionPersisterOfflineTest.testExpired. Adding ResetTimeOffsetEvent 2019-04-23 20:58:37 +02:00
keycloak-bot
49d4e935cb Set version to 7.0.0-SNAPSHOT 2019-04-17 09:48:07 +01:00
Bekh-Ivanov George
ebcfeb20a3 [KEYCLOAK-10020] - Add ability to request user-managed (ticket) permissions by name 2019-04-12 08:44:57 -03:00
fisache
b4973ad7b5 [KEYCLOAK-9769] service account can't authorize when group policy exists in resource server 2019-04-09 15:23:50 -03:00
mposolda
db271f7150 KEYCLOAK-9572 Support for multiple CRLs with X509 authentication 2019-03-20 15:00:44 +01:00
Corey McGregor
be77fd9459 KEYCLOAK-2339 Adding impersonator details to user session notes and supporting built-in protocol mappers. 2019-03-08 09:14:42 +01:00
keycloak-bot
e843d84f6e Set version to 6.0.0-SNAPSHOT 2019-03-06 15:54:08 +01:00
Gilles
f295a2e303 [KEYCLOAK-3723] Fixed updated of protocol mappers within client updates in clients-registrations resource 2019-03-04 11:57:59 +01:00
Pedro Igor
6aa9096361 [KEYCLOAK-9451] - Policy evaluation fails when not evaluated against a particual resource 2019-02-28 10:38:09 -03:00
Pedro Igor
9314f13255 [KEYCLOAK-9093] - False-Positive UMA Policy Evaluation 2019-02-21 21:47:58 -03:00
stianst
e06c705ca8 Set version 5.0.0 2019-02-21 09:35:14 +01:00
Pedro Igor
34d8974e7f [KEYCLOAK-9489] - User not able to log in to admin console when using query-* roles 2019-02-20 18:09:36 +01:00
stianst
7c9f15778a Set version to 4.8.3.Final 2019-01-09 20:39:30 +01:00
stianst
7c4890152c Set version to 4.8.2 2019-01-03 14:43:22 +01:00
mposolda
061693a8c9 KEYCLOAK-9089 IllegalArgumentException when trying to use ES256 as OIDC access token signature 2018-12-14 21:01:03 +01:00
mposolda
c51c492996 KEYCLOAK-9050 Change LoginProtocol.authenticated to read most of the values from authenticationSession 2018-12-12 13:30:03 +01:00
Pedro Igor
0c39eda8d2 [KECLOAK-8237] - Openshift Client Storage 2018-12-06 10:57:53 -02:00
stianst
b674c0d4d9 Prepare for 4.8.0.Final 2018-12-04 13:54:25 +01:00
Stefan Guilhen
311e848460 KEYCLOAK-8504 Ensure the authenticationFlowBindingOverrides client configuration references a valid authentication flow id when a realm is imported 2018-11-23 22:09:14 +01:00
Pedro Igor
91637120ee [KEYCLOAK-5052] - LDAP group names containing / in the name violates SIBILING_NAME constraint in db 2018-11-23 08:48:08 -02:00
mposolda
6db1f60e27 KEYCLOAK-7774 KEYCLOAK-8438 Errors when SSO authenticating to same client multiple times concurrently in more browser tabs 2018-11-21 21:51:32 +01:00
Stefan Guilhen
8af1ca8fc3 KEYCLOAK-8414 use the clientId when the ClientScopeModel is an instance of ClientModel 2018-11-20 15:08:10 +01:00
Takashi Norimatsu
0793234c19 KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 (#5603)
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

also support client signed signature verification by refactored token
verification mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

incorporate feedbacks and refactor client public key loading mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

unsigned request object not allowed

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

revert to re-support "none"
2018-11-19 14:28:32 +01:00
mposolda
0533782d90 KEYCLOAK-7275 KEYCLOAK-5479 Faster offline sessions preloading at startup. Track lastSessionRefresh timestamps more properly by support bulk update to DB 2018-11-16 14:23:28 +01:00
Leon Graser
85f11873c3 KEYCLOAK-8613 Group Membership Pagination 2018-11-15 17:54:07 +01:00
Thomas Darimont
cf57a1bc4b KEYCLOAK-1267 Add dedicated SSO timeouts for Remember-Me
Previously remember-me sessions where tied to the SSO max session
timeout which could lead to unexpected early session timeouts.
We now allow SSO timeouts to be configured separately for sessions
with enabled remember-me. This enables users to opt-in for longer
session timeouts.

SSO session timeouts for remember-me can now be configured in the
tokens tab in the realm admin console. This new configuration is
optional and will tipically host values larger than the regular
max SSO timeouts. If no value is specified for remember-me timeouts
then the regular max SSO timeouts will be used.

Work based on PR https://github.com/keycloak/keycloak/pull/3161 by
Thomas Darimont <thomas.darimont@gmail.com>
2018-11-15 06:11:22 +01:00
stianst
ecd476fb10 Prepare for 4.7.0.Final 2018-11-14 20:10:59 +01:00
mposolda
1b5a83c4f1 KEYCLOAK-6980 Check if client_assertion was already used during signed JWT client authentication 2018-11-14 20:09:22 +01:00
vramik
560d76b7ee KEYCLOAK-6748 undertow saml adapter tests 2018-11-06 21:17:07 +01:00
rmartinc
cbe59f03b7 KEYCLOAK-8708: Provide aggregation of group attributes for mappers 2018-11-06 13:42:38 +01:00