lbortoli
e5ae113453
KEYCLOAK-18452 FAPI JARM: JWT Secured Authorization Response Mode for OAuth 2.0
2021-07-03 00:00:32 +02:00
Vlastimil Elias
04ff2c327b
[KEYCLOAK-18429] Support a dynamic update profile form
2021-07-02 10:22:47 -03:00
Vlastimil Elias
f32447bcc1
[KEYCLOAK-18424] GUI order for user profile attributes
2021-07-02 08:37:24 -03:00
Pedro Igor
3e07ca3c22
[KEYCLOAK-18425] - Allow mapping user profile attributes
2021-07-01 10:19:28 -03:00
Vlastimil Elias
7af2133924
KEYCLOAK-18542 - User Profile Admin UI - hide unused configurations for
...
username and email attributes
2021-07-01 10:07:08 -03:00
Luca Leonardo Scorcia
ae98d8ea28
KEYCLOAK-18315 SAML Client - Add parameter to request specific AttributeConsumingServiceIndex
2021-06-29 16:22:38 +02:00
Takashi Norimatsu
57c80483bb
KEYCLOAK-17936 FAPI-CIBA : support Signed Authentication Request
...
Co-authored-by: Pritish Joshi <pritish@banfico.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-06-29 08:07:40 +02:00
Pedro Igor
948f453e2d
[KEYCLOAK-18427] - Allowing switching to declarative provider
2021-06-28 15:50:04 -03:00
Vlastimil Elias
512bcd14f7
[KEYCLOAK-18428] - dynamic registration form
2021-06-25 17:11:15 -03:00
Benjamin Weimer
6e4a0044fd
KEYCLOAK-15371 Dont show backchannel logout options for bearer only clients in admin ui
2021-06-24 14:13:32 -03:00
Pedro Igor
faadb896ea
[KEYCLOAK-18426] - Support required by role and scopes in Admin UI
2021-06-24 10:43:49 -03:00
Yoshiyuki Tabata
52ced98f92
KEYCLOAK-18503 Regex Policy for authorization service
2021-06-24 08:49:41 -03:00
Vlastimil Elias
b7a4fd8745
KEYCLOAK-18423 - Support a user-friendly name property for user profile
...
attributes
2021-06-24 08:17:06 -03:00
Clement Cureau
b102c892fa
[KEYCLOAK-14046] Allow finegrain group admins to create users in console
...
- enable "Create" button and "Save" button in Admin Console Users views (list
and details)
The flag used to enable those button is computed as follow, since there's no computed flag
from backend on "admin user has fine grain admin permission on at least 1 group" :
== (existing condition) || (feature "finegrain admin" is enabled && access.queryUsers)
If the admin user hasn't the correct permission on the right groups for the new user he's
trying to create, backend will forbid the creation by returning a 403
This change is following PR #7035 , which added the Groups field in the User creation form
2021-06-22 18:26:31 -03:00
Vlastimil Elias
82491ae5d2
KEYCLOAK-17446 - Prefill username in "Forgot Your Password" form if
...
called from Login form
2021-06-22 08:48:43 -03:00
rmartinc
b8452374d2
[KEYCLOAK-18473] Add max length to password policy
2021-06-22 10:15:48 +02:00
keycloak-bot
13f7831a77
Set version to 15.0.0-SNAPSHOT
2021-06-18 10:42:27 +02:00
Pedro Igor
ef3a0ee06c
[KEYCLOAK-17399] - Declarative User Profile and UI
...
Co-authored-by: Vlastimil Elias <velias@redhat.com>
2021-06-14 11:28:32 +02:00
Stan Silvert
b152d89e22
KEYCLOAK-18373: Cut and Paste in Groups broken
2021-06-10 08:33:42 +02:00
Martin Bartoš
07d57ca30f
KEYCLOAK-17179 IdP mappers with MultiValued property can't be saved
2021-06-10 07:02:21 +02:00
Gregor Tudan
628274dee2
KEYCLOAK-16075: always show the register-button during webauthn-registration.
...
Safari will fail to register if the action has not been triggered by a user gesture.
2021-06-01 10:48:16 +02:00
Gregor Tudan
14407a631c
KEYCLOAK-16075: show a button instead of logging in automatically with WebAuthn onLoad.
...
Safari will fail to use TouchID/FaceID if it is not triggered by an explicit user interaction. There is an open discussion in the WebAuthn-Spec to make this a mandatory behavior and quiet a few other auth-servers have adopted this behavior.
2021-06-01 10:48:16 +02:00
Václav Muzikář
20b29f7b99
UI fixes
2021-05-31 12:31:52 +02:00
mposolda
73a38997d8
KEYCLOAK-14208 Default client profiles for FAPI
2021-05-31 12:31:52 +02:00
mposolda
6e139b8fda
KEYCLOAK-18280 Issues with boolean properties of executors
2021-05-31 12:31:52 +02:00
Stian Thorgersen
2cb59e2503
KEYCLOAK-17844 Add option to disable authorization services to workaround issues with many clients
2021-05-27 22:28:56 +02:00
Yoshiyuki Tabata
c52d0babce
KEYCLOAK-17491 Move the key settings to the new Keys tab
2021-05-27 15:26:40 +02:00
Takashi Norimatsu
6532baa9a7
KEYCLOAK-18127 Option for skip return user's claims in the ID Token for hybrid flow
2021-05-24 08:02:34 +02:00
Michito Okai
cc2d6f0741
KEYCLOAK-18235 Display of options about device grant when selecting
...
"public" as the access type
2021-05-21 08:24:27 +02:00
Vlastimil Elias
4ad1687f2b
[KEYCLOAK-17399] UserProfile SPI - Validation SPI integration
2021-05-20 15:26:17 -03:00
Václav Muzikář
7c2341f1ed
KEYCLOAK-18041 Client Policy UI Improvements: Action column for built-in profile
2021-05-20 16:38:26 +02:00
Václav Muzikář
d0f01740be
KEYCLOAK-18043 Client Policy UI Improvements: Navigation
2021-05-20 07:54:53 +02:00
Vlastimil Eliáš
0913a22c30
KEYCLOAK-2045 Simple Validation SPI for UserProfile SPI ( #8053 )
...
* KEYCLOAK-2045 Simple Validation API
Co-authored-by: Thomas Darimont <thomas.darimont@googlemail.com>
2021-05-19 13:57:34 -03:00
Václav Muzikář
23fef24fe1
KEYCLOAK-18042 Client Policy UI Improvements: Add delete confirmation modal dialog
2021-05-19 11:57:14 +02:00
Václav Muzikář
65fbf3f68c
KEYCLOAK-18079 Client Policy UI Improvements: JSON error handling
2021-05-18 16:12:48 +02:00
mposolda
b8a7750000
KEYCLOAK-18113 Refactor some executor/condition provider IDs
2021-05-18 09:17:41 +02:00
Nikolas Laskaris
35601aaaba
KEYCLOAK-17140 ( #7781 )
2021-05-17 14:49:26 -04:00
Pedro Igor
62e17f3be7
[KEYCLOAK-17588] - Authz confirmation popping out twice
2021-05-14 07:21:06 -03:00
Bruno Oliveira da Silva
a6ab3119d6
[KEYCLOAK-18059] Upgrade dev dependencies for the new Account Console ( #8020 )
2021-05-13 19:37:22 -04:00
Marek Posolda
a6d4316084
KEYCLOAK-14209 Client policies admin console support. Changing of format of JSON for client policies and profiles. Remove support for default policies ( #7969 )
...
* KEYCLOAK-14209 KEYCLOAK-17988 Client policies admin console support. Changing of format of JSON for client policies and profiles. Refactoring based on feedback and remove builtin policies
2021-05-12 16:19:55 +02:00
Erik Jan de Wit
e318d24301
KEYCLOAK-17098 use open boolean per section for mobile kebab ( #7949 )
2021-05-06 09:11:35 -04:00
keycloak-bot
4b44f7d566
Set version to 14.0.0-SNAPSHOT
2021-05-06 14:55:01 +02:00
rmartinc
7de5e7d298
KEYCLOAK-17074 Infinite loop logging as an user or impersonating an user as admin ( #7799 )
2021-05-03 21:05:12 -04:00
Christoph Leistert
b75648bda2
KEYCLOAK-17284 Evaluate ID-Token and UserInfo-Endpoint:
...
- add additional REST endpoints for evaluation:
- for ID Token: GET /realm/clients/id/evaluate-scopes/generate-example-id-token
- for UserInfo-Endpoint: GET /realm/clients/id/evaluate-scopes/generate-example-userinfo
- extend UI: add additional tabs "Generated ID Token" and "Generated User Info" to the client scopes evaluation screen
Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io>
2021-04-29 16:45:30 +02:00
Takashi Norimatsu
65c48a4183
KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA) ( #7679 )
...
* KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA)
Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
Co-authored-by: Christophe Lannoy <c4r1570p4e@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
2021-04-29 15:56:39 +02:00
Yoshiyuki Tabata
45202bd49a
KEYCLOAK-17637 Client Scope Policy for authorization service
2021-04-26 08:58:33 -03:00
Réda Housni Alaoui
ae9df51438
KEYCLOAK-17608 Missing french translation for loginAccountTitle
2021-04-23 10:15:26 +02:00
i7a7467
ada7f37430
KEYCLOAK-16918 Set custom user attribute to Name ID Format for a SAML client
...
https://issues.redhat.com/browse/KEYCLOAK-16918
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2021-04-20 10:29:17 +02:00
AlistairDoswald
8b3e77bf81
KEYCLOAK-9992 Support for ARTIFACT binding in server to client communication
...
Co-authored-by: AlistairDoswald <alistair.doswald@elca.ch>
Co-authored-by: harture <harture414@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
2021-04-16 12:15:59 +02:00
Martin Bartoš
5a9068e732
KEYCLOAK-16401 Deny/Allow access in a conditional context
2021-04-09 12:04:45 +02:00
Michito Okai
d9ebbe4958
KEYCLOAK-17202 Restrict Issuance of Refresh tokens to specific clients
2021-04-08 11:51:25 +02:00
Martin Bartoš
f203e4808d
KEYCLOAK-16898 Locale dropdown is broken in IE11 ( #7808 )
2021-04-06 10:23:39 +02:00
Konstantinos Georgilakis
ec5c256562
KEYCLOAK-5657 Support for transient NameIDPolicy and AllowCreate in SAML IdP
2021-03-31 14:45:39 +02:00
Bodo Graumann
0033b7daf7
[KEYCLOAK-17166] Use radio buttons for otp select
2021-03-29 15:46:34 +02:00
Stan Silvert
717d9515fa
KEYCLOAK-16890: Stored XSS attack on new acct console ( #7867 )
2021-03-22 11:24:12 +01:00
Stan Silvert
3b80eee5bf
KEYCLOAK-17033: Reflected XSS attack with referrer in new account
...
console
2021-03-22 11:22:23 +01:00
Katharina Marzok
6e3dbfcb3d
KEYCLOAK-16660 Fix typo in 'applicationName'
2021-03-22 11:18:10 +01:00
Clement Cureau
0b68f24a09
[KEYCLOAK-14046] Include groups in user creation via Admin Console ( #7035 )
...
* [KEYCLOAK-14046] Include groups in user creation via Admin Console
Since the POST /users API now supports providing groups membership, here is the UI
part!
- Added a field in the user creation UI to specify groups the newly created user
will be joining
- Added associated messages in english language
* Added UI integration tests
* Fixed UI tests
* Flatten nested groups in user creation groups searchbox
* Filtering out searched groups
* Removed unused injection
* Fixed UI tests
Co-authored-by: Clement Cureau <clement.cureau@cdiscount.com>
2021-03-19 13:55:45 +01:00
Michito Okai
298ab0bc3e
KEYCLOAK-7675 Support for Device Authorization Grant
2021-03-15 10:09:20 -03:00
Hiroyuki Wada
9d57b88dba
KEYCLOAK-7675 Prototype Implementation of Device Authorization Grant.
...
Author: Hiroyuki Wada <h2-wada@nri.co.jp>
Date: Thu May 2 00:22:24 2019 +0900
Signed-off-by: Łukasz Dywicki <luke@code-house.org>
2021-03-15 10:09:20 -03:00
Douglas Palmer
852593310f
[KEYCLOAK-14913] GitLab Identity Provider shouldn't request for 'api' scope
2021-03-05 14:23:34 +01:00
i7a7467
b83064b142
KEYCLOAK-16679 Add algorithm settings for client assertion signature in OIDC identity broker
2021-03-01 18:11:25 +01:00
Eric Rodrigues Pires
37cb1ba310
[KEYCLOAK-17170] Update Portuguese (Brazil) translations
...
- Update `account`, `email`, and `login` components of the `base` theme
- Update `account` component of the `keycloak.v2` theme
2021-02-22 10:17:04 -03:00
diodfr
cb12fed96e
KEYCLOAK-4544 Detect existing user before granting user autolink
2021-02-11 11:06:49 +01:00
i7a7467
b1a16e4654
KEYCLOAK-17075 The tooltip for "Use PKCE" in Identity Provider is not displayed correctly
...
https://issues.redhat.com/browse/KEYCLOAK-17075
2021-02-11 11:03:29 +01:00
Boris Stumm
c0beca7744
KEYCLOAK-16832: using realm name instead of id
...
in order to get localization texts
2021-01-29 11:40:05 -03:00
sirkrypt0
6e9722b446
KEYCLOAK-16803 Update German translations
2021-01-21 09:51:16 +01:00
Martin Bartoš
3de53f6488
KEYCLOAK-15846 Upgrade locale dropdown to PF4 ( #7644 )
2021-01-20 14:21:30 -05:00
Tomas Kyjovsky
dd4adc231d
KEYCLOAK-16683 removing reference to a nonexistent resource in the login theme ( #7692 )
2021-01-20 13:39:26 -05:00
zywj
8cbfeef5b5
KEYCLOAK-16870 Translation error
...
`登陆` means `landing`
`登录` means `login`
2021-01-20 15:34:46 +01:00
mposolda
dae4a3eaf2
KEYCLOAK-16468 Support for deny list of metadata attributes not updateable by account REST and admin REST
...
(cherry picked from commit 79db549c9d561b8d5efe3596370190c4da47e4e1)
(cherry picked from commit bf4401cddd5d3b0033820b1cb4904bd1c8b56db9)
2021-01-18 13:17:51 +01:00
mposolda
eac3329d22
KEYCLOAK-14019 Improvements for request_uri parameter
...
(cherry picked from commit da38b36297a5bd9890f7df031696b516268d6cff)
2021-01-18 13:05:09 +01:00
n0emis
10294f4e2b
KEYCLOAK-16660: Fix typo in translation-string for account.v2 ( #7687 )
2021-01-13 10:56:56 -05:00
mildis
de09bdf32d
messages_fr to use linkExpirationFormatter
2021-01-12 21:15:38 +01:00
moritz.hilberg
70a20ef50d
KEYCLOAK-16566 Display Idp displayName if available
2021-01-12 20:56:18 +01:00
ltressens
0fecf1546a
KEYCLOAK-16790 Attempt to translate 'impersonate'
2021-01-12 20:30:59 +01:00
vramik
1402d021de
KEYCLOAK-14846 Default roles processing
2021-01-08 13:55:48 +01:00
Thomas Darimont
1a7600e356
KEYCLOAK-13923 Support PKCE for OIDC based Identity Providers ( #7381 )
...
* KEYCLOAK-13923 - Support PKCE for Identity Provider
We now support usage of PKCE for OIDC based Identity Providers.
* KEYCLOAK-13923 Warn if PKCE information cannot be found code-to-token request in OIDCIdentityProvider
* KEYCLOAK-13923 Pull up PKCE handling from OIDC to OAuth IdentityProvider infrastructure
* KEYCLOAK-13923 Adding test for PKCE support for OAuth Identity providers
* KEYCLOAK-13923 Use URI from KeycloakContext instead of HttpRequest
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
2021-01-05 10:59:59 -03:00
Réda Housni Alaoui
24522c298e
KEYCLOAK-16657 New Account Console: missing french translation ( #7688 )
2021-01-04 14:17:53 -05:00
Réda Housni Alaoui
c917ae5ded
KEYCLOAK-16652 New Account Console: When langage is not english, no user name displayed at the upper right
2021-01-04 09:04:46 -05:00
keycloak-bot
75be33ccad
Set version to 13.0.0-SNAPSHOT
2020-12-16 17:31:55 +01:00
Fabricio Oliveira
019f27abdb
Correct label is 'Dependent Permissions' ( #7672 )
...
The label refers to the list 'permissions' dependent on the 'policy'.
2020-12-16 07:59:29 -03:00
Przemyslaw Sztoch
33ec2fe069
KEYCLOAK-14492 More polish translation and fixed language name translation
...
Language name should not be translated!
You search your language name in native.
New messages for lack fields from OpenID connect scopes.
2020-12-07 08:36:08 +01:00
Peter Zaoral
c8a2f82a50
KEYCLOAK-14138 Upgrade OTP login screen
...
* edited related css and ftl theme resources
* added tile component
* fixed IE11 compatibility
* fixed affected tests
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2020-12-03 16:00:36 +01:00
Joaquim Fellmann
6a6dba5d6e
KEYCLOAK-15634: Prevent federated user removal with new account console
2020-11-27 13:44:36 +01:00
Peter Zaoral
ad940a861a
KEYCLOAK-14137 Upgrade Authentication selector screen
...
* edited related css and ftl theme resources
* added IE11 compatibility support
* fixed affected tests
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2020-11-27 08:40:06 +01:00
zak905
4f330f4a57
KEYCLOAK-953: add allowing user to delete his own account feature
2020-11-24 15:50:07 +01:00
Stan Silvert
0afd55f32c
KEYCLOAK-14547: Make New Account Console the default.
2020-11-23 20:56:05 +01:00
Stan Silvert
36fa3d555a
KEYCLOAK-16354: Update serialize-javascript dependency
2020-11-23 14:40:16 +01:00
Martin Bartos
ab347df5ee
KEYCLOAK-14915 Upgrade registration screen to PF4
2020-11-18 10:54:17 +01:00
vmuzikar
01be601dbd
KEYCLOAK-14306 OIDC redirect_uri allows dangerous schemes resulting in potential XSS
...
(cherry picked from commit e86bec81744707f270230b5da40e02a7aba17830)
Conflicts:
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/client/ClientRegistrationTest.java
testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/admin/ClientTest.java
services/src/main/java/org/keycloak/validation/DefaultClientValidationProvider.java
2020-11-12 08:21:54 +01:00
rmartinc
e6bd12b174
[KEYCLOAK-16139] Serialize the calls for groups tab on admin console
2020-11-10 15:41:16 +01:00
Thomas Darimont
de20830412
KEYCLOAK-9551 KEYCLOAK-16159 Make refresh_token generation for client_credentials optional. Support for revocation of access tokens.
...
Co-authored-by: mposolda <mposolda@gmail.com>
2020-11-06 09:15:34 +01:00
Martin Bartos
7522d5ac74
KEYCLOAK-15841 Upgrade rest of the minor forms to PF4
2020-11-05 17:58:41 +01:00
Peter Zaoral
4fbc6389b5
KEYCLOAK-15386 Some icons are not displayed properly
...
* pficon.woff/woff2 - updated PatternFly font resource
* pficon.css - css that contains @font-face rule
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2020-11-02 20:21:38 +01:00
Christoph Leistert
e131de9574
KEYCLOAK-14855 Added realm-specific localization texts which affect texts in every part of the UI (admin console / login page / personal info page / email templates). Also new API endpoints and a new UI screen to manage the realm-specific localization texts were introduced.
...
Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io>
2020-10-30 08:02:43 -03:00
Martin Bartos
2e59d5c232
KEYCLOAK-14679 Unable to log in with WebAuthn on unsupported browsers
2020-10-29 14:03:17 +01:00
Martin Bartos
a8df7d88a1
[KEYCLOAK-14139] Upgrade login screen to PF4
2020-10-27 20:24:07 +01:00
Grandys
c122e72178
[KEYCLOAK-15850] Removed references to unminimized versions of javascript libraries in base admin template
2020-10-23 10:57:32 +02:00
Roland Werner
d544b132f9
KEYCLOAK-15806:
...
Extension to SignatureAlgorithm to support more Algorithms (RSA_SHA256_MGF1, RSA_SHA512_MGF1).
Also included in clients.js and realms.js so it can be chosen as signature algorithm when connecting as SAML client and when brokering through SAML.
2020-10-15 20:55:27 +02:00