Peter Skopek
622a97bd1c
KEYCLOAK-12228 Sensitive Data Exposure
...
from patch of hiba haddad haddadhiba0@gmail.com
2020-02-12 09:57:31 +01:00
stianst
3c0cf8463a
KEYCLOAK-12821 Check if action is disabled in realm before executing
2020-02-12 09:04:43 +01:00
stianst
6676b9bba0
Fix
2020-02-12 08:23:25 +01:00
stianst
0b8adc7874
KEYCLOAK-12921 Fix NPE in client validation on startup
2020-02-12 08:23:25 +01:00
stianst
dda829710e
KEYCLOAK-12829 Require PKCE for admin and account console
2020-02-12 08:22:20 +01:00
Thomas Darimont
7969aed8e0
KEYCLOAK-10931 Trigger UPDATE_PASSWORD event on password update via AccountCredentialResource
2020-02-11 19:51:58 +01:00
Martin Kanis
1d54f2ade3
KEYCLOAK-9563 Improve access token checks for userinfo endpoint
2020-02-11 15:09:21 +01:00
Erik Jan de Wit
41bf0b78be
KEYCLOAK-11631 reset to default befor loading new
2020-02-10 12:55:14 -05:00
mhajas
e5935d8069
KEYCLOAK-12764 Fix shrinkwrap issue by updating arquillian bom version
2020-02-08 10:51:48 +01:00
stianst
ecec20ad59
KEYCLOAK-12193 Internal error message returned in error response
2020-02-07 18:10:41 +01:00
Pedro Igor
da0e2aaa12
[KEYCLOAK-12897] - Policy enforcer should just deny when beare is invalid
2020-02-07 15:04:45 +01:00
mabartos
a5d02d62c1
KEYCLOAK-12908 TOTP not accepted in request for Access token
2020-02-07 13:17:05 +01:00
mhajas
3f29c27e16
KEYCLOAK-12906 Describe how to run testsuite against openshift
2020-02-07 12:09:55 +01:00
stianst
5d1fa8719e
KEYCLOAK-12190 Fix PartialImportTest for client validation
2020-02-07 11:44:09 +01:00
stianst
7545749632
KEYCLOAK-12190 Add validation for client root and base URLs
2020-02-07 09:09:40 +01:00
Pedro Igor
fc514aa256
[KEYCLOAK-12792] - Invalid nonce handling in OIDC identity brokering
2020-02-06 13:16:01 +01:00
Pedro Igor
199e5dfa3e
[KEYCLOAK-12909] - Keycloak uses embedded cache manager instead of container-managed one
2020-02-06 13:14:36 +01:00
Dmitry Telegin
b6c5acef25
KEYCLOAK-7969 - SAML users should not be identified by SAML:NameID
2020-02-06 08:53:31 +01:00
Axel Messinese
b73553e305
Keycloak-11526 search and pagination for roles
2020-02-05 15:28:25 +01:00
mhajas
66350f415c
KEYCLOAK-12849 Exclude SameSite tests in non-SSL test runs
2020-02-05 11:44:07 +01:00
rmartinc
d39dfd8688
KEYCLOAK-12654: Data to sign is incorrect in redirect binding when URI has parameters
2020-02-05 11:30:28 +01:00
Martin Bartoš
b0c4913587
KEYCLOAK-12177 KEYCLOAK-12178 WebAuthn: Improve usability ( #6710 )
2020-02-05 08:35:47 +01:00
Thomas Darimont
42fdc12bdc
KEYCLOAK-8573 Invalid client credentials should return Unauthorized status ( #6725 )
2020-02-05 08:27:15 +01:00
vmuzikar
0801cfb01f
KEYCLOAK-12105 Add UI tests for Single page to manage credentials
2020-02-04 15:18:52 -03:00
Douglas Palmer
dc97a0af92
[KEYCLOAK-12107] Add tests for Applications page
2020-02-04 09:26:42 -03:00
rmartinc
5b9eb0fe19
KEYCLOAK-10884: Need clock skew for SAML identity provider
2020-02-03 22:00:44 +01:00
Jan Lieskovsky
b532570747
[KEYCLOAK-12168] Various setup TOTP screen usability improvements ( #6709 )
...
On both the TOTP account and TOTP login screens perform the following:
* Make the "Device name" label optional if user registers the first
TOTP credential. Make it mandatory otherwise,
* Denote the "Authenticator code" with asterisk, so it's clear it's
required field (always),
* Add sentence to Step 3 of configuring TOTP credential explaining
the user to provide device name label,
Also perform other CSS & locale / messages file changes, so the UX is
identical when creating OTP credentials on both of these pages
Add a corresponding testcase
Also address issues pointed out by mposolda's review. Thanks, Marek!
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-02-03 19:34:28 +01:00
Marek Posolda
154bce5693
KEYCLOAK-12340 KEYCLOAK-12386 Regression in credential handling when … ( #6668 )
2020-02-03 19:23:30 +01:00
vramik
337e8f8fad
KEYCLOAK-12240 MigrationModelTest fails in pipeline
2020-02-03 13:14:53 +01:00
Leon Graser
01a42f417f
Search and Filter for the count endpoint
2020-02-03 09:36:30 +01:00
Pedro Igor
ed2d392a3d
[KEYCLOAK-9666] - Entitlement request with service account results in server error
2020-02-03 08:57:56 +01:00
Pedro Igor
658a083a0c
[KEYCLOAK-9600] - Find by name in authz client returning wrong resource
2020-02-03 08:57:20 +01:00
Jan Lieskovsky
00a36e5f7b
[KEYCLOAK-12865] Stabilize distribution profile ( #6712 )
...
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-02-01 13:31:54 +01:00
rmartinc
1989483401
KEYCLOAK-12001: Audience support for SAML clients
2020-01-31 15:56:40 +01:00
Marek Posolda
d8e450719b
KEYCLOAK-12469 KEYCLOAK-12185 Implement nice design to the screen wit… ( #6690 )
...
* KEYCLOAK-12469 KEYCLOAK-12185 Add CredentialTypeMetadata. Implement the screen with authentication mechanisms and implement Account REST Credentials API by use the credential type metadata
2020-01-31 14:28:23 +01:00
Bart Monhemius
52fd2b4aa4
KEYCLOAK-12698: Allow setting lifespan on executeActionsEmail
2020-01-31 09:27:07 +01:00
Pedro Igor
c37ca235ab
[KEYCLOAK-11352] - Can't request permissions by name by a non-owner resource service, although the audience is set
2020-01-30 11:36:21 +01:00
Pedro Igor
2a82ed6eea
[KEYCLOAK-9402] - 401 response when enforcement mode is DISABLED
2020-01-30 11:09:32 +01:00
Pedro Igor
873c62bbef
[KEYCLOAK-12569] - User cannot be deleted if he has owned resources / permission tickets
...
Co-authored-by: mhajas <mhajas@redhat.com>
2020-01-30 11:08:28 +01:00
Pedro Igor
c821dcf820
[KEYCLOAK-12438] - Scope-based policies falsely give a permit with an empty scope list
2020-01-29 14:02:44 +01:00
Marek Posolda
d46620569a
KEYCLOAK-12174 WebAuthn: create authenticator, requiredAction and policy for passwordless ( #6649 )
2020-01-29 09:33:45 +01:00
Takashi Norimatsu
993ba3179c
KEYCLOAK-12615 HS384 and HS512 support for Client Authentication by Client Secret Signed JWT ( #6633 )
2020-01-28 14:55:48 +01:00
Erik Jan de Wit
3beef2a4c0
KEYCLOAK-8098 use html5 email validation
2020-01-27 15:16:05 -05:00
Stian Thorgersen
87cab778eb
KEYCLOAK-11996 Authorization Endpoint does not return an error when a request includes a parameter more than once ( #6696 )
...
Co-authored-by: stianst <stianst@gmail.com>
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
2020-01-24 12:10:56 +01:00
Denis Richtárik
24c6e2ba08
KEYCLOAK-12742 Authentication -> WebAuthn Policy: Unable to delete the Acceptable AAGUIDS via the provided minus (-) button, once set ( #6695 )
2020-01-24 11:55:20 +01:00
Leon Graser
f1ddd5016f
KEYCLOAK-11821 Add account api roles to the client on creation
...
Co-authored-by: stianst <stianst@gmail.com>
2020-01-23 13:10:04 -06:00
Martin Kanis
1fbee8134b
KEYCLOAK-12697 Remove mvel2 from parent pom and licenses
2020-01-23 13:04:31 -06:00
Benjamin Weimer
dd9ad305ca
KEYCLOAK-12757 New Identity Provider Mapper "Advanced Claim to Role Mapper" with
...
following features
* Regex support for claim values.
* Support for multiple claims.
2020-01-23 07:17:22 -06:00
mposolda
f0d95da52d
KEYCLOAK-12281 Fix export/import for users that have custom credential algorithms with no salt
2020-01-23 05:43:29 -06:00
vramik
47d6d65bbb
KEYCLOAK-12724 - workaround hibernate bug - set explicitly dialect for oracle version greater than 12
2020-01-22 18:34:11 +01:00
Denis Richtárik
8d312d748b
KEYCLOAK-12163 Old account console: UI not updated after removing of TOTP ( #6688 )
2020-01-22 12:26:28 +01:00
vmuzikar
03306b87e8
KEYCLOAK-12125 Introduce SameSite attribute in cookies
...
Co-authored-by: mhajas <mhajas@redhat.com>
Co-authored-by: Peter Skopek <pskopek@redhat.com>
2020-01-17 08:36:53 -03:00
vmuzikar
475ec6f3e4
Add tests for 'Always Display in Console'
2020-01-17 08:35:01 -03:00
Stan Silvert
568b1586a6
KEYCLOAK-12526: Add 'Always Display in Console' to admin console
2020-01-17 08:35:01 -03:00
Martin Bartos RH
d3f6937a23
[KEYCLOAK-12426] Add username to the login form + ability to reset login
2020-01-17 09:40:13 +01:00
mposolda
85dc1b3653
KEYCLOAK-12426 Add username to the login form + ability to reset login - NOT DESIGN YET
2020-01-17 09:40:13 +01:00
Tomas Kyjovsky
05c428f6e7
KEYCLOAK-12295 After password reset, the new password has low priority ( #6653 )
2020-01-16 09:11:25 +01:00
Martin Bartoš
5aab03d915
[KEYCLOAK-12184] Remove BACK button from login forms ( #6657 )
2020-01-15 12:25:37 +01:00
Axel Messinese
789e8c70ce
KEYCLOAK-12630 full representation param for get groups by user endpoint
2020-01-15 10:14:52 +01:00
Axel Messinese
72aff51fca
KEYCLOAK-12670 inconsistent param name full to briefRepresentation
2020-01-15 08:32:57 +01:00
Marek Posolda
8d49409de1
KEYCLOAK-12183 Refactor login screens. Introduce try-another-way link. Not show many credentials of same type in credential selector ( #6591 )
2020-01-14 21:54:45 +01:00
k-tamura
221aad9877
KEYCLOAK-11511 Improve exception handling of REST user creation
2020-01-14 13:34:34 +01:00
vramik
3b1bdb216a
KEYCLOAK-11486 Add support for system property or env variable in AllowedClockSkew in keycloak-saml subsystem
2020-01-14 13:17:13 +01:00
Martin Kanis
e1f8e5d08c
KEYCLOAK-12462 Align to EAP 7.3.0.GA
2020-01-13 14:58:59 +01:00
mhajas
a79d6289de
KEYCLOAK-11416 Fix nil AttributeValue handling
2020-01-10 12:47:09 +01:00
vramik
a2b3747d0e
KEYCLOAK-7014 - Correctly handle null-values in UserAttributes
2020-01-10 12:44:52 +01:00
Pedro Igor
03bbf77b35
[KEYCLOAK-12511] - Mapper not visible in client's mapper list
2020-01-09 10:25:06 +01:00
mposolda
fea7b4e031
KEYCLOAK-12424 SPNEGO / Kerberos sends multiple 401 responses with WWW-Authenticate: Negotiate header when kerberos token is invalid
2020-01-09 10:21:24 +01:00
Thomas Darimont
062cbf4e0a
KEYCLOAK-9925 Use Client WebOrigins in UserInfoEndpoint
...
We now use the allowed WebOrigins configured for the client
for which the user info is requested.
Previously, Web Origins defined on the Client were not being recognized
by the /userinfo endpoint unless you apply the "Allowed Web Origins"
protocol mapper.
This was an inconsistency with how the Web Origins work compared
with the /token endpoint.
2020-01-09 10:10:59 +01:00
Pedro Igor
dae212c035
[KEYCLOAK-12312] - Partial import of realm breaking access to client's service account roles
2020-01-09 10:06:32 +01:00
Pedro Igor
c596647241
[KEYCLOAK-11712] - Request body not buffered when using body CIP in Undertow
2020-01-09 10:02:18 +01:00
Pedro Igor
709cbfd4b7
[KEYCLOAK-10705] - Return full resource representation when querying policies by id
2020-01-09 10:00:24 +01:00
vmuzikar
8e0e972957
KEYCLOAK-12626 Fix compilation errors in Admin Console tests
2020-01-07 11:56:14 -05:00
vramik
419d9c6351
KEYCLOAK-11597 Remote testing changes + possibility to exclude tests for specific auth server
...
Co-Authored-By: <mhajas@redhat.com>
2020-01-06 14:29:36 +01:00
Thomas Darimont
1a7aeb9b20
KEYCLOAK-8249 Improve extraction of Bearer tokens from Authorization headers ( #6624 )
...
We now provide a simple way to extract the Bearer token string from
Authorization header with a null fallback.
This allows us to have more fine grained error handling for the
various endpoints.
2020-01-06 13:58:52 +01:00
mhajas
28b01bc34d
KEYCLOAK-12609 Fix integer overflow for SAML XMLTimeUtil add method parameters
2020-01-06 13:53:16 +01:00
Yoshiyuki Tabata
e96725127f
KEYCLOAK-12165 Fix UserSessionProviderTest to work correctly ( #6513 )
2020-01-02 17:57:14 +01:00
Marek Posolda
fa453e9c0c
KEYCLOAK-12278 Default first broker login flow is broken after migration ( #6556 )
2020-01-02 17:53:56 +01:00
Pedro Igor
56d53b191a
[KEYCLOAK-8779] - Fixing PartialImportTest
2019-12-28 06:24:19 -03:00
rmartinc
401d36b446
KEYCLOAK-8779: Partial export and import to an existing realm is breaking clients with service accounts
2019-12-27 15:59:38 -03:00
Thomas Darimont
0219d62f09
KEYCLOAK-6867 UserInfoEndpoint should return WWW-Authenticate header for Invalid tokens
...
As required by the OIDC spec (1) we now return a proper WWW-Authenticate
response header if the given token is invalid.
1) https://openid.net/specs/openid-connect-core-1_0.html#UserInfoError
2019-12-23 07:42:06 -03:00
Pedro Igor
946088d48d
[KEYCLOAK-12109] - Resolving authz discovery url using KeycloakUriBuilder
2019-12-19 14:18:21 +01:00
Pedro Igor
3bd193acd7
[KEYCLOAK-12412] - Policy enforcer should consider charset when comparing the content-type of the request
2019-12-19 14:14:33 +01:00
Stefan Guilhen
9f69386a53
[KEYCLOAK-11707] Add support for Elytron credential store vault
...
- Adds the elytron-cs-keystore provider that reads secrets from a keystore-backed elytron credential store
- Introduces an abstract provider and factory that unifies code that is common to the existing implementations
- Introduces a VaultKeyResolver interface to allow the creation of different algorithms to combine the realm
and key names when constructing the vault entry id
- Introduces a keyResolvers property to the existing implementation via superclass that allows for the
configuration of one or more VaultKeyResolvers, creating a fallback mechanism in which different key formats
are tried in the order they were declared when retrieving a secret from the vault
- Adds more tests for the files-plaintext provider using the new key resolvers
- Adds a VaultTestExecutionDecider to skip the elytron-cs-keystore tests when running in Undertow. This is
needed because the new provider is available only as a Wildfly extension
2019-12-18 11:54:06 +01:00
harture
26458125cb
[KEYCLOAK-12254] Fix re-evaluation of conditional flow ( #6558 )
2019-12-18 08:45:11 +01:00
Douglas Palmer
106e6e15a9
[KEYCLOAK-11859] Added option to always display a client in the accounts console
2019-12-17 17:12:49 -03:00
vramik
c3d80651bf
KEYCLOAK-12473 Add possibility to specify length of event detail when storing to database
2019-12-17 17:15:50 +01:00
vmuzikar
4c17fa8664
KEYCLOAK-12104 UI tests for Linked Accounts Page
2019-12-16 16:06:03 -03:00
vmuzikar
4f7b56d227
KEYCLOAK-12106 UI tests for Device Activity page
2019-12-16 14:26:58 -03:00
Erik Jan de Wit
af0f43b769
KEYCLOAK-11496 detect session timeout
2019-12-13 15:22:32 -05:00
Douglas Palmer
af0594b58d
[KEYCLOAK-12463] Fixed missing consents
2019-12-12 17:27:54 -03:00
Douglas Palmer
f9fa5b551d
[KEYCLOAK-5628] Added application endpoint
2019-12-11 13:06:04 -03:00
Cas Eliëns
66f5d1259f
Fix typo
2019-12-11 16:18:59 +01:00
Martin Bartoš
2cf6483cdf
[KEYCLOAK-12044] Fix messages in the UsernameForm ( #6548 )
2019-12-11 10:59:46 +01:00
mposolda
0f3e0f4d4e
KEYCLOAK-12432 Compilation error in latest master in LDAPHardcodedAttributeTest
2019-12-10 18:01:11 -03:00
Cédric Couralet
bde94f2f08
KEYCLOAK-11770 add an hardcoded attribute mapper ( #6396 )
...
Signed-off-by: Cédric Couralet <cedric.couralet@insee.fr>
2019-12-10 12:57:46 +01:00
Denis Richtárik
48bddc37ae
KEYCLOAK-12011 Remove cancel button from OTP form ( #6511 )
...
* KEYCLOAK-12011 Remove cancel button from OTP form
* Remove back button
2019-12-09 19:23:26 +01:00
Dmitry Telegin
e2144d6aec
KEYCLOAK-12175 - Platform SPI
2019-12-09 09:55:04 +01:00
stianst
30e024a3c9
KEYCLOAK-12167 Remove need for Arquillian deployment to load test classes
2019-12-06 12:46:08 +01:00
Yoshiyuki Tabata
b2664c7ef9
KEYCLOAK-12094 "client-session-stats" not search null client information ( #6554 )
2019-12-06 10:37:25 +01:00