Commit graph

660 commits

Author SHA1 Message Date
mposolda
061693a8c9 KEYCLOAK-9089 IllegalArgumentException when trying to use ES256 as OIDC access token signature 2018-12-14 21:01:03 +01:00
mposolda
6db1f60e27 KEYCLOAK-7774 KEYCLOAK-8438 Errors when SSO authenticating to same client multiple times concurrently in more browser tabs 2018-11-21 21:51:32 +01:00
Takashi Norimatsu
0793234c19 KEYCLOAK-8460 Request Object Signature Verification Other Than RS256 (#5603)
* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

also support client signed signature verification by refactored token
verification mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

incorporate feedbacks and refactor client public key loading mechanism

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

unsigned request object not allowed

* KEYCLOAK-8460 Request Object Signature Verification Other Than RS256

revert to re-support "none"
2018-11-19 14:28:32 +01:00
Thomas Darimont
cf57a1bc4b KEYCLOAK-1267 Add dedicated SSO timeouts for Remember-Me
Previously remember-me sessions where tied to the SSO max session
timeout which could lead to unexpected early session timeouts.
We now allow SSO timeouts to be configured separately for sessions
with enabled remember-me. This enables users to opt-in for longer
session timeouts.

SSO session timeouts for remember-me can now be configured in the
tokens tab in the realm admin console. This new configuration is
optional and will tipically host values larger than the regular
max SSO timeouts. If no value is specified for remember-me timeouts
then the regular max SSO timeouts will be used.

Work based on PR https://github.com/keycloak/keycloak/pull/3161 by
Thomas Darimont <thomas.darimont@gmail.com>
2018-11-15 06:11:22 +01:00
scranen
5880efe775 KEYCLOAK-4342 Make naming consistent 2018-11-06 10:28:06 -02:00
scranen
0c6b20e862 [KEYCLOAK-4342] Make adapter state cookie path configurable 2018-11-06 10:28:06 -02:00
Graser Leon
9ef4c7fffd KEYCLOAK-8377 Role Attributes 2018-10-24 22:04:28 +02:00
mposolda
c36b577566 KEYCLOAK-8483 Remove application from the aud claim of accessToken and refreshToken 2018-10-23 13:52:09 +02:00
Pedro Igor
6f8f8e6a28 [KEYCLOAK-8449] - Option to automatically map HTTP verbs to scopes when configuring the policy enforcer 2018-10-23 08:40:54 -03:00
stianst
11374a2707 KEYCLOAK-8556 Improvements to profile 2018-10-12 12:26:37 +02:00
Leon Graser
066bef744f KEYCLOAK-6658 Fine Grain Permissions via Java Client
Signed-off-by: Leon Graser <leon.graser@bosch-si.com>
2018-10-11 09:44:57 -03:00
mposolda
5b51c000af KEYCLOAK-8481 Don't include empty resource_access in access token 2018-10-11 08:04:07 +02:00
mposolda
2a4cee6044 KEYCLOAK-6884 KEYCLOAK-3454 KEYCLOAK-8298 Default 'roles' and 'web-origins' client scopes. Add roles and allowed-origins to the token through protocol mappers 2018-10-04 12:00:38 +02:00
mposolda
3777dc45d0 KEYCLOAK-3058 Support for validation of "aud" in adapters through verify-token-audience configuration switch 2018-09-21 11:17:05 +02:00
mposolda
99a16dcc1f KEYCLOAK-6638 Support for adding audiences to tokens 2018-09-13 21:40:16 +02:00
stianst
24e60747b6 KEYCLOAK-7560 Refactor token signature SPI PR
Also incorporates:
KEYCLOAK-6770 ES256/384/512 providers
KEYCLOAK-4622 Use HS256 for refresh tokens
KEYCLOAK-4623 Use HS256 for client reg tokens
2018-09-11 08:14:10 +02:00
Takashi Norimatsu
5b6036525c KEYCLOAK-7560 Refactor Token Sign and Verify by Token Signature SPI 2018-09-11 08:14:10 +02:00
Pedro Igor
6a0a1031a1 [KEYCLOAK-7754] - Fixing compat issues with UMA spec in RPT Introspection Provider 2018-09-04 11:41:09 -03:00
Stefan Guilhen
0b95cdacb8 [KEYCLOAK-7885] Add user policy support to the policy API 2018-08-13 22:09:17 -03:00
Pedro Igor
80e5227bcd [KEYCLOAK-4902] - Refactoring and improvements to processing of authz requests 2018-08-07 10:53:40 -03:00
Hynek Mlnarik
f57cc3a9c0 KEYCLOAK-5257 Clarify usage of TokenVerifier 2018-08-01 13:38:31 +02:00
mposolda
a2afe7c205 KEYCLOAK-7977 Release failing due the NPE during swagger2markup-maven-plugin execution 2018-07-31 22:05:34 +02:00
ssilvert@win.redhat.com
0844aa8d68 KEYCLOAK-7857: Fix notifications 2018-07-25 08:59:25 -04:00
Hiroyuki Wada
7c0ca9aad2 KEYCLOAK-6313 Add required action's priority for customizing the execution order 2018-07-23 22:21:04 +02:00
Pedro Igor
8b6979ac18 [KEYCLOAK-7849] - Improvements to RPT upgrade 2018-07-18 16:40:55 -03:00
Pedro Igor
90bfa2bff5 [KEYCLOAK-7781] - More validations to authorization requests 2018-07-13 09:18:05 -03:00
mhajas
5aebc74f8c KEYCLOAK-7269 Setting more uris for Authorization Resource 2018-07-11 17:48:34 -03:00
stianst
3c5027de3c KEYCLOAK-7701 Refactor key providers to support additional algorithms 2018-06-29 14:14:25 +02:00
Takashi Norimatsu
2fb022e501 KEYCLOAK-7688 Offline Session Max for Offline Token 2018-06-26 08:25:06 +02:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support (#5076)
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes

Co-authored-by: vramik <vramik@redhat.com>

* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
2018-06-08 15:38:38 +02:00
Pedro Igor
aa128d6c07
Merge pull request #5240 from pedroigor/KEYCLOAK-7353
[KEYCLOAK-7353] Support Policy Management in Protection API
2018-06-07 11:05:49 -03:00
Federico M. Facca
5a9bfea419 [KEYCLOAK-7353] Support Policy Management in Protection API
See https://issues.jboss.org/browse/KEYCLOAK-7353
2018-06-06 19:36:42 -03:00
Takashi Norimatsu
c586c63533 KEYCLOAK-6771 Holder of Key mechanism
OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access
Tokens
2018-06-05 08:18:29 +02:00
Pedro Igor
1634bef28a
Merge pull request #5194 from pedroigor/KEYCLOAK-7322
[KEYCLOAK-7322] - NPE when removing group from representation
2018-05-15 06:05:54 -03:00
Federico M. Facca
5cbe595fe3 This commit implement feature KEYCLOAK-7337
* return requester

when returnNames=true

* return requesterName
* return owernName
2018-05-11 21:08:16 +02:00
pedroigor
88f21eae87 [KEYCLOAK-7322] - NPW when removing group from representation 2018-05-08 14:03:33 -03:00
pedroigor
035ebc881a [KEYCLOAK-4903] - Claim Information point Provider SPI and configuration 2018-04-25 10:16:41 -03:00
pedroigor
e813fcd9c8 [KEYCLOAK-4903] - Pushing claims when obtaining a permission ticket 2018-04-24 19:47:28 -03:00
Oskars
3bef6d5066 KEYCLOAK-4538 Configurable clock skew when validating tokens (#5014)
* [master]: fix type for checkLoginIframeInterval

* [master]: KEYCLOAK-4538 Feature to tolerate a configurable amount of seconds of clock skew when validating tokens

* [master]: KEYCLOAK-4538 Fix unit test scenarios for token clock skew

* [master]: KEYCLOAK-4538 Reverted wildcard imports

* [master]: fix unit test to use longer intervals to make test less fragile.
2018-04-16 11:09:25 +02:00
pedroigor
a939c45d58 [KEYCLOAK-7029] - Configuration of cache policies for cached resources/path 2018-04-03 16:44:27 -03:00
Pedro Igor
5cae1bb134
Merge pull request #5093 from pedroigor/KEYCLOAK-4102
[KEYCLOAK-4102] - Support lazy load paths
2018-03-29 09:16:34 -03:00
Bill Burke
f5bacb79c1 review changes 2018-03-28 16:45:52 -04:00
pedroigor
4a425c2674 [KEYCLOAK-4102] - Support lazy loading of paths via policy enforcer config 2018-03-28 09:23:59 -03:00
Bill Burke
ad5f3fefc5 Merge remote-tracking branch 'upstream/master' into kcinit 2018-03-27 16:38:35 -04:00
pedroigor
e9e376419d [KEYCLOAK-4102] - Removing create-resources configuration option 2018-03-27 09:51:13 -03:00
Bill Burke
f000cedcbb Merge remote-tracking branch 'upstream/master' into kcinit 2018-03-20 16:49:43 -04:00
Áron Bustya
82ba2b1b0d remove changes from standard OIDC client registration, move constants 2018-03-19 19:31:22 +01:00
Áron Bustya
57f57f5c75 set request object mandatory for client, restrict delivery mode
handle new attribute in client representation


add to UI
2018-03-19 19:31:22 +01:00
pedroigor
08896ee9c9 [KEYCLOAK-6529] - Resource Attributes 2018-03-19 13:21:39 -03:00
Bill Burke
4bba11cd94 kcinit 2018-03-16 12:11:57 -04:00