Commit graph

314 commits

Author SHA1 Message Date
mposolda
7d8796e614 KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes. 2017-05-11 22:24:07 +02:00
Hynek Mlnarik
b8262a9f02 KEYCLOAK-4628 Single-use cache + its functionality incorporated into reset password token. Utilize single-use cache for relevant actions in execute-actions token 2017-05-11 22:16:26 +02:00
Hynek Mlnarik
c431cc1b01 KEYCLOAK-4627 IdP email account verification + code cleanup. Fix for concurrent access to auth session notes 2017-05-11 22:16:26 +02:00
mposolda
168153c6e7 KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes 2017-05-11 22:16:26 +02:00
Hynek Mlnarik
47aaa5a636 KEYCLOAK-4627 reset credentials and admin e-mails use action tokens. E-mail verification via action tokens. 2017-05-11 22:16:26 +02:00
mposolda
e7272dc05a KEYCLOAK-4626 AuthenticationSessions - brokering works. Few other fixes and tests added 2017-05-11 22:16:26 +02:00
mposolda
a9ec69e424 KEYCLOAK-4626: AuthenticationSessions - working login, registration, resetPassword flows 2017-05-11 22:16:26 +02:00
mposolda
83b29c5080 KEYCLOAK-4626 AuthenticationSessions: start 2017-05-11 22:16:26 +02:00
Stian Thorgersen
c3a2b3a6b6 KEYCLOAK-4523 PBKDF2WithHmacSHA256 and PBKDF2WithHmacSHA512 providers 2017-05-11 11:58:22 +02:00
Pedro Igor
e14be4460b [KEYCLOAK-4867] - Cluster events and invalidations 2017-05-05 22:48:51 -03:00
Bill Burke
c3b44e61d4 Merge remote-tracking branch 'upstream/master' 2017-05-01 14:51:07 -04:00
Eriksson Fabian
ca1152c3e5 KEYCLOAK-4204 Extend brute force protection with permanent lockout on failed attempts
- Can still use temporary brute force protection.
- After X-1 failed login attempt, if the user successfully logs in his/her fail login count is reset.
2017-04-28 09:02:10 +02:00
Bill Burke
2276f99d54 Merge remote-tracking branch 'upstream/master' 2017-04-26 14:39:45 -04:00
Johannes Knutsen
0809033924 KEYCLOAK-4780 Ensure Base64 encoded HMAC secret key is decoded before use 2017-04-26 16:04:44 +02:00
Stian Thorgersen
cf7f28d97e Merge pull request #4031 from abacusresearch/KEYCLOAK-4736_http_header_x-xss-protection
KEYCLOAK-4736 Extend security defenses with X-XSS-Protection header
2017-04-25 10:38:21 +02:00
Stian Thorgersen
54ee055bd8 KEYCLOAK-4671 Add server-private-spi to dependency deployer 2017-04-25 10:16:24 +02:00
Bill Burke
12cb295a35 Merge remote-tracking branch 'upstream/master' 2017-04-24 10:05:46 -04:00
Bill Burke
58868ca99f prototype 2017-04-24 10:05:39 -04:00
Pedro Igor
bf69bc94bb [KEYCLOAK-4754] - Unable to delete realm when using aggregated policies 2017-04-20 12:10:52 -03:00
Pedro Igor
b6978a424f [KEYCLOAK-3135] - Reverting change to support import unordered policies 2017-04-12 15:15:46 -03:00
Pedro Igor
8e877a7f6c [KEYCLOAK-3135] - More tests 2017-04-12 14:34:27 -03:00
Pedro Igor
eec712a259 [KEYCLOAK-3135] - Role and user policies apis 2017-04-12 00:52:14 -03:00
Pedro Igor
54ebc1918c [KEYCLOAK-3135] - Using abstract policy representation when creating policies and updating tests 2017-04-12 00:52:13 -03:00
Pedro Igor
d60dcb4c62 [KEYCLOAK-3135] - Some more tests and making policy type rest api more generic 2017-04-12 00:52:13 -03:00
Pedro Igor
8e64bc3e4d Tests for new permission management rest api 2017-04-12 00:52:13 -03:00
Pedro Igor
cf1e8d1dd8 [KEYCLOAK-3135] - Tests and typos 2017-04-12 00:52:13 -03:00
Pedro Igor
55f747ecd0 [KEYCLOAK-3135] - Part 1: Permission Management API 2017-04-12 00:52:13 -03:00
Dominik Langenegger
8840bc073f KEYCLOAK-4736 Extend security defenses with additional option to set the X-XSS-Protection header, block by default 2017-04-10 11:20:07 +02:00
Bill Burke
3ce0c57e17 Merge pull request #3831 from Hitachi/master
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients
2017-04-06 15:36:08 -04:00
Bill Burke
6ca5b7de03 Merge pull request #3998 from cainj13/fixNullProtocols
Fix null protocols for default clients
2017-04-06 15:29:21 -04:00
Stian Thorgersen
eaf386f1d2 KEYCLOAK-4693
Improve blocking search indexing
2017-04-04 09:56:48 +02:00
Josh Cain
971f053f13 flip null switch for conditionally adding login protocol to default clients 2017-03-31 16:20:21 -05:00
Josh Cain
0482ec40fd Fix null protocols in default realm applications 2017-03-31 16:13:38 -05:00
Takashi Norimatsu
a183d50ad2 delete erroneous characters inserted by mistake 2017-03-29 09:53:24 +09:00
Takashi Norimatsu
ef3aef9381 Merge branch 'master' into master 2017-03-28 16:21:40 +09:00
vramik
c41bc65bf8 KEYCLOAK-4638 Migrator to 3.0.0 contains code coppied from 2.5.0 2017-03-22 13:08:12 +01:00
Stian Thorgersen
2aa93d7d55 Merge pull request #3924 from daklassen/KEYCLOAK-2486
KEYCLOAK-2486: Update SimpleHTTP to use Apache HTTP Client
2017-03-15 09:50:06 +01:00
Pedro Igor
e7e6314146 [KEYCLOAK-4555] - Fixes and improvements to evaluation code 2017-03-13 14:08:54 -03:00
David Klassen
7029ef80f8 KEYCLOAK-2486: Update SimpleHTTP to use Apache HTTP Client
Update SimpleHTTP to use Apache HTTP client under the covers.
2017-03-09 09:23:09 +01:00
Bill Burke
c6dc59f63e Merge remote-tracking branch 'upstream/master' 2017-03-03 11:00:32 -05:00
Bill Burke
3bb29e033b KEYCLOAK-4501, KEYCLOAK-4511, KEYCLOAK-4513 2017-03-03 09:48:52 -05:00
mposolda
091b376624 KEYCLOAK-1590 Realm import per test class 2017-03-01 09:38:44 +01:00
Bill Burke
b4f625e1ce KEYCLOAK-4501 2017-02-27 18:46:00 -05:00
Stian Thorgersen
d72b67c460 Merge pull request #3857 from anderius/feature/KEYCLOAK-4392-component-id
KEYCLOAK-4392 Copy component id from representation to model
2017-02-14 09:43:38 +01:00
Bill Burke
c3e72b11db KEYCLOAK-4382 2017-02-13 10:51:10 -05:00
Anders Båtstrand
3af9f2f989 KEYCLOAK-4392 Copy component id from representation to model 2017-02-13 13:03:57 +01:00
Bill Burke
d9633dc20c Merge remote-tracking branch 'upstream/master' 2017-02-09 09:13:00 -05:00
Bill Burke
f128be9b31 LDAP No-Import 2017-02-04 10:29:34 -05:00
Takashi Norimatsu
88bfa563df KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients - RFC
7636 - Server Side Implementation
2017-02-03 10:38:54 +09:00
Stian Thorgersen
be2378a424 Merge pull request #3820 from patriot1burke/master
KEYCLOAK-4363
2017-02-02 11:32:30 +01:00
Bill Burke
79dede8e78 KEYCLOAK-4363 2017-02-01 10:19:15 -05:00
Bill Burke
1d04d56bdb Merge pull request #3816 from patriot1burke/master
KEYCLOAK-4218
2017-02-01 08:55:10 -05:00
Bill Burke
0d308e2b69 KEYCLOAK-4218 2017-01-31 15:15:49 -05:00
Pedro Igor
c705a8ffc8 [KEYCLOAK-4340] - Exporting authorization settings is updating policies with wrong data 2017-01-31 13:11:14 -02:00
mposolda
2de2df3a41 KEYCLOAK-4282 Fix authorization import in DirImportProvider 2017-01-24 21:57:35 +01:00
mposolda
194a63cc71 KEYCLOAK-4282 Import authorization after users are imported 2017-01-24 17:32:34 +01:00
mposolda
e487db349c KEYCLOAK-4274 Fix recursive composite role mappings 2017-01-23 17:55:45 +01:00
Pedro Igor
c19360c6f2 [KEYCLOAK-4203] - Removing references to Drools 2017-01-18 12:44:30 -02:00
Bill Burke
6aee6b0c46 KEYCLOAK-4220 2017-01-13 11:45:48 -05:00
Stian Thorgersen
7ceef826ac Merge pull request #3734 from stianst/KEYCLOAK-4176
KEYCLOAK-4176
2017-01-10 15:19:05 +01:00
Marek Posolda
227900f288 Merge pull request #3731 from mposolda/master
KEYCLOAK-4175 Provide a way to set the connect and read timeout for l…
2017-01-10 09:49:18 +01:00
Stian Thorgersen
426e55664f KEYCLOAK-4176 2017-01-10 08:02:49 +01:00
Stian Thorgersen
7eeebff874 Merge pull request #3720 from hmlnarik/KEYCLOAK-4091-Possible-NullPointerExceptions-with-disabled-cache
KEYCLOAK-4091 Prevent NPE with disabled cache
2017-01-10 06:23:10 +01:00
Bill Burke
452611242c Merge remote-tracking branch 'upstream/master' 2017-01-09 17:14:34 -05:00
Bill Burke
d075172fd2 KEYCLOAK-3617 KEYCLOAK-4117 KEYCLOAK-4118 2017-01-09 17:14:20 -05:00
mposolda
c32620b718 KEYCLOAK-4175 Provide a way to set the connect and read timeout for ldap connections 2017-01-09 21:35:58 +01:00
Pedro Igor
5bc134ea7b Merge pull request #3717 from pedroigor/KEYCLOAK-4164
[KEYCLOAK-4164] - Creating typed resources always result in error
2017-01-06 17:29:47 -02:00
Hynek Mlnarik
377fbced4a KEYCLOAK-4091 Prevent NPE with disabled cache 2017-01-06 10:00:11 +01:00
Pedro Igor
72691b2e74 [KEYCLOAK-4164] - Creating typed resources always result in error 2017-01-05 14:32:49 -02:00
Stian Thorgersen
15af61a7cc Merge pull request #3708 from stianst/KEYCLOAK-2856
KEYCLOAK-2856
2017-01-05 09:01:37 +01:00
Stian Thorgersen
09a61f4706 KEYCLOAK-2856 2017-01-04 08:38:06 +01:00
Stian Thorgersen
b7c98ed433 KEYCLOAK-2980 Fix admin query for resource path 2017-01-03 10:34:21 +01:00
Stian Thorgersen
9c2944c090 Change id of CachedStoreFactorySpi to authorizationCache 2016-12-21 07:01:19 +01:00
Stian Thorgersen
7bad8e6ff3 KEYCLOAK-4110
Broken key providers in Admin Console
2016-12-20 12:08:18 +01:00
Pedro Igor
c9c8acd029 [KEYCLOAK-4034] - Invalidating policy cache when creating resources and scopes 2016-12-19 20:28:49 -02:00
Pedro Igor
40591cff25 Merge pull request #3662 from pedroigor/KEYCLOAK-4034
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 16:49:10 -02:00
Marek Posolda
c6363aa146 Merge pull request #3630 from sldab/duplicate-email-support
KEYCLOAK-4059 Support for duplicate emails
2016-12-19 15:37:18 +01:00
Pedro Igor
c9c9f05e29 [KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup 2016-12-19 11:22:37 -02:00
Slawomir Dabek
93cec9b3ee KEYCLOAK-4059 Support for duplicate emails 2016-12-19 10:55:12 +01:00
Stian Thorgersen
f29bb7d501 KEYCLOAK-4092 key provider for HMAC signatures 2016-12-19 10:50:43 +01:00
Stian Thorgersen
97a08a1d99 Merge pull request #3644 from stianst/KEYCLOAK-4071
KEYCLOAK-4071
2016-12-14 09:55:55 +01:00
Stian Thorgersen
480d4e6f4f KEYCLOAK-4071 2016-12-14 07:01:54 +01:00
mposolda
40216b5e7d KEYCLOAK-3921 LDAP binary attributes 2016-12-13 18:31:26 +01:00
Bill Burke
5996149a8d KEYCLOAK-3506 2016-12-10 17:01:08 -05:00
Bill Burke
1f0600044a KEYCLOAK-3967 2016-12-08 19:29:02 -05:00
Bruno Oliveira
15f23eb045
[KEYCLOAK-3560]: Unable to import exported users which contain terms_and_conditions required action 2016-12-06 15:29:56 -02:00
Bill Burke
77d17de14d Merge pull request #3611 from patriot1burke/master
KEYCLOAK-3620
2016-12-06 08:18:36 -05:00
Marek Posolda
c8b22e71f0 Merge pull request #3573 from glavoie/KEYCLOAK-4003
KEYCLOAK-4003: Slow Infinispan RoleAdapter.hasRole() call.
2016-12-06 09:49:42 +01:00
Bill Burke
6587cd2478 KEYCLOAK-3620 2016-12-05 17:51:06 -05:00
Bill Burke
ce50b0ed29 Merge remote-tracking branch 'upstream/master' 2016-12-02 19:26:34 -05:00
Bill Burke
e88af874ca finish 2016-12-02 19:25:17 -05:00
Marek Posolda
458ca8a7ee Merge pull request #3578 from sldab/msadlds
KEYCLOAK-4009 Compatibility with AD LDS
2016-12-02 17:50:21 +01:00
Slawomir Dabek
b2f0acfe26 KEYCLOAK-4009 Compatibility with AD LDS 2016-12-02 14:43:42 +01:00
Manuel Palacio
bfec073457 KEYCLOAK-3648 2016-12-01 19:34:33 +01:00
Stian Thorgersen
5ecc8d1c71 KEYCLOAK-4006 Fix performance drop caused by changes to client session codes 2016-12-01 12:17:54 +01:00
Gabriel Lavoie
6fa504489f KEYCLOAK-4003: Slow Infinispan RoleAdapter.hasRole() call.
- Added a session/query cache for the result getComposites() to avoid always hitting the Infinispan cache.
- KeycloakModelUtils doesn't rely anymore on a "visited" set as performance seems good without it.
- Added test for multiple levels of composite roles. Only one level was covered.
2016-11-30 10:56:26 -05:00
mposolda
69ce1e05f0 KEYCLOAK-3822 Changing signature validation settings of an external IdP is not sometimes reflected 2016-11-28 15:27:25 +01:00
Marek Posolda
a8de125e26 Merge pull request #3551 from vramik/KEYCLOAK-3983
KEYCLOAK-3983 update protocol mappers of clients and client templates for backward compatibility import
2016-11-25 21:48:41 +01:00
mposolda
7c6032cc84 KEYCLOAK-3825 Ability to expire publicKeys cache. Migrated OIDCBrokerWithSignatureTest to new testsuite 2016-11-25 17:45:37 +01:00
Vlasta Ramik
939da455d7 update protocol mappers of clients and client templates for backward compatibility import 2016-11-25 15:12:38 +01:00
Bill Burke
e82e584b81 port removed migrators 2016-11-23 16:48:02 -05:00
Bill Burke
ccbd8e8c70 remove User Fed SPI 2016-11-23 16:06:44 -05:00
Bill Burke
d5925b8ccf remove realm UserFed SPI methods 2016-11-23 08:31:20 -05:00
Bill Burke
0c05dc093f Merge remote-tracking branch 'upstream/master' 2016-11-21 12:26:24 -05:00
Bill Burke
798fd84698 Merge remote-tracking branch 'upstream/master' 2016-11-21 11:33:52 -05:00
Bill Burke
19575b2c8f port kerberos 2016-11-21 11:33:44 -05:00
mposolda
27e5d9672a KEYCLOAK-3944 Imported legacy LDAP Federation provider doesn't have default mappers available 2016-11-21 16:17:49 +01:00
mposolda
76bfbad2c4 KEYCLOAK-3895 Make UserSessionProvider and UserSessionPersisterProvider to rely on UserRemovedEvent callbacks 2016-11-18 15:58:33 +01:00
mposolda
a27be0cee7 KEYCLOAK-3857 Clustered invalidation cache fixes and refactoring. Support for cross-DC for invalidation caches. 2016-11-16 22:29:23 +01:00
Stian Thorgersen
b4f072ed81 KEYCLOAK-3882 Move more provider factories and SPIs to private 2016-11-15 12:05:25 +01:00
Bill Burke
8794416241 fix db2 2016-11-14 16:22:30 -05:00
Bill Burke
cc0eb47814 merge 2016-11-14 15:09:41 -05:00
Pedro Igor
fb1cd9d27d [KEYCLOAK-3554] - Properly handle dependencies between policies when importing settings 2016-11-14 18:55:53 +00:00
Stian Thorgersen
7e33f4a7d1 KEYCLOAK-3882 Split server-spi into server-spi and server-spi-private 2016-11-10 13:28:42 +01:00