Commit graph

621 commits

Author SHA1 Message Date
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
Stan Silvert
4d4ee33d1d KEYCLOAK-5937: Not possible to select role w/ hardocded LDAP role mapper 2017-11-30 15:29:36 -05:00
stianst
4daf6aaec5 KEYCLOAK-5940 2017-11-30 13:43:15 +01:00
Bruno Oliveira
6a528a3ee6 [KEYCLOAK-2645] Reset password page says 'You need to change your password to activate your account.' 2017-11-30 10:37:21 +01:00
stianst
2be78a0239 KEYCLOAK-5924 Add error handler for uncaught errors 2017-11-30 10:33:13 +01:00
Stan Silvert
fc8a8b1dd8 KEYCLOAK-5905: 'Disable Credentials' not displayed after reset password. 2017-11-28 16:40:41 -05:00
Bill Burke
c36b3cd296 KEYCLOAK-5904 2017-11-28 09:10:43 -05:00
stianst
24b7e318ca KEYCLOAK-5913 Fix all locales showing in RH-SSO 2017-11-28 07:54:26 +01:00
Stan Silvert
27268044ae KEYCLOAK-5906: Active page not highlighted in nav sidebar 2017-11-27 12:43:43 -05:00
Bruno Oliveira
9d35891e7d [KEYCLOAK-5467] X.509 Auth - missing internationalization support 2017-11-27 13:44:38 +01:00
Stian Thorgersen
feaf834184 KEYCLOAK-5863 Fix error when updating mapper twice in a row 2017-11-17 12:20:43 +01:00
Shon T. Urbas
f186ea12c6 Removal of duplicate cuff. 2017-11-16 07:18:49 +01:00
Stan Silvert
dc05134e41 KEYCLOAK-5850: Del realm role broken on permissions & Users tabs. 2017-11-16 07:05:08 +01:00
Stan Silvert
f923211e9f KEYCLOAK-5849: Multiple errors in acct page displays '<br/>' 2017-11-15 19:59:54 +01:00
Bill Burke
a70461b726
Merge pull request #4695 from patriot1burke/master
KEYCLOAK-5459 KEYCLOAK-5855
2017-11-14 22:02:13 -05:00
Bill Burke
6b8ead6c4b KEYCLOAK-5459 2017-11-14 19:37:07 -05:00
Stan Silvert
8b023f57f9
KEYCLOAK-5474: Unexp behavior with "login w/ email" and "Dup emails" (#4683)
settings.
2017-11-14 16:12:56 -05:00
Hynek Mlnařík
1412fed265
Merge pull request #4676 from abstractj/KEYCLOAK-2052
[KEYCLOAK-2052] Allows independently set timeouts for e-mail verification link and rest e.g. forgot password link
2017-11-14 09:19:57 +01:00
Stian Thorgersen
de72542151 KEYCLOAK-5795 Strip ids of client export from admin console 2017-11-14 08:49:58 +01:00
Bruno Oliveira
03d0488335 [KEYCLOAK-2052] Allows independently set timeouts for e-mail verification link and rest e.g. forgot password link
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2017-11-13 19:57:04 -02:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
Stan Silvert
8759b42e6b KEYCLOAK-4461: Missing error msg when add idp mapper 2017-11-09 07:13:38 +01:00
liuzheng712
9243430b75 fix(Chinese language): add # encoding: utf-8 2017-11-09 07:10:59 +01:00
Stan Silvert
d3b270d025
KEYCLOAK-5475: UI glitches when alias blank in auth config (#4645) 2017-11-08 08:21:28 -05:00
Albert-Jan Verhees
b8f3c8a445 Fixed typo in Dutch translations 2017-11-08 12:59:55 +01:00
Stan Silvert
1db3134df8
KEYCLOAK-5506: Set empty fed config prop fails in admin console (#4625) 2017-11-06 12:44:13 -05:00
Stan Silvert
986540ab34 KEYCLOAK-4383: Dbl-click login button leads to "already logged in" page (#4614) 2017-10-27 10:29:37 -04:00
Marek Posolda
74f5c1c160 Merge pull request #4611 from mposolda/ldap-eviction-day
KEYCLOAK-5746 Bad label for evictionDay in admin console in EVICT_WEE…
2017-10-25 11:14:18 +02:00
mposolda
5f889dd3c6 KEYCLOAK-5746 Bad label for evictionDay in admin console in EVICT_WEEKLY cache policy 2017-10-25 09:08:33 +02:00
Bruno Oliveira
4d762159ef KEYCLOAK-5717 2017-10-24 10:55:02 -02:00
Stan Silvert
330f2acc29 KEYCLOAK-5732: Freemarker pages using ?html (#4607) 2017-10-23 16:35:45 -04:00
Stan Silvert
574fd42534 KEYCLOAK-5681: Upgrade AngularJS for Admin Console (#4571) 2017-10-23 12:03:46 -04:00
Stan Silvert
9083e5fe5c KEYCLOAK-5298: Enable autoescaping in Freemarker (#4561)
* KEYCLOAK-5298: Enable autoescaping in Freemarker

* Fix several of the failing tests.

* Fix broken tests in integration-deprecated

* Fix last failing test.
2017-10-23 12:03:00 -04:00
Stian Thorgersen
9b75b603e3 KEYCLOAK-5234 (#4585) 2017-10-23 16:13:22 +02:00
Bill Burke
8faa6f1f4d KEYCLOAK-5701 2017-10-18 18:20:50 -04:00
Bill Burke
0fb99a0098 Merge pull request #4569 from patriot1burke/master
KEYCLOAK-4328
2017-10-18 10:49:52 -04:00
Bill Burke
649bca7618 KEYCLOAK-4328 2017-10-18 09:37:17 -04:00
Thomas Darimont
3103e0fd0a KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider (#4370)
* KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider

This introduces a new PasswordPolicy which can refer to
a named predefined password-blacklist to avoid users
choosing too easy to guess passwords.

The BlacklistPasswordPolicyProvider supports built-in as
well as custom blacklists.
built-in blacklists use the form `default/filename`
and custom ones `custom/filename`, where filename
is the name of the found blacklist-filename.

I'd propose to use some of the freely available password blacklists
from the [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Passwords) project.

For testing purposes one can download the password blacklist
```
wget -O 10_million_password_list_top_1000000.txt https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_1000000.txt?raw=true
```
to /data/keycloak/blacklists/

Custom password policies can be configured with the SPI
configuration mechanism via jboss-cli:
```
/subsystem=keycloak-server/spi=password-policy:add()
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsFolderUri, value=file:///data/keycloak/blacklists/)
```

Password blacklist is stored in a TreeSet.

* KEYCLOAK-5244 Encode PasswordBlacklist as a BloomFilter

We now use a dynamically sized BloomFilter with a
false positive probability of 1% as a backing store
for PasswordBlacklists.

BloomFilter implementation is provided by google-guava
which is available in wildfly.

Password blacklist files are now resolved against
the ${jboss.server.data.dir}/password-blacklists.

This can be overridden via system property, or SPI config.
See JavaDoc of BlacklistPasswordPolicyProviderFactory for details.

Revised implementation to be more extensible, e.g. it could be
possible to use other stores like databases etc.

Moved FileSystem specific methods to FileBasesPasswordBlacklistPolicy.

The PasswordBlacklistProvider uses the guava version 20.0
shipped with wildfly. Unfortunately the arquillian testsuite
transitively depends on guava 23.0 via the selenium-3.5.1
dependency. Hence we need to use version 23.0 for tests but 20.0
for the policy provider to avoid NoClassDefFoundErrors in the
server-dist.

Configure password blacklist folder for tests

* KEYCLOAK-5244 Configure jboss.server.data.dir for test servers

* KEYCLOAK-5244 Translate blacklisted message in base/login
2017-10-17 20:41:44 +02:00
Cédric Couralet
656fc5d7c0 KEYCLOAK-4052 - add an option to validate Password Policy for ldap user storage 2017-10-13 13:54:50 +02:00
Gaetan Collaud
06ad4caa1b KEYCLOAK-5505 put tabindex in login page 2017-10-10 16:56:03 +02:00
Stan Silvert
9131e7e73c KEYCLOAK-4248: Remove revocation tab for SAML clients. 2017-10-04 14:03:39 -04:00
Herbert Mühlburger
f0f7321c38 Fix spelling error in admin message properties (#4525)
* fix spelling error in admin message properties

* fix typo in admin messages
2017-10-03 20:58:17 +02:00
Bill Burke
817d6cc8c7 minor ui fix 2017-10-02 11:02:19 -04:00
Gabriel Lavoie
134daeac7f KEYCLOAK-3303: Allow reuse of refresh tokens.
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
Bill Burke
fd025ae76b Merge pull request #4209 from guitaro/feature/group-search-and-pagination
[KEYCLOAK-2538] - groups pagination and group search
2017-09-23 20:52:19 -04:00
Bill Burke
3020a04a8b Merge pull request #4490 from Fiercely/master
Keycloak 2035
2017-09-22 16:13:22 -04:00
Thomas Darimont
236b2b9273 KEYCLOAK-3599 Add Script based OIDC ProtocolMapper 2017-09-22 21:24:20 +02:00
howcroft
e78bf5f876 Keycloak 2035
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
Stan Silvert
7124d93a24 Merge pull request #4487 from ssilvert/kc1250-big-commit
KEYCLOAK-5502: Fix install of node and yarn for account2 profile.
2017-09-19 10:39:38 -04:00
Stan Silvert
9d66d55ac1 KEYCLOAK-5502: Fix install of node and yarn for account2 profile. 2017-09-19 09:53:22 -04:00