Luca Leonardo Scorcia
3973d47bd4
KEYCLOAK-15465 SAML Identity Broker - SP metadata writer always emits AttributeConsumingService isDefault attribute
...
The isDefault attribute is defined as optional, yet if it set to null Keycloak incorrectly emits the value isDefault="null".
2020-09-16 16:44:19 +02:00
Luca Leonardo Scorcia
10077b1efe
KEYCLOAK-15485 Add option to enable SAML SP metadata signature
2020-09-16 16:40:45 +02:00
Mark Wolfe
3723d78e3c
KEYCLOAK-15460 Fix missing event types in SAML endpoint
...
A change was done in 32f13016fa
which isn't setting the type for events and causing an internal error.
2020-09-16 16:36:19 +02:00
Martin Kanis
5d5e56dde3
KEYCLOAK-15199 Complement methods for accessing roles with Stream variants
2020-09-16 16:29:51 +02:00
Benjamin Weimer
f874e9a43c
KEYCLOAK-9874 include realm and client roles in user info response
2020-09-16 10:01:02 +02:00
Joaquim Fellmann
be4780243b
KEYCLOAK-15483 Replace badly displayed HTML message with simple text message for french locale (align with en, de, pt, po, tr, nl locales)
2020-09-15 17:09:53 -04:00
Takashi Norimatsu
b670734eec
KEYCLOAK-14205 FAPI-RW Client Policy - Executor : Enforce Response Type of OIDC Hybrid Flow
2020-09-14 20:58:25 +02:00
Hynek Mlnarik
a05066d567
KEYCLOAK-15477 Fix permission evaluation logic
2020-09-14 20:53:46 +02:00
Konstantinos Georgilakis
f4f58ab707
KEYCLOAK-15540 correct SAMLAttributeConsumingServiceParser
2020-09-14 16:01:46 +02:00
mposolda
4123b7a91e
KEYCLOAK-11678 Remove dummy resource. Adding keycloak-services and liquibase to jandex indexing
2020-09-14 09:27:34 -03:00
vmuzikar
a9a719b88c
KEYCLOAK-15270 Account REST API doesn't verify audience
2020-09-14 08:43:09 -03:00
Dmitry Telegin
b62d68a591
KEYCLOAK-14952 - Unit test failure in keycloak-saml-core on Java 11
2020-09-14 11:17:57 +02:00
mhajas
3186f1b5a9
KEYCLOAK-15514 Update AbstractStorageManager to check capability interface types
2020-09-11 14:42:48 +02:00
vmuzikar
cb5c893d87
Add tests for KEYCLOAK-15481
2020-09-11 07:03:24 -04:00
Stan Silvert
952e8fecee
KEYCLOAK-15481: Display forbidden screen
2020-09-11 07:03:24 -04:00
Miquel Simon
2572b1464b
KEYCLOAK-15395. Removed totp/remove (DELETE) and credentials/password (GET, POST) endpoints.
2020-09-10 18:03:03 -03:00
Takashi Norimatsu
af2f18449b
KEYCLOAK-14195 FAPI-RW Client Policy - Condition : Client - Client Role
2020-09-10 18:34:19 +02:00
Clement Cureau
b19fe5c01b
Finegrain admin as fallback and added some tests
2020-09-10 12:26:55 -03:00
Clement Cureau
73378df52e
[KEYCLOAK-11621] Allow user creation via group permissions (Admin API)
...
Problem:
Using fine-grained admin permissions on groups, it is not permitted to create new users
within a group.
Cause:
The POST /{realm}/users API does not check permission for each group part of the new
user representation
Solution:
- Change access logic for POST /{realm}/users to require MANAGE_MEMBERS and
MANAGE_MEMBERSHIP permissions on each of the incoming groups
Tests:
Manual API testing performed:
1. admin user from master realm:
- POST /{realm}/users without groups => HTTP 201 user created
- POST /{realm}/users with groups => HTTP 201 user created
2. user with MANAGE_MEMBERS & MANAGE_MEMBERSHIP permissions on group1
- POST /{realm}/users without groups => HTTP 403 user NOT created
- POST /{realm}/users with group1 => HTTP 201 user created
- POST /{realm}/users with group1 & group2 => HTTP 403 user NOT created
- POST /{realm}/users with group1 & wrong group path => HTTP 400 user NOT created
3. user with MANAGE_MEMBERS permission on group1
- POST /{realm}/users without groups => HTTP 403 user NOT created
- POST /{realm}/users with group1 => HTTP 403 user NOT created
- POST /{realm}/users with group1 & group2 => HTTP 403 user NOT created
- POST /{realm}/users with group1 & wrong group path => HTTP 400 user NOT created
2020-09-10 12:26:55 -03:00
testn
706299557e
KEYCLOAK-15174: ResourceServerAdapter.toEntity checks the wrong type
2020-09-10 12:19:25 -03:00
testn
c288175c03
KEYCLOAK-15208: PermissionTicketAdapter checks for the wrong type
2020-09-10 12:16:48 -03:00
Sebastian Laskawiec
e01159a943
KEYCLOAK-14767 OpenShift Review Endpoint audience fix
2020-09-09 11:57:24 -03:00
Takashi Norimatsu
cbb79f0430
KEYCLOAK-15448 FAPI-RW : Error Response on OIDC private_key_jwt Client Authentication Error (400 error=invalid_client)
2020-09-09 11:14:21 +02:00
mhajas
df52c12ebb
KEYCLOAK-15479 Replace enlistAfterCompletion with enlist in MapClientProvider
2020-09-09 08:27:38 +02:00
Benjamin Weimer
b2934e8dd0
KEYCLOAK-15327 backchannel logout invalidate offline session even if there is no corresponding active session found
2020-09-08 11:17:20 -03:00
Martin Kanis
4e9bdd44f3
KEYCLOAK-14901 Replace deprecated ClientProvider related methods across Keycloak
2020-09-07 13:11:55 +02:00
stianst
76f7fbb984
KEYCLOAK-14548 Add support for cached gzip encoding of resources
2020-09-07 00:58:47 -07:00
Martin Bartos
e34ff6cd9c
[KEYCLOAK-14326] Identity Provider force sync is not working
2020-09-07 09:42:40 +02:00
Takashi Norimatsu
1d8230d438
KEYCLOAK-14190 Client Policy - Condition : The way of creating/updating a client
2020-09-04 09:54:55 +02:00
Luca Leonardo Scorcia
67b2d5ffdd
KEYCLOAK-14961 SAML Client: Add ability to request specific AuthnContexts to remote IdPs
2020-09-03 21:25:36 +02:00
Hynek Mlnarik
1c4a2db8e1
KEYCLOAK-14510 Properly close Response object
2020-09-03 11:23:05 +02:00
Simon Legner
bed664e4fe
KEYCLOAK-15186 Sort user federation table
2020-09-02 17:40:41 -04:00
stianst
a92bf0c3be
KEYCLOAK-15091 Fix issue with custom favicon.ico
2020-09-02 23:18:49 +02:00
Konstantinos Georgilakis
1fa93db1b4
KEYCLOAK-14304 Enhance SAML Identity Provider Metadata processing
2020-09-02 20:43:09 +02:00
Takashi Norimatsu
aad3bdcb88
KEYCLOAK-15251 keycloak-themes build fails in windows
2020-09-02 12:40:07 -04:00
Takashi Norimatsu
b93a6ed19f
KEYCLOAK-14919 Dynamic registration - Scope ignored
2020-09-02 13:59:22 +02:00
Takashi Norimatsu
107a429238
KEYCLOAK-15236 FAPI-RW : Error Response on OAuth 2.0 Mutual TLS Client Authentication Error (400 error=invalid_client)
2020-09-02 09:31:20 +02:00
mhajas
3928a49c77
KEYCLOAK-14816 Reset brute-force-detection data for the user after a successful password grant type flow
2020-09-01 21:45:17 +02:00
Hynek Mlnarik
583fa07bc4
KEYCLOAK-11029 Support modification of broker username / ID for identity provider linking
2020-09-01 20:40:38 +02:00
testn
0362d3a430
KEYCLOAK-15113: Move away from deprecated Promise.success()/error()
2020-09-01 14:26:44 -04:00
Zack Powers
0001a930b4
KEYCLOAK-15068: Fix 15068 by parameterizing ProviderFactory with LoginFormsProvider.
2020-09-01 12:17:17 +02:00
Iavael
f021f72fcd
[KEYCLOAK-14663] Fix spelling in RU translation
...
https://en.wiktionary.org/wiki/%D0%BF%D1%80%D0%B8%D0%B2%D0%B8%D0%BB%D0%B5%D0%B3%D0%B8%D1%8F
2020-09-01 12:01:13 +02:00
Jon Koops
b64cf3c315
KEYCLOAK-14980 Remove references to Bower
2020-09-01 11:49:58 +02:00
mhajas
bdccfef513
KEYCLOAK-14973 Create GroupStorageManager
2020-09-01 10:21:39 +02:00
Luca Leonardo Scorcia
03c07bd2d7
KEYCLOAK-14902 Replace SAML SP metadata export with link to descriptor
2020-08-31 22:26:30 +02:00
testn
b392084297
KEYCLOAK-15173: Fix bug in SAML11EvidenceType.remove()
2020-08-31 21:46:26 +02:00
Martin Bartos
9c847ab176
[KEYCLOAK-14432] Unhandled NPE in identity broker auth response
2020-08-31 14:14:42 +02:00
Martin Kanis
d59a74c364
KEYCLOAK-15102 Complement methods for accessing groups with Stream variants
2020-08-28 20:56:10 +02:00
kaibo-ondruska
6d45d715d3
KEYCLOAK-15369 fix Czech translation
...
"Přihlasovací" should be "Přihlašovací"
2020-08-28 14:54:50 +02:00
Thomas Darimont
300b15e604
KEYCLOAK-15214 Improve SimpleHTTP
...
- Added support for configuring socket, connect and request timeouts on request level.
- Added support for HTTP HEAD and HTTP PATCH methods
- Small refactorings
2020-08-26 10:34:11 +02:00