mposolda
4a7013d550
KEYCLOAK-5440 RestartLoginCookie field 'cs' not marked ignorable
2017-10-02 14:19:27 +02:00
Bruno Oliveira da Silva
bb0bccc3c0
[KEYCLOAK-5486] Test email connection feature does not work the second time ( #4517 )
2017-10-02 13:14:50 +02:00
Marek Posolda
13fe9e7cf8
Merge pull request #4510 from glavoie/KEYCLOAK-3303
...
KEYCLOAK-3303: Allow reuse of refresh tokens.
2017-09-29 17:07:45 +02:00
mposolda
3b6e1f4e93
KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT
2017-09-29 13:20:22 +02:00
Gabriel Lavoie
134daeac7f
KEYCLOAK-3303: Allow reuse of refresh tokens.
...
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
Bill Burke
fd025ae76b
Merge pull request #4209 from guitaro/feature/group-search-and-pagination
...
[KEYCLOAK-2538] - groups pagination and group search
2017-09-23 20:52:19 -04:00
Bill Burke
9db6a5e0df
Merge pull request #4497 from thomasdarimont/issue/KEYCLOAK-3599-add-script-based-protocol-mapper
...
KEYCLOAK-3599 Revise Script based OIDC ProtocolMapper
2017-09-23 20:38:51 -04:00
Thomas Darimont
57c633967a
KEYCLOAK-3599 Revise Script based OIDC ProtocolMapper
...
We now use the `ScriptingProvider` API instead of
using the `ScriptEngineManager` because dynamic
`ScriptEngineManager` lookups might fail in some
environments like JBoss EAP.
Refactored `AbstractOIDCProtocolMapper` to provide
a new version of the `setClaim(..)` method which takes a
`KeycloakSession` as additional argument.
The old `setClaim(..)` method is marked as deprecated and
should be scheduled for removal in a later release.
To ensure backwards compatibility we call the old `setClaim(..)`
from the new `setClaim(..,keycloakSession)` method in order
to not break user implementations of OIDC ProtocolMappers.
The existing OIDC ProtocolMappers which override the old
`setClaim(..)` method should be updated to use the new version
`setClaim(..,keycloakSession)`.
This was necessary to be able to lookup a `ScriptingProvider`.
2017-09-22 22:57:07 +02:00
Bill Burke
1599e6db6e
KEYCLOAK-5518
2017-09-22 16:38:50 -04:00
Bill Burke
537081ec9d
Merge pull request #4494 from patriot1burke/master
...
KEYCLOAK-5516
2017-09-22 16:38:13 -04:00
Bill Burke
3020a04a8b
Merge pull request #4490 from Fiercely/master
...
Keycloak 2035
2017-09-22 16:13:22 -04:00
Bill Burke
790e2dc69f
fix compiler bug
2017-09-22 15:43:13 -04:00
Thomas Darimont
236b2b9273
KEYCLOAK-3599 Add Script based OIDC ProtocolMapper
2017-09-22 21:24:20 +02:00
Bill Burke
eb4f7f3b21
KEYCLOAK-5516
2017-09-22 11:48:30 -04:00
howcroft
e78bf5f876
Keycloak 2035
...
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
Bill Burke
8ace0e68c3
KEYCLOAK-910 KEYCLOAK-5455
2017-09-21 17:15:18 -04:00
Bill Burke
ab58052a4c
Merge pull request #4482 from patriot1burke/master
...
KEYCLOAK-5491 KEYCLOAK-5492 KEYCLOAK-5490
2017-09-19 14:01:40 -04:00
Marek Posolda
fa35249afd
Merge pull request #4480 from TeliaSoneraNorge/KEYCLOAK-5494
...
Fix introspection error for pairwise access tokens
2017-09-18 16:44:24 +02:00
Pedro Igor
e8ef050093
Merge pull request #4471 from pedroigor/KEYCLOAK-5095
...
[KEYCLOAK-5095] - RPT should contain the RS as audience
2017-09-18 09:32:47 -03:00
Martin Hardselius
6b687c4318
Fix offline validation errors
...
Refactored token validation method to run user checks only if the user
session is valid.
2017-09-18 11:26:57 +02:00
Bill Burke
f927ee7b4e
KEYCLOAK-5491 KEYCLOAK-5492
2017-09-15 16:30:45 -04:00
Bill Burke
3e6adbc904
KEYCLOAK-5490 ( #4477 )
2017-09-15 11:36:48 +02:00
Martin Hardselius
a4315f4076
Fix introspection error for pairwise access tokens
...
When access tokens containing a pairwise sub are introspected, user
related checks are using that sub to fetch the UserModel instead of
fetching the user from the UserSession. No corresponding user is found
(or possibly even another user) and the token is reported inactive.
Resolves: KEYCLOAK-5494
2017-09-15 10:31:47 +02:00
Bill Burke
c999a0d8f9
Merge remote-tracking branch 'upstream/master'
2017-09-14 21:17:12 -04:00
Bill Burke
affeadf4f3
KEYCLOAK-5490
2017-09-14 21:16:50 -04:00
Stian Thorgersen
ee35673615
KEYCLOAK-1250 Profile and console loader for new account management console
2017-09-14 19:53:02 +02:00
Levente NAGY
d18aa44fb4
Merge branch 'feature/group-search-and-pagination' of https://github.com/guitaro/keycloak into feature/group-search-and-pagination
2017-09-13 16:48:24 +02:00
Levente NAGY
e907da77d7
KEYCLOAK 2538 - UI group pagination - Remove junit mocked TUs, add arquillian Tests, delete mockito from poms, fix groups sorting when get result from cache
2017-09-13 16:45:45 +02:00
Léventé NAGY
503ce3a47f
Merge branch 'master' into feature/group-search-and-pagination
2017-09-13 10:27:38 +02:00
Hisanobu Okuda
b7af96aa4d
KEYCLOAK-5315 Conditional OTP enforcement does not work ( #4399 )
2017-09-13 06:58:59 +02:00
Martin Kanis
550e5f752a
KEYCLOAK-5146 TokenEndpoint returns wrong methods for preflight requests ( #4455 )
2017-09-13 06:23:11 +02:00
Pedro Igor
cdb3c159c5
[KEYCLOAK-5095] - RPT should contain the RS as audience
2017-09-12 16:59:20 -03:00
Pedro Igor
90db6654d3
Merge pull request #4451 from glavoie/KEYCLOAK-4858-ResourceServer
...
KEYCLOAK-4858: Slow query performance for client with large data volume
2017-09-12 15:54:16 -03:00
Levente NAGY
c8c88dd58c
KEYCLOAK 2538 - UI group pagination - TU + some code improvement + add mockito dependency
2017-09-12 15:09:08 +02:00
Petter Lysne
7f8b5e032a
feat: added PayPal IDP ( #4449 )
2017-09-12 11:57:59 +02:00
Hynek Mlnarik
24e9cbb292
KEYCLOAK-4899 Replace updates to user session with temporary auth session
2017-09-11 21:43:49 +02:00
Levente NAGY
2c24b39268
KEYCLOAK 2538 - UI group pagination
2017-09-07 19:39:06 +02:00
Gabriel Lavoie
c1664478d9
KEYCLOAK-4858: Slow query performance for client with large data volume
...
- Changing RESOURCE_SERVER PK to the client ID.
- Changing FK on children of RESOURCE_SERVER.
- Use direct fetch of ResourceServer through ID/PK to avoid a lot of implicit Hibernate flush.
2017-09-06 09:55:53 -03:00
mposolda
fe43c26829
KEYCLOAK-5248 auth_time is not updated when reauthentication is requested with 'login=prompt'
2017-09-05 12:22:30 +02:00
Pedro Igor
fa6d5f0ee2
[KEYCLOAK-4653] - Identity.hasClientRole(String) and Identity.hasRole(String) break role namespaces and should be removed
2017-09-01 16:08:34 -03:00
filipelautert
e055589448
[KEYCLOAK-4778] Fix for Oracle null value when having an empty String as attribute value ( #4406 )
...
* Add client.name as a second parameter to the title expressions in login template
* Fixing tooltip.
* pt_BR localization for admin screens.
* Reverting login.ftl
* Added all tooltip messages - even the ones not translated.
Translated around 150 messages todas.
* More translations.
* Fixing wrong edit.
* [KEYCLOAK-4778] Null check on Attribute value. This value can be null when retrieved from an Oracle database.
* [KEYCLOAK-4778] Create unit tests for empty and null values.
* [KEYCLOAK-4778] Move empty and null attributes tests to a separated test method; change tests to empty or null Strings.
* [KEYCLOAK-4778] Check if value is null and set it as empty array. In the former code if null was received it would generate an array with 1 string element ["null"]. Also if we set value as null instead of ArrayList, later when the rest call is executed it will generate the same incorrect array again.
* [KEYCLOAK-4778] Tests clean up.
2017-08-31 06:09:41 +02:00
Wim Vandenhaute
924b4f651a
KEYCLOAK-5186 createUser: set federationLink ( #4316 )
2017-08-31 06:07:43 +02:00
Hynek Mlnařík
e36b94d905
KEYCLOAK-5318 Verify signature on raw query parameters ( #4445 )
2017-08-31 05:46:26 +02:00
Stian Thorgersen
d3dc26181e
KEYCLOAK-3481 ( #4441 )
2017-08-30 08:00:22 +02:00
Stian Thorgersen
dcfa4aca8c
KEYCLOAK-943 Started account rest service. Profile and sessions completed. ( #4439 )
2017-08-29 20:12:09 +02:00
Stian Thorgersen
463661b051
Set version to 3.4.0.CR1-SNAPSHOT
2017-08-28 15:46:22 +02:00
Stian Thorgersen
8cc1d02d46
KEYCLOAK-5342 ( #4431 )
2017-08-28 14:35:58 +02:00
Hynek Mlnařík
9ee8f72be9
\KEYCLOAK-5335 Destination attr in SAML requests is optional ( #4424 )
2017-08-28 08:06:48 +02:00
Stian Thorgersen
d58c6ad4e0
[KEYCLOAK-4900] Pass login_hint parameter to idp & review ( #4421 )
2017-08-25 10:14:38 +02:00
w9n
e173bf33ba
auth is already part of the serverBaseUri ( #4418 )
2017-08-25 08:16:01 +02:00
John Ament
30ea556a7a
KEYCLOAK-5285: Adding protected access. ( #4405 )
...
Allows FreemarkerEmailTemplateProvider to be more extensible.
2017-08-25 07:30:26 +02:00
Bill Burke
6696c44dc0
Merge remote-tracking branch 'upstream/master'
2017-08-24 15:19:48 -04:00
Bill Burke
7a57723c01
more token exchange
2017-08-24 15:19:38 -04:00
mposolda
fe5891fbdb
KEYCLOAK-5293 Add notBefore to user
2017-08-23 08:58:26 +02:00
Stian Thorgersen
20ac70d3fd
KEYCLOAK-5119 ( #4400 )
2017-08-22 08:07:36 +02:00
John Ament
5b179420fd
KEYCLOAK-5274: Check that authenticator config id is null before attempting to fetch it. ( #4404 )
2017-08-22 06:57:49 +02:00
mposolda
a6a6a62dc0
KEYCLOAK-5260 kc_idp_hint was only working first time
2017-08-18 11:09:17 +02:00
mposolda
089514d8a6
KEYCLOAK-4634 Cross-dc support for UserLoginFailures
2017-08-17 10:22:12 +02:00
Bill Burke
16954fc370
fix
2017-08-10 14:58:09 -04:00
Levente NAGY
c8aa708cff
Merge remote-tracking branch 'upstream/master'
2017-08-10 18:14:49 +02:00
Bill Burke
41cdd9db70
KEYCLOAK-5268
2017-08-10 09:36:45 -04:00
Bill Burke
fbeef3e75f
manageMembership not deleted
2017-08-10 09:25:44 -04:00
Bill Burke
45eac1093d
show permissions
2017-08-09 10:39:59 -04:00
Bill Burke
3470b1839d
Merge remote-tracking branch 'upstream/master'
2017-08-09 10:25:25 -04:00
Bill Burke
2fa55550f3
token exchange permissions
2017-08-09 10:04:14 -04:00
mposolda
a72c297d5d
KEYCLOAK-4187 Fix LoginCrossDCTest
2017-08-08 14:02:48 +02:00
Hynek Mlnarik
9ca72dc5c6
KEYCLOAK-4189 Improve logging and concurrency/cross-DC testing
2017-08-08 10:11:51 +02:00
Bill Burke
430fe60533
Merge pull request #4374 from patriot1burke/master
...
KEYCLOAK-5190
2017-08-07 14:19:23 -04:00
Bill Burke
ed5e880931
Merge remote-tracking branch 'upstream/master'
2017-08-07 12:02:50 -04:00
Bill Burke
c9b7504e3f
KEYCLOAK-5190
2017-08-07 12:02:18 -04:00
Bill Burke
3fce14d9ce
Merge pull request #4369 from patriot1burke/master
...
KEYCLOAK-5249
2017-08-03 09:57:55 -04:00
Bill Burke
3b5ca2bac0
Merge pull request #4366 from hmlnarik/KEYCLOAK-4694-null
...
KEYCLOAK-4694
2017-08-02 19:47:34 -04:00
Bill Burke
cf0ee31bc5
KEYCLOAK-5249
2017-08-02 19:42:35 -04:00
Hynek Mlnarik
4583a45e78
KEYCLOAK-4694
2017-08-01 09:57:12 +02:00
Bill Burke
8f542618f7
KEYCLOAK-4748
2017-07-31 10:36:04 -04:00
Bill Burke
486a0c9528
remove restriction
2017-07-28 16:25:32 -04:00
Bill Burke
6b991b850e
change role name
2017-07-28 16:20:23 -04:00
Bill Burke
852e9274d4
Merge remote-tracking branch 'upstream/master'
2017-07-28 16:15:53 -04:00
Bill Burke
db9b1bcb21
token exchange
2017-07-28 16:15:39 -04:00
mposolda
07e2136b3b
KEYCLOAK-4187 Added UserSession support for cross-dc
2017-07-27 22:32:58 +02:00
Hynek Mlnarik
ab05216730
KEYCLOAK-4775 Added encryption certificate to SAML metadata
2017-07-27 08:18:10 +02:00
Hynek Mlnarik
3c537f5f28
KEYCLOAK-4446 Do not encrypt SAML status messages
...
SAML status messages are not encryptable per Chapter 6 of
saml-core-2.0-os.pdf. Only assertions, attributes, base ID and name ID
can be encrypted.
2017-07-26 11:22:56 +02:00
Hynek Mlnarik
c7046b6325
KEYCLOAK-4189 Preparation for cross-DC SAML testing
2017-07-25 09:44:36 +02:00
Marek Posolda
79a64657f7
Merge pull request #4331 from hmlnarik/KEYCLOAK-5209-IdpEmailVerificationAuthenticator-should-use-user-action-timeout
...
KEYCLOAK-5209 Make IdpEmailVerificationAuthenticator use user action …
2017-07-21 15:32:40 +02:00
Hynek Mlnarik
a192b6f50a
KEYCLOAK-5209 Make IdpEmailVerificationAuthenticator use user action timeout
2017-07-19 15:25:20 +02:00
Hynek Mlnarik
d52d685161
KEYCLOAK-4818 Fix undeclared namespace error in context serialization
2017-07-19 15:18:53 +02:00
Hynek Mlnarik
c36074c7f3
KEYCLOAK-4187 Minor updates (abstraction)
2017-07-18 15:08:06 +02:00
Bill Burke
27b4f0e25d
Merge pull request #4324 from patriot1burke/master
...
KEYCLOAK-5194
2017-07-15 09:26:51 -04:00
Bill Burke
a7940c6ffa
KEYCLOAK-5194
2017-07-14 18:29:48 -04:00
Bill Burke
1e059e3fa3
Merge pull request #4282 from cargosoft/KEYCLOAK-5131
...
KEYCLOAK-5131 ProviderFactory::postInit not called with hot deployment
2017-07-14 15:53:34 -04:00
Bill Burke
01152144bb
Merge pull request #4321 from hmlnarik/KEYCLOAK-4187-Minor-updates
...
KEYCLOAK-4187 Minor updates in API
2017-07-14 15:48:53 -04:00
Bill Burke
f68754290f
KEYCLOAK-5152
2017-07-14 14:14:38 -04:00
Hynek Mlnarik
ddcbee2bff
KEYCLOAK-4187 Minor updates in API
2017-07-14 15:40:43 +02:00
Bill Burke
b0a33c9765
KEYCLOAK-5155
2017-07-13 14:51:27 -04:00
mposolda
3fca731395
KEYCLOAK-5136 Improve browser refresh button after switch to different flow
2017-07-11 13:03:18 +02:00
mposolda
936efe872a
KEYCLOAK-5061 Process correct initial flow when action expired
2017-07-10 22:52:54 +02:00
mposolda
7be2c55f61
KEYCLOAK-5061 Better error messages when action expired
2017-07-10 19:50:28 +02:00
Marek Posolda
48eaebf1c3
Merge pull request #4293 from TeliaSoneraNorge/KEYCLOAK-5139
...
KEYCLOAK-5139 refresh token does not work with pairwise subject ident…
2017-07-10 11:21:34 +02:00
Pedro Igor
65251748c7
[KEYCLOAK-5148] - Create authorization settings when creating a new client using a config file
2017-07-05 18:19:00 -03:00
Pedro Igor
4b7c61111c
Merge pull request #4288 from pedroigor/KEYCLOAK-5135
...
[KEYCLOAK-5135] - Wrong comparison when checking for duplicate resources during creation
2017-07-05 08:22:23 -03:00