Commit graph

469 commits

Author SHA1 Message Date
vramik
591093f867 KEYCLOAK-7730 - revert OSGiApplicationArchiveProcessor moved into fuse app servers 2018-06-28 10:22:25 -03:00
vramik
9039b44f4d KEYCLOAK-7718 DemoFilterServletAdapterTest test not configured correctly 2018-06-28 09:33:52 -03:00
vramik
8ac7bda52c KEYCLOAK-7589 - adapter tests - Fuse7.0 provider 2018-06-28 08:45:02 +02:00
vramik
39cbf4e9ab KEYCLOAK-7588 - adapter tests - Fuse6.3 provider 2018-06-26 16:47:01 +02:00
vramik
8fdadcc596 KEYCLOAK-7475 adapter tests - add Wildfly10 and Wildfly9 providers 2018-06-25 14:31:11 +02:00
vramik
d9f79fae79 KEYCLOAK-7510 Add Support for server specific ArchiveProcessor 2018-06-22 11:38:57 +02:00
Hynek Mlnarik
530a710dce KEYCLOAK-7412 Tests for Fuse 7.0 2018-06-22 08:59:44 +02:00
stianst
e1a0e581b9 Update to 4.1.0.Final-SNAPSHOT 2018-06-14 14:22:28 +02:00
vramik
f19a324030 KEYCLOAK-7587 Some system properties are not included 2018-06-12 11:42:10 +02:00
vramik
9e42be09d7 KEYCLOAK-7517 - adapter tests - EAP6 provider 2018-06-11 13:46:59 +02:00
vramik
7d466be94e KEYCLOAK-6541 rename AppServerContainerSPI to AppServerContainerProvider 2018-06-11 13:46:59 +02:00
vramik
a5c0cbc3b4 KEYCLOAK-7473 app-server-eap provider 2018-06-11 13:46:59 +02:00
vramik
bb5dc4c473 KEYCLOAK-6745 Adapter tests - remove abstract adapter test classes 2018-06-11 13:46:59 +02:00
vramik
132386f64d KEYCLOAK-6541 app server wildfly provider 2018-06-11 13:46:59 +02:00
vramik
b0c89d739b KEYCLOAK-6541 app server undertow support 2018-06-11 13:46:59 +02:00
vramik
6a07a7ed2c KEYCLOAK-6541 base changes 2018-06-11 13:46:59 +02:00
vramik
f293ab86c3 KEYCLOAK-7267 change a way how to install adapters in testsuite from online to offline scripts 2018-06-11 13:46:59 +02:00
Marek Posolda
49407c2e4f
KEYCLOAK-6630 Client scopes initial support (#5076)
* KEYCLOAK-6630 KEYCLOAK-349 Client Scopes

Co-authored-by: vramik <vramik@redhat.com>

* KEYCLOAK-6630 Change some clientTemplate occurences to clientScope
2018-06-08 15:38:38 +02:00
Vlasta Ramik
4d1474afe0 KEYCLOAK-7549 Update artifactId according to latest Fuse7 build (#5253) 2018-06-08 15:15:34 +02:00
Pedro Igor
aa128d6c07
Merge pull request #5240 from pedroigor/KEYCLOAK-7353
[KEYCLOAK-7353] Support Policy Management in Protection API
2018-06-07 11:05:49 -03:00
Federico M. Facca
5a9bfea419 [KEYCLOAK-7353] Support Policy Management in Protection API
See https://issues.jboss.org/browse/KEYCLOAK-7353
2018-06-06 19:36:42 -03:00
Tomas Kyjovsky
1b4d9a6147 KEYCLOAK-7440 Modcluster configuration for functional cluster test is broken 2018-06-06 20:40:50 +02:00
Takashi Norimatsu
c586c63533 KEYCLOAK-6771 Holder of Key mechanism
OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access
Tokens
2018-06-05 08:18:29 +02:00
Stian Thorgersen
dbf5c395b0
Bump version to 4.0.0.Final (#5224) 2018-05-24 19:02:30 +02:00
vramik
99119562bb KEYCLOAK-7312 removed as7, wf8 test modules 2018-05-14 09:10:05 +02:00
mhajas
3ced81a2c2 KEYCLOAK-7315 Fix issues in JavascriptAdapter tests (#5193)
more in issue KEYCLOAK-7315
2018-05-07 14:47:56 -04:00
Stian Thorgersen
90e5c7f3eb
Bump version to 4.0.0.Beta3-SNAPSHOT (#5185) 2018-05-02 14:32:20 +02:00
vramik
81918713dd KEYCLOAK-6744 Adapter tests - set container based on property 2018-05-02 13:52:59 +02:00
vramik
8b5fd2b4ac KEYCLOAK-7091 fuse7 testsuite 2018-04-25 14:35:56 +02:00
mhajas
9ed221b168 KEYCLOAK-6873 Fix jboss cli script for removing elytron subsystem 2018-04-06 17:07:17 +02:00
mhajas
70b3f6bd92 KEYCLOAK-6840 Remove untracked file and unpack js adapter directly to testsuite provider target directory (#5133) 2018-04-06 11:47:10 +02:00
mhajas
5022015e4a KEYCLOAK-6836 Fix adding log level for adapters on EAP6 (#5132) 2018-04-06 11:46:03 +02:00
Bill Burke
06f32a47ec fake browser tests 2018-03-30 08:24:30 -04:00
stianst
07fea02146 Bump versions to 4.0.0.Beta2-SNAPSHOT 2018-03-26 18:17:38 +02:00
Pedro Igor
f824582aac
Merge pull request #5009 from pedroigor/KEYCLOAK-6116
[KEYCLOAK-6116] - Get email attribute from 'subject alternative name' using X509 certificate
2018-03-12 09:58:02 -03:00
Hynek Mlnarik
190771ddf1 KEYCLOAK-6783 Add authentication into cross-dc testing 2018-03-09 15:08:55 +01:00
pedroigor
1f13427dee [KEYCLOAK-6116] - Enabling tests for both jboss servers 2018-03-09 10:56:35 -03:00
pedroigor
6aee573e2e [KEYCLOAK-6116] - Tests for X509 Subject Alternative Name Extension 2018-03-09 10:56:35 -03:00
pedroigor
c5c285abc3 [KEYCLOAK-6116] - Adding a OpenSSL CA Authority for testing 2018-03-09 10:56:35 -03:00
vramik
569f26776e KEYCLOAK-5060 KEYCLOAK-3157 migrated Adapter package from old testsuite 2018-03-02 10:56:26 +01:00
vmuzikar
d70e4740fc KEYCLOAK-6693 Support external truststore in testsuite 2018-02-27 07:45:21 +01:00
mhajas
e2ad59a74d KEYCLOAK-4816 KEYCLOAK-4817 Move javascript tests to base testsuite and (#4964)
* KEYCLOAK-4816 KEYCLOAK-4817 Move javascript tests to base testsuite and
use JavascriptExecutor

* Use PhantomJS 2.1.1 instead of 1.9.8 in Travis CI
2018-02-26 10:49:05 +01:00
stianst
505cf5b251 KEYCLOAK-6519 Theme resource provider 2018-02-09 08:28:59 +01:00
Bill Burke
a571781240 hynek db changes 2018-01-30 17:00:55 -05:00
Bill Burke
4a044fe867 add ofline token test 2018-01-29 17:08:13 -05:00
Bill Burke
79f9de9de4 Merge remote-tracking branch 'upstream/master' into client-storage-spi 2018-01-29 12:28:26 -05:00
Bill Burke
1d8e38f0c6 admin console 2018-01-27 13:05:02 -05:00
Bill Burke
6b84b9b4b6 done 1st iteration 2018-01-27 09:47:16 -05:00
mhajas
f0511c5f51 KEYCLOAK-6392 Install elytron adapter on windows 2018-01-26 11:21:53 +01:00
Bill Burke
a9297df89c KEYCLOAK-6335 2018-01-23 12:09:49 -05:00
stianst
0bedbb4dd3 Bump version to 4.0.0.CR1-SNAPSHOT 2017-12-21 15:06:00 +01:00
Hynek Mlnarik
2a2e6c839b KEYCLOAK-5635 2017-12-13 21:07:46 +01:00
mposolda
b8416dfa3e KEYCLOAK-5981 Test Impersonation works when authenticationSession exists 2017-12-12 09:43:34 +01:00
mhajas
10219c1157 KEYCLOAK-6005 Fail build when adapters installation fails 2017-12-08 13:32:44 +01:00
mposolda
6c34b4c418 KEYCLOAK-5914 Periodic clean of detached client sessions 2017-12-05 08:25:30 +01:00
stianst
37de8e9f69 Bump version to 3.4.2.Final-SNAPSHOT 2017-12-01 09:34:48 +01:00
vramik
6bb04617a6 KEYCLOAK-5802 fix install-adapters.sh script for wildfly10 and below 2017-11-30 12:58:11 +01:00
Martin Kanis
603052c594 KEYCLOAK-5883 Deploy testsuite during product build 2017-11-30 10:50:06 +01:00
stianst
2be78a0239 KEYCLOAK-5924 Add error handler for uncaught errors 2017-11-30 10:33:13 +01:00
Pavel Drozd
4408cdb5c7
Merge pull request #4756 from tkyjovsk/KEYCLOAK-5922
KEYCLOAK-5922 Cluster tests don't work with non-undertow server
2017-11-30 09:24:39 +01:00
Hynek Mlnarik
9cae8b79e4 KEYCLOAK-5908 Fix relay configuration 2017-11-29 22:22:35 +01:00
Tomas Kyjovsky
4240295af9 KEYCLOAK-5922 Cluster tests don't work with non-undertow server 2017-11-28 17:35:13 +01:00
vramik
02220558e6 KEYCLOAK-5705 add missing dependency to module.xml for mssql migration server 2017-11-22 14:09:01 +01:00
mposolda
bd1072d2eb KEYCLOAK-5747 Ensure refreshToken doesn't need to send request to the other DC. Other fixes and polishing 2017-11-22 11:55:12 +01:00
vramik
afd906b9a9 KEYCLOAK-5705 add missing dependency to module.xml for mssql in eap module 2017-11-21 21:51:19 +01:00
vramik
c083c1c4cf KEYCLOAK-5873 set DB_CLOSE_ON_EXIT to false when crossdc tests are run on in memory H2 2017-11-21 21:46:59 +01:00
mposolda
a98f085be6 KEYCLOAK-5618 Fix SessionsPreloadCrossDCTest. Update HOW-TO-RUN docs. Ensure it's executed in travis. 2017-11-09 17:39:04 +01:00
Stian Thorgersen
128ff12f8f Bump versions 2017-11-09 15:37:21 +01:00
mposolda
62a1c187a2 KEYCLOAK-5716 KEYCLOAK-5738 Avoid infinispan deadlock. Ensure code-to-token works correctly in cross-dc 2017-11-07 09:01:59 +01:00
Pedro Igor
081ad09ed8 Merge pull request #4619 from pedroigor/KEYCLOAK-4901
[KEYCLOAK-4901] - Reviewing methods on provider spi
2017-10-26 15:33:09 -03:00
Pedro Igor
a70cab502c [KEYCLOAK-4901] - Reviewing methods on provider spis 2017-10-26 13:39:57 -02:00
Tomas Kyjovsky
a45a2acc4c KEYCLOAK-5691 Galera cluster, full testsuite 2017-10-26 15:27:57 +02:00
Hynek Mlnarik
75c354fd94 KEYCLOAK-5745 Separate user and client sessions in infinispan 2017-10-26 10:39:41 +02:00
mposolda
9a19e95b60 KEYCLOAK-5710 Change cache-server to use backups based caches 2017-10-24 11:52:08 +02:00
Stan Silvert
9083e5fe5c KEYCLOAK-5298: Enable autoescaping in Freemarker (#4561)
* KEYCLOAK-5298: Enable autoescaping in Freemarker

* Fix several of the failing tests.

* Fix broken tests in integration-deprecated

* Fix last failing test.
2017-10-23 12:03:00 -04:00
vramik
25d785df02 KEYCLOAK-5705 add missing dependency to module.xml for mssql 2017-10-20 12:56:51 +02:00
Thomas Darimont
3103e0fd0a KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider (#4370)
* KEYCLOAK-5244 Add BlacklistPasswordPolicyProvider

This introduces a new PasswordPolicy which can refer to
a named predefined password-blacklist to avoid users
choosing too easy to guess passwords.

The BlacklistPasswordPolicyProvider supports built-in as
well as custom blacklists.
built-in blacklists use the form `default/filename`
and custom ones `custom/filename`, where filename
is the name of the found blacklist-filename.

I'd propose to use some of the freely available password blacklists
from the [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Passwords) project.

For testing purposes one can download the password blacklist
```
wget -O 10_million_password_list_top_1000000.txt https://github.com/danielmiessler/SecLists/blob/master/Passwords/10_million_password_list_top_1000000.txt?raw=true
```
to /data/keycloak/blacklists/

Custom password policies can be configured with the SPI
configuration mechanism via jboss-cli:
```
/subsystem=keycloak-server/spi=password-policy:add()
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:add(enabled=true)
/subsystem=keycloak-server/spi=password-policy/provider=passwordBlacklist:write-attribute(name=properties.blacklistsFolderUri, value=file:///data/keycloak/blacklists/)
```

Password blacklist is stored in a TreeSet.

* KEYCLOAK-5244 Encode PasswordBlacklist as a BloomFilter

We now use a dynamically sized BloomFilter with a
false positive probability of 1% as a backing store
for PasswordBlacklists.

BloomFilter implementation is provided by google-guava
which is available in wildfly.

Password blacklist files are now resolved against
the ${jboss.server.data.dir}/password-blacklists.

This can be overridden via system property, or SPI config.
See JavaDoc of BlacklistPasswordPolicyProviderFactory for details.

Revised implementation to be more extensible, e.g. it could be
possible to use other stores like databases etc.

Moved FileSystem specific methods to FileBasesPasswordBlacklistPolicy.

The PasswordBlacklistProvider uses the guava version 20.0
shipped with wildfly. Unfortunately the arquillian testsuite
transitively depends on guava 23.0 via the selenium-3.5.1
dependency. Hence we need to use version 23.0 for tests but 20.0
for the policy provider to avoid NoClassDefFoundErrors in the
server-dist.

Configure password blacklist folder for tests

* KEYCLOAK-5244 Configure jboss.server.data.dir for test servers

* KEYCLOAK-5244 Translate blacklisted message in base/login
2017-10-17 20:41:44 +02:00
Hynek Mlnarik
056ba75a72 KEYCLOAK-5656 Use standard infinispan remote-store 2017-10-16 21:49:42 +02:00
mposolda
1874820008 KEYCLOAK-5371 Fix ConcurrentLoginCrossDCTest.concurrentLoginWithRandomDcFailures 2017-10-11 13:02:55 +02:00
Hynek Mlnarik
fe972ce12b KEYCLOAK-5656 Remove remoteServers configuration option 2017-10-09 11:58:28 +02:00
Hynek Mlnarik
6cbfbeca0b KEYCLOAK-5656 Remove KeycloakTcpTransportFactory 2017-10-06 13:20:17 +02:00
mposolda
bca4c35708 KEYCLOAK-5371 Fix ActionTokenCrossDCTest and BruteForceCrossDCTest 2017-10-04 13:25:45 +02:00
Hynek Mlnařík
9aa4c3cf22 Merge pull request #4530 from vramik/KEYCLOAK-5586
KEYCLOAK-5586 crossdc tests on Wildfly using real database
2017-10-04 13:10:08 +02:00
vramik
b0a1550df5 KEYCLOAK-5586 crossdc tests on Wildfly using real database 2017-10-04 12:00:18 +02:00
Pavel Drozd
8e5db87b50 Merge pull request #4505 from mhajas/KEYCLOAK-5568
KEYCLOAK-5568 Run ConsoleProtection tests only with elytron
2017-10-04 08:02:31 +02:00
vramik
f806d4a5d6 KEYCLOAK-5586 Add support for testing cross dc tests on jboss-based containers 2017-10-03 14:01:45 +02:00
mposolda
3b6e1f4e93 KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT 2017-09-29 13:20:22 +02:00
mhajas
efb43682a9 KEYCLOAK-5568 Run ConsoleProtection tests only with elytron 2017-09-27 17:45:20 +02:00
Antonio Howcroft Ferreira
a551195ddf KEYCLOAK-2035 update with feedback from PR by bburke 2017-09-22 15:05:49 +01:00
howcroft
e78bf5f876 Keycloak 2035
This PR adds:
* an endpoint to Role that lists users with the Role
* a tab "Users in Role" in Admin console Role page
* it is applicable to Realm and Client Roles
* Extends UserQueryProvider with default methods (throwing Runtime Exception if not overriden)
* Testing in base testsuite and Console
2017-09-22 15:05:49 +01:00
mhajas
330cb022eb KEYCLOAK-5320 Configure SSL using creaper 2017-09-08 13:19:48 +02:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Hynek Mlnarik
794c508b10 KEYCLOAK-4995 Support for distributed SAML logout in cross DC 2017-08-28 13:15:11 +02:00
mposolda
05c8c74c96 KEYCLOAK-5294 Updated README for cross-dc setup on Wildfly 2017-08-25 17:53:45 +02:00
Stian Thorgersen
20ac70d3fd KEYCLOAK-5119 (#4400) 2017-08-22 08:07:36 +02:00
mposolda
868e76fcf3 KEYCLOAK-4630 Added SessionsPreloadCrossDCTest for test preloading sessions and offline sessions. Support for manual.mode to control manually lifecycle of all servers. 2017-08-11 17:44:00 +02:00
Pavel Drozd
6bdc49048a KEYCLOAK-5267 Fuse tests - added timeouts for closing ssh channel 2017-08-09 13:39:04 +02:00
mposolda
251b41a7ac KEYCLOAK-4187 Fix LastSessionRefreshCrossDCTest and ConcurrentLoginCrossDCTest 2017-08-07 11:55:49 +02:00
mposolda
07e2136b3b KEYCLOAK-4187 Added UserSession support for cross-dc 2017-07-27 22:32:58 +02:00
Stian Thorgersen
badba7adaf KEYCLOAK-5143 Run auth-server-wildfly profile on Travis (#4317) 2017-07-14 07:01:54 +02:00
Stian Thorgersen
5fbb362710 KEYCLOAK-5119 Set encoding for TestingResourceProvider.runOnServer (#4292) 2017-07-05 13:39:16 +02:00
Stian Thorgersen
9a9f4137e5 KEYCLOAK-4556 KEYCLOAK-5022 Only cache keycloak.js and iframe if specific version is requested (#4289) 2017-07-04 21:18:34 +02:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
Hynek Mlnarik
5e16a32f86 KEYCLOAK-5106 Fix BasicSamlTest on auth-server-wildfly 2017-06-28 20:47:43 +02:00
mhajas
29c2ef4c60 KEYCLOAK-5097 fix property name 2017-06-27 12:28:32 +02:00
Pavel Drozd
b02d48f772 Merge pull request #4249 from vramik/KEYCLOAK-5048
KEYCLOAK-5048 missing keycloak version in logs when staring auth-serv…
2017-06-27 11:40:26 +02:00
Bill Burke
22987bb90b Merge pull request #4250 from mposolda/RHSSO-1027
KEYCLOAK-5085 Easy fix to just handle the exception
2017-06-26 10:04:02 -04:00
Hynek Mlnarik
955cbc76d7 KEYCLOAK-5030 Change action tokens cache type to distributed 2017-06-26 10:11:53 +02:00
mposolda
756d996a4a KEYCLOAK-5085 RHSSO-1027 Fix to handle the exception thrown from alternative flow 2017-06-23 19:13:43 +02:00
vramik
e75f47d523 KEYCLOAK-5048 missing keycloak version in logs when staring auth-server-wildfly container. 2017-06-22 09:20:11 +02:00
mposolda
fc61a4e89f KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to realm model 2017-06-21 22:14:20 +02:00
Hynek Mlnarik
2e2d15be9f KEYCLOAK-4189 Infinispan cache and channel statistics for Cross-DC-testing 2017-06-20 12:48:08 +02:00
vramik
5d72def1bc KEYCLOAK-4189 add possibility to use jdg as cache server 2017-06-15 12:57:25 +02:00
Hynek Mlnarik
bdadef1282 KEYCLOAK-4189 Fix in instructions for running Cross-DC tests 2017-06-14 14:36:10 +02:00
Hynek Mlnarik
a0f3a6469f KEYCLOAK-4189 - Cross DC testing 2017-06-12 11:14:28 +02:00
Pavel Drozd
a52a1f4618 Merge pull request #4196 from vramik/KEYCLOAK-4481
KEYCLOAK-4481 some authz export tests
2017-05-30 16:56:54 +02:00
Tomas Kyjovsky
67bee0dfc2 Upgraded wildfly-arquillian-container-* artifacts to 2.1.0.Alpha2 and added wildfly10 modules in app servers and adapter tests 2017-05-30 14:25:51 +02:00
vramik
8f1938c28d KEYCLOAK-4481 Role based permission test 2017-05-30 13:10:09 +02:00
mposolda
c4f172afe7 KEYCLOAK-4977 Upgrade infinispan and undertow version to align with Wildfly 11.0.0.Alpha1 2017-05-26 14:29:30 +02:00
mhajas
88473ce3c1 KEYCLOAK-4959 Use desired version of adapter 2017-05-25 12:02:16 +02:00
Pavel Drozd
c230edbf72 Merge pull request #4151 from pdrozd/KEYCLOAK-4931
KEYCLOAK-4931 - install patch available from http
2017-05-23 14:01:44 +02:00
Pavel Drozd
60ef910b5b KEYCLOAK-4931 - install patch available from http 2017-05-18 23:47:12 +02:00
Pavel Drozd
53ab314eb9 KEYCLOAK-4930 - Updated install-keycloak script for overlay installation - added ha installation. 2017-05-18 23:35:04 +02:00
mposolda
7d8796e614 KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes. 2017-05-11 22:24:07 +02:00
mposolda
e7272dc05a KEYCLOAK-4626 AuthenticationSessions - brokering works. Few other fixes and tests added 2017-05-11 22:16:26 +02:00
mposolda
a9ec69e424 KEYCLOAK-4626: AuthenticationSessions - working login, registration, resetPassword flows 2017-05-11 22:16:26 +02:00
mposolda
83b29c5080 KEYCLOAK-4626 AuthenticationSessions: start 2017-05-11 22:16:26 +02:00
Stian Thorgersen
87dedb56e5 Set version to 3.2.0.CR1-SNAPSHOT 2017-04-27 14:23:03 +02:00
Pedro Igor
80a80512ea [KEYCLOAK-4769] - Policy enforcer path matching tests 2017-04-20 13:21:01 -03:00
Pedro Igor
55f747ecd0 [KEYCLOAK-3135] - Part 1: Permission Management API 2017-04-12 00:52:13 -03:00
Pavel Drozd
b4c5eb8354 Merge pull request #3994 from vramik/KEYCLOAK-4534
KEYCLOAK-4534 ClientInitiatedAccountLinkTest fails with auth-server-w…
2017-04-04 10:47:36 +02:00
Pedro Igor
f857625d07 [KEYCLOAK-3573] - Elytron adapter CLI scripts and tests. 2017-03-31 11:31:33 -03:00
vramik
ca6d8c9dbe KEYCLOAK-4534 ClientInitiatedAccountLinkTest fails with auth-server-wildlfy 2017-03-30 12:47:51 +02:00
Pedro Igor
30d7a5b01f [KEYCLOAK-3573] - Elytron SAML and OIDC Adapters 2017-03-24 11:32:08 -03:00
Peter Nalyvayko
b2f10359c8 KEYCLOAK-4335: x509 client certificate authentication
Started on implementing cert thumbprint validation as a part of x509 auth flow. Added a prompt screen to give users a choice to either log in based on the identity extracted from X509 cert or to continue with normal browser login flow authentication; clean up some of the comments

x509 authentication for browser and direct grant flows. Implemented certificate to user mapping based on user attribute

Implemented CRL and OCSP certificate revocation checking and added corresponding configuration settings to set up responderURI (OCSP), a location of a file containing X509CRL entries and switiches to enable/disable revocation checking; reworked the certificate validation; removed superflous logging; changed the certificate authentication prompt page to automatically log in the user after 10 seconds if no response from user is received

Support for loading CRL from LDAP directory; finished the CRL checking using the distribution points in the certificate; updated the instructions how to add X509 authentication to keycloak authentication flows; minor styling changes

Stashing x509 unit test related changes; added the steps to configure mutual SSL in WildFly to the summary document

A minor fix to throw a security exception when unable to check cert revocation status using OCSP; continue working on README

Changes to the formating of the readme

Added a list of features to readme

Fixed a potential bug in X509 cert user authenticator that may cause NPE if the client certificate does not define keyusage or extended key usage extensions

Fixed compile time errors in X509 validators caused by the changes to the user credentials model in upstream master

Removed a superfluous file created when merging x509 and main branches

X509 authentication: removed the PKIX path validation as superflous

Reverted changes to the AbstractAttributeMapper introduced during merging of x509 branch into main

Merge the unit tests from x509 branch

added mockito dependency to services project; changes to the x509 authenticators to expose methods in order to support unit tests; added a default ctor to CertificateValidator class to support unit testing; updated the direct grant and browser x509 authenticators to report consistent status messages; unit tests to validate X509 direct grant and browser authenticators; fixed OCSP validation to throw an exception if the certificate chain contains a single certificate; fixed the CRL revocation validation to only use CRL distribution point validation only if configured

CRL and OSCP mock tests using mock netty server. Changed the certificate validator to better support unit testing.

changes to the mockserver dependency to explicitly exclude xercesImpl that was causing SAMLParsingTest to fail

Added a utility class to build v3 certificates with optional extensions to facilitate X509 unit testing; removed supoerfluous certificate date validity check (undertow should be checking the certificate dates during PKIX path validation anyway)

X509: changes to make configuring the user identity extraction simplier for users - new identity sources to map certificate CN and email (E) attributes from X500 subject and issuer names directly rather than using regular expressions to parse them

X509 fixed a compile error caused by the changes to the user model in master

Integration tests to validate X509 client certificate authentication

Minor tweaks to X509 client auth related integration tests

CRLs to support x509 client cert auth integration tests

X509: reverted the changes to testrealm.json and updated the test to configure the realm at runtime

X509 - changes to the testsuite project configuration to specify a path to a trust store used to test x509 direct grant flow; integration tests to validate x509 authentication in browser and direct grant flows; updated the client certificate to extend its validatity dates; x509 integration tests and authenticators have been refactored to use a common configuration class

X509 separated the browser and direct grant x509 authenction integration tests

x509 updated the authenticator provider test to remove no longer supported cert thumbprint authenticator

x509 removed the dependency on mockito

x509 re-implemented OCSP certificate revocation client used to check revocation status when logging in with x509 certificate to work around the dependency on Sun OCSP implementation; integration tests to verify OCSP revocation requests

index.txt.attr is needed by openssl to run a simple OCSP server

x509: minor grammar fixes

Add OCSP stub responder to integration tests

This commit adds OCSP stub responder needed for the integration tests,
and eliminates the need to run external OCSP responder in order to run
the OCSP in X509OCSPResponderTest.

Replace printStackTrece with logging

This commit replaces call to printStackTrace that will end up going to
the stderr with logging statement of WARN severity.

Remove unused imports

Removed unused imports in
org.keycloak.authentication.authenticators.x509 package.

Parameterized Hashtable variable

Removed unused CertificateFactory variable

Declared serialVersionUID for Serializable class

Removed unused CertificateBuilder class

The CertificateBuilder was not used anywhere in the code, removing it to
prevent technical debt.

Removing unused variable declaration

`response` variable is not used in the test, removed it.

Made sure InputStreams are closed

Even though the InputStreams are memory based, added try-with-resources
to make sure that they are closed.

Removed deprecated usage of URLEncoder

Replaced invocation of deprecated method from URLEncoder with Encode
from Keycloak util package.

Made it more clear how to control OCSP stub responder in the tests

X509 Certificate user authentication: moved the integration unit tests into their own directory to fix a failing travis test job

KEYCLOAK-4335: reduced the logging level; added the instructions how to run X.509 related tests to HOW-TO-RUN.md doc; removed README.md from x509 folder; removed no longer used ocsp profile and fixed the exclusion filter; refactored the x509 base test class that was broken by the recent changes to the integration tests

KEYCLOAK-4335: fixed a few issues after rebasing
2017-03-17 05:24:57 -04:00
Stian Thorgersen
a87ee04024 Bump to 3.1.0.CR1-SNAPSHOT 2017-03-16 14:21:40 +01:00
Pavel Drozd
7ab67d205b Merge pull request #3903 from tkyjovsk/KEYCLOAK-4515
KEYCLOAK-4515 Make it possible to clean-up other DB types than mysql or postgres
2017-03-07 21:50:48 +01:00
mposolda
091b376624 KEYCLOAK-1590 Realm import per test class 2017-03-01 09:38:44 +01:00
Tomas Kyjovsky
c94b7922aa Added profile jdbc-driver-depencency to arq. testsuite; changed jdbc module path from layers/base/com/${db} to layers/base/test/jdbc/${db} 2017-03-01 01:37:53 +01:00
Tomas Kyjovsky
a5677e87db UserStorageTest migrated to Arquillian testsuite 2017-02-22 13:54:11 +01:00
mposolda
f6bc0806d5 KEYCLOAK-4368 Switch default WebDriver impl to htmlUnit 2017-02-20 21:52:15 +01:00
Pavel Drozd
4ede1174b7 Merge pull request #3805 from mhajas/KEYCLOAK-3841
KEYCLOAK-3841 Fix tests on windows
2017-02-13 10:37:32 +01:00
Stian Thorgersen
5b5dc3e442 KEYCLOAK-4265 Social login tests 2017-02-06 13:50:10 +01:00
Bill Burke
1d04d56bdb Merge pull request #3816 from patriot1burke/master
KEYCLOAK-4218
2017-02-01 08:55:10 -05:00
mposolda
5c5b7a33d3 KEYCLOAK-4169 Add initial testsuite how-to 2017-01-30 22:23:08 +01:00
Bill Burke
bb77ab4a81 account link tests 2017-01-27 17:37:08 -05:00
mhajas
1a073629ec KEYCLOAK-3841 2017-01-27 14:43:46 +01:00
Stian Thorgersen
5fd3eb2990 KEYCLOAK-3729 Ability to run tests within Keycloak server 2017-01-27 12:14:19 +01:00
Stian Thorgersen
6f22f88d85 Bump version to 3.0.0.CR1 2017-01-26 06:18:11 +01:00
Pavel Drozd
3d9f11168e KEYCLOAK-4210: Added Fuse admin tests 2017-01-13 01:05:37 +01:00
Pavel Drozd
cbd6f7e1d0 Merge pull request #3723 from mhajas/KEYCLOAK-3841
KEYCLOAK-3841 Unignore and fix fuse on eap test
2017-01-10 08:10:22 +01:00
mposolda
a09bc6520f KEYCLOAK-2888 KEYCLOAK-3927 Fully migrate kerberos tests to the new testsuite 2017-01-09 13:50:41 +01:00
mhajas
86c49f5e89 KEYCLOAK-3841 Unignore and fix fuse on eap test 2017-01-06 14:39:24 +01:00
Stian Thorgersen
e805ffd945 Bump version to 2.5.1.Final-SNAPSHOT 2016-12-22 08:22:18 +01:00
Pedro Igor
40591cff25 Merge pull request #3662 from pedroigor/KEYCLOAK-4034
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 16:49:10 -02:00
Pedro Igor
c9c9f05e29 [KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup 2016-12-19 11:22:37 -02:00
Stian Thorgersen
f29bb7d501 KEYCLOAK-4092 key provider for HMAC signatures 2016-12-19 10:50:43 +01:00
Bill Burke
62029e8a33 KEYCLOAK-3506 2016-12-10 11:59:29 -05:00
mposolda
a38544796f KEYCLOAK-3823 KEYCLOAK-3824 Added public-key-cache-ttl for OIDC adapters. Invalidate cache when notBefore sent 2016-12-01 12:25:07 +01:00
Stian Thorgersen
b771b84f56 Bump to 2.5.0.Final-SNAPSHOT 2016-11-30 15:44:51 +01:00
Bill Burke
9e50a45b4c UserBulkUpdateProvider interface 2016-11-29 18:43:22 -05:00
mposolda
803fde6c1d KEYCLOAK-3124 Possibility test adapter on embedded undertow 2016-11-29 22:08:23 +01:00
mposolda
69ce1e05f0 KEYCLOAK-3822 Changing signature validation settings of an external IdP is not sometimes reflected 2016-11-28 15:27:25 +01:00
mposolda
7c6032cc84 KEYCLOAK-3825 Ability to expire publicKeys cache. Migrated OIDCBrokerWithSignatureTest to new testsuite 2016-11-25 17:45:37 +01:00
Bill Burke
ccbd8e8c70 remove User Fed SPI 2016-11-23 16:06:44 -05:00
Bill Burke
d5925b8ccf remove realm UserFed SPI methods 2016-11-23 08:31:20 -05:00
Stian Thorgersen
6ec82865d3 Bump version to 2.4.1.Final-SNAPSHOT 2016-11-22 14:56:21 +01:00
Vlasta Ramik
50339f6f0e Test backwards compatibility of realm import 2016-11-16 13:17:04 +01:00
Bill Burke
cc0eb47814 merge 2016-11-14 15:09:41 -05:00
Stian Thorgersen
7e33f4a7d1 KEYCLOAK-3882 Split server-spi into server-spi and server-spi-private 2016-11-10 13:28:42 +01:00
Bill Burke
14dc0ff92f Merge remote-tracking branch 'upstream/master' 2016-11-05 20:05:01 -04:00
Bill Burke
c75dcb90c2 ldap port 2016-11-04 21:25:47 -04:00
Pavel Drozd
da516a78b3 Merge pull request #3450 from mhajas/KEYCLOAK-3841
KEYCLOAK-3841 Testing of Hawtio console on EAP6 + Fuse integration
2016-11-02 10:54:52 +01:00
mhajas
446b57b827 KEYCLOAK-3841 Testing of Hawtio console on EAP6 + fuse integration 2016-10-31 14:35:13 +01:00
Bill Burke
73e3f2a89b REST API for disable cred type 2016-10-26 15:48:45 -04:00
Vlasta Ramik
3ca836ffdc add profile for testing migration for productized version 2016-10-24 15:20:17 +02:00
Stian Thorgersen
4d47f758fc Merge pull request #3405 from stianst/master
Bump version
2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb Bump version 2016-10-21 07:03:15 +02:00
Stian Thorgersen
5a00aaefa8 KEYCLOAK-2594
bind credential being leaked in admin tool JSON response

KEYCLOAK-2972
Keycloak leaks configuration passwords in Admin Event logs
2016-10-20 19:30:59 +02:00
Vlasta Ramik
98aa516d74 KEYCLOAK-3619 minor fix 2016-10-19 09:59:30 +02:00
Vlasta Ramik
041413d8de KEYCLOAK-3619 Update default datasource definition to non-XA 2016-10-18 12:12:41 +02:00
Marek Posolda
2fd680092a Merge pull request #3336 from mposolda/master
KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for …
2016-10-18 08:33:26 +02:00
mposolda
00879b39b7 KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for 'List' type instead of defaultValue 2016-10-17 21:34:21 +02:00
Vlasta Ramik
b0448d1b6f KEYCLOAK-3589 Add support for manual upgrade of database schema to testsuite 2016-10-17 11:32:43 +02:00
mposolda
18e0c0277f KEYCLOAK-3666 Dynamic client registration policies 2016-10-14 20:20:40 +02:00
Stian Thorgersen
d2cae0f8c3 KEYCLOAK-905
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
Vlasta Ramik
bc2eb2b9ea KEYCLOAK-3489 KEYCLOAK-3609 2016-10-12 12:28:56 +02:00
Stian Thorgersen
f1156a49cf Merge pull request #3273 from vramik/KEYCLOAK-3619
KEYCLOAK-3619 Update default datasource definition to XA
2016-10-03 13:54:20 +02:00
Bill Burke
d4c3fae546 merge conflicts 2016-09-30 19:19:12 -04:00
mposolda
f9a0abcfc4 KEYCLOAK-3493 KEYCLOAK-3532 Added KeyStorageProvider. Support key rotation for OIDC clients and identity providers with JWKS url. 2016-09-30 21:28:23 +02:00
Vlasta Ramik
550ec2ff51 Update default datasource definition to XA 2016-09-30 12:50:17 +02:00
Bill Burke
8967ca4066 refactor mongo entities, optimize imports 2016-09-28 15:25:39 -04:00
Bill Burke
ecc104719d bump pom version 2016-09-26 11:01:18 -04:00
Pavel Drozd
9ee58909ab Merge pull request #3248 from pdrozd/patches
KEYCLOAK-3597 - Arquillian testuite - server preparation (overlay & p…
2016-09-26 10:26:13 +02:00
Bill Burke
8e65356891 creds 2016-09-22 19:57:39 -04:00
Bill Burke
7209a95dce credential refactoring 2016-09-22 08:34:45 -04:00
Pavel Drozd
59eec8d5b4 KEYCLOAK-3597 - Arquillian testuite - server preparation (overlay & patches installation) 2016-09-20 13:00:54 +02:00
Stian Thorgersen
b2fd429749 Merge pull request #3234 from vramik/KEYCLOAK-3549
KEYCLOAK-3549 fix xsl locator to work with ibmjdk
2016-09-16 09:22:23 +02:00
Vlasta Ramik
bde45eaa07 fix xsl locator to work with ibmjdk 2016-09-14 14:43:14 +02:00
Martin Hardselius
04d03452bd KEYCLOAK-3422 support pairwise subject identifier in oidc 2016-09-13 09:18:45 +02:00