Commit graph

567 commits

Author SHA1 Message Date
Stian Thorgersen
e54c1d7de1 Merge pull request #4026 from mhajas/KEYCLOAK-4733
KEYCLOAK-4733 Replace character 160 with character 32
2017-04-18 15:21:23 +02:00
Pedro Igor
2a1a19f290 [KEYCLOAK-4751] - Send default access denied page when requests don't match any path config 2017-04-12 18:25:13 -03:00
sebastienblanc
886528dab8 add autodetect-bearer-only in subsystem 2017-04-12 16:40:19 +02:00
sebastienblanc
ea9c663ae1 try the registered beans , then the handler 2017-04-12 10:41:46 +02:00
sebastienblanc
a011f44d39 safer method to retrieve the webcontext for jetty 2017-04-11 18:53:58 +02:00
mhajas
e8bbfd9012 KEYCLOAK-4733 Replace character 160 with character 32 2017-04-07 15:30:54 +02:00
Bill Burke
3ce0c57e17 Merge pull request #3831 from Hitachi/master
KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients
2017-04-06 15:36:08 -04:00
Stian Thorgersen
f0b44ea93b KEYCLOAK-4717 Added extra check for data content in receive message for session iframe 2017-04-06 08:49:32 +02:00
diego0020
a82278dcbf Verify message comes from loginIframe
In the current implementation a message coming from any window on the same origin may cause the refresh token to be cleared.
In my case, messages generated by a chrome extension were causing the application to logout unexpectedly. With additional condition only messages coming from the login iFrame will be processed. Another suggestion would be changing the condition `event.data != "unchanged"` to something more specific.
2017-04-04 16:32:21 -05:00
Stian Thorgersen
0180d54dd9 KEYCLOAK-4668 Exclude modules in product profile 2017-03-28 10:04:20 +02:00
Takashi Norimatsu
ef3aef9381 Merge branch 'master' into master 2017-03-28 16:21:40 +09:00
Bill Burke
e5a2642e62 Merge pull request #3978 from pedroigor/KEYCLOAK-3573
[KEYCLOAK-3573] - Elytron SAML and OIDC Adapters
2017-03-25 19:24:42 -04:00
Stian Thorgersen
3ce8da0126 Merge pull request #3976 from stianst/KEYCLOAK-3250-PROD-PROFILE
KEYCLOAK-4659 Changes to adapters for product profile
2017-03-24 15:34:35 +01:00
Pedro Igor
30d7a5b01f [KEYCLOAK-3573] - Elytron SAML and OIDC Adapters 2017-03-24 11:32:08 -03:00
Stian Thorgersen
5d028205bf KEYCLOAK-4659 Changes to adapters for product profile 2017-03-24 12:07:21 +01:00
Stian Thorgersen
fc009969c9 Merge pull request #3971 from ssilvert/KEYCLOAK-4396-ng2-wrapper
KEYCLOAK-4396: Add keycloak.d.ts for TypeScript
2017-03-23 14:12:03 +01:00
Stan Silvert
e2970fcf8a KEYCLOAK-4396: Add keycloak.d.ts for TypeScript 2017-03-20 12:42:26 -04:00
Pedro Igor
258af94889 Delegating caching of resource instances to to path matcher 2017-03-17 09:35:19 -03:00
Pedro Igor
dabd7c0b27 [KEYCLOAK-4602] - Improving pattern matching algorithm 2017-03-17 09:34:52 -03:00
Pedro Igor
f6786e29c6 [KEYCLOAK-4602] - A runtime cache for path configurations 2017-03-17 09:34:16 -03:00
Stian Thorgersen
a87ee04024 Bump to 3.1.0.CR1-SNAPSHOT 2017-03-16 14:21:40 +01:00
Stian Thorgersen
f44405207b Merge pull request #3828 from wildloop/master
verifySSL() - debug info
2017-03-15 09:55:42 +01:00
Stian Thorgersen
feeac69197 Merge pull request #3888 from daklassen/KEYCLOAK-4421
KEYCLOAK-4421 Change any http maven urls to https to reduce build-time MITM vulnerability
2017-03-15 09:54:21 +01:00
wildloop
80c9e23282 Update RequestAuthenticator.java 2017-03-15 09:14:48 +01:00
wildloop
366dee6575 Update RequestAuthenticator.java 2017-03-15 09:13:41 +01:00
wildloop
d723c608d6 Update RequestAuthenticator.java 2017-03-14 11:36:57 +01:00
Stian Thorgersen
a555f99b1a Merge pull request #3937 from sebastienblanc/document_sb_properties
KEYCLOAK-4565 : javadoc for adapter properties and add metada generator
2017-03-14 10:19:34 +01:00
David Klassen
32d3f760ec KEYCLOAK-4421: Change http url to https
Change any http maven urls to https to reduce build-time MITM vulnerability
2017-03-14 10:18:40 +01:00
sebastienblanc
68da8c23ad KEYCLOAK-4565 : javadoc for adapter properties and add metada generator 2017-03-10 18:13:19 +01:00
Bill Burke
0ff4223184 Merge pull request #3922 from hmlnarik/KEYCLOAK-4288-SAML-logouts-are-not-invalidating-the-sessions-for-all-the-logged-in-applications
KEYCLOAK-4288 Invalidate sessions in cluster for SAML logouts
2017-03-09 19:13:37 -05:00
wildloop
7904ce5a37 one-line debug log 2017-03-07 16:01:13 +01:00
Rene Ploetz
e770a05db0
KEYCLOAK-4537 Jetty 9.4 implementation (OIDC/SAML) 2017-03-06 23:01:24 +01:00
Hynek Mlnarik
3a0c2be885 KEYCLOAK-4288 AS 7 / EAP 6 2017-03-01 15:17:39 +01:00
Hynek Mlnarik
04da679628 KEYCLOAK-4288 Wildfly 2017-03-01 15:17:39 +01:00
Hynek Mlnarik
43be3fc409 KEYCLOAK-4288 Use SessionListener to keep track of local HTTP-SSO session mappings 2017-03-01 15:17:39 +01:00
Hynek Mlnarik
567393a102 KEYCLOAK-4288 Fix SAML logout session for Tomcat/EAP6
When logging out via application (via ?GLO=true query parameter),
CatalineSamlSessionStore does not expire session, while it does that
in logging by SAML session index.

This causes distributed sessions being invalidated only on node hanling
the request, but remains active in other nodes of the cluster. Then the
session can be resurrected on next cache replication back even to the
node where the logout was performed. This behaviour is fixed here.
2017-03-01 15:17:39 +01:00
mposolda
f6bc0806d5 KEYCLOAK-4368 Switch default WebDriver impl to htmlUnit 2017-02-20 21:52:15 +01:00
Stian Thorgersen
aa59c2f95f KEYCLOAK-4394 Use JBoss logging 2017-02-15 09:05:42 +01:00
Stian Thorgersen
e3a8bed5b2 Merge pull request #3853 from pedroigor/RHSSO-767
[RHSSO-767] - Wrong implementation of Request.getRelativePath causing failures on Tomcat-like adapters
2017-02-13 10:26:34 +01:00
Pedro Igor
9416ee7224 [RHSSO-767] - Wrong implementation of Request.getRelativePath causing failures on Tomcat-like adapters 2017-02-09 21:27:28 -02:00
mposolda
72a5d03f34 KEYCLOAK-4385 Added BundleBasedKeycloakConfigResolver 2017-02-06 21:24:20 +01:00
Takashi Norimatsu
fe5fe4c968 KEYCLOAK-2604 Proof Key for Code Exchange by OAuth Public Clients - RFC
7636 - Client Side Implementation
2017-02-03 12:02:54 +09:00
Agile Developer
d60c3b7c0c missing import 2017-02-03 00:47:41 +01:00
Agile Developer
cde3e87ad9 verifySSL() - debug info
DEBUG report like this:

SSL Verification: 
		passed: true, request is secure: true, 
		SSL is required for: EXTERNAL, 
		SSL is required for remote addr 192.168.100.123: false
2017-02-02 21:18:14 +01:00
Stian Thorgersen
9aa2dacec9 KEYCLOAK-4366 Issues when keycloak.js is initialized with token 2017-02-02 10:57:03 +01:00
Stian Thorgersen
ee62c52543 KEYCLOAK-4338 KEYCLOAK-4331 Fixes to session iframe 2017-02-02 08:12:29 +01:00
Stian Thorgersen
6f22f88d85 Bump version to 3.0.0.CR1 2017-01-26 06:18:11 +01:00
Stian Thorgersen
d1e491d57d KEYCLOAK-4286 Add deprecated support for old keycloak.js 2017-01-25 15:59:43 +01:00
Stian Thorgersen
94ffeda62a Merge pull request #3773 from hmlnarik/KEYCLOAK-4181-SAML-Response-without-any-assertion-leads-to-an-exception
KEYCLOAK-4181 Fix handling of SAML error code in broker
2017-01-24 10:33:05 +01:00
Pedro Igor
13e92cdb35 [KEYCLOAK-3261] - Properly handle apps deployed at the ROOT context 2017-01-23 21:27:43 -02:00
Slawomir Dabek
cc788cf44e KEYCLOAK-4222 Remove slash from state parameter 2017-01-19 20:11:18 +01:00
Hynek Mlnarik
350b9550c3 KEYCLOAK-4264 2017-01-19 16:30:01 +01:00
Bill Burke
41630d6962 Merge pull request #3727 from hmlnarik/KEYCLOAK-4141
KEYCLOAK-4141
2017-01-12 08:49:29 -05:00
Stian Thorgersen
139e12fa5f KEYCLOAK-4179 Fixed logic to init with token to prevent issues with timeSkew 2017-01-10 09:09:50 +01:00
Hynek Mlnarik
4df70c517d KEYCLOAK-4141 2017-01-10 09:02:36 +01:00
Stian Thorgersen
e805ffd945 Bump version to 2.5.1.Final-SNAPSHOT 2016-12-22 08:22:18 +01:00
Stian Thorgersen
b6b3c04400 Merge pull request #3663 from sldab/autodetect-bearer-only
KEYCLOAK-2962 Autodetect bearer-only clients
2016-12-20 14:05:25 +01:00
Pedro Igor
18b94a2153 [KEYCLOAK-4034] - More logging. 2016-12-20 00:04:59 -02:00
Pedro Igor
0b3e867362 [KEYCLOAK-4034] - Minor changes to policy enforcer 2016-12-19 23:44:51 -02:00
Slawomir Dabek
b6d29ccd30 KEYCLOAK-2962 Autodetect bearrer-only clients
Suport more headers
2016-12-19 17:13:14 +01:00
Bill Burke
1c0e23db66 Merge pull request #3647 from tkyjovsk/fix-module-names
fixed module names
2016-12-16 08:41:01 -05:00
Hynek Mlnarik
7d51df4eed KEYCLOAK-3971 Explicitly set encoding for SAML message processing 2016-12-15 14:04:34 +01:00
Tomas Kyjovsky
e5d744f7d5 fixed module names 2016-12-14 17:02:07 +01:00
Stian Thorgersen
c11f65720b Merge pull request #3639 from hmlnarik/KEYCLOAK-4062-Provide-GUI-for-KeyName-format-in-identity-broker-and-client
KEYCLOAK-4062 - GUI changes for KeyName format + few tests
2016-12-13 11:33:16 +01:00
Hynek Mlnarik
5006fe2292 KEYCLOAK-4062 - GUI changes for KeyName format + few tests 2016-12-12 22:29:01 +01:00
mposolda
8c99a13387 Minor synchronize update 2016-12-12 13:09:19 +01:00
mhajas
081958e282 KEYCLOAK-4051 Use debug instead of debugf 2016-12-08 09:42:52 +01:00
Bill Burke
7271fdaaaa KEYCLOAK-3509 2016-12-06 18:52:37 -05:00
Bill Burke
e3d0f8f6e5 Merge pull request #3548 from sebastienblanc/KEYCLOAK-3725
KEYCLOAK-3725: return Unauthorized when accessing bearer only in inte…
2016-12-03 13:46:52 -05:00
danren
87b243ed59 Fix for KEYCLOAK-3961 2016-12-02 13:30:53 +01:00
mposolda
74967737ee KEYCLOAK-3824 Ensure sending notBefore invalidates JWKPublicKeyLocator 2016-12-01 17:07:50 +01:00
mposolda
a38544796f KEYCLOAK-3823 KEYCLOAK-3824 Added public-key-cache-ttl for OIDC adapters. Invalidate cache when notBefore sent 2016-12-01 12:25:07 +01:00
Stian Thorgersen
c9cf7f6564 Merge pull request #3549 from RamonGebben/patch-1
KEYCLOAK-3993: Removed compare bug in `checkState` function
2016-12-01 07:57:29 +01:00
Stian Thorgersen
ba406d5747 Merge pull request #3332 from ebondu/master
fix bug https://issues.jboss.org/browse/KEYCLOAK-3474
2016-12-01 07:51:07 +01:00
Stian Thorgersen
b771b84f56 Bump to 2.5.0.Final-SNAPSHOT 2016-11-30 15:44:51 +01:00
Ramon Gebben
e5ce080fd3 Update with PR feedback 2016-11-29 09:49:58 +01:00
sebastienblanc
df93244373 keep orignal API 2016-11-26 09:30:27 +01:00
sebastienblanc
0f447fadd4 KEYCLOAK-3725: return Unauthorized when accessing bearer only in interactive mode 2016-11-25 11:59:52 +01:00
Ramon Gebben
79825dfa1d Removed compare bug in checkState function 2016-11-25 11:45:40 +01:00
Stian Thorgersen
6ec82865d3 Bump version to 2.4.1.Final-SNAPSHOT 2016-11-22 14:56:21 +01:00
Pedro Igor
9b2ef96b22 [KEYCLOAK-3830] - Allow to configure enforcement-mode to a path definition 2016-11-17 20:50:28 -02:00
Pedro Igor
44ee53b0d8 [KEYCLOAK-3830] - Only enforce permissions when there is a KeycloakSecurityContext. 2016-11-17 20:50:17 -02:00
Stian Thorgersen
65136fabdd Merge pull request #3486 from hmlnarik/KEYCLOAK-3488
KEYCLOAK-3488 Fix typo in SamlPrincipal
2016-11-16 12:21:50 +01:00
Hynek Mlnarik
43002f7a8a KEYCLOAK-3488 Fix typo 2016-11-09 15:11:45 +01:00
Hynek Mlnarik
025cf5ebaf KEYCLOAK-3870 Schema for keycloak-saml.xml
Updated schema schema for keycloak-saml.xml (added documentation, set
up enumeration instead of free string where applicable per documentation)
and updated existing keycloak-saml.xml files with schema reference.
2016-11-09 10:45:43 +01:00
Stian Thorgersen
292777259e Merge pull request #3472 from hmlnarik/KEYCLOAK-1881-saml-key-rotation
Keycloak 1881 - SAML key/cert rotation for IdP
2016-11-08 07:56:25 +01:00
Stian Thorgersen
ef48594d85 Merge pull request #3470 from sebastienblanc/KEYCLOAK-3548
KEYCLOAK-3548 : Send 401 when no keycloak.json for EAP6/AS7 Adapter
2016-11-08 07:37:00 +01:00
Stian Thorgersen
5b54375490 Merge pull request #3468 from sebastienblanc/KEYCLOAK-3514
KEYCLOAK-3514 : fix servlet logout on bearer-only client
2016-11-08 07:35:44 +01:00
Hynek Mlnarik
570d71c07b KEYCLOAK-1881 Update client adapter configuration
Client adapter configuration was updated to support for customization
of HttpClient used for key retrieval similarly to OIDC. Further, it is
now possible to specify several static public keys for signature
verification in saml-client.xml.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
1ae268ec6f KEYCLOAK-1881 Include key ID for REDIRECT and use it for validation
Contrary to POST binding, signature of SAML protocol message sent using
REDIRECT binding is contained in query parameters and not in the
message. This renders <dsig:KeyName> key ID hint unusable. This commit
adds <Extensions> element in SAML protocol message containing key ID so
that key ID is present in the SAML protocol message.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
10deac0b06 KEYCLOAK-1881 KeyLocator implementation for SAML descriptor 2016-11-04 21:53:43 +01:00
Hynek Mlnarik
057cc37b60 KEYCLOAK-1881 Clone OIDC adapter HttpClient tools to SAML adapter
and
KEYCLOAK-1881 Extract httpclient configuration from AdapterConfig
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
5d840500af KEYCLOAK-1881 Include key ID in <ds:KeyInfo> in SAML assertions and protocol message
Changes of SAML assertion creation/parsing that are required to allow
for validation of rotating realm key: signed SAML assertions and signed
SAML protocol message now contain signing key ID in XML <dsig:KeyName>
element.
2016-11-04 21:53:43 +01:00
sebastien blanc
76c37de1e8 KEYCLOAK-3545: Send 401 if no kc configuration in EAP6/AS7 2016-11-03 15:39:02 +01:00
sebastien blanc
d98c375495 KEYCLOAK-3514 : Don't call logout for bearer-only client 2016-11-02 11:39:37 +01:00
Pedro Igor
44977207e3 Merge pull request #3402 from brewers/feature/js-entitlement-request
KEYCLOAK-3777: Add client api for requesting entitlements with permission requests
2016-11-02 07:15:02 -02:00
Stian Thorgersen
3ea555bae6 Merge pull request #3443 from stianst/KEYCLOAK-3606
KEYCLOAK-3606
2016-10-28 11:51:21 +02:00
Stian Thorgersen
5f58c96258 KEYCLOAK-3606
keycloak.js calls localStorage.key(localStorage.length) indirectly
2016-10-28 10:05:57 +02:00
Stian Thorgersen
4cc44bc174 Merge pull request #3420 from bdalenoord/master
KEYCLOAK-3807: Calling 'setHandler' is forbidden
2016-10-28 06:45:47 +02:00
Stian Thorgersen
3e5f490882 Merge pull request #3424 from sebastienblanc/KEYCLOAK-3669
KEYCLOAK-3669: Fix Tomcat Adapter for 8.5.5
2016-10-28 06:45:01 +02:00
sebastien blanc
621d234adc renaming fields to align with json names 2016-10-27 16:16:30 +02:00
sebastien blanc
1c2f49ab4e KEYCLOAK-3669: Fix Tomcat Adapter for 8.5.5 2016-10-25 16:27:41 +02:00
Bas Dalenoord
859c5cbe1e KEYCLOAK-3807: Use 'setSecurityHandler';
'insertHandler' is a method introduced in Jetty 9, Jetty 8 should
however be supported so 'setSecurityHandler' does the same thing but
works for both 8.x and 9.x;
2016-10-25 13:59:07 +02:00
Bas Dalenoord
f3df185bb5 KEYCLOAK-3807: Calling 'setHandler' is forbidden
Use 'insertHandler' as suggested in the 'setHandler's log warning.
2016-10-25 09:14:03 +02:00
Matej Lazar
036407fd90 Fix type in exception message. 2016-10-21 12:59:59 +02:00
Stian Thorgersen
4d47f758fc Merge pull request #3405 from stianst/master
Bump version
2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb Bump version 2016-10-21 07:03:15 +02:00
Stian Thorgersen
1a4f9e656d Merge pull request #3398 from stianst/KEYCLOAK-3774
KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redir…
2016-10-21 06:34:43 +02:00
Stian Thorgersen
9801f09a93 KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redirect_uri 2016-10-20 21:31:25 +02:00
Cherian Mathew
94d4afa11c Refactor entitlement request argument name 2016-10-20 17:24:41 +02:00
Cherian Mathew
d7d91cfbc0 Add client api for requesting entitlements with permission requests 2016-10-20 17:09:41 +02:00
Pulkit Gupta
8e9db1be96 fixed null pointer exception when principal is null 2016-10-20 13:39:04 +05:30
Marek Posolda
9f5acccc4f Merge pull request #3384 from mposolda/master
KEYCLOAK-3753 Deploying app secured with OIDC to EAP6 results with Error
2016-10-20 08:32:58 +02:00
Stian Thorgersen
e39d28517c Merge pull request #3381 from raehalme/KEYCLOAK-3755-master
KEYCLOAK-3755: isBearerTokenRequest and isBasicAuthRequest are now case-insensitive
2016-10-20 07:12:27 +02:00
Bill Burke
06c08a9cff Merge pull request #3249 from gautric/master
KEYCLOAK-3602 - NPE into SAML DeploymentBuilder build
2016-10-19 20:08:16 -04:00
mposolda
7f825eb415 KEYCLOAK-3753 Deploying app secured with OIDC to EAP6 results with Error 2016-10-19 21:45:35 +02:00
Stian Thorgersen
af5e8f7b09 Merge pull request #3376 from stianst/KEYCLOAK-1862
KEYCLOAK-1862
2016-10-19 19:27:29 +02:00
Pedro Igor
7dee39bbaa Merge pull request #3302 from brewers/master
KEYCLOAK-3703 Fix entitlement function call in authorization
2016-10-19 14:47:32 -02:00
Thomas Raehalme
e8ce9704c1 isBearerTokenRequest and isBasicAuthRequest is now case-insensitive. 2016-10-19 19:41:59 +03:00
Stian Thorgersen
61fa152e62 Merge pull request #3277 from ahus1/KEYCLOAK-2977-spring-cloud-rebinder-fix
KEYCLOAK-2977: fix re-binding problem with spring-cloud
2016-10-19 17:32:40 +02:00
Stian Thorgersen
7f04dd20b3 KEYCLOAK-1862 2016-10-19 17:28:22 +02:00
Stian Thorgersen
bd8e435164 KEYCLOAK-3625 Fix url 2016-10-19 17:07:01 +02:00
Alexander Schwartz
c2692cc0ac KEYCLOAK-2977: fix re-binding problem with spring-cloud 2016-10-19 16:07:28 +02:00
Stian Thorgersen
1b24d2edd8 KEYCLOAK-3625 More work on the issue 2016-10-19 14:21:50 +02:00
sebastien blanc
32df5225cf add check on list size 2016-10-19 14:21:41 +02:00
sebastien blanc
116f5f5795 KEYCLOAK-3625: conform to oidc specs 2016-10-19 14:21:41 +02:00
emilienbondu
0d3a50411e Move licence at the top of the file. 2016-10-19 09:57:07 +02:00
Stian Thorgersen
9193142bb9 Merge pull request #3305 from sebastienblanc/KEYCLOAK-3683
KEYCLOAK-3683: Remove trustore and trustore-password check
2016-10-17 19:39:02 +02:00
Stian Thorgersen
144898c0d2 Merge pull request #3262 from vramik/KEYCLOAK-3615
KEYCLOAK-3615 Resolve warnings while building the effective model
2016-10-17 19:09:30 +02:00
emilienbondu
3bed84d712 fix bug https://issues.jboss.org/browse/KEYCLOAK-3474 2016-10-17 14:42:46 +02:00
Hynek Mlnarik
4a19d4cdc1 KEYCLOAK-3664 Fix for NPE in subsystem when secure-deployment is undefined for a particular deployment 2016-10-17 09:19:44 +02:00
Stian Thorgersen
d2cae0f8c3 KEYCLOAK-905
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
sebastienblanc
f5a5fc3458 KEYCLOAK-3683: Remove trustore and trustore-password check 2016-10-11 15:19:31 +02:00
Cherian Mathew
ac245d3c4b Fix entitlement function call in authorization 2016-10-09 11:19:02 +02:00
mposolda
a60dd48300 KEYCLOAK-3646 Missing attributes in AS7 adapter subsystem 2016-10-04 08:30:35 +02:00
mposolda
d71fadabeb KEYCLOAK-3634 Allow adapter subsystem to just inject dependencies 2016-10-03 17:38:41 +02:00
mposolda
7447ca7b58 KEYCLOAK-3564 Added token-minimum-time-to-live and min-time-between-jwks-requests to adapter subsystem 2016-10-03 16:06:45 +02:00
Bill Burke
d4c3fae546 merge conflicts 2016-09-30 19:19:12 -04:00
mposolda
f9a0abcfc4 KEYCLOAK-3493 KEYCLOAK-3532 Added KeyStorageProvider. Support key rotation for OIDC clients and identity providers with JWKS url. 2016-09-30 21:28:23 +02:00
Bill Burke
8967ca4066 refactor mongo entities, optimize imports 2016-09-28 15:25:39 -04:00
Bill Burke
ecc104719d bump pom version 2016-09-26 11:01:18 -04:00
Vlasta Ramik
103fa975a1 Resolve warnings while building the effective model 2016-09-26 12:34:46 +02:00
Stian Thorgersen
06c48a2830 KEYCLOAK-3586
Token is not refreshed in updateToken
2016-09-21 09:13:05 +02:00
gautric
affc62460c KEYCLOAK-3602 - NPE into SAML DeploymentBuilder build 2016-09-20 18:39:49 +02:00
gautric
cd3cd4f506 KEYCLOAK-3602 - NPE into SAML DeploymentBuilder build 2016-09-20 18:36:54 +02:00
mwcz
bd2f220736 always resolve keycloak.init's promise 2016-09-15 17:25:29 -04:00
mposolda
bf6246f5c1 KEYCLOAK-905 Realm keys rotation support on adapters 2016-09-12 21:24:04 +02:00
Stian Thorgersen
6d40e0dd07 Merge pull request #3212 from didiez/master
KEYCLOAK-3513 Prevent clearing all registered sessions when invalidating some by sessionId
2016-09-08 13:50:14 +02:00
didiez
df3079852e Prevent clearing all registered sessions when invalidating some by sessionId 2016-09-08 09:19:30 +02:00
Stian Thorgersen
5d20651c66 KEYCLOAK-3475 Fixes for on token expired event 2016-09-06 13:00:37 +02:00
Stian Thorgersen
7a66b055be KEYCLOAK-3475 Call event handlers when initialized with tokens 2016-09-06 09:00:29 +02:00
Stian Thorgersen
d9e95455a2 Merge pull request #3172 from mwcz/js-updateToken-withCredentials
send cookies along with keycloak.updateToken()
2016-09-05 09:37:00 +02:00
Pedro Igor
ce78cc1d1c [KEYCLOAK-3472] - Multiple paths with the same name and tests 2016-08-31 21:04:36 -03:00
mwcz
ec5289b5c8 send cookies along with keycloak.updateToken() 2016-08-26 11:23:44 -04:00
mposolda
a8fb988e31 KEYCLOAK-3406 OIDC dynamic client registrations specs fixes 2016-08-11 15:54:51 +02:00
mposolda
d52e043322 Set version to 2.2.0-SNAPSHOT 2016-08-10 08:57:18 +02:00
Bill Burke
1e7cf9fb3f Merge pull request #3088 from thomasdarimont/issue/KEYCLOAK-3380-allow-ignore-pattern-in-filter
KEYCLOAK-3380 Allow to configure paths to skip in KeycloakOIDCFilter
2016-08-03 21:30:20 -04:00
mposolda
3b3368eead KEYCLOAK-3237 Add scope=openid to KeycloakInstalled 2016-08-02 05:45:55 +02:00
Pedro Igor
ae1a7542d8 [KEYCLOAK-3385] - Improvements to evaluation tool UI and result 2016-08-01 18:01:24 -03:00
Thomas Darimont
79c7203fe8 KEYCLOAK-3380 Allow to configure paths to skip in KeycloakOIDCFilter
We now allow configuration of path patterns which should not
be handled by the `KeycloakOIDCFilter` than can be specified via
the new init-parameter `keycloak.config.skipPattern` of
the `KeycloakOIDCFilter`.
Patterns are matched against the requestURI without the context-path.
A request for `/myapp/index.html` would be matched with `/index.html`
against the skip pattern.
This allows for for more flexible path handling when using the
`KeycloakOIDCFilter` in combination with existing applications.

Signed-off-by: Thomas Darimont <thomas.darimont@gmail.com>
2016-08-01 11:43:49 +02:00
Marek Posolda
59f228be2b Merge pull request #3076 from Smartling/KEYCLOAK-3097
KEYCLOAK-3097: Fix JBoss Logging scope
2016-08-01 09:30:02 +02:00
Pedro Igor
3c8ed8e3d8 [KEYCLOAK-3372] - Code cleanup 2016-07-29 05:18:38 -03:00
Scott Rossillo
322597b420 KEYCLOAK-3097: Fix JBoss Logging scope
JBoss Logging Framework required by Keycloak Core.
2016-07-27 12:35:21 -04:00
mposolda
56e011dce4 KEYCLOAK-3318 Adapter support for prompt and max_age. Refactoring to not hardcode OIDC specifics to CookieAuthenticator 2016-07-21 18:19:53 +02:00
mposolda
7571dc07f9 KEYCLOAK-1733 added verifySSL checks for 'basic' and 'query' authentication 2016-07-20 11:04:31 +02:00
Marek Posolda
e03bf6eef6 Merge pull request #2990 from trex667/feat/keycloak-1733
[KEYCLOAK-1733]: introduce token as query paramter
2016-07-20 10:46:11 +02:00
Thomas Darimont
f574173ed3 KEYCLOAK-3301 Add support for Undertow in Spring Boot Adapter
We now support using Undertow in combination with the Spring Boot Adapter.
2016-07-18 10:07:07 +02:00
Stian Thorgersen
a42e4af78d Merge pull request #3018 from thomasdarimont/issue/KEYCLOAK-3300-support-jetty-in-spring-boot-adapter
KEYCLOAK-3300 Add support for jetty in spring-boot-adapter
2016-07-15 13:29:16 +02:00
mposolda
13a21e5fda KEYCLOAK-3220 Improve error handling on adapters 2016-07-14 23:56:46 +02:00
mposolda
dcc4ea3aea KEYCLOAK-3237 Change OIDC adapters to use scope=openid as required per specs 2016-07-14 23:56:46 +02:00
Stian Thorgersen
9ddec7d1eb Merge pull request #3019 from ssilvert/KEYCLOAK-3273-ear
KEYCLOAK-3273: Prefer module name for secure-deployment in Keycloak
2016-07-14 12:06:44 +02:00
Thomas Darimont
be5468a7cf KEYCLOAK-3300 Add support for jetty in spring-boot-adapter
This adds support for using Jetty together with the Keycloak
spring-boot-adapter. Sadly the KeycloakSpringBootProperties.SecurityCollection
definition is mostly inspired by Tomcats SecurityConstraint/SecurityCollection
which doesn't provide a good fit for jettys structures.
In cases where jetty only allows one setting, we use the first value.

We only initialize KeycloakJettyServerCustomizer if jetty is used, same
applies for tomcat.
Revised configuration and extracted serverCustomizer code into
dedicated classes.
Prepared infrastructure for Undertow support.
2016-07-12 23:19:30 +02:00
Stan Silvert
1d4e76117c KEYCLOAK-3273: Prefer module name for secure-deployment name. 2016-07-12 12:42:24 -04:00
Peter Donald
c283f9803c Return -1 from getDateHeader() when request is restored.
Other certain container will attempt to access date (such as when
checking If-Modified-Since header)  and fail when accessing restored
request. The javax.servlet.http.HttpServletRequest#getDateHeader()
javadocs indicate that -1 should be returned when date is not available
2016-07-12 16:28:45 +10:00
Stan Silvert
73cbf857c1 KEYCLOAK-3273: Prefer module name for secure-deployment in Keycloak
adapter subsystem
2016-07-11 20:58:31 -04:00
mposolda
629390dd4a KEYCLOAK-2986 Require either expiration or issuedAt for client authentication with signed JWT 2016-07-08 16:16:38 +02:00
Bill Burke
bd2887aa77 Merge pull request #2982 from ahus1/jetty_9_3
KEYCLOAK-2684: jetty 9.3 implementation (oidc/saml)
2016-07-07 14:59:29 -04:00
awpwb
159b371973 [KEYCLOAK-1733]: introduce token as query paramter
add functional tests for access token as query paramter
2016-07-06 14:12:23 +02:00
Stian Thorgersen
948f37b01a Merge pull request #2997 from pedroigor/KEYCLOAK-3246
[KEYCLOAK-3246] - Authz client missing from tomcat 8 OpenID adapter
2016-07-06 09:24:19 +02:00
Stian Thorgersen
f52504ac41 KEYCLOAK-3262 Add support to save multiple state in keycloak.js 2016-07-05 08:45:12 +02:00
Pedro Igor
6bb59b7f63 [KEYCLOAK-3246] - Authz client missing from tomcat 8 OpenID adapter 2016-07-04 13:27:14 -03:00
Stian Thorgersen
f3a780cc2d KEYCLOAK-2617 Ignore postmessages if not initiated by keycloak.js 2016-07-04 13:07:17 +02:00
Alexander Schwartz
9384aa1398 KEYCLOAK-2684: jetty 9.3 implementation 2016-07-01 12:26:59 +02:00
Bill Burke
b224917fc5 bump version 2016-06-30 17:17:53 -04:00
Pedro Igor
2db41ef052 [KEYCLOAK-2999] - Changes to authz examples for integration test 2016-06-30 10:26:05 -03:00
Pedro Igor
afa9471c7c [KEYCLOAK-3128] - Admin Client Authorization Endpoints 2016-06-30 10:26:05 -03:00
Pedro Igor
f48288865b [KEYCLOAK-3156] - Missing CORS when responding with denies 2016-06-22 14:39:07 -03:00
Pedro Igor
905421a292 [KEYCLOAK-3152] - Keycloak Authorization JS Adapter 2016-06-22 14:28:02 -03:00
Stian Thorgersen
3c0f7e2ee2 Merge pull request #2617 from pedroigor/KEYCLOAK-2753
[KEYCLOAK-2753] - Fine-grained Authorization Services
2016-06-17 13:40:15 +02:00
Pedro Igor
086c29112a [KEYCLOAK-2753] - Fine-grained Authorization Services 2016-06-17 02:07:34 -03:00
Michaël van de Giessen
55910f5f70 KEYCLOAK-3050 - fix npe on deployment 2016-06-13 20:15:41 +02:00
mposolda
72736e5e47 KEYCLOAK-2028 Add test for token-minimum-time-to-live adapter option 2016-06-09 19:22:15 +02:00
Ben Loy
ec180db39f KEYCLOAK-2028: Add preemptive access token refresh support
Add a new keycloak.json property and mechanism to automatically
refresh access tokens if they are going to expire in less than a configurable
amount of time.
2016-06-09 19:22:15 +02:00
Pedro Igor
60f954a497 [KEYCLOAK-2894] - Fixing saml signature validation 2016-05-26 10:48:30 -03:00
Thomas Raehalme
babe94c50d KEYCLOAK-3016: BasicAuthRequestAuthenticator now consumes HttpEntity also on errors. 2016-05-19 08:47:51 +03:00
Vaclav Muzikar
e6f0da99e6 KEYCLOAK-2995 Revert changes from KEYCLOAK-2989 in JWTClientCredentialsProvider 2016-05-12 10:45:45 +02:00
Vaclav Muzikar
9ad584b34d KEYCLOAK-2989 Extend ClientAuthSignedJWTTest 2016-05-10 13:30:55 +02:00
Paolo Antinori
87a7879e71 KEYCLOAK-2777 - Added PathBasedKeycloakConfigResolver for OSGi + examples 2016-05-05 15:23:35 +02:00
Paolo Antinori
53799297b3 KEYCLOAK-2805 - Moved cxf.version up to the main pom 2016-05-05 15:22:03 +02:00
Paolo Antinori
f5f36545f3 KEYCLOAK-2805 - Support for JBoss Fuse 6.3
Upgrade of CXF, Jetty and Pax-Web required to rewrite part of the integration.
2016-05-05 15:21:51 +02:00
Maximilian Szengel
c3c3b90fb9 KEYCLOAK-2838: Add cookie storage fallback to keycloak.js 2016-04-21 11:07:41 +02:00
mposolda
6baa2228e7 KEYCLOAK-2852 Moved JAAS classes back to package org.keycloak.adapters.jaas 2016-04-19 22:19:10 +02:00
Bill Burke
58b5c3d75d KEYCLOAK-2584 2016-04-15 15:15:04 -04:00
Jonathan Masmejean
b4ce19c231 fix formating issue. 2016-04-14 12:00:41 +02:00
Jonathan Masmejean
93b54ce13a KEYCLOAK-2821 : Add the adapter option
You just can add an 'adapter' option to the kc.init() function like :

kc.init({adapter: "default | cordova"});

This will allow the users to choose the adapter they want. They can force the use of the default adapter even if they are using cordova or use the cordova adapter even if they are using a regular desktop.

If you omit this parameter, it just fallback to the old way. So, if you are under cordova it will run the cordova adapter and if you are under a desktop, it will load the default adapter instead.

Hope this can help.
2016-04-14 11:59:34 +02:00
Bill Burke
b080e1e782 merge adapter-spi adapter-spi-public 2016-04-13 22:25:30 -04:00
Bill Burke
515ed226be Merge remote-tracking branch 'upstream/master' 2016-04-12 15:19:58 -04:00
Bill Burke
cca91dd175 public/private 2016-04-12 15:19:46 -04:00
Stian Thorgersen
2a9304eb79 KEYCLOAK-2646 Admin console shows 'Page not found' after password reset 2016-04-07 16:26:20 +02:00
Thomas Darimont
bccc5fa7b1 KEYCLOAK-2054 - Allow to configure proxy for auth-server requests in adapters.
Previously the adapter configuration did not support specifying a proxy
for auth-server requests issued via the Apache HTTP Client by Keycloak.
This made it very difficult to connect an Application with Keycloak
that was required to use a proxy.

Introduced new `proxy-url` attribute to the adapter configuration
which makes it possible to configure a proxy to be used for auth-server
requests. Proxy-Host, Proxy-Port and Proxy-Scheme are taken from the
configured proxy URL.
Note that proxies that require authentication are currently not supported.
2016-04-07 11:09:40 +02:00
mposolda
784b724fe0 Removed docker-cluster as integration-arquillian has support for clustering tests now 2016-04-05 11:45:34 +02:00
mposolda
65dc7ddb44 KEYCLOAK-2623 Remove auth-server-url-for-backend-requests from adapters 2016-04-05 11:43:41 +02:00
Bill Burke
f21cede378 KEYCLOAK-2662 2016-04-01 16:43:38 -04:00
Bill Burke
7c9dbdfc91 KEYCLOAK-2516 2016-03-31 13:56:46 -04:00
Bill Burke
e497eb0950 KEYCLOAK-2584 2016-03-24 21:26:09 -04:00
mposolda
95a1fc32eb KEYCLOAK-2681 JS adapter init function with initOptions argument doesn't call success callback 2016-03-18 12:06:46 +01:00
Stian Thorgersen
28fe13a800 Next is 2.0.0.CR1 2016-03-10 08:13:00 +01:00
Stian Thorgersen
d722e53108 Next is 1.9.2.Final 2016-03-10 07:28:27 +01:00
Stian Thorgersen
bf38ec040f KEYCLOAK-2592 Set http-only on OAuth_Token_Request_State cookie 2016-03-04 13:43:00 +01:00
Bill Burke
64daa568b9 KEYCLOAK-2536 2016-02-29 16:05:43 -05:00
Bill Burke
37584a24e0 unsecure url has principal
KEYCLOAK-2550
Typo in userguide

KEYCLOAK-1928 Kerberos working with IBM JDK

KEYCLOAK-1928 Remove sun.jdk.jgss module

KEYCLOAK-1928 Fix kerberos with adapter on JDK7

KPR-147 - Initial login scenarios around admin password - test

KEYCLOAK-2561 Fix issues with blank password

KEYCLOAK-2559 Missing add/remove button for 'Valid Redirect URIs' in a client settings form

Added simple test for JPA performance (with many users).

Fixed "re-import" operation logging.

Fixed for Timer.saveData()

Fixed for Timer.saveData()

ManyUsersTest: ArrayList --> LinkedList

Fix AbstractUserTest

Fix parentheses in login page object

Add tests for IDP initiated login

KEYCLOAK-1040
Allow import of realm keys (like we do for SAML)

KEYCLOAK-2556 Remove required for client create root url and saml endpoint

KEYCLOAK-2555 ForbiddenException when importing test realm or creating test user

KEYCLOAK-2553
Unexpected form behavior while creating a client

KEYCLOAK-2551
Broken navigation links while creating/editing a Client Mapper
2016-02-29 09:30:28 -05:00
Stian Thorgersen
023b558f43 KEYCLOAK-2527
Cordova not working
2016-02-23 13:32:00 +01:00
Stian Thorgersen
a1d9753ec2 Next is 1.9.1.Final-SNAPSHOT 2016-02-23 08:48:26 +01:00
Stian Thorgersen
4fd97091ff Version bump to 2.0.0.CR1-SNAPSHOT 2016-02-22 11:36:56 +01:00
Stian Thorgersen
38ce5e069c Merge pull request #2237 from lkubik/restructurizeParents
Update parent poms structure
2016-02-22 08:01:58 +00:00
Marko Strukelj
cb2aa547f9 KEYCLOAK-2485 local description is missing in jboss as7/eap adapter 2016-02-18 16:51:40 +01:00
Lukas Kubik
d22f4cb08c Update parent poms 2016-02-17 16:35:29 +00:00
Stian Thorgersen
a4ce389bf5 Merge pull request #2217 from stianst/master
Revert back to servlet 3.0
2016-02-11 10:02:54 +01:00
Stian Thorgersen
4ea586ebe6 Revert back to servlet 3.0 2016-02-11 09:09:39 +01:00
Marko Strukelj
94da1dfc13 KEYCLOAK-2461 NPE when deploying an .ear 2016-02-10 16:13:46 +01:00
Stian Thorgersen
8ed1677249 Merge pull request #2188 from ahus1/logout_should_keep_fragement_KEYCLOAK-2323
Don't encode URL fragment for logout URL / KEYCLOAK-2323
2016-02-10 13:16:51 +01:00
Stian Thorgersen
bb77c717c9 KEYCLOAK-2303
Update dependency versions to align with WildFly 10
2016-02-10 09:07:06 +01:00
Stian Thorgersen
528e3127e6 KEYCLOAK-2434
BasicAuthRequestAuthenticator ignores HttpClientBuilder configuration
2016-02-09 08:41:35 +01:00
Alexander Schwartz
01083d21d0 Don't encode URL fragment for logout URL / KEYCLOAK-2323 2016-02-06 17:43:38 +01:00
mhajas
8a8552822a KEYCLOAK-2428 Log also other accesses 2016-02-05 11:56:05 +01:00
Stian Thorgersen
579ab56a5a Bump version to 1.9.0.Final-SNAPSHOT 2016-02-04 15:55:11 +01:00
Stian Thorgersen
040b32ead7 KEYCLOAK-2446
Cordova not working
2016-02-04 09:47:25 +01:00
Bill Burke
c4c99d5f81 KEYCLOAK-2443 2016-02-03 17:31:50 -05:00
Bill Burke
a899d86ac0 KEYCLOAK-2444 2016-02-03 16:43:29 -05:00
Marko Strukelj
683487aafe KEYCLOAK-2439 Client adapter fails to set SNI field during TLS handshake 2016-02-03 14:47:19 +01:00
Stian Thorgersen
c7a8742a36 KEYCLOAK-1524
Source code headers
2016-02-03 11:20:22 +01:00
Bill Burke
ec9b9879e8 filter examples, subsystem dependencies 2016-02-02 19:15:05 -05:00
Bill Burke
d0b17a0aea KEYCLOAK-2297 2016-02-02 12:28:50 -05:00
Bill Burke
0f63a5063b KEYCLOAK-2220 2016-02-02 09:46:28 -05:00
Bill Burke
9bc5a4592c fix 2016-02-01 10:39:00 -05:00
Bill Burke
4ba77a15a0 Merge remote-tracking branch 'upstream/master' 2016-02-01 10:36:45 -05:00
Bill Burke
66f4921227 saml subsystem as7 backport 2016-02-01 10:36:25 -05:00
Stian Thorgersen
77a7b5a130 Merge pull request #2116 from mstruk/KEYCLOAK-2315
KEYCLOAK-2315 Remove jboss-earlyaccess-repository repository
2016-02-01 15:26:26 +01:00
Bill Burke
db78ea76b8 Merge pull request #2142 from patriot1burke/master
saml subsystem model changes
2016-01-30 08:40:10 -05:00
Bill Burke
6c020661e8 saml subsystem model changes 2016-01-30 07:13:13 -05:00
Bill Burke
8cffbdd581 Merge pull request #2131 from patriot1burke/master
saml adapter needs endpoint
2016-01-29 09:30:04 -05:00
Marek Posolda
41551e08b0 Merge pull request #2129 from georgekankava/staging/literal-boolean-values-should-not-be-used-in-condition-expressions-fix-1
squid:S1125 - Literal boolean values should not be used in condition expressions
2016-01-29 13:23:20 +01:00
Bill Burke
a068d83dd8 saml adapter endpoint changes 2016-01-28 22:56:14 -05:00
George Kankava
92a494359d squid:S1125 - Literal boolean values should not be used in condition expressions 2016-01-29 00:22:47 +04:00
Marko Strukelj
5826c034eb KEYCLOAK-2315 Remove jboss-earlyaccess-repository repository 2016-01-27 14:17:25 +01:00
Marko Strukelj
5c46f0603d Fix typo bug introduced during modules refactoring 2016-01-26 16:45:22 +01:00
Stian Thorgersen
06caa8e67e KEYCLOAK-2391
View history of access to Resource Server
2016-01-26 08:50:28 +01:00
Bill Burke
d3cab2be93 Merge pull request #2094 from bdecoste/master
KeyStore element in subsystem not required
2016-01-22 18:34:55 -05:00
root
ae6dde9cda KeyStore element in sunsystem not required 2016-01-22 15:05:24 -08:00
Bill Burke
f3ea2ab8d0 fix errant pom 2016-01-22 17:03:31 -05:00
Bill Burke
742f162cfc Merge remote-tracking branch 'upstream/master' 2016-01-22 17:01:14 -05:00
Bill Burke
fedf3d0e52 KEYCLOAK-2377 2016-01-22 17:00:51 -05:00
Bill Burke
e0af79e66b Merge pull request #2087 from patriot1burke/master
KEYCLOAK-2373 KEYCLOAK-2376
2016-01-21 21:30:01 -05:00
Bill Burke
1ee76a126f KEYCLOAK-2373 KEYCLOAK-2376 2016-01-21 20:18:07 -05:00
Stan Silvert
fa2055c896 KEYCLOAK-1280: pom should not override version from dependency management 2016-01-21 11:55:38 -05:00
Bill Burke
efd8317259 final re-org work 2016-01-20 17:26:26 -05:00
Bill Burke
d9487a8745 social broker reorg 2016-01-20 16:46:38 -05:00