Stefan Guilhen
3fa8a5aa88
[KEYCLOAK-12612][KEYCLOAK-12944] Fix validation of SAML destination URLs
...
- no longer compare them to the server absolutePath; instead use the base URI to build the validation URL
2020-03-03 06:48:02 +01:00
Hynek Mlnarik
f45f882f0c
KEYCLOAK-11903 Test for XSW attacks
2020-03-02 21:26:13 +01:00
vramik
7c91e36e43
KEYCLOAK-10898 WildFly Adapter CLI based installation scripts
2020-03-02 10:08:45 +01:00
Hynek Mlnarik
aecfe251e4
KEYCLOAK-12816 Fix representation to model conversion
2020-02-27 21:11:24 +01:00
Douglas Palmer
85d7216228
[KEYCLOAK-12640] Client authorizationSettings.decisionStrategy value lost on realm import
2020-02-27 09:45:48 -03:00
Stian Thorgersen
26c166d965
Update OIDCIdentityProvider.java
2020-02-27 09:13:29 +01:00
Pedro Igor
a830818a84
[KEYCLOAK-12794] - Missing id token checks in oidc broker
2020-02-27 09:13:29 +01:00
Thomas Darimont
469bca624b
KEYCLOAK-10953 Avoid NPE when Updating Clients via Admin REST API
2020-02-27 09:09:32 +01:00
Thomas Darimont
f426ed6de6
KEYCLOAK-7961 Avoid sending back-channel logout requests to disabled clients
2020-02-27 09:08:09 +01:00
Pedro Igor
1c71eb93db
[KEYCLOAK-11576] - Properly handling redirect_uri parser errors
2020-02-27 08:29:06 +01:00
stianst
950eae090f
KEYCLOAK-13054 Unblock temporarily disabled user on password reset, and remove invalid error message
2020-02-27 08:05:46 +01:00
Martin Bartoš
eaaff6e555
KEYCLOAK-12958 Preview feature profile for WebAuthn ( #6780 )
...
* KEYCLOAK-12958 Preview feature profile for WebAuthn
* KEYCLOAK-12958 Ability to enable features having EnvironmentDependent providers without restart server
* KEYCLOAK-12958 WebAuthn profile product/project
Co-authored-by: Marek Posolda <mposolda@gmail.com>
2020-02-26 08:45:26 +01:00
Peter Skopek
5db98a58d3
KEYCLOAK-12826 WebAuthn fails to login user when their security key supports "user handle"
2020-02-20 09:19:09 +01:00
stianst
9e47022116
KEYCLOAK-8044 Clear theme caches on hot-deploy
2020-02-20 08:50:10 +01:00
stianst
d8d81ee162
KEYCLOAK-12268 Show page not found for /account/log if events are disabled for the realm
2020-02-20 08:49:30 +01:00
stianst
06576a44c9
KEYCLOAK-13032 Add no cache headers to account form service
2020-02-19 15:47:18 +01:00
stianst
536824beb6
KEYCLOAK-12960 Use Long for time based values in JsonWebToken
2020-02-19 15:46:05 +01:00
Stefan Guilhen
7a3998870c
[KEYCLOAK-12612][KEYCLOAK-12944] Fix validation of SAML destination URLs
...
- no longer compare them to the server absolutePath; instead use the base URI to build the validation URL
2020-02-18 16:38:19 -03:00
mposolda
eeeaafb5e7
KEYCLOAK-12858 Authenticator is sometimes required even when configured as alternative
2020-02-18 09:05:59 +01:00
Thomas Darimont
67ddd3b0eb
KEYCLOAK-12926 Improve Locale based message lookup
...
We now consider intermediate Locales when performing a Locale based
ResourceBundle lookup, before using an Locale.ENGLISH fallback.
Co-authored-by: stianst <stianst@gmail.com>
2020-02-18 08:43:46 +01:00
keycloak-bot
d352d3fa8e
Set version to 9.0.1-SNAPSHOT
2020-02-17 20:38:54 +01:00
mposolda
a76c496c23
KEYCLOAK-12860 KEYCLOAK-12875 Fix for Account REST Credentials to work with LDAP and social users
2020-02-14 20:24:42 +01:00
stianst
f0e3122792
KEYCLOAK-12953 Ignore empty realm frontendUrl
2020-02-14 11:33:07 +01:00
stianst
42773592ca
KEYCLOAK-9632 Improve handling of user locale
2020-02-14 08:32:20 +01:00
stianst
4b09a4a2af
KEYCLOAK-12993 AuthorizationBean invokes ResolveRelative.resolveRelativeUri with null as the value for KeycloakSession
2020-02-13 16:45:06 +01:00
Pedro Igor
7efaf9869a
[KEYCLOAK-12864] - OIDCIdentityProvider with Reverse Proxy
2020-02-13 15:01:10 +01:00
Peter Zaoral
b0ffea699e
KEYCLOAK-12186 Improve the OTP login form
...
-created and implemented login form design, where OTP device can be selected
-implemented selectable-card-view logic in jQuery
-edited related css and ftl theme resources
-fixed affected BrowserFlow tests
Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
2020-02-12 11:25:02 +01:00
Peter Skopek
622a97bd1c
KEYCLOAK-12228 Sensitive Data Exposure
...
from patch of hiba haddad haddadhiba0@gmail.com
2020-02-12 09:57:31 +01:00
stianst
3c0cf8463a
KEYCLOAK-12821 Check if action is disabled in realm before executing
2020-02-12 09:04:43 +01:00
stianst
0b8adc7874
KEYCLOAK-12921 Fix NPE in client validation on startup
2020-02-12 08:23:25 +01:00
stianst
dda829710e
KEYCLOAK-12829 Require PKCE for admin and account console
2020-02-12 08:22:20 +01:00
Thomas Darimont
7969aed8e0
KEYCLOAK-10931 Trigger UPDATE_PASSWORD event on password update via AccountCredentialResource
2020-02-11 19:51:58 +01:00
Martin Kanis
1d54f2ade3
KEYCLOAK-9563 Improve access token checks for userinfo endpoint
2020-02-11 15:09:21 +01:00
stianst
ecec20ad59
KEYCLOAK-12193 Internal error message returned in error response
2020-02-07 18:10:41 +01:00
mabartos
a5d02d62c1
KEYCLOAK-12908 TOTP not accepted in request for Access token
2020-02-07 13:17:05 +01:00
stianst
7545749632
KEYCLOAK-12190 Add validation for client root and base URLs
2020-02-07 09:09:40 +01:00
Pedro Igor
fc514aa256
[KEYCLOAK-12792] - Invalid nonce handling in OIDC identity brokering
2020-02-06 13:16:01 +01:00
Dmitry Telegin
b6c5acef25
KEYCLOAK-7969 - SAML users should not be identified by SAML:NameID
2020-02-06 08:53:31 +01:00
Martin Bartoš
7dec314ed0
KEYCLOAK-12900 NullPointerException during WebAuthn Registration ( #6732 )
2020-02-05 17:01:36 +01:00
Axel Messinese
b73553e305
Keycloak-11526 search and pagination for roles
2020-02-05 15:28:25 +01:00
rmartinc
d39dfd8688
KEYCLOAK-12654: Data to sign is incorrect in redirect binding when URI has parameters
2020-02-05 11:30:28 +01:00
Martin Bartoš
b0c4913587
KEYCLOAK-12177 KEYCLOAK-12178 WebAuthn: Improve usability ( #6710 )
2020-02-05 08:35:47 +01:00
Thomas Darimont
42fdc12bdc
KEYCLOAK-8573 Invalid client credentials should return Unauthorized status ( #6725 )
2020-02-05 08:27:15 +01:00
Thomas Darimont
d417639cb8
KEYCLOAK-11033 Avoid NPE in password endpoint of AccountCredentialResource ( #6721 )
...
Added additional null guard since some credentials provide might not
maintain a "CreatedDate" for a password credentials.
2020-02-04 16:01:27 +01:00
rmartinc
5b9eb0fe19
KEYCLOAK-10884: Need clock skew for SAML identity provider
2020-02-03 22:00:44 +01:00
Jan Lieskovsky
b532570747
[KEYCLOAK-12168] Various setup TOTP screen usability improvements ( #6709 )
...
On both the TOTP account and TOTP login screens perform the following:
* Make the "Device name" label optional if user registers the first
TOTP credential. Make it mandatory otherwise,
* Denote the "Authenticator code" with asterisk, so it's clear it's
required field (always),
* Add sentence to Step 3 of configuring TOTP credential explaining
the user to provide device name label,
Also perform other CSS & locale / messages file changes, so the UX is
identical when creating OTP credentials on both of these pages
Add a corresponding testcase
Also address issues pointed out by mposolda's review. Thanks, Marek!
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2020-02-03 19:34:28 +01:00
Marek Posolda
154bce5693
KEYCLOAK-12340 KEYCLOAK-12386 Regression in credential handling when … ( #6668 )
2020-02-03 19:23:30 +01:00
Leon Graser
01a42f417f
Search and Filter for the count endpoint
2020-02-03 09:36:30 +01:00
Pedro Igor
ed2d392a3d
[KEYCLOAK-9666] - Entitlement request with service account results in server error
2020-02-03 08:57:56 +01:00
Pedro Igor
658a083a0c
[KEYCLOAK-9600] - Find by name in authz client returning wrong resource
2020-02-03 08:57:20 +01:00