libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions
23433 commits 4 branches 9 tags 483 MiB
Commit graph

1050 commits

Author SHA1 Message Date
Sven-Torben Janus
0efa4afd49 Evaluate composite roles for hardcoded LDAP roles/groups 
Closes: 11771

see also KEYCLOAK-18308
 2022-05-02 14:13:37 +02:00
Stian Thorgersen
52ca546cfa
Remove Fuse adapters (#11740) 
Closes #11677
 2022-05-02 09:55:52 +02:00
Alexander Schwartz
29233f33c8 Clear import/export properties at the end of the test 
This avoids the pollution of system properties that might lead to failures following tests.

Closes #11670
 2022-04-28 11:02:16 +02:00
vramik
5248815091 Disable infinispan realm and user cache for map storage tests 
Closes #11213
 2022-04-25 09:38:49 +02:00
Martin Bartoš
53ea60b8d5
Remove support for IE (#11271) 
Closes #11268
 2022-04-22 10:38:41 +02:00
Pedro Igor
76d83f46fa
Avoid clients exchanging tokens using tokens issued to other clients (#11542) 2022-04-20 19:14:55 +02:00
Stefan Guilhen
b29b27d731 Ensure code does not rely on a particular format for the realm id or component id 2022-04-20 14:40:38 +02:00
Pedro Igor
2cb5d8d972
Removing upload scripts feature (#11117) 
Closes #9865

Co-authored-by: Michal Hajas <mhajas@redhat.com>

Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2022-04-20 14:25:16 +02:00
Martin Bartoš
3aa3db16ea
Fix error response for invalid characters (#11533) 
Fixes #11530
 2022-04-20 11:26:08 +02:00
Alexander Schwartz
a6dd9dc0f1 Avoiding AvlPartitionFactory and using JdbmPartitionFactory for the embedded LDAP to work around unstable tests. 
Fix for #11171 didn't turn out to cover the root cause. Also improved transaction handling in LDAP Map storage.

Closes #11211
 2022-04-12 09:12:21 +02:00
Alexander Schwartz
5c810ad0e5 Avoid short-lived connections for ApacheDS to avoid messages around "ignoring the message MessageType UNBIND_REQUEST" 
The comment in LdapRequestHandler.java in ApacheDS notes just before discarding an unbind request: "in some cases the session is becoming null though the client is sending the UnbindRequest before closing".

Also implementing a retry logic for all remaining errors regarding LDAP.

Closes #11171
 2022-04-11 10:03:15 +02:00
Tyler Andor
caebe50d7e
Updates patternfly libs and fixes breaking changes (#10748) 
adding nvmrc

CIAM-1048 Device Activity screen PF updates

CIAM-1046: Personal Info sub-header update

Updates SigningInPage to use EmptyState component when there are no credentials.

rearanged some components used in signing in page

Displays ApplicationPage content in description list.

Updates refresh link on ContentPage, updates Resources screen.

CIAM-1049 Linked Accounts screen PF updates

CIAM-1043-General upstream updates

Updates AccountPage to display form errors.

fix: display Set up Authenticator Application link on large viewport

fix(page structure): rearranges page sections

CIAM-1254/Personal info PF4 updates & Sidebar text updates

updating layouts

updating layout on Signing in and Linked acounts

adding patternfly-additions

adding patternfly-addons styles

Updates Application page based on designs feedback.

moving page description

Updates status label on Applications page to be capitalized.

Updates the copy-fonts script for keycloak.v2 to copy all font directories instead of one.

update Personal info screen - set max width of 600px for form input fields

update Personal info - remove required indicator from input fields

General updates (#2)

* removed the extra lines being shown

* tweaked general spacing

* general alignment and spacer application

* refactor to get proper alignments without css globals

* forgot to add the conditional on displaying the set up buttons

* try and adjust the alignments

Co-authored-by: zwitter <zwitter@redhat.com>

resolve merge conflicts

Device activity updates (#4)

* update text to sentence case

* update device info columns to be dynamic across various viewport sizes

* update signed in device layout

* update based on feedback

Co-authored-by: Jon Szeto <jszeto@redhat.com>

Linked accounts update (#3)

* linked accounts screen - updated icons & Linked/Unlinked Login Providers layout & update text to sentence case

Co-authored-by: Jon Szeto <jszeto@redhat.com>

fixing ts errors

cleaning up fonts and messages

final review updates

message update for Back to admin console link

fixing capitalization on 2fa

updating landing page welcome message

fix: reposition Back to... link

adjusting size for confirm modal

updating spacing and alignment issues

updating resources page

removing unused header class

fixes ts issues and updates node version to match the themes install

npm updates

fixing pf addons

adding chokidar to get babel:watch working

fixing issues from pull request feedback

fixing tests

fixes signingin page test

fixing tests

Co-authored-by: Tyler Andor <tandor@highereducation.com>
 2022-04-06 13:00:38 +02:00
Teubner, Malte
b5f70d8a32 Add scope parameter to admin-client TokenManager. 
Closes #10759
 2022-03-31 10:56:08 -03:00
Marek Posolda
22a16ee899
OIDC RP-Initiated logout endpoint (#10887) 
* OIDC RP-Initiated logout endpoint
Closes #10885

Co-Authored-By: Marek Posolda <mposolda@gmail.com>

* Review feedback

Co-authored-by: Douglas Palmer <dpalmer@redhat.com>
 2022-03-30 11:55:26 +02:00
Joaquim Fellmann
92c4e6d585
KEYCLOAK-16134 Allow webauthn idless login flow (#7860) 
Closes #10832
 2022-03-21 11:37:33 +01:00
Ivan Atanasov
5c6b123aff
Support for the Recovery codes (#8730) 
Closes #9540


Co-authored-by: Zachary Witter <torquekma@gmail.com>
Co-authored-by: stelewis-redhat <91681638+stelewis-redhat@users.noreply.github.com>
 2022-03-10 15:49:25 +01:00
Martin Bartoš
8a0f1ccb34 Properly execute AuthenticationFlowCallbackProviderTest with Map storage 
Closes #10268, Closes #10225
 2022-03-10 15:00:23 +01:00
Alexander Schwartz
18f391d8c4 Fix spelling error in field and classname 
It's always a converter, unless electricity is involved.

Closes #10573
 2022-03-09 08:28:52 -03:00
mposolda
93bba8e338 Replace 'Store LoA in User Session' with 'Max Age'. Refactoring of step-up authentications related to that. 
Closes #10205
 2022-03-08 10:41:05 +01:00
mposolda
52712d2c82 ACR support in the javascript adapter 
Closes #10154
 2022-02-24 20:07:50 +01:00
Pedro Igor
209df44641
Fixing responses when unexpected errors occurs (#10383) 
Closes #10338
 2022-02-23 07:44:25 +01:00
Martin Bartoš
314d303a99 Possibility to ignore tests for particular browsers 
Closes #10213
 2022-02-17 09:02:11 +01:00
Marek Posolda
90d4e586b6
Show error in case of an unkown essential acr claim. Make sure correc… (#10088) 
* Show error in case of an unkown essential acr claim. Make sure correct acr is set after authentication flow during step-up authentication
Closes #8724

Co-authored-by: Cornelia Lahnsteiner <cornelia.lahnsteiner@prime-sign.com>
Co-authored-by: Martin Bartoš <mabartos@redhat.com>
 2022-02-15 09:02:05 +01:00
Martin Bartoš
6c09ec6de6 Hide 'unknown' transport media type label for WebAuthn authenticators 
Closes #10036
 2022-02-11 08:28:50 +01:00
Marek Posolda
d9c8cb30a5
Closes #9498 - Fix cases when user is forced to re-authenticate (#9580) 2022-02-07 09:02:08 +01:00
Konstantinos Georgilakis
a1f2f77b82 Device Authorization Grant with PKCE 
Closes #9710
 2022-02-03 08:37:07 +01:00
Martin Bartoš
8649ca3d50
Multiple active tabs when realm name equals name of the tab in Admin console (#9438) 
Closes #9421
 2022-01-11 16:01:28 -05:00
Martin Bartoš
d75d28468e
KEYCLOAK-19490 Add more details about 2FA to authenticate page (#9252) 
Closes #9494
 2022-01-11 09:16:22 +01:00
Martin Bartoš
422ae0b3db CIAM-1693 WebAuthn tests failures on JBoss 2021-12-23 02:43:25 -08:00
CorneliaLahnsteiner
dff79cee3c
KEYCLOAK-847 Add support for step up authentication (#7897) 
KEYCLOAK-847 Fix behavior of unknown not essential acr claim

Co-authored-by: Georg Romstorfer <georg.romstorfer@gmail.com>
Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2021-12-22 12:43:12 +01:00
Pedro Igor
15d5a074b0 Avoid building configuration all the time when running tests 
Closes #9262
 2021-12-21 07:10:15 -08:00
Michal Hajas
30cef7aa68 Fix app-server addHttpListener failure 2021-12-20 10:40:42 +01:00
Stian Thorgersen
31345c49b1
Server-only upgrade to WildFly 25.0.1 (#9190) 
* WF 25.0.1 upgrade light

* Re-enable adapters with old WF versions

* Put server-overlay and server-legacy-dist back to reduce size of PR changes

* Remove some more changes that are not needed

* Fix issues adding to provider properties

* Fix user-profile updates for tests

* tls fixes

* Set WF to 23 for adapter tests

Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
 2021-12-17 12:12:41 +01:00
stianst
85240c9606 Remove deprecated kcinit from keycloak 
Closes #9106
 2021-12-13 15:51:51 +01:00
Martin Bartoš
8e8fab857e KEYCLOAK-19486 Verify the WebAuthn registration functionality 2021-12-13 09:46:07 +01:00
Pedro Igor
bf0f3d605c [fixes #9052] - Renaming cluster options to cache 2021-12-10 08:20:53 +01:00
Martin Bartoš
4f66087bf4 Fix for WebAuthn tests 2021-12-08 10:12:48 +01:00
Martin Bartoš
7dc01a5a6e KEYCLOAK-13319 Use newest WebDriver/Selenium for the WebAuthn testing 2021-12-06 09:42:10 +01:00
Pedro Igor
9a4ab82d08 [KEYCLOAK-19847] - Optimizations and refactoring for better/stable startup time 2021-12-02 08:57:23 -08:00
Pedro Igor
7bef534392 [KEYCLOAK-19859] - Patching request filter to properly end responses 2021-12-01 09:18:56 -08:00
Olivier Boudet
ed6eea26ea KEYCLOAK-19413 Allows to set login_hint on registration and reset-credentials pages 2021-11-18 13:17:10 +01:00
Pedro Igor
e14e56e0f3 [KEYCLOAK-19798] - Hostname support for Dist.X 
Co-authored-by: Stian Thorgersen <stian@redhat.com>
 2021-11-17 10:51:58 -03:00
Michal Hajas
2f9a5aae0f KEYCLOAK-19028 Add HotRod Map storage implementation 2021-11-11 14:10:00 +01:00
Alec Henninger
cec6a8a884 KEYCLOAK-19700: Attempt to reuse denied device authorization code results in server error 2021-11-08 11:37:51 +01:00
mposolda
5740e158e3 KEYCLOAK-18744 OpenBanking Brasil fix for X509 client authentication. More flexibility in Subject DN comparison. 2021-11-05 09:10:50 +01:00
Pedro Igor
3c00dba8ad [KEYCLOAK-19767] - Fixing testsuite to point to right persisted config 2021-11-04 15:06:49 -03:00
Dominik Guhr
579c5462b2 KEYCLOAK-19308 Grouping for help commands and refactoring of Propertymapper usage to provida a fluid API 2021-11-04 08:59:56 -03:00
Bruno Oliveira da Silva
16db810b03 [KEYCLOAK-19754] - Update documentation files to remove problematic language in the main repository 2021-11-04 10:08:56 +01:00
Pedro Igor
eaa96f6147 [KEYCLOAK-18255] - Vault Support in Dist.X 2021-11-03 09:23:33 -03:00
Joerg Matysiak
afc5cb4d14 KEYCLOAK-19617 Simplify creation of custom user profiles 
* DeclarativeUserProfileProvider passes its ID to DeclarativeUserProfileModel, so this also works for derived classes.
* Moved creation of declarative user profile model to a protected factory method to allow subclasses to provide their own implementation.
* Added integration tests for custom user profile
* configured declarative-user-profile as default user profile provider in test servers
* Restore previously configured default provider after test with special provider settings
* Some refactoring in SpiProviderSwitchingUtils
 2021-10-28 08:26:11 -03:00
Dominik Guhr
c45a6fde12
KEYCLOAK-19547 Switch arquillian quarkus container to use autobuild to prevent timeo… (#8576) 
* KEYCLOAK-19547 Switch arquillian quarkus container to use autobuild to prevent timeouts when reaugmentation is longer than 10s

Co-authored-by: Dominik Guhr <dguhr@redhat.com>
 2021-10-18 08:53:12 -03:00
Pedro Igor
27e74c41ff [KEYCLOAK-19459] - Enabling ClientSearchTest to Dist.X 2021-10-14 17:08:06 -03:00
Dominik
00feef4dbe KEYCLOAK-19496 Unignore ArtifactBindingCustomResolverTest and make SetDefaultProvider Annotation usable for Quarkus-based distribution 2021-10-08 15:50:59 -03:00
R Yamada
891c8e1a12 [KEYCLOAK-17653] - OIDC Frontchannel logout support 2021-10-07 15:27:19 -03:00
Dominik
97ee8832a3 KEYCLOAK-19079 Add special case for kubeadmin without uid and OCP4 2021-10-07 14:29:00 -03:00
Dominik
12d4837fa9 KEYCLOAK-19484_BasicSamlTest 2021-10-06 12:04:05 -03:00
Tomas Kyjovsky
01a0e11c8f KEYCLOAK-19392 pass infinispan javaVmArguments via JAVA_OPTS instead of CLI parameters 2021-10-05 09:06:50 +02:00
Pedro Igor
0210acadad [KEYCLOAK-19424] - Rename the config command to build 2021-10-01 08:39:50 +02:00
Dominik
82964f7460 KEYCLOAK-13770 Working FixedHostnameTest for Quarkus 2021-09-28 11:48:50 -03:00
Dominik
20b91c7d4f KEYCLOAK-13770 Fix Quarkus ScriptDeploymentTests, Hostnametests and tests relying on user attribute config 2021-09-27 15:19:45 -03:00
Pedro Igor
aa018295c4 [KEYCLOAK-17866] - Upgrade to Quarkus v2 2021-09-10 11:21:09 -03:00
Olivier Boudet
c7f8544b0c KEYCLOAK-18454 Reset password : wrong email instructions when duplicates email is allowed 2021-09-02 14:44:18 +02:00
Martin Bartos
18cef60bbd KEYCLOAK-19037 Problems with validation of Email field that contains uppercase character 2021-08-19 11:13:42 +02:00
Yang Xie
d8cb279bc4 KEYCLOAK-17693 add config for loading custom IdMapper class 2021-08-03 17:44:47 +02:00
mposolda
9b0e1fff8d KEYCLOAK-18903 More customizable OIDC WellKnown provider 2021-07-28 18:03:23 +02:00
mposolda
4520cbd38c KEYCLOAK-18904 Support cert-bound tokens when doing client credentials grant. Client policies support for client credentials grant 2021-07-28 07:24:30 +02:00
mposolda
643b3c4c5a KEYCLOAK-18594 CIBA Ping Mode 2021-07-27 08:33:17 +02:00
Hynek Mlnarik
6b9040d18a KEYCLOAK-18876 Fix intermittent LoginTest failures 2021-07-23 08:44:50 +02:00
Pedro Igor
d29d945cc4 [KEYCLOAK-18857] - Do not force default to RS256 when verifying tokens sent by clients and JWK does not hold an algorithm 2021-07-21 11:09:02 +02:00
Takashi Norimatsu
61fcbb307b KEYCLOAK-18830 FAPI-CIBA-ID1 conformance test : HolderOfKeyEnforcerExecutor needs to be executed on CIBA token request 2021-07-21 08:07:50 +02:00
Vlastimil Elias
61aa4e6a70 KEYCLOAK-18750 - Set "Email Verified" to false when email changed in 
UserProfile Provider
 2021-07-19 11:19:29 -03:00
Pedro Igor
a79d28f115 [KEYCLOAK-18729] - Support JAR when using PAR 2021-07-19 11:42:20 +02:00
Pedro Igor
1baab67f3b [KEYCLOAK-18630] - Request object encryption support 2021-07-09 11:27:30 -03:00
Vlastimil Elias
6686482ba5 [KEYCLOAK-18591] - Support a dynamic IDP user review form 2021-07-09 10:05:26 -03:00
Hryhorii Hevorkian
2803685cd7 KEYCLOAK-18353 Implement Pushed Authorization Request inside the Keycloak 
Co-authored-by: Takashi Norimatsu <takashi.norimatsu.ws@hitachi.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2021-07-03 08:47:42 +02:00
lbortoli
e5ae113453 KEYCLOAK-18452 FAPI JARM: JWT Secured Authorization Response Mode for OAuth 2.0 2021-07-03 00:00:32 +02:00
Vlastimil Elias
04ff2c327b [KEYCLOAK-18429] Support a dynamic update profile form 2021-07-02 10:22:47 -03:00
lbortoli
164f3df080 KEYCLOAK-18502 - Support for additional parameters from the backchannel authentication request and backchannel authentication callback. 2021-07-01 00:31:26 +02:00
Takashi Norimatsu
57c80483bb KEYCLOAK-17936 FAPI-CIBA : support Signed Authentication Request 
Co-authored-by: Pritish Joshi <pritish@banfico.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2021-06-29 08:07:40 +02:00
Vlastimil Elias
512bcd14f7 [KEYCLOAK-18428] - dynamic registration form 2021-06-25 17:11:15 -03:00
Vlastimil Elias
b7a4fd8745 KEYCLOAK-18423 - Support a user-friendly name property for user profile 
attributes
 2021-06-24 08:17:06 -03:00
Andy Fedotov
17b374f53a [KEYCLOAK-16455][Adapter - JavaScript] Propagate 3rd party cookies check 
errors outside of JS adapter
 2021-06-23 08:36:26 +02:00
Tomas Kyjovsky
6db1c8204a KEYCLOAK-18393 SAMLAdapterCrossDCTest failures 2021-06-16 18:46:38 +02:00
Pedro Igor
ef3a0ee06c [KEYCLOAK-17399] - Declarative User Profile and UI 
Co-authored-by: Vlastimil Elias <velias@redhat.com>
 2021-06-14 11:28:32 +02:00
Douglas Palmer
aac0b6ec5f [KEYCLOAK-17602] Email account verification link is wrongly encoded 2021-06-10 08:34:53 +02:00
Tomas Kyjovsky
80eabcb7eb KEYCLOAK-18249 WelcomePageTest fails on MSSQL 2019 
- removed reference to `FK_P56CTINXXB9GSK57FO49F9TAC` from the `DropAllServlet`
 2021-06-07 16:18:32 +02:00
Václav Muzikář
6b365d7c12 KEYCLOAK-18044 Client Policy: UI tests (old Admin Console) 2021-06-07 06:43:35 +02:00
Tomas Kyjovsky
1033b272e8 KEYCLOAK-13757 fix for KEYCLOAK-18267_KEYCLOAK-17254 2021-06-03 13:52:25 +02:00
Tomas Kyjovsky
2802740101 KEYCLOAK-13757 update JDG version to 8.1 - testsuite updates 2021-06-03 13:52:25 +02:00
Jan Lieskovsky
cbd4288205 [KEYCLOAK-17254] Adaptively add the default modular JVM options 
to the "javaVmArguments" to start the cache server container with,
if the JVM used to run the cache server is modular (JDK 9+)

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
 2021-06-03 10:36:53 +02:00
Martin Bartoš
2096a0f5cc KEYCLOAK-18246 DemoFilterServletAdapterTest fails for app servers with TLS 2021-05-27 13:06:35 +02:00
Peter Flintholm
919899b994 KEYCLOAK-18039: Optimise offline session load on startup 
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2021-05-13 16:26:26 +02:00
Christoph Leistert
61bdc92ad9
KEYCLOAK-17387: 403 response on localization endpoint for cross realm users 
- add ForbiddenPage class for the assertion at the selenium test
- add assertion to selenium test
- GET requests for localization texts require at least one role for the realm
- Make GET requests for localization texts public, to display the admin UI correctly, even if the role view-realm is missing
 2021-05-03 13:29:11 -03:00
Takashi Norimatsu
65c48a4183
KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA) (#7679) 
* KEYCLOAK-12137 OpenID Connect Client Initiated Backchannel Authentication (CIBA)

Co-authored-by: Andrii Murashkin <amu@adorsys.com.ua>
Co-authored-by: Christophe Lannoy <c4r1570p4e@gmail.com>
Co-authored-by: Pedro Igor <pigor.craveiro@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
 2021-04-29 15:56:39 +02:00
Martin Kanis
515bfb5064 KEYCLOAK-16378 User / client session map store 
Co-authored-by: Martin Kanis <mkanis@redhat.com>
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
 2021-04-28 09:09:15 +02:00
Ayat Bouchouareb
8255cba930 KEYCLOAK-17612- Invalid SAML Response : Invalid Destination 2021-04-26 11:15:28 +02:00
Martin Bartoš
ca019c36e8 KEYCLOAK-17457 Failed OfflineServletsAdapterTest 2021-04-19 16:58:38 -03:00
AlistairDoswald
8b3e77bf81 KEYCLOAK-9992 Support for ARTIFACT binding in server to client communication 
Co-authored-by: AlistairDoswald <alistair.doswald@elca.ch>
Co-authored-by: harture <harture414@gmail.com>
Co-authored-by: Michal Hajas <mhajas@redhat.com>
 2021-04-16 12:15:59 +02:00
Michal Hajas
64ccbda5d5 KEYCLOAK-17323 Compute token expiration using Time.currentTime() instead of userSession.getStarted() 2021-04-14 12:58:45 +02:00
sma1212
e10f3b3672
[KEYCLOAK-17484] OIDC Conformance - Authorization response with Hybrid flow does not contain token_type (#7872) 
* [KEYCLOAK-17484] fix oidc conformance for hybrid-flow

* [KEYCLOAK-17484] add TokenType & ExpiresIn to OAuth2Constants

* [KEYCLOAK-17484] add request validation for oidc-flows automated tests
 2021-03-30 08:59:30 +02:00
Bodo Graumann
0033b7daf7 [KEYCLOAK-17166] Use radio buttons for otp select 2021-03-29 15:46:34 +02:00
Hynek Mlnarik
a36fafe04e KEYCLOAK-17409 Support for amphibian (both component and standalone) provider 2021-03-25 13:28:20 +01:00
Jan Lieskovsky
5fac80b05e [KEYCLOAK-17100] Testsuite Wildfly initialization error on Windows 
[KEYCLOAK-17392] Java CLASSPATH is wrongly parsed on Windows

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-Authored-By: Peter Zaoral <pzaoral@redhat.com>
 2021-03-25 09:21:34 +01:00
Clement Cureau
0b68f24a09
[KEYCLOAK-14046] Include groups in user creation via Admin Console (#7035) 
* [KEYCLOAK-14046] Include groups in user creation via Admin Console

Since the POST /users API now supports providing groups membership, here is the UI
part!

- Added a field in the user creation UI to specify groups the newly created user
will be joining
- Added associated messages in english language

* Added UI integration tests

* Fixed UI tests

* Flatten nested groups in user creation groups searchbox

* Filtering out searched groups

* Removed unused injection

* Fixed UI tests

Co-authored-by: Clement Cureau <clement.cureau@cdiscount.com>
 2021-03-19 13:55:45 +01:00
Michito Okai
298ab0bc3e KEYCLOAK-7675 Support for Device Authorization Grant 2021-03-15 10:09:20 -03:00
Hiroyuki Wada
9d57b88dba KEYCLOAK-7675 Prototype Implementation of Device Authorization Grant. 
Author:    Hiroyuki Wada <h2-wada@nri.co.jp>
Date:      Thu May 2 00:22:24 2019 +0900

Signed-off-by: Łukasz Dywicki <luke@code-house.org>
 2021-03-15 10:09:20 -03:00
Thomas Darimont
b926cd20f1 KEYCLOAK-14412 Keycloak.js should honor scopes configured in initOptions and loginOptions 2021-03-11 13:03:08 -03:00
Michal Hajas
fc29a39e5a KEYCLOAK-16592 Do not require destination with SOAP binding 2021-03-05 19:52:00 +01:00
mposolda
99c1ee7f5a KEYCLOAK-16793 KEYCLOAK-16948 Cors on error responses for logoutEndpoint and tokenEndpoint 2021-03-05 14:14:53 +01:00
Pavel Drozd
8203c4451e KEYCLOAK-14766 - Removed setting default password for LDAPRule configuration 2021-03-04 12:56:45 +01:00
Pedro Igor
0f30b3118a [KEYCLOAK-16676] - Client attributes should not be stored if null or empty 2021-03-03 15:37:05 +01:00
Pedro Igor
40efbb0f9c [KEYCLOAK-13942] - Invalidate pre-defined paths when paths are invalidated 2021-03-02 15:01:42 +01:00
rmartinc
056b52fbbe KEYCLOAK-16800 userinfo fails with 500 Internal Server Error for service account token 2021-02-18 19:37:52 +01:00
mposolda
80bf0b6bad KEYCLOAK-16708 Unexpected exceptions during client authentication 2021-02-12 18:27:54 +01:00
diodfr
cb12fed96e KEYCLOAK-4544 Detect existing user before granting user autolink 2021-02-11 11:06:49 +01:00
mposolda
f4b5942c6c KEYCLOAK-16755 ClearExpiredUserSessions optimization. Rely on infinispan expiration rather than Keycloak own background task. 2021-02-04 08:49:42 +01:00
mposolda
99a70267d9 KEYCLOAK-16801 Improve performance of ClearExpiredEvents background task 2021-01-27 09:57:46 +01:00
Martin Kanis
9f580e3ed8 KEYCLOAK-15695 Streamification cleanup 2021-01-20 14:39:53 +01:00
Martin Bartoš
9df7fdbc55 KEYCLOAK-14718 Adding test case for User Client Role Mapper 2021-01-19 17:49:36 +01:00
vramik
1402d021de KEYCLOAK-14846 Default roles processing 2021-01-08 13:55:48 +01:00
vramik
dfa27b9f0f KEYCLOAK-14856 fix migration, add ssl for migration server 2021-01-05 11:05:18 +01:00
Martin Bartoš
24f1a9c5c4 KEYCLOAK-16583 Ignore tests which directly use WebAuthn Chrome testing feature 2020-12-14 16:39:32 +01:00
Hynek Mlnarik
8c0c542f09 KEYCLOAK-16489 Add ability to run model tests with LDAP 2020-12-07 20:54:06 +01:00
Ian
be4c99dfe5 KEYCLOAK-15287 Ability to add custom claims to the AccessTokenResponse 2020-12-03 17:28:03 +01:00
Peter Zaoral
c8a2f82a50 KEYCLOAK-14138 Upgrade OTP login screen 
* edited related css and ftl theme resources
* added tile component
* fixed IE11 compatibility
* fixed affected tests

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2020-12-03 16:00:36 +01:00
Peter Zaoral
ad940a861a KEYCLOAK-14137 Upgrade Authentication selector screen 
* edited related css and ftl theme resources
* added IE11 compatibility support
* fixed affected tests

Signed-off-by: Peter Zaoral <pzaoral@redhat.com>
 2020-11-27 08:40:06 +01:00
Jan Lieskovsky
833bf98643 [KEYCLOAK-15692] Upgrade to Wildfly "21.0.1.Final" 
Base fixes:
* [KEYCLOAK-15780]      Upgrade Keycloak to Wildfly 21.0.0.Beta1 / Wildfly Core 13.0.0.Beta6
* [KEYCLOAK-16031]      Upgrade Keycloak to Wildfly 21.0.0.Final / Wildfly Core 13.0.1.Final
* [KEYCLOAK-16442]      Upgrade Keycloak to Wildfly 21.0.1.Final / Wildfly Core 13.0.3.Final

Other (dependent) fixes:
* [KEYCLOAK-15408]      Deprecate former Wildfly and Wildfly Core versions in Arquillian's
                        testsuite pom.xml file as part of the upgrade script
* [KEYCLOAK-15442]      Update the version of 'jboss-parent' as part of the Wildfly upgrade
                        script if necessary
* [KEYCLOAK-15474]      Add --verbose and --force options to the Wildfly upgrade automated script
* [KEYCLOAK-15649]      Update "urn:jboss:domain:infinispan:10.0" version as part of the Wildfly
                        upgrade automated script
* [KEYCLOAK-15652]      Wildfly upgrade automated script - Align Python artifact version
                        comparsion algorithm with the Maven / Java one

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
 2020-11-26 09:25:29 +01:00
zak905
4f330f4a57 KEYCLOAK-953: add allowing user to delete his own account feature 2020-11-24 15:50:07 +01:00
Stan Silvert
0afd55f32c KEYCLOAK-14547: Make New Account Console the default. 2020-11-23 20:56:05 +01:00
Martin Bartos
ab347df5ee KEYCLOAK-14915 Upgrade registration screen to PF4 2020-11-18 10:54:17 +01:00
Hynek Mlnarik
29e3d89f3a KEYCLOAK-16297 Fix HttpClient stale connections 2020-11-16 14:59:00 +01:00
Michal Hajas
a766a1dd16 KEYCLOAK-16074 Fix check3pCookiesSupported message callback 2020-11-13 16:01:50 -03:00
Hynek Mlnarik
030a077e99 KEYCLOAK-16157 Fix Unexpected I/O error message 2020-11-11 11:12:52 +01:00
Thomas Darimont
de20830412 KEYCLOAK-9551 KEYCLOAK-16159 Make refresh_token generation for client_credentials optional. Support for revocation of access tokens. 
Co-authored-by: mposolda <mposolda@gmail.com>
 2020-11-06 09:15:34 +01:00
Martin Bartos
7522d5ac74 KEYCLOAK-15841 Upgrade rest of the minor forms to PF4 2020-11-05 17:58:41 +01:00
Christoph Leistert
e131de9574 KEYCLOAK-14855 Added realm-specific localization texts which affect texts in every part of the UI (admin console / login page / personal info page / email templates). Also new API endpoints and a new UI screen to manage the realm-specific localization texts were introduced. 
Co-authored-by: Daniel Fesenmeyer <daniel.fesenmeyer@bosch.io>
 2020-10-30 08:02:43 -03:00
Martin Bartos
a8df7d88a1 [KEYCLOAK-14139] Upgrade login screen to PF4 2020-10-27 20:24:07 +01:00
Pedro Igor
b95ca30ec2 [KEYCLOAK-14255] - Minor fixes and improvements 2020-10-23 10:39:21 +02:00
mhajas
d266165f63 KEYCLOAK-14871 Whitelist RefreshableKeycloakSecurityContext for KeycloakPrincipal serialization 2020-10-14 16:00:39 +02:00
testn
269a72d672 KEYCLOAK-15184: Use static inner class where possible 2020-10-09 23:37:08 +02:00
mposolda
ff05072c16 KEYCLOAK-15770 Skip creating session for docker protocol authentication 2020-10-09 07:53:26 +02:00
Takashi Norimatsu
6596811d5d KEYCLOAK-14204 FAPI-RW Client Policy - Executor : Enforce Request Object satisfying high security level 2020-09-25 08:31:14 +02:00
vmuzikar
bca73fd04a KEYCLOAK-15158 Javascript adapter init() is throwing a promise error after upgrade to 11 2020-09-22 10:56:46 -03:00
mhajas
12bc84322a KEYCLOAK-14974 Map group storage provider 2020-09-21 15:56:32 +02:00
testn
2cd03569d6 KEYCLOAK-15238: Fix potential resource leak from not closing Stream/Reader 2020-09-21 13:05:03 +02:00
vmuzikar
790b549cf9 KEYCLOAK-15262 Logout all sessions after password change 2020-09-18 20:09:40 -03:00
Pedro Igor
0978d78a48 [KEYCLOAK-14255] - Initial changes to configuration 2020-09-16 20:03:52 +02:00
Hynek Mlnarik
583fa07bc4 KEYCLOAK-11029 Support modification of broker username / ID for identity provider linking 2020-09-01 20:40:38 +02:00
David Hellwig
ddc2c25951
KEYCLOAK-2940 - draft - Backchannel Logout (#7272) 
* KEYCLOAK-2940 Backchannel Logout

Co-authored-by: Benjamin Weimer <external.Benjamin.Weimer@bosch-si.com>
Co-authored-by: David Hellwig <hed4be@bosch.com>
 2020-08-12 09:07:58 -03:00
rmartinc
32bf50e037 KEYCLOAK-14336: LDAP group membership is not visible under "Users in Role" tab for users imported from LDAP 2020-07-30 16:19:22 +02:00
mhajas
74988a3f21 KEYCLOAK-14826 Fix non-ssl auth-server tests failures 2020-07-23 14:20:19 +02:00
Martin Kanis
c5d5423cd3 KEYCLOAK-12265 Move KerberosEmbeddedServer to testsuite 2020-07-21 18:27:09 +02:00
vmuzikar
316f9f46e2 KEYCLOAK-14825 Make adapter tests running with FF to test cookies 2020-07-21 10:25:19 -03:00
Jan Lieskovsky
969b09f530 [KEYCLOAK-13692] Upgrade to Wildfly "20.0.1.Final" and Infinispan "10.1.8.Final" 
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Marek Posolda <mposolda@redhat.com>
 2020-07-20 22:15:08 +02:00
mhajas
93149d6b47 KEYCLOAK-14234 Adjust Adapter testsuite to work with app/auth.server.host including TLS configured 2020-07-20 11:22:16 +02:00
Erik Jan de Wit
ace64c1f0c KEYCLOAK-12249 added test to test that time is localized 2020-07-15 14:57:38 -04:00
Pedro Igor
582046bbfe [KEYCLOAK-13141] - Fixing filter 2020-07-15 11:00:55 -03:00
Luca Leonardo Scorcia
f8a4f66d6c
KEYCLOAK-13698 - SAML Client - Add certificate info to signature 
Adds the X509Data tag to the XML Document signature in AuthnRequests
 2020-07-10 23:06:37 +02:00
vmuzikar
7087c081f0 KEYCLOAK-14023 Instagram User Endpoint change 
Co-authored-by: Jean-Baptiste PIN <jibet.pin@gmail.com>
 2020-07-10 17:36:51 -03:00
Pedro Igor
1db1deb066 [KEYCLOAK-13141] - Supporting re-augmentation 2020-07-10 11:04:46 -03:00
vmuzikar
001fe9eb11 KEYCLOAK-13206 Session Status iframe cannot access cookies when 3rd party cookies are blocked 
Co-authored-by: mhajas <mhajas@redhat.com>
 2020-06-30 17:11:20 -03:00
Pedro Igor
337a751aaa [KEYCLOAK-11330] - Clustering tests for GA 2020-06-24 17:23:45 +02:00
Hiroyuki Wada
f73b51818b KEYCLOAK-14113 Support for exchanging to SAML 2.0 token 2020-06-19 22:08:42 +02:00
Martin Bartos
ec9bf6206e [KEYCLOAK-13202] Reset password redirects to account client 2020-06-18 13:08:36 +02:00
Pedro Igor
d331091c5e [KEYCLOAK-11330] - Quarkus tests 2020-06-17 17:20:55 +02:00
vmuzikar
d71e81ed5e KEYCLOAK-14235 Support for running broker tests with different hostnames for auth server and IdP 2020-06-17 14:13:00 +02:00
Pedro Igor
a8bad5b9bb [KEYCLOAK-11330] - Quarkus clustering tests 2020-06-16 10:07:24 -03:00
mhajas
5d1d75db40 KEYCLOAK-14103 Add Warn message for possibly missing SameSite configuration 2020-06-15 14:45:57 +02:00
Tero Saarni
3c82f523ff [KEYCLOAK-14343] Truststore SPI support for LDAP with StartTLS 
Signed-off-by:  Tero Saarni <tero.saarni@est.tech>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
 2020-06-11 18:07:53 +02:00
vramik
d63b3ceca4 KEYCLOAK-14141 0 downtime upgrade test 2020-06-10 12:45:34 +02:00
Pedro Igor
6ccde288a3 [KEYCLOAK-11330] - SSL Support 2020-06-09 08:43:52 +02:00
Alfredo Boullosa
2ddfc94495 KEYCLOAK-14115 Add a refresh to avoid failure 2020-06-03 20:13:08 -04:00
Pedro Igor
357982adf6 [KEYCLOAK-11330] - Initial changes to get testsuite working for Quarkus 2020-06-03 09:57:24 -03:00
Jan Lieskovsky
a121f77ea4 [KEYCLOAK-12305] [Testsuite] Check LDAP federated user (in)valid 
login(s) using various authentication methods, bind credential
types, and connection encryption mechanisms

The tests cover various possible combinations of the following:
* Authentication method: Anonymous or Simple (default),
* Bind credential: Secret (default) or Vault,
* Connection encryption: Plaintext (default), SSL, or startTLS

Also, ignore the StartTLS LDAP tests for now till KEYCLOAK-14343
& KEYCLOAK-14354 are corrected (due these issues they aren't
working with auth server Wildfly). They will be re-enabled later
via KEYCLOAK-14358 once possible

Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
 2020-06-02 14:44:17 +02:00
Hynek Mlnarik
7deb89caab KEYCLOAK-10729 Do not serialize SAML signature 2020-05-25 15:38:17 +02:00
Martin Bartos
7ebdca48d3 [KEYCLOAK-13572] Doesn't observe After events due to assume check 2020-05-04 17:31:44 +02:00
Hynek Mlnarik
32f13016fa KEYCLOAK-12874 Align Destination field existence check with spec 2020-05-04 09:19:44 +02:00
stianst
5b017e930d KEYCLOAK-13128 Security Headers SPI and response filter 2020-04-28 15:28:24 +02:00
Yoshiyuki Tabata
b40c12c712 KEYCLOAK-5325 Provide OAuth token revocation capability 2020-04-28 15:25:22 +02:00
Thomas Darimont
12e53e6f11 KEYCLOAK-11003 Remove UPDATE_PASSWORD RequiredAction on non-temporary password reset 
We now remove a potentially existing UPDATE_PASSWORD action when
explicitly assigning a non-temporary password.

Adapted tests to use a temporary password when UpdatePassword required actions
were used.
 2020-04-22 10:59:49 +02:00
aboullos
2945eb63b7 KEYCLOAK-8836 Add test to check product name on welcome page 
Modify import

KEYCLOAK-8836 Add test to check product name on welcome page
 2020-04-21 11:30:20 +02:00
mposolda
821405e175 KEYCLOAK-10852 Inconsistency when using 'forgot password' after changing email directly in LDAP 2020-04-16 12:28:41 +02:00
Pedro Igor
acfbdf6b0e [KEYCLOAK-13187] - Concurrency issue when refreshing tokens and updating security context state 2020-04-16 12:25:42 +02:00
stianst
1f02f87a6e KEYCLOAK-13565 Add support for kc_action to keycloak.js 
Co-authored-by mhajas <mhajas@redhat.com>
 2020-04-14 19:23:56 +02:00
Pedro Igor
b60b85ab65 [KEYCLOAK-7450] - Match subject when validating id_token returned from external OP 2020-04-06 13:43:19 +02:00
mhajas
8b96882a1c KEYCLOAK-12972 Fix fuse tests 2020-03-24 14:50:54 +01:00
Pedro Igor
ec63245ac8 [KEYCLOAK-13386] - SslRequired.EXTERNAL doesn't work for identity broker validations 2020-03-23 12:16:43 -03:00
mposolda
61fd66e107 KEYCLOAK-13368 TestClassProvider undertow server not stopped after testsuite 2020-03-23 07:10:17 +01:00
Dmitry Telegin
3b24465141
KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking (#6828) 
* KEYCLOAK-12870 - Allow to pick arbitrary user for IdP linking

* KEYCLOAK-12870: always allow to choose user if password reset is called from first broker login flow

* KEYCLOAK-12870: remove "already authenticated as different user" check and message

* KEYCLOAK-12870: translations

* KEYCLOAK-12870: fix tests
 2020-03-20 07:41:35 +01:00
Aboullos
f8dc7c0329 KEYCLOAK-13007 Add LDAPAccountTest 2020-03-18 10:11:59 -03:00
Stan Silvert
fff8571cfd KEYCLOAK-12768: Prevent reserved characters in URLs 2020-03-18 07:40:24 +01:00
Stefan Guilhen
8c627fdb20 [KEYCLOAK-13036] Fix KeycloakElytronCSVaultTest failures on IBM JDK 
- credential store is generated on the fly for the test, avoiding incompatibilities between implementations of keystores
 2020-03-17 17:07:55 +01:00
mposolda
bc1146ac2f KEYCLOAK-10029 Offline token migration fix. Always test offline-token migration when run MigrationTest 2020-03-10 20:38:16 +01:00
Pedro Igor
b7a395a3ef [KEYCLOAK-11345] - Test basic features of Keycloak.X with current tetsuite 2020-03-10 15:59:35 +01:00
mabartos
a1bbab9eb2 KEYCLOAK-12799 Missing Cancel button on The WebAuthn setup screen when using AIA 2020-03-05 15:04:38 +01:00
Jon Koops
c1bf183998 KEYCLOAK-9346 Add new KeycloakPromise to support native promises 
Co-authored-by: mhajas <mhajas@redhat.com>
 2020-03-04 08:53:35 +01:00
Hynek Mlnarik
f45f882f0c KEYCLOAK-11903 Test for XSW attacks 2020-03-02 21:26:13 +01:00
Hynek Mlnarik
aecfe251e4 KEYCLOAK-12816 Fix representation to model conversion 2020-02-27 21:11:24 +01:00
vmuzikar
de8ba75399 KEYCLOAK-12635 KEYCLOAK-12935 KEYCLOAK-13023 UI test fixes 2020-02-26 15:54:44 -03:00
Martin Bartoš
eaaff6e555
KEYCLOAK-12958 Preview feature profile for WebAuthn (#6780) 
* KEYCLOAK-12958 Preview feature profile for WebAuthn

* KEYCLOAK-12958 Ability to enable features having EnvironmentDependent providers without restart server

* KEYCLOAK-12958 WebAuthn profile product/project

Co-authored-by: Marek Posolda <mposolda@gmail.com>
 2020-02-26 08:45:26 +01:00