Commit graph

2295 commits

Author SHA1 Message Date
Marek Posolda
48eaebf1c3 Merge pull request #4293 from TeliaSoneraNorge/KEYCLOAK-5139
KEYCLOAK-5139 refresh token does not work with pairwise subject ident…
2017-07-10 11:21:34 +02:00
Pedro Igor
65251748c7 [KEYCLOAK-5148] - Create authorization settings when creating a new client using a config file 2017-07-05 18:19:00 -03:00
Pedro Igor
4b7c61111c Merge pull request #4288 from pedroigor/KEYCLOAK-5135
[KEYCLOAK-5135] - Wrong comparison when checking for duplicate resources during creation
2017-07-05 08:22:23 -03:00
Martin Hardselius
8cb8678525 KEYCLOAK-5139 refresh token does not work with pairwise subject identifiers 2017-07-05 12:32:43 +02:00
Stian Thorgersen
c95aace6e0 KEYCLOAK-5141 Return '*' in Cors requests when '*' is in list of permitted origins. Stop caching well-known information as it can change. (#4290) 2017-07-05 09:25:21 +02:00
Stian Thorgersen
9a9f4137e5 KEYCLOAK-4556 KEYCLOAK-5022 Only cache keycloak.js and iframe if specific version is requested (#4289) 2017-07-04 21:18:34 +02:00
Pedro Igor
adffe16cb8 [KEYCLOAK-5135] - Wrong comparison when checking for duplicate resources during creation 2017-07-04 10:16:55 -03:00
Stan Silvert
32b16717a7 KEYCLOAK-4234: Link to app in acct mgt doesn't use root url (#4285)
* KEYCLOAK-4234: Link to app in acct mgt not use root url

* Add tests.
2017-07-04 07:01:58 +02:00
Dmitry Telegin
fba264433a KEYCLOAK-5131 ProviderFactory::postInit not called with hot deployment 2017-07-03 12:20:29 +03:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
Bill Burke
999dff353c Merge remote-tracking branch 'upstream/master' 2017-06-29 17:37:45 -04:00
Bill Burke
f5389b0e17 don't clean up properly 2017-06-29 17:36:45 -04:00
Sebastien Blanc
500a21685f KEYCLOAK-5082 : Add new redirect-rewrite-rule parameters for the adapters (#4255)
* add rewrite rule config property

* add subsystem support for redirect rewrite

* update deployment unit test

* add license headers

* Optimize rewrite method
2017-06-29 12:50:42 +02:00
Stian Thorgersen
5e225c2bd5 Merge pull request #4266 from CoreFiling/FullNameMapper
Fallback to using username in FullNameMapper
2017-06-29 07:28:42 +02:00
Stian Thorgersen
c9bc321d2a Merge pull request #4269 from stianst/dockerdockerdocker
KEYCLOAK-3592 Docker auth implementation
2017-06-29 07:23:47 +02:00
Stian Thorgersen
74fe9249d5 Merge pull request #4216 from machielg/master
KEYCLOAK-5026 Store credentials
2017-06-29 06:52:16 +02:00
Josh Cain
89fcddd605 KEYCLOAK-3592 Docker auth implementation 2017-06-29 06:37:34 +02:00
Stian Thorgersen
e964b156cc Merge pull request #4264 from stianst/KEYCLOAK-5074
KEYCLOAK-5074 Allow updating client secret through client registratio…
2017-06-28 11:40:04 +02:00
Jay Anslow
bdc9e8d2c3 Omit empty name claim in FullNameMapper
If a user has no first or last name, don't add the `name` claim.
2017-06-28 09:40:57 +01:00
Stian Thorgersen
ce4506f367 Merge pull request #4261 from hmlnarik/KEYCLOAK-4377-null
KEYCLOAK-4377
2017-06-28 08:21:20 +02:00
Stian Thorgersen
1220d7f898 KEYCLOAK-5074 Allow updating client secret through client registration service 2017-06-28 08:11:51 +02:00
Hynek Mlnarik
a3ccac2012 KEYCLOAK-4377 2017-06-27 14:34:47 +02:00
Stian Thorgersen
4be0e36306 Merge pull request #4208 from ASzc/KEYCLOAK-4758
KEYCLOAK-4758
2017-06-27 11:35:43 +02:00
Stian Thorgersen
56c5996aff Merge pull request #4259 from stianst/abstractj-KEYCLOAK-4444
KEYCLOAK-4444
2017-06-27 10:44:30 +02:00
Machiel Groeneveld
7849191ec7 Merge branch 'master' into master 2017-06-27 10:27:07 +02:00
Stian Thorgersen
06a318d7d5 KEYCLOAK-4444 Update for fine grained permissions 2017-06-27 08:38:51 +02:00
Bruno Oliveira
361ab1c988 [KEYCLOAK-4444] Allow sending test email 2017-06-27 08:38:36 +02:00
Stian Thorgersen
b4d39ca061 KEYCLOAK-4984 Don't update client registration access token on read 2017-06-27 08:29:03 +02:00
Bill Burke
bc05560d4d Merge remote-tracking branch 'upstream/master' 2017-06-26 11:41:12 -04:00
Bill Burke
28b3ef9aa9 admin console work 2017-06-26 11:40:32 -04:00
Bill Burke
22987bb90b Merge pull request #4250 from mposolda/RHSSO-1027
KEYCLOAK-5085 Easy fix to just handle the exception
2017-06-26 10:04:02 -04:00
Bill Burke
f1807aead4 impersonate 2017-06-25 11:28:37 -04:00
mposolda
756d996a4a KEYCLOAK-5085 RHSSO-1027 Fix to handle the exception thrown from alternative flow 2017-06-23 19:13:43 +02:00
Bill Burke
3ee86fedc7 Merge remote-tracking branch 'upstream/master' 2017-06-23 09:57:35 -04:00
Bill Burke
e7f781df5a fix 2017-06-23 09:57:25 -04:00
Hynek Mlnarik
8f9ed32a66 KEYCLOAK-5078 ConcurrencyTest fails intermittently
This commit fixes 401 Unauthorized issues
2017-06-23 15:16:23 +02:00
Bill Burke
39dea4b078 restricting admin role mapping 2017-06-22 16:51:46 -04:00
Stian Thorgersen
6f731dfee9 Merge pull request #4118 from skjolber/feature/KEYCLOAK-3056-verify-signature-2
Some adjustments for KEYCLOAK-3056 / PR #3893
2017-06-22 08:44:32 +02:00
Marek Posolda
ab7a0c2252 Merge pull request #4248 from mposolda/client-initial-access-db
KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to…
2017-06-22 06:27:25 +02:00
Bill Burke
d08ddade2e merge 2017-06-21 17:43:54 -04:00
Bill Burke
52e40922bc removal 2017-06-21 17:42:57 -04:00
Bill Burke
2b1613d36b Merge pull request #4064 from frelibert/KEYCLOAK-4781
KEYCLOAK-4781 Support for an AttributeStatement Mapper
2017-06-21 17:06:16 -04:00
Bill Burke
f1132ffabe Merge pull request #4175 from mrezai/fix-pkce-s256-code-challenge
KEYCLOAK-4956: Fix incorrect PKCE S256 code challenge generation
2017-06-21 17:04:31 -04:00
mposolda
fc61a4e89f KEYCLOAK-4631 Move ClientInitialAccessModel from userSession model to realm model 2017-06-21 22:14:20 +02:00
Marek Posolda
eae0360eb1 Merge pull request #4243 from mposolda/KEYCLOAK-3316
KEYCLOAK-3316 Fixes for OAuth2 requests without 'scope=openid'
2017-06-20 22:05:23 +02:00
Pedro Igor
93d57c7d00 Merge pull request #4236 from CoreFiling/js-policy-performance
[KEYCLOAK-5072] - Improve performance of JSPolicyProvider
2017-06-20 15:11:40 -03:00
mposolda
32cf8b7cad KEYCLOAK-3316 Fixes for OAuth2 requests without 'scope=openid' 2017-06-20 17:17:43 +02:00
mposolda
f363dbcad0 KEYCLOAK-4327 Switching language on User consent gives error 2017-06-20 09:21:41 +02:00
Bill Burke
57cb46148f tests 2017-06-19 11:21:59 -04:00
Jay Anslow
7614ff8c6f Extract EvaluatebleScriptAdapter
Precursor for InvocableScriptAdapter, which compiles/evaluates a script without affecting the engine's bindings. This allows the same script to be compiled once and then evaluated multiple times (with the same ScriptEngine).
2017-06-19 15:32:14 +01:00
Bill Burke
a994af9010 remove scope 2017-06-16 11:26:43 -04:00
Pedro Igor
93105a2182 [KEYCLOAK-5056] - @NoCache to scope admin api 2017-06-15 09:49:20 -03:00
Martin Hardselius
60942346f3 KEYCLOAK-4924: pairwise clients get duplicate subs in tokens 2017-06-14 10:47:40 +02:00
Hynek Mlnarik
a0f3a6469f KEYCLOAK-4189 - Cross DC testing 2017-06-12 11:14:28 +02:00
Pedro Igor
f12cef2c86 [KEYCLOAK-4904] - Authorization Audit - Part 1 2017-06-09 13:31:06 -03:00
Machiel Keizer-Groeneveld
80f8815b9a KEYCLOAK-5026 Store credentials
Credentials are stored with user creation if they are present in the UserRepresentation.
2017-06-09 09:32:33 +02:00
Bill Burke
94528976d4 console work 2017-06-07 16:29:43 -04:00
Bill Burke
536a57a514 ui for permission reference 2017-06-05 19:52:51 -04:00
Alex Szczuczko
5d88c2b8be KEYCLOAK-4758 Update Encode class using latest resteasy. Use encodeQueryParamAsIs instead of encodeQueryParam when encoding key=value pairs for URI query sections. Also fix a few callers who were relying on the bad behaviour of queryParam. 2017-06-05 16:24:38 -06:00
Pedro Igor
9be9e30ad6 Merge pull request #4206 from pedroigor/KEYCLOAK-4983
[KEYCLOAK-4983] - Authz settings export of role base policy generates json where are just role-names
2017-06-05 16:19:58 -03:00
Pedro Igor
23887f4031 Fixing tests and more client policy tests 2017-06-05 11:26:33 -03:00
Pedro Igor
3760f2753b [KEYCLOAK-4983] - Authz settings export of role base policy generates json where are just role-names 2017-06-02 20:09:33 -03:00
Pedro Igor
d0f505455d [KEYCLOAK-4991] - Allow clients to limit the number of permission in a RPT when using entitlements 2017-06-02 19:06:40 -03:00
Bill Burke
a41d282e92 client permission tests 2017-06-02 15:49:20 -04:00
Pedro Igor
813af5d757 [KEYCLOAK-4992] - Using query parameter metadata for GET requests 2017-06-02 16:13:04 -03:00
Thomas Skjølberg
241c58dd61 Add unit tests related to signatures, check that a signature is present when want assertion signing. 2017-06-02 15:36:52 +02:00
Bill Burke
b9f7a43a72 group permissions 2017-06-01 20:16:35 -04:00
Pedro Igor
dcd1a68d95 [KEYCLOAK-4992] - Allow clients to exclude resource_set_name from RPT 2017-05-31 19:33:34 -03:00
Pedro Igor
c4a0470a37 [KEYCLOAK-4987] - Remove async support from AuthZ Token Endpoints 2017-05-30 12:48:18 -03:00
Stian Thorgersen
a6e4245185 Merge pull request #4194 from stianst/KEYCLOAK-4888
KEYCLOAK-4888
2017-05-30 14:49:22 +02:00
Stian Thorgersen
8c53c5a90e KEYCLOAK-4888
Change default hashing provider for realm
2017-05-30 09:54:05 +02:00
Thomas Darimont
7d0b461683 KEYCLOAK-4975 Use authenticationSession binding name in ScriptBasedAuthenticator
We now use authenticationSession instead of clientSession to reflect
the renaming of ClientSessionModel to AuthenticationSessionModel.

Note that this is a breaking change which needs to be mentioned in
the upgrade notes!
2017-05-29 18:14:02 +02:00
Bill Burke
c3ea847b3e auth changes 2017-05-29 09:53:17 -04:00
mposolda
5560175888 KEYCLOAK-4626 Changed javadoc. Remove unused ClientSessionModel class 2017-05-25 18:51:05 +02:00
Pedro Igor
81f1a5b145 Merge pull request #4183 from pedroigor/stan-ui-fixes
[KEYCLOAK-4915] - Fixes to evaluation tool UI
2017-05-24 09:32:42 -03:00
mposolda
2b59db71a8 KEYCLOAK-3316 Remove the IDToken if scope=openid is not used 2017-05-24 09:23:14 +02:00
Pedro Igor
829bcf5eaf Fix to evaluation tool 2017-05-23 17:50:06 -03:00
Pedro Igor
554e692d8f Merge pull request #4171 from pedroigor/KEYCLOAK-4913
[KEYCLOAK-4913] - Caching more query methods
2017-05-23 17:40:51 -03:00
Stian Thorgersen
c442bcd8d3 Merge pull request #4174 from stianst/KEYCLOAK-4889
KEYCLOAK-4889
2017-05-23 14:26:15 +02:00
Stian Thorgersen
1b6405a28f Merge pull request #4173 from hmlnarik/KEYCLOAK-4941
KEYCLOAK-4941
2017-05-23 14:00:43 +02:00
Stian Thorgersen
ef29097679 Merge pull request #4172 from hmlnarik/KEYCLOAK-4813-Destination-Validation-should-ignore-whether-default-port-is-explicitly-specified
KEYCLOAK-4813 Destination validation counts on port being not specified
2017-05-23 13:59:36 +02:00
Mohammad Rezai
acd78ee407 KEYCLOAK-4956: Fix incorrect PKCE S256 code challenge generation 2017-05-23 16:15:44 +04:30
Stian Thorgersen
130452f6c3 Merge pull request #4085 from mstruk/RHSSO-402
RHSSO-402 need a way to dump configuration (including ldap provider config) to a file
2017-05-23 13:29:32 +02:00
Stian Thorgersen
097a2267f5 KEYCLOAK-4889
Improve error messages for password policies
2017-05-23 13:18:06 +02:00
Hynek Mlnarik
f47283f61a KEYCLOAK-4813 Destination validation counts on port being not specified 2017-05-23 12:52:48 +02:00
Hynek Mlnarik
03b1dff1bd KEYCLOAK-4941 2017-05-23 11:15:51 +02:00
mposolda
8adde64e2c KEYCLOAK-4016 Provide a Link to go Back to The Application on a Timeout 2017-05-23 09:08:58 +02:00
Pedro Igor
37a98fba20 [KEYCLOAK-4913] - Caching more query methods 2017-05-22 19:08:24 -03:00
Pedro Igor
62ffab7239 Exporting a client is updating policy config 2017-05-19 19:45:47 -03:00
Bill Burke
ab763e7c5b fixes after merge 2017-05-19 15:54:36 -04:00
Bill Burke
f114895cd2 for merge 2017-05-19 11:29:26 -04:00
Bill Burke
2cac8b1bb7 KEYCLOAK-4929 2017-05-18 16:53:31 -04:00
Bill Burke
c291748f43 KEYCLOAK-4929 2017-05-18 16:48:04 -04:00
Marko Strukelj
7d0ca42c6c RHSSO-402 need a way to dump configuration (including ldap provider config) to a file 2017-05-15 12:13:58 +02:00
Bill Burke
954ef99f22 Merge remote-tracking branch 'upstream/master' 2017-05-12 10:10:29 -04:00
mposolda
7d8796e614 KEYCLOAK-4626 Support for sticky sessions with AUTH_SESSION_ID cookie. Clustering tests with embedded undertow. Last fixes. 2017-05-11 22:24:07 +02:00
Hynek Mlnarik
b8262a9f02 KEYCLOAK-4628 Single-use cache + its functionality incorporated into reset password token. Utilize single-use cache for relevant actions in execute-actions token 2017-05-11 22:16:26 +02:00
mposolda
db8b733610 KEYCLOAK-4626 Fix TrustStoreEmailTest and PolicyEvaluationCompositeRoleTest. Distribution update 2017-05-11 22:16:26 +02:00
Hynek Mlnarik
c431cc1b01 KEYCLOAK-4627 IdP email account verification + code cleanup. Fix for concurrent access to auth session notes 2017-05-11 22:16:26 +02:00
mposolda
168153c6e7 KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes 2017-05-11 22:16:26 +02:00