Commit graph

654 commits

Author SHA1 Message Date
Carl Kristian Eriksen
50dd07217d KEYCLOAK-5032 Forward request parameters to another IdP
Forwarding of prompt and acr_values, if provided in the authorization request.
If prompt is set in the configuration for the identity provider, the configuration overrules the request parameter.
2017-10-09 16:15:27 +02:00
Stian Thorgersen
7774d5c6b8 Revert changes in KEYCLOAK-5621 (#4539) 2017-10-06 14:02:34 +02:00
Bartek Andrzejczak
8c7313f290 Renames realmKey to realmPublicKey for consistency (#4526) 2017-10-04 08:29:09 +02:00
mposolda
7d641baf4e KEYCLOAK-5570 Added InvalidationCrossDCTest 2017-09-29 19:36:40 +02:00
Marek Posolda
13fe9e7cf8 Merge pull request #4510 from glavoie/KEYCLOAK-3303
KEYCLOAK-3303: Allow reuse of refresh tokens.
2017-09-29 17:07:45 +02:00
mposolda
3b6e1f4e93 KEYCLOAK-5007 Used single-use cache for tracke OAuth code. OAuth code changed to be encrypted and signed JWT 2017-09-29 13:20:22 +02:00
mposolda
63673c4328 KEYCLOAK-5569 Added JWE 2017-09-29 13:01:42 +02:00
Gabriel Lavoie
134daeac7f KEYCLOAK-3303: Allow reuse of refresh tokens.
- Configurable max reuse count.
2017-09-28 15:30:40 -04:00
Bill Burke
8ace0e68c3 KEYCLOAK-910 KEYCLOAK-5455 2017-09-21 17:15:18 -04:00
Bill Burke
f927ee7b4e KEYCLOAK-5491 KEYCLOAK-5492 2017-09-15 16:30:45 -04:00
filipelautert
e055589448 [KEYCLOAK-4778] Fix for Oracle null value when having an empty String as attribute value (#4406)
* Add client.name as a second parameter to the title expressions in login template

* Fixing tooltip.

* pt_BR localization for admin screens.

* Reverting login.ftl

* Added all tooltip messages - even the ones not translated.
Translated around 150 messages todas.

* More translations.

* Fixing wrong edit.

* [KEYCLOAK-4778] Null check on Attribute value. This value can be null when retrieved from an Oracle database.

* [KEYCLOAK-4778] Create unit tests for empty and null values.

* [KEYCLOAK-4778] Move empty and null attributes tests to a separated test method; change tests to empty or null Strings.

* [KEYCLOAK-4778] Check if value is null and set it as empty array. In the former code if null was received it would generate an array with 1 string element ["null"]. Also if we set value as null instead of ArrayList, later when the rest call is executed it will generate the same incorrect array again.

* [KEYCLOAK-4778] Tests clean up.
2017-08-31 06:09:41 +02:00
Stian Thorgersen
d3dc26181e KEYCLOAK-3481 (#4441) 2017-08-30 08:00:22 +02:00
Stian Thorgersen
dcfa4aca8c KEYCLOAK-943 Started account rest service. Profile and sessions completed. (#4439) 2017-08-29 20:12:09 +02:00
Stian Thorgersen
463661b051 Set version to 3.4.0.CR1-SNAPSHOT 2017-08-28 15:46:22 +02:00
Bill Burke
6696c44dc0 Merge remote-tracking branch 'upstream/master' 2017-08-24 15:19:48 -04:00
Bill Burke
7a57723c01 more token exchange 2017-08-24 15:19:38 -04:00
mposolda
fe5891fbdb KEYCLOAK-5293 Add notBefore to user 2017-08-23 08:58:26 +02:00
Bill Burke
16954fc370 fix 2017-08-10 14:58:09 -04:00
Bill Burke
2fa55550f3 token exchange permissions 2017-08-09 10:04:14 -04:00
Bill Burke
6b991b850e change role name 2017-07-28 16:20:23 -04:00
Bill Burke
db9b1bcb21 token exchange 2017-07-28 16:15:39 -04:00
Stian Thorgersen
454c5f4d83 Set version to 3.3.0.CR1-SNAPSHOT 2017-06-30 09:47:11 +02:00
Sebastien Blanc
500a21685f KEYCLOAK-5082 : Add new redirect-rewrite-rule parameters for the adapters (#4255)
* add rewrite rule config property

* add subsystem support for redirect rewrite

* update deployment unit test

* add license headers

* Optimize rewrite method
2017-06-29 12:50:42 +02:00
Stian Thorgersen
c9bc321d2a Merge pull request #4269 from stianst/dockerdockerdocker
KEYCLOAK-3592 Docker auth implementation
2017-06-29 07:23:47 +02:00
Josh Cain
89fcddd605 KEYCLOAK-3592 Docker auth implementation 2017-06-29 06:37:34 +02:00
Machiel Groeneveld
7849191ec7 Merge branch 'master' into master 2017-06-27 10:27:07 +02:00
Bill Burke
28b3ef9aa9 admin console work 2017-06-26 11:40:32 -04:00
Bill Burke
d08ddade2e merge 2017-06-21 17:43:54 -04:00
Bill Burke
52e40922bc removal 2017-06-21 17:42:57 -04:00
Pedro Igor
169280b6a1 [KEYCLOAK-3168] - Group-Based Access Control 2017-06-13 19:05:44 -03:00
Machiel Keizer-Groeneveld
80f8815b9a KEYCLOAK-5026 Store credentials
Credentials are stored with user creation if they are present in the UserRepresentation.
2017-06-09 09:32:33 +02:00
Bill Burke
94528976d4 console work 2017-06-07 16:29:43 -04:00
Pedro Igor
d69d00082f [KEYCLOAK-4932] - Improvements to policy enforcer and better spring boot support 2017-06-01 22:55:58 -03:00
Bill Burke
b9f7a43a72 group permissions 2017-06-01 20:16:35 -04:00
Pedro Igor
829bcf5eaf Fix to evaluation tool 2017-05-23 17:50:06 -03:00
Stian Thorgersen
178fd08d9a Merge pull request #4066 from johnament/KEYCLOAK-4765
KEYCLOAK-4765 - Add ability to disable Query Parameter parsing.
2017-05-23 13:24:08 +02:00
Bill Burke
ab763e7c5b fixes after merge 2017-05-19 15:54:36 -04:00
Hynek Mlnarik
b8262a9f02 KEYCLOAK-4628 Single-use cache + its functionality incorporated into reset password token. Utilize single-use cache for relevant actions in execute-actions token 2017-05-11 22:16:26 +02:00
mposolda
168153c6e7 KEYCLOAK-4626 Authentication sessions - SAML, offline tokens, broker logout and other fixes 2017-05-11 22:16:26 +02:00
Hynek Mlnarik
b55b089355 KEYCLOAK-4627 Changes in TokenVerifier to include token in exceptions. Reset credentials uses checks to validate individual token aspects 2017-05-11 22:16:26 +02:00
Hynek Mlnarik
19a41c8704 KEYCLOAK-4627 Refactor TokenVerifier to support more than just access token checks. Action tokens implementation with reset e-mail action converted to AT 2017-05-11 22:16:26 +02:00
Bill Burke
a8a8ea4bcd Merge remote-tracking branch 'upstream/master' 2017-05-08 13:49:03 -04:00
Bill Burke
f760427c5c fine grain tests 2017-05-08 13:48:51 -04:00
Stian Thorgersen
e0da7ed6b4 Merge pull request #4074 from sebastienblanc/allow_headers
Keycloak-3297 : adding cors-exposed-headers to conf
2017-05-05 12:54:47 +02:00
Bill Burke
c3b44e61d4 Merge remote-tracking branch 'upstream/master' 2017-05-01 14:51:07 -04:00
Eriksson Fabian
ca1152c3e5 KEYCLOAK-4204 Extend brute force protection with permanent lockout on failed attempts
- Can still use temporary brute force protection.
- After X-1 failed login attempt, if the user successfully logs in his/her fail login count is reset.
2017-04-28 09:02:10 +02:00
Stian Thorgersen
87dedb56e5 Set version to 3.2.0.CR1-SNAPSHOT 2017-04-27 14:23:03 +02:00
Bill Burke
2276f99d54 Merge remote-tracking branch 'upstream/master' 2017-04-26 14:39:45 -04:00
Bill Burke
f67013bcb6 fix 2017-04-26 14:39:41 -04:00
Pedro Igor
fbcfcfa088 [KEYCLOAK-4755] - Client UI Tests 2017-04-26 12:11:53 -03:00