Commit graph

864 commits

Author SHA1 Message Date
mposolda
18e0c0277f KEYCLOAK-3666 Dynamic client registration policies 2016-10-14 20:20:40 +02:00
Stian Thorgersen
d2cae0f8c3 KEYCLOAK-905
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
Bill Burke
8967ca4066 refactor mongo entities, optimize imports 2016-09-28 15:25:39 -04:00
Bill Burke
ecc104719d bump pom version 2016-09-26 11:01:18 -04:00
Pedro Igor
517413d38e [KEYCLOAK-3129] - Add authorization services endpoints to PermissionsTest 2016-09-06 17:32:37 -03:00
mposolda
0520d465c1 KEYCLOAK-3414 Support for client registration from trusted hosts 2016-08-11 15:55:32 +02:00
mposolda
a8fb988e31 KEYCLOAK-3406 OIDC dynamic client registrations specs fixes 2016-08-11 15:54:51 +02:00
mposolda
d52e043322 Set version to 2.2.0-SNAPSHOT 2016-08-10 08:57:18 +02:00
Bill Burke
530870f05e realm components import/export 2016-08-09 15:06:29 -04:00
Bill Burke
b224917fc5 bump version 2016-06-30 17:17:53 -04:00
Pedro Igor
afa9471c7c [KEYCLOAK-3128] - Admin Client Authorization Endpoints 2016-06-30 10:26:05 -03:00
Stian Thorgersen
e538394e60 KEYCLOAK-3091 Change brute force to use userId 2016-06-13 15:30:13 +02:00
Marko Strukelj
ec258c6515 KEYCLOAK-2879 UserResource 2016-06-02 15:23:18 +02:00
Marko Strukelj
ebc184bf94 KEYCLOAK-2863 ClientAttributeCertificateResource 2016-05-11 15:22:39 +02:00
Stian Thorgersen
d43b230b93 KEYCLOAK-2880 Refactor PermissionTest to not require Java8 2016-05-09 07:25:03 +02:00
mposolda
bea2678e85 KEYCLOAK-2862 AuthenticationManagementResource tests 2016-05-06 20:19:58 +02:00
Stian Thorgersen
0ca117b8e9 KEYCLOAK-2865 Extend coverage of client admin endpoints 2016-05-06 08:08:52 +02:00
Marko Strukelj
f337085ed0 KEYCLOAK-2869 IdentityProvidersResource/IdentityProviderResource 2016-05-05 17:04:45 +02:00
Stian Thorgersen
2355db57da KEYCLOAK-2880 Permissions tests for admin endpoints 2016-05-04 08:25:05 +02:00
Stian Thorgersen
95724e36f3 KEYCLOAK-2871 Extend coverage on RealmAdminResource 2016-04-27 10:29:24 +02:00
mposolda
e0aedfb93d KEYCLOAK-2878 UserFederation mapper testing 2016-04-22 14:03:42 +02:00
mposolda
afcdce6b71 Simplified calling of AuthenticationManagementResource.getExecutions() 2016-04-21 23:11:25 +02:00
mposolda
f6a718f10a KEYCLOAK-2878 Testing of UserFederation admin REST endpoints 2016-04-21 23:11:14 +02:00
Stian Thorgersen
34d5e85316 KEYCLOAK-2873 / KEYCLOAK-2875 Test RoleContainerResource 2016-04-21 10:58:46 +02:00
Stian Thorgersen
4f5b71d81a KEYCLOAK-2872 Test RoleByIdResource 2016-04-21 07:09:25 +02:00
Stian Thorgersen
86dfcecef6 KEYCLOAK-2861 Test AttackDetectionResource 2016-04-20 16:21:57 +02:00
Stian Thorgersen
f64ffcbefe KEYCLOAK-2818
Fix poms not updated by versions plugin
2016-04-14 08:16:07 +02:00
mposolda
3c3bbdbbdb KEYCLOAK-2809 NPE when removing role, which is in scope of some ClientTemplate 2016-04-13 11:49:29 +02:00
mposolda
e4f75409c9 KEYCLOAK-2802 NPE during identity broker cancelled from account mgmt 2016-04-11 23:31:24 +02:00
mposolda
98ad9b7e7c KEYCLOAK-2801 Redirected to login theme error page after failed social linking from account management 2016-04-11 23:30:18 +02:00
Guus der Kinderen
38670df49a
KEYCLOAK-2785: Admin client should be able to delete a user.
The delete user service should be exposed in the admin client.
2016-04-08 16:34:46 +02:00
Konstantin Gribov
974c5615af Revert accidentally removed ResteasyClient configuration in admin
Fixes accidentally removed in PR #2449 ResteasyClient pool size parameter in
`org.keycloak.admin.client.Keycloak`.
2016-04-07 20:24:57 +03:00
Stian Thorgersen
e8932bbea0 Merge pull request #2449 from grossws/KEYCLOAK-2236
KEYCLOAK-2236 add service account support to keycloak-admin-client
2016-04-07 15:45:10 +02:00
Konstantin Gribov
96424536a7 Add service account support to Keycloak admin client
Added grant_type=client_credentials support to keycloak-admin-client
so `keycloak-admin-client` can be used with service client account.

Fixes #KEYCLOAK-2236
2016-04-07 15:24:07 +03:00
Guus der Kinderen
be578684b9
KEYCLOAK-2767: Should return a primitive if possible.
A JSON primitive is valid JSON. There is no need to construct a JSON object
just for the sake of being JSON complient. This keeps things nice and simple.
2016-04-07 13:19:29 +02:00
Stian Thorgersen
6dc1194247 Merge pull request #2508 from guusdk/KEYCLOAK-2731
KEYCLOAK-2731: Improve thread safety of TokenManager
2016-04-07 07:36:22 +02:00
Stian Thorgersen
a7c956bf10 Merge pull request #2505 from guusdk/KEYCLOAK-2746
KEYCLOAK-2746: By default, allow for concurrent usage
2016-04-07 07:35:39 +02:00
Stian Thorgersen
0907feb508 Merge pull request #2446 from guusdk/KEYCLOAK-2726
KEYCLOAK-2726: Invalidate token upon failure
2016-04-07 07:24:03 +02:00
Stian Thorgersen
30e2709bd0 Merge pull request #2443 from guusdk/KEYCLOAK-2721
KEYCLOAK-2721: Do not recreate TokenService proxy
2016-04-07 07:20:46 +02:00
Guus der Kinderen
804dd13abd KEYCLOAK-2731: Improve thread safety of TokenManager
This commit guards access to the non-final fields of TokenManager by its intrinsic lock.
2016-04-05 15:01:37 +02:00
Guus der Kinderen
120b880427 KEYCLOAK-2746: By default, allow for concurrent usage
The nature of Keycloak makes it very plausible that it is used in
a concurrent setting. With that in mind, it would make sense to,
by default, allow for more than one concurrent Resteasy connection
in the admin client code.
2016-04-05 11:34:02 +02:00
Stian Thorgersen
48551d362a KEYCLOAK-2704
User count missing in REST admin endpoint
2016-04-05 07:48:20 +02:00
Bill Burke
545fb8b849 KEYCLOAK-2716 2016-03-30 18:15:11 -04:00
Guus der Kinderen
ad7a6c4854 KEYCLOAK-2726: Invalidate token upon failure
When a token managed by TokenManager is known to be invalid, it should no
longer be used. This commit adds a response listener to the only filter
using TokenManager, which causes, upon authentication failure, to
invalidate the token that was used.
2016-03-30 15:33:58 +02:00
Guus der Kinderen
89158c9dcf KEYCLOAK-2721: Do not recreate TokenService proxy
By re-using the service proxy, classloading issues can be prevented.
2016-03-29 11:11:35 +02:00
Stian Thorgersen
28fe13a800 Next is 2.0.0.CR1 2016-03-10 08:13:00 +01:00
Stian Thorgersen
d722e53108 Next is 1.9.2.Final 2016-03-10 07:28:27 +01:00
Stian Thorgersen
56c3d53a24 Merge pull request #2324 from ssilvert/client-tests
KEYCLOAK-2535: ClientResource endpoint tests
2016-03-07 06:13:55 +01:00
Bruno Oliveira
4a027d97b0 Client registration won't compile without these changes 2016-03-04 12:46:57 -03:00
Stan Silvert
2c79456e72 KEYCLOAK-2535: ClientResource endpoint tests 2016-03-04 07:41:24 -05:00
Stian Thorgersen
24328fdc47 KEYCLOAK-2555 ForbiddenException when importing test realm or creating test user 2016-02-29 10:09:06 +01:00
Stan Silvert
3383b044b2 KEYCLOAK-2316: Sync admin client with endpoints for Client. First commit. 2016-02-23 13:29:12 -05:00
Stian Thorgersen
a1d9753ec2 Next is 1.9.1.Final-SNAPSHOT 2016-02-23 08:48:26 +01:00
Stian Thorgersen
4fd97091ff Version bump to 2.0.0.CR1-SNAPSHOT 2016-02-22 11:36:56 +01:00
Stian Thorgersen
7841c5f07b Merge pull request #2232 from abstractj/cli-registration-parent
Fixes the parent for Keycloak client registration cli module
2016-02-17 07:45:15 +00:00
Bruno Oliveira
f3752f804f Fixes the parent for Keycloak client registration cli module 2016-02-16 15:33:49 -02:00
Stan Silvert
17e09a557b Fix conflict. 2016-02-11 15:38:58 -05:00
Stan Silvert
dd9cf3be39 KEYCLOAK-2481: Create admin client endpoint for partial endpoint + tests 2016-02-11 15:26:52 -05:00
Marko Strukelj
dadb470609 KEYCLOAK-1967 Add support for authentication flows into admin-rest-client 2016-02-11 12:18:01 +01:00
Stian Thorgersen
77912b2117 KEYCLOAK-2475
Move client registration endpoints
2016-02-10 14:23:04 +01:00
Stan Silvert
e89f511465 KEYCLOAK-1976: Add support for events into admin-rest-client. Also,
arquillian tests for events.
2016-02-05 18:45:25 -05:00
Stian Thorgersen
579ab56a5a Bump version to 1.9.0.Final-SNAPSHOT 2016-02-04 15:55:11 +01:00
Stian Thorgersen
c7a8742a36 KEYCLOAK-1524
Source code headers
2016-02-03 11:20:22 +01:00
Stian Thorgersen
59c7cfcc97 KEYCLOAK-2312 Move client-registration libs into integration 2016-01-21 09:06:23 +01:00
Bill Burke
d9487a8745 social broker reorg 2016-01-20 16:46:38 -05:00
Stian Thorgersen
73db7a0ea9 KEYCLOAK-2323 Revert changes 2016-01-20 14:34:59 +01:00
Stian Thorgersen
ded919c0a6 Merge pull request #2033 from ahus1/ahus1_location_fragment_lost_on_logout
Handle URL fragments when redirect from logout / KEYCLOAK-2323
2016-01-18 09:52:37 +01:00
Stian Thorgersen
504218470b Merge pull request #2032 from ahus1/ahus1_timeskew_for_init
set timeSkew when passing tokens to init()
2016-01-15 16:38:38 +01:00
Alexander Schwartz
b7ac2548f1 Handle URL fragments when redirect from logout / KEYCLOAK-2323 2016-01-14 23:06:16 +01:00
Alexander Schwartz
9b8c80e83f set timeSkew when passing tokens to init(), also allow timeSkew to be passed as a parameter / KEYCLOAK-2322 2016-01-14 22:37:29 +01:00
Stian Thorgersen
435980d776 KEYCLOAK-1809
Upgrade jackson to version 2.x
2016-01-14 16:34:30 +01:00
Stian Thorgersen
ddb41e2c58 Merge pull request #2017 from mposolda/master
KEYCLOAK-2270 Use sub instead of iss for clientId in JWTClientAuthent…
2016-01-13 11:10:09 +01:00
mposolda
4642876323 KEYCLOAK-2270 Use sub instead of iss for clientId in JWTClientAuthenticator 2016-01-13 10:12:20 +01:00
Stian Thorgersen
0193c696ab Version bump 2016-01-13 09:20:38 +01:00
Bill Burke
f7ac5fae2a Merge pull request #1945 from raehalme/KEYCLOAK-1579
KEYCLOAK-1579: Replaced AdapterDeploymentContextBean with AdapterDeploymentContextFactoryBean
2016-01-04 17:15:25 -05:00
Bill Burke
d939b6a431 template scope 2015-12-18 17:15:27 -05:00
Thomas Raehalme
566a58b5d8 Replaced AdapterDeploymentContextBean with AdapterDeploymentContextFactoryBean and added support for KeycloakConfigResolver. 2015-12-15 11:53:10 +02:00
Bill Burke
96e1813b34 client templates backend 2015-12-11 10:31:42 -05:00
Stian Thorgersen
34c3ffaae1 Ported AdminApiTest to use admin client 2015-12-03 08:24:23 +01:00
Stian Thorgersen
ff806eae08 Version bump 2015-12-01 19:54:28 +01:00
Stian Thorgersen
2c5510284d Merge pull request #1891 from mstruk/wildfly-modules-rename
KEYCLOAK-2099 WildFly 10 adapter subsystem
2015-11-30 09:48:15 +01:00
mposolda
57b60797ce KEYCLOAK-1129 Implicit flow: more work 2015-11-28 00:15:41 +01:00
mposolda
ef80b64d1c KEYCLOAK-1129 Implicit flow and Hybrid flow support 2015-11-27 22:28:38 +01:00
Marko Strukelj
373fc23fc0 KEYCLOAK-2099 WildFly 10 adapter subsystem 2015-11-27 20:46:20 +01:00
Stian Thorgersen
c83e3bd2d1 KEYCLOAK-2106 HTTP 500 for unparsable refresh tokens 2015-11-27 08:59:23 +01:00
Bill Burke
d6e2bccb16 Merge pull request #1840 from velias/KEYCLOAK-2075
KEYCLOAK-2075 KEYCLOAK-2107 - support for SAML IsPassive mode
2015-11-25 10:35:00 -05:00
Bill Burke
0c8f3f734d Merge pull request #1855 from Smartling/KEYCLOAK-1391
KEYCLOAK-1391: Return an HTTP 401 for API requests
2015-11-25 08:57:05 -05:00
Vlastimil Elias
e3060e5e58 rebased to latest master 2015-11-25 13:46:29 +01:00
Vlastimil Elias
18fa03bf97 KEYCLOAK-2107 - support IsPassive mode in SAML SP adapter library
KEYCLOAK-2075 - added integration tests for both server and adapter side
2015-11-25 08:39:55 +01:00
Stian Thorgersen
3685a185d4 Merge pull request #1859 from stianst/reset-pass
KEYCLOAK-1758 add-user script
2015-11-25 06:56:35 +01:00
Bill Burke
ff63c5552a sendError() handling' 2015-11-24 16:48:24 -05:00
Stian Thorgersen
cfc28b861b KEYCLOAK-1758 add-user script 2015-11-24 21:54:58 +01:00
Scott Rossillo
f1c3295cec KEYCLOAK-1391: Return an HTTP 401 for API requests
Non browser HTTP requests shouldn't redirect to the Keycloak login
page. Instead, return an HTTP 401 with a proper WWW-Authenticate
header.
2015-11-23 10:46:14 -05:00
Bill Burke
ac1baa059f Merge pull request #1797 from raehalme/KEYCLOAK-2041
KEYCLOAK-2041 Use sendError instead of setStatus to report errors
2015-11-20 11:50:37 -05:00
Bill Burke
98958a2bc4 default groups 2015-11-18 19:40:30 -05:00
Bill Burke
6989589e72 Merge remote-tracking branch 'upstream/master' 2015-11-18 15:24:45 -05:00
Bill Burke
41331111da resolve conflicts 2015-11-18 09:39:19 -05:00
Bill Burke
bff334d365 group token/assertion and tests 2015-11-18 09:36:47 -05:00
Stian Thorgersen
764c20d748 KEYCLOAK-2085 Initial access tokens for client registration 2015-11-18 10:33:24 +01:00
Stian Thorgersen
1df741a307 Merge pull request #1826 from lkubik/changeAllJettyToProvided
KEYCLOAK-2081
2015-11-16 20:23:31 +01:00
Lukas Kubik
13a52c1bb2 KEYCLOAK-2081
Change scope of jetty dependencies to provided
2015-11-13 15:43:11 +01:00
Thomas Darimont
c4416a25e0 KEYCLOAK-2068 - Fix Potential NPE when using Servlet-Filter Adapter.
When using the `org.keycloak.adapters.servlet.KeycloakOIDCFilter` a `NullPointerException`
can be thrown in the `org.keycloak.adapters.servlet.FilterSessionStore` within the `getParam`
method of the generated wrapper in `buildWrapper` when the `content-type` is not set.
Since the `content-type` is only used to parse the body. We just check whether the `body`
is `null` and if so avoid touching the `content-type` which prevents the NPE.

If the `body` is null we return an empty `MultivaluedHashMap` for the parameters.
2015-11-13 00:14:34 +01:00
Bruno Oliveira
9203971809 KEYCLOAK-2064: Update pax-web to make use of SecureRandom 2015-11-12 09:46:45 -02:00
Stian Thorgersen
64baa28301 Merge pull request #1810 from lkubik/updateJettyScope
Change scope of jetty dependencies in jetty-adapter-spi
2015-11-12 09:23:44 +01:00
Stian Thorgersen
1891019067 Merge pull request #1802 from equinux/pr/fix-js-parameter-encoding
Fix parameter encoding in JS adapter
2015-11-12 09:19:21 +01:00
Bill Burke
33ac048c8c resolve conflicts 2015-11-11 18:06:39 -05:00
Lukas Kubik
825a68c6c9 Change scope of jetty dependencies in jetty-adapter-spi. 2015-11-11 17:01:46 +01:00
Lukas Kubik
1f75f85a20 Unify jetty version in keycloak-jetty-adapter-spi with other versions 2015-11-11 13:58:22 +01:00
Dominique d'Argent
7ef747e7c4 Fix parameter encoding in JS adapter
- fixes https://issues.jboss.org/browse/KEYCLOAK-2047
- relates to keycloak/keycloak-js-bower#7
2015-11-10 11:20:06 +01:00
Thomas Raehalme
68edf9ce48 Errors are now reported using sendError instead of setStatus.
This change was made to enable the use of error pages defined in web.xml.
2015-11-06 10:53:18 +02:00
Thomas Raehalme
7b7fbd3257 Added sendError(int) to HttpFacade.Response. 2015-11-06 10:47:08 +02:00
Bill Burke
151c56a304 conflicts 2015-11-02 11:21:10 -05:00
Bill Burke
d896800ec6 groups initial 2015-10-29 16:33:02 -04:00
agolPl
9755d79879 extract keycloak configuration file name 2015-10-25 00:26:18 +02:00
Ramiro Sánchez
ebd02a1a7f Changed query parameter from kc_locale to ui_locales as suggested by stianst 2015-10-23 14:21:59 +02:00
Ramiro Sánchez
a5dc91f9a6 Added support to indicate desired locale on login 2015-10-23 12:23:24 +02:00
Stian Thorgersen
3f8312427a Version bump 2015-10-19 16:15:29 +02:00
mposolda
4587fd23b6 KEYCLOAK-1929 Change package names. Fix Fuse demo 2015-10-16 16:30:42 +02:00
Bill Burke
235ffb2ff6 KEYCLOAK-1960 2015-10-15 18:56:56 -04:00
Bill Burke
181fdeb0d0 KEYCLOAK-1960 2015-10-15 18:54:57 -04:00
Bill Burke
0ad29c9737 node registration 2015-10-09 18:11:38 -04:00
Bill Burke
9ced56d8d7 saml and oidc filters 2015-10-09 18:07:50 -04:00
Bill Burke
d39aee0a72 Merge remote-tracking branch 'upstream/master' 2015-10-08 16:19:56 -04:00
Bill Burke
7c600e2f4b SAML SP Filter 2015-10-08 16:19:43 -04:00
Stian Thorgersen
7fec1677ee Merge pull request #1679 from lkrzyzanek/KEYCLOAK-1904
Add 'register' and 'createRegisterUrl' methods to Javascript Adapter API
2015-10-08 11:51:18 +02:00
Libor Krzyzanek
f29aff4bed Add 'register' and 'createRegisterUrl' methods to Javascript Adapter API. fixes #KEYCLOAK-1904 2015-10-07 13:53:25 +02:00
Stian Thorgersen
9c0c8e37b6 Merge pull request #1676 from Smartling/KEYCLOAK-1901
KEYCLOAK-1901: Add a Keycloak client builder
2015-10-07 09:06:19 +02:00
Stian Thorgersen
7a3b4823b0 Merge pull request #1662 from Smartling/KEYCLOAK-1892
WrappedHttpServletRequest may throw an exception returning cookies
2015-10-06 14:58:54 +02:00
Scott Rossillo
332e3f6099 KEYCLOAK-1901: Add a Keycloak client builder
Adds support for creating a Keycloak client using the builder
pattern and supports customizing the underlying ResteasyClient
used for connecting to the Keycloak server.
2015-10-05 14:56:38 -04:00
mposolda
7816f053a6 KEYCLOAK-1856 KEYCLOAK-1860 Fix onoffswitchvalue directive 2015-10-02 11:09:54 +02:00
Bill Burke
75343986b0 keycloak-common 2015-10-01 14:27:51 -04:00
Scott Rossillo
05bd51ac1c WrappedHttpServletRequest may throw an exception returning cookies
HttpServletRequest.getCookies() may return null
2015-09-30 14:31:15 -04:00
Stian Thorgersen
55deedd3b8 KEYCLOAK-1868 Import clients through admin console
KEYCLOAK-1869 Add root url to clients that should be used to resolve relative urls
2015-09-29 12:16:05 +02:00
Bill Burke
0a42a28eeb Merge remote-tracking branch 'upstream/master' 2015-09-25 15:12:34 -04:00
Bill Burke
88355d7eb4 tomcat6 adapter 2015-09-25 15:12:14 -04:00
Stian Thorgersen
75c0d5089f KEYCLOAK-1878
Add Base64 to Keycloak core
2015-09-25 07:02:25 +02:00
Bill Burke
791a740f32 Merge remote-tracking branch 'upstream/master' 2015-09-24 12:05:24 -04:00
Bill Burke
546cdd7d8f fix modules for refactor 2015-09-24 12:05:12 -04:00
Stian Thorgersen
4eaf893492 Merge pull request #1610 from raehalme/KEYCLOAK-1828
KEYCLOAK-1828 attemptAuthentication throws KeycloakAuthenticationException if authentication fails
2015-09-24 06:32:27 +02:00
Stian Thorgersen
0ba6ab198a Merge pull request #1611 from raehalme/KEYCLOAK-1829
KEYCLOAK-1829 unsuccessfulAuthentication now returns HTTP response status 401 instead of 403
2015-09-24 06:31:33 +02:00
Bill Burke
c14d3d7963 merge conflicts 2015-09-23 21:01:47 -04:00
Bill Burke
1e9c09d23a more complete 2015-09-23 17:54:16 -04:00
mposolda
7ec3f86efb KEYCLOAK-904 Offline tokens 2015-09-21 10:28:30 +02:00
mposolda
c11539cccb docs and javadoc fixes 2015-09-21 10:13:41 +02:00
Bill Burke
861a13501a merge 2015-09-17 14:25:16 -04:00
Bill Burke
0f24bd2ea4 merge 2015-09-17 14:06:33 -04:00
Bill Burke
cb8ca619ae saml sp 2015-09-17 14:00:57 -04:00
Tomas Kyjovsky
ac91deac96 Removed occurences of serialVersionUID from all classes. 2015-09-17 17:27:39 +02:00
Lukas Kubik
b7e49dc88d Unify jetty 8.1 artifacts version with fabric8-bom-1.2.0.redhat-133.pom 2015-09-16 17:14:29 +02:00
Stian Thorgersen
85df0b6a67 Merge pull request #1613 from raehalme/KEYCLOAK-1832
KEYCLOAK-1832 Added check for null authentication on the logout method
2015-09-16 13:34:51 +02:00
Thomas Raehalme
e0eac89e5a Added check for null authentication on the logout method. 2015-09-10 12:30:07 +03:00
Thomas Raehalme
90d34bfd06 unsuccessfulAuthentication now returns HTTP response status 401 instead of 403. 2015-09-09 18:31:25 +03:00
Thomas Raehalme
e58b5762f3 attemptAuthentication now throws KeycloakAuthenticationException if authentication fails.
Also authenticationFailureHandler is by default set to SimpleUrlAuthenticationFailureHandler
with default login url set to /sso/login.
2015-09-09 15:45:13 +03:00
Stian Thorgersen
3fd4d23bed Version bump 2015-09-09 11:27:21 +02:00
mposolda
149ef706dd KEYCLOAK-1824 ClientIdAndSecretCredentialsProvider not found when deploying Fuse examples 2015-09-08 22:55:43 +02:00
mposolda
050c65a520 KEYCLOAK-1811 Pluggable client authentication config through adapter subsystem 2015-09-07 23:30:08 +02:00
Bill Burke
be0c359160 adapter refactor 2015-09-07 10:27:57 -04:00
Bill Burke
3f792030d3 adapter refactor 2015-09-07 10:26:25 -04:00
Bill Burke
333ad0efac refactor adapters 2015-09-04 15:56:28 -04:00
Marko Strukelj
b0095154d1 KEYCLOAK-1779 NPE due to missing web.xml/jboss-web.xml
- improved code readability and npe fix
2015-09-04 14:18:57 +02:00
William DeCoste
e6745532ce KEYCLOAK-1779 2015-09-04 13:52:25 +02:00
Bill Burke
7d4b93e01e client session required actions 2015-09-02 16:30:16 -04:00
mposolda
be8394158f KEYCLOAK-1780 documentation + Generic client authentication screen 2015-09-01 13:17:14 +02:00
Bill Burke
7492ae2990 Merge pull request #1567 from patriot1burke/master
refactor recover password
2015-08-31 10:53:29 -04:00
Bill Burke
6edf890699 Merge pull request #1549 from ahus1/ahus1_jetty_contenttype
KEYCLOAK-1776 / JettySessionTokenStore sets content type on restoring form values
2015-08-31 10:34:16 -04:00
Bill Burke
22ebb81650 refactor recover password 2015-08-31 10:13:42 -04:00
Bill Burke
3a64c4d582 Merge pull request #1543 from raehalme/KEYCLOAK-1775
KEYCLOAK-1775 Basic auth no longer redirects on Spring Security
2015-08-21 21:06:00 -04:00
Marek Posolda
76209dd899 Merge pull request #1555 from mposolda/master
KEYCLOAK-1295 Fixes and javadoc
2015-08-21 20:41:21 +02:00
Bill Burke
6f463196ef Merge pull request #1554 from patriot1burke/master
adapter fixes
2015-08-21 13:21:02 -04:00
mposolda
b0e2624343 KEYCLOAK-1295 Fixes and javadoc 2015-08-21 19:00:31 +02:00
Bill Burke
457039d7ba fix NPE in adapter for invalid cors requests 2015-08-21 11:29:38 -04:00
Bill Burke
eb4ffbca29 co-existence of bearer and basic auth 2015-08-21 11:02:56 -04:00
mposolda
d8d6348f67 KEYCLOAK-1295 Adapter support. Fixes 2015-08-21 08:26:12 +02:00
Stian Thorgersen
5ca3a48094 KEYCLOAK-1723 Allow aud to be single field or array 2015-08-20 15:55:52 +02:00
Stian Thorgersen
0295824923 KEYCLOAK-1747
Deal with time inconsistency in keycloak.js
2015-08-20 13:29:32 +02:00
Alexander Schwartz
7b0a3989e2 JettySessionTokenStore sets content type on restoring form values
Closes: KEYCLOAK-1776
2015-08-18 15:32:27 +02:00
mposolda
7028496601 KEYCLOAK-1295 pluggable client authentication. Support authenticate clients with signed JWT 2015-08-17 23:21:23 +02:00
Thomas Raehalme
3a4897c7d2 Separated the error message for Bearer token and Basic authentication failures. 2015-08-17 22:36:59 +03:00
Thomas Raehalme
b3f142d715 KeycloakAuthenticationProcessingFilter now handles Basic Authentication the same way as Bearer token. 2015-08-17 18:05:49 +03:00
Stian Thorgersen
f32b38cdbc KEYCLOAK-1702 KEYCLOAK-1703 Make Infinispan default user session and cache provider 2015-07-29 10:08:15 +02:00
Stian Thorgersen
f3bfb06dec Version bump 2015-07-28 10:20:40 +02:00
Scott Rossillo
1839b24b90 Support for loading keycloak.json from the classpath
Spring Boot and non-web based applications don't have a WEB-INF
directory. Support loading Spring Security adapter's keycloak.json
from the class path.
2015-07-19 12:10:33 -04:00
Stian Thorgersen
1642ac2394 KEYCLOAK-1385 Introduce end-of-line normalization 2015-07-17 13:46:51 +02:00
Marko Strukelj
fc7ba85639 KEYCLOAK-1345 Remove distribution/subsystem-war 2015-07-17 12:41:00 +02:00
Marko Strukelj
7ae62c1060 KEYCLOAK-1529 Drop InfinispanCacheActivator and make subsystem do it 2015-07-07 16:40:03 +02:00
Stian Thorgersen
5af4785ba1 KEYCLOAK-1507
Tomcat Adapter throws NPE under certain conditions
2015-07-02 09:08:40 +02:00
Marko Strukelj
d00e128920 KEYCLOAK-1448 Cannot configure an authenticator for method KEYCLOAK 2015-06-16 14:51:31 +02:00
Stian Thorgersen
001b874903 Add missing ExampleDS 2015-06-16 14:40:19 +02:00
Stian Thorgersen
1b0c4e5d1f KEYCLOAK-1468
Infinispan cache not available in JNDI
2015-06-16 13:31:51 +02:00
Stian Thorgersen
4c98b04ab7 KEYCLOAK-1447 LinkageError deploying oauth-client-cdi to WildFly 8.2.0.Final 2015-06-15 13:22:36 +02:00
Stian Thorgersen
38c1945ce4 Bump version 2015-06-12 14:35:34 +02:00
Stian Thorgersen
cc2de52a1a Revert to old RestEasy until we can drop support for EAP 6.4 2015-06-12 14:20:08 +02:00
Stian Thorgersen
5bd53804f9 Fix admin-api to show that users are retrieved by ip, not username 2015-06-12 13:32:30 +02:00
Stian Thorgersen
5993d40fab Merge pull request #1353 from Smartling/KEYCLOAK-1438
Fix Spring Security adapter logout handling
2015-06-12 07:50:00 +01:00
Marko Strukelj
9a37696d29 Fixed pom issues that were generating tons of Maven warnings 2015-06-11 16:57:33 +02:00
Marko Strukelj
92e17f4b40 KEYCLOAK-1412 Server-overlay for EAP 6.4
- Added as7-server-subsystem
 - Added eap6-server-overlay
 - Moved modules to eap6-server-modules
 - Renamed wildfly-server-subsystem to wf9-server-subsystem for consistency
2015-06-11 09:40:47 +02:00
Scott Rossillo
abfec23404 Fix Spring Security adapter logout handling
Stops KeycloakLogoutHandler from throwing an exception if the
authentication is not of type KeycloakAuthenticationToken.

Fixes KEYCLOAK-1438.
2015-06-10 12:22:18 -04:00
Marko Strukelj
3643e76a06 Cleanup, and simplify keycloak-server-subsystem
- KEYCLOAK-1346 Remove support for overlays in server subsystem
 - KEYCLOAK-1347 Remove support for multiple auth-servers
 - KEYCLOAK-1348 Simplify server subsystem definition
2015-06-08 15:33:34 +02:00
mposolda
35e4a5e56d KEYCLOAK-1368 allow forwarding to error page in bearer-only deployments. Adding DeploymentBuilder 2015-06-03 12:34:56 +02:00
Marko Strukelj
3df504b6b4 KEYCLOAK-1304 WF9 server subsystem
- remove unnecessary dependencies
2015-06-01 16:07:59 +02:00
Stian Thorgersen
5f787028df KEYCLOAK-1327 Updated for users 2015-05-29 15:29:04 +01:00
Stian Thorgersen
e1e65af8ea Merge pull request #1301 from mstruk/wf9
KEYCLOAK-1303 WF9 adapter subsystem
2015-05-29 15:23:28 +01:00
Marko Strukelj
2077a2a3af KEYCLOAK-1303 WF9 adapter subsystem
- not dependent on distribution/modules any more
 - keycloak-adapter-subsystem moved to keycloak-wf9-subsystem
 - still installed as <extension module="org.keycloak.keycloak-adapter-subsystem"/>
2015-05-29 15:17:41 +02:00
Stian Thorgersen
a953b52eac KEYCLOAK-1327 Updated for client stats 2015-05-29 13:15:35 +01:00
Stian Thorgersen
6f164f0ee9 KEYCLOAK-1327 Updated for clients 2015-05-29 13:15:34 +01:00
Marko Strukelj
4f270bffd0 Refactor EAP 6 adapter distribution
- not dependent on distribution/modules any more
 - uses the same modules as AS7
 - again use <extension module="org.keycloak.keycloak-adapter-subsystem"/>
2015-05-28 23:56:11 +02:00
Marko Strukelj
fa90602aa0 Refactor AS 7 adapter distribution
- not dependent on distribution/modules any more
 - again use <extension module="org.keycloak.keycloak-adapter-subsystem"/>
2015-05-28 23:56:11 +02:00
behana
bbc3e99bb5 KEYCLOAK-1353 Option to pass client_id to resetPasswordMail 2015-05-28 00:10:36 +02:00
behana
e8e22ee44c KEYCLOAK-1352 Add send-verify-email to admin-rest-api 2015-05-28 00:05:39 +02:00
Marko Strukelj
d70fd86a82 Wildfly 8.2.0.Final compatibility
- added integration/keycloak/wf8-subsystem
 - added distribution/adapters/wf8-adapter containing wf8-modules, and wf8-adapter-zip
 - there's no dependency on distribution/modules
 - subsystem is installed by unzipping keycloak-wf8-adapter-dist.zip to Wildfly 8.2.0.Final, and adding <extension-module>org.keycloak.keycloak-wf8-subsystem</extension-module> to standalone.xml
2015-05-22 17:38:02 +02:00
Stian Thorgersen
4e0a32a37a Version bump 2015-05-22 09:04:30 +02:00
Marko Strukelj
91bf50eb6c AS 7.1.1.Final / EAP 6.4 compatibility 2015-05-21 11:30:26 +02:00
Stian Thorgersen
362babe5e2 Fixed server-dist 2015-05-19 08:15:39 +02:00
Stian Thorgersen
dbf9525860 KEYCLOAK-1312 Add clearToken to keycloak.js 2015-05-13 13:13:36 +02:00
Stian Thorgersen
6c98d64874 Merge pull request #1238 from raehalme/KEYCLOAK-1294
Added support for GrantedAuthoritiesMapper in KeycloakAuthenticationProvider
2015-05-13 06:57:29 +02:00
Scott Rossillo
4d32ac8765 Add Servlet 2.x support to the Spring Security adapter
Cookie.setHttpOnly() was added in Servlet 3.0. Make setting a
cookie as HttpOnly dependent on servlet version.
2015-05-11 19:48:16 -04:00
Thomas Raehalme
78999537f0 Added support for GrantedAuthoritiesMapper in KeycloakAuthenticationProvider. 2015-05-09 13:42:09 +03:00
Bill Burke
e3b0cc7093 Merge pull request #1236 from Smartling/KEYCLOAK-1291
Improve Spring Security adapter default configuration
2015-05-08 20:53:36 -04:00
Bill Burke
50014f4398 Merge pull request #1235 from Smartling/KEYCLOAK-1290
Use backchannel logout for Spring Security SSO
2015-05-08 20:53:26 -04:00
Bill Burke
833c276424 Merge pull request #1234 from mstruk/wfly-subs-split-master
Wildfly 9 - subsystem split + feature packs
2015-05-08 20:53:17 -04:00
Scott Rossillo
d37a9eada3 Improve Spring Security adapter default configuration 2015-05-08 18:24:49 -04:00
Scott Rossillo
a7bfae2f56 Use backchannel logout for Spring Security SSO
Use backchannel logout for Keycloak's Spring Security adapter
single sign-out to allow Spring Security's logout complete handler
to fire.
2015-05-08 18:20:17 -04:00
Stian Thorgersen
58fc4520c9 Merge pull request #1232 from Smartling/KEYCLOAK-1287
Enable Spring Security adapter to register nodes
2015-05-08 07:09:42 +02:00
Stian Thorgersen
53716697ca Merge pull request #1222 from Smartling/KEYCLOAK-1273
Improve Spring Security adapter client to client authorization
2015-05-08 07:01:14 +02:00
Scott Rossillo
8ca9a6a64a Enable Spring Security adapter to register nodes
Enable dynamic application node registration and unregistration
from Spring Security protected applications.
2015-05-07 20:09:16 -04:00
Scott Rossillo
2ce3925ba9 Permit Spring Security adapter to process admin tasks with CSRF enabled
Spring Security's CSRF protection blocks Keycloak administrative
actions when configured with the default request matcher.

This provides a CSRF request matcher that permits Keycloak
administrative actions without the CSRF token.
2015-05-07 19:58:27 -04:00
Scott Rossillo
b05da425b9 Improve Spring Security adapter client to client authorization 2015-05-06 16:54:55 -04:00
Marko Strukelj
4e58bed39e Move keycloak modules under integration/keycloak 2015-05-05 20:48:13 +02:00
Marko Strukelj
7d2942e1be KEYCLOAK-1183 Split subsystem into separate server and adapter subsystems
- Rename keycloak-server-subsystem dir to wildfly-server-subsystem
 - Rename keycloak-agent-subsystem dir to keycloak-wildfly-agent-subsystem
 - Rename artifacts accordingly (keycloak- prefix)
 Only maven artifacts are renamed, jboss-modules modules are still called keycloak-server-subsystem, and keycloak-agent-subsystem
2015-05-05 20:43:23 +02:00
Marko Strukelj
943404689e KEYCLOAK-1183 Split subsystem into separate server and adapter subsystems
- Use WildFly 9.0.0.CR1
2015-05-05 20:40:05 +02:00
Marko Strukelj
89875aea02 KEYCLOAK-1183 Split subsystem into separate server and adapter subsystems
- Fix deprecated uses, and more code cleanup
2015-05-05 20:40:05 +02:00
Marko Strukelj
70ce96caa0 KEYCLOAK-1183 Split subsystem into separate server and adapter subsystems
- Fix overlooked file renames causing subsystem tests to fail
2015-05-05 20:40:05 +02:00
Stan Silvert
3a7bba041f Create builds based on WildFly 9 feature packs. 2015-05-05 20:40:04 +02:00
Marko Strukelj
87cb28eaab KEYCLOAK-1183 Split subsystem into separate server and adapter subsystems
- Fix server-subsystem tests
2015-05-05 20:40:04 +02:00
Marko Strukelj
03fa58a271 KEYCLOAK-1183 Split subsystem into separate server and adapter subsystems
- POM dependencies cleanup
2015-05-05 20:40:03 +02:00
Marko Strukelj
3c76a85674 KEYCLOAK-1183 Split subsystem into separate server and adapter subsystems
- More code and pom cleanup
2015-05-05 20:40:03 +02:00
Marko Strukelj
c571ad9902 KEYCLOAK-1183 Split subsystem into separate server and adapter subsystems
- Renamed keycloak-subsystem into keycloak-server-subsystem
 - Added keycloak-adapter-subsystem without auth-server support
 - Removed adapter config from keycloak-server subsystem
 - Added proper .xsd for server subsystem
2015-05-05 20:40:03 +02:00
Tomaz Cerar
355c440c3d Update subsystem code to reflect latest standards 2015-05-05 20:38:52 +02:00
Tomaz Cerar
9a17658f84 remove eap6 dup 2015-05-05 20:38:52 +02:00
Stian Thorgersen
035529d7a2 Version bump 2015-05-05 11:45:21 +02:00
Bill Burke
761be66362 Merge pull request #1199 from patriot1burke/master
apache http client fixes
2015-04-29 21:59:50 -04:00
Bill Burke
666827b7cb remove resteasy ClientRequest 2015-04-29 20:46:14 -04:00
Bill Burke
10998eb35b Merge pull request #1193 from behana/master
Let admin-client acquire new token if refresh_token is stale
2015-04-29 16:33:20 -04:00
behana
8dfc7d9e8d Let admin-client acquire new token if refresh_token is stale 2015-04-29 05:01:59 +02:00
Scott Rossillo
06a7938aa6 Add Spring Security adapter 2015-04-28 15:05:56 -04:00
Stian Thorgersen
215a3497ae KEYCLOAK-1189 Add apache httpclient module with slot 4.3 2015-04-27 16:33:48 +02:00
Stian Thorgersen
870f29d797 Merge pull request #1172 from stianst/master
Dist work
2015-04-23 12:40:38 +02:00
Stian Thorgersen
e17105cc8e Updated distribution and cleaning of maven modules 2015-04-23 11:15:05 +02:00
Stian Thorgersen
cf75a97f08 Merge pull request #1169 from gkfirst8/KEYCLOAK-1220
log the right value when keycloak.config.file could not be found or read
2015-04-22 14:08:29 +02:00
gkfirst8
0b782e9910 Fix logging call 2015-04-22 10:54:43 +02:00
Leonardo Loch Zanivan
642fc996fb Basic Auth token fix 2015-04-21 16:22:14 -03:00
Leonardo Loch Zanivan
6ce0285315 Basic Auth token fix 2015-04-21 12:32:17 -03:00
gkfirst8
aef61411e9 log the right value when keycloak.config.file could not be found or read
Fix for [KEYCLOAK-1220]
2015-04-21 11:46:33 +02:00
Stian Thorgersen
5ed864fbbc KEYCLOAK-1208 Allow same-origin if cors is enabled 2015-04-21 10:42:13 +02:00
Dane Barentine
4fe328002a [KEYCLOAK-1206] Change role mapping path in admin client to match API changes 2015-04-14 22:21:28 -07:00
Dane Barentine
b1b149e0c3 [KEYCLOAK-1205] Fix BearerAuthFilter refreshing token after it's expired 2015-04-14 22:19:07 -07:00
Stian Thorgersen
46e386cd43 KEYCLOAK-1187 2015-04-13 13:54:30 +02:00
Stian Thorgersen
4fbbf39c51 KEYCLOAK-1187 Admin console and endpoints 2015-04-13 13:29:31 +02:00
Stian Thorgersen
a18715a774 Deprecate OAuthClientRepresentation and ApplicationRepresentation and added ClientRepresentation 2015-04-10 13:33:29 +02:00
Stian Thorgersen
1567982f0b Merge pull request #1128 from ssilvert/KEYCLOAK-1174-NPE-on-WF9
KEYCLOAK-1174: NPE on WildFly 9
2015-04-10 07:05:46 +02:00
Stan Silvert
875aae91fc Add owner attribute to Keycloak server deployment 2015-04-09 14:52:47 -04:00
Stan Silvert
bbef4e2be1 KEYCLOAK-1174: Refactor KeycloakAdapterConfigService to be a simple
singleton
2015-04-09 10:30:39 -04:00
Stian Thorgersen
6fbc0975c0 KEYCLOAK-1187 First round: Combined ApplicationModel and OAuthClientModel into ClientModel. Removed OAuth Clients from Admin console and renamed Applications to Clients. 2015-04-09 12:27:30 +02:00
mposolda
d0ead0f0a0 More logging 2015-04-07 08:46:39 +02:00
Bill Burke
326818ea45 bump pom versio 2015-04-02 09:36:43 -04:00
mposolda
6a34ad36f5 Fix clustering when auth-server-url-for-backend-requests is used 2015-04-02 13:02:24 +02:00
Stian Thorgersen
48c7bd1b5e KEYCLOAK-1171 Missing parameters: response_type login to oauth-client and oauth-client-cdi 2015-04-01 13:50:50 +02:00
mposolda
3256337614 CookieTokenStore not working correctly on EAP 6.3 2015-03-31 14:53:37 +02:00
Bill Burke
9d7db174e1 merged 2015-03-26 13:06:50 -04:00
Bill Burke
c20ab4a9a6 fix query parsing 2015-03-26 13:05:09 -04:00
Stian Thorgersen
b727087f04 KEYCLOAK-1150
'iss' should be URL not just realm name
2015-03-26 13:50:36 +01:00
mposolda
477d8b35e3 KEYCLOAK-1116 KEYCLOAK-1117 JSON migration and removal of ClientModel.claimsMask 2015-03-26 11:49:22 +01:00
Bill Burke
97d5f4aafc broker refactor 2015-03-20 18:56:25 -04:00
Stian Thorgersen
8ed1c475e4 KEYCLOAK-498 Package theme as a JAR 2015-03-20 14:13:25 +01:00
Stian Thorgersen
1714ce91d1 KEYCLOAK-1076 XML tag <enable-basic-auth> needed in secure-deployments for AS-7 subsystem 2015-03-20 07:37:16 +01:00
Stian Thorgersen
93f9706297 KEYCLOAK-1110 Fix role not removed from default roles when not deleted 2015-03-20 06:17:35 +01:00
Stian Thorgersen
1d4e8118f0 Updated admin-client to use new token endpoint 2015-03-20 06:04:36 +01:00
Bill Burke
b26277a17c broker fixes 2015-03-18 21:58:04 -04:00
Bill Burke
ce2c4188fb saml broker import/export, and module fixes 2015-03-17 19:20:46 -04:00
mposolda
4da566ae4d KEYCLOAK-1094 Rename k_idp_hint to kc_idp_hint 2015-03-16 20:00:20 +01:00
Stian Thorgersen
e2b02d414f Change adapters to use auth and token endpoints 2015-03-16 09:23:12 +01:00
mposolda
9b74393add KEYCLOAK-1102 Used just one ResteasyClient in admin client 2015-03-13 19:56:05 +01:00
Stian Thorgersen
1f5fedb0b0 Module provider loader 2015-03-06 05:30:17 +01:00
Stian Thorgersen
4cb3d51781 KEYCLOAK-1082
Make sure session is valid if keycloak.js is initialized with tokens
2015-03-05 07:42:31 +01:00
Bill Burke
98831ec05a fix other claims in IDToken 2015-03-04 20:27:06 -05:00
mposolda
03d607b022 Fix showing federation links of users in admin console 2015-02-11 13:03:31 +01:00
girirajsharma
c3d7ef8066 Updated BC provider versions and deprecated CertificateUtil methods. 2015-02-10 18:44:54 +05:30
pedroigor
ff1f10d7a7 [KEYCLOAK-883] - Refactoring to services endpoints and exposing them through admin client. 2015-02-09 21:30:21 -02:00
pedroigor
4ce2e76a2d [KEYCKOAK-883] - Adding idpHint config option when configuring login url. 2015-02-08 20:52:44 -02:00
mposolda
1d8ebd441d KEYCLOAK-1023 Improve osgi packaging for hawtio. Fix typos in fuse example docs. 2015-02-02 23:25:56 +01:00
Pedro Igor
e452165c4a Merge pull request #941 from pedroigor/KEYCLOAK-996
[KEYCLOAK-996] - Allow application to select provider.
2015-01-30 14:28:50 -02:00
pedroigor
99a457c5c1 [KEYCLOAK-996] - Allow application to select provider. 2015-01-30 14:02:53 -02:00
Stian Thorgersen
4dfb4a91ea KEYCLOAK-1018 Update JS adapter to use protocol/openid-connect urls 2015-01-30 14:29:58 +01:00
Stian Thorgersen
e2998a09b6 KEYCLOAK-1019 Fix to keycloak.js if auth-server-url ends with '/' 2015-01-30 10:02:27 +01:00
Stian Thorgersen
eb695f12f7 KEYCLOAK-1000 Module provider loader 2015-01-28 11:26:46 +01:00
mposolda
ee4fbca868 Improve OOTB experience for ssh and jmx authentication in fuse 2015-01-23 20:57:40 +01:00
mposolda
efb6ec8099 Added docs and example for SSH and JMX authentication on fuse 2015-01-21 13:43:38 +01:00
mposolda
715482e371 Have fuse example working on newest fuse 6.2. Refactoring of ServletReregistrationService to work on fuse 6.1, 6.2 and karaf 3.0.2 2015-01-20 21:45:08 +01:00
Stian Thorgersen
c8d879a82d KEYCLOAK-977 Use reflection to find constructor for JBossGenericPrincipal to support EAP 6.4 2015-01-20 13:24:58 +01:00
Bill Burke
42bdb7731d Merge pull request #916 from jimmidyson/spring-boot-integration
Spring boot adapter
2015-01-16 19:01:04 -05:00