Thomas Darimont
54b69bd1dc
KEYCLOAK-10190 Fix NPE on missing clientSession in TokenEndpoint.codeToToken
...
In certain scenarios, e.g. when an auth code from another realm login is
used to perform the code to token exchange, it can happen that the
ClientSession is null which triggered an NPE when the userSession field is accessed.
Added null check for clientSession in TokenEndpoint.codeToToken to prevent an NPE.
2020-01-06 14:45:20 +01:00
Thomas Darimont
1a7aeb9b20
KEYCLOAK-8249 Improve extraction of Bearer tokens from Authorization headers ( #6624 )
...
We now provide a simple way to extract the Bearer token string from
Authorization header with a null fallback.
This allows us to have more fine grained error handling for the
various endpoints.
2020-01-06 13:58:52 +01:00
rmartinc
401d36b446
KEYCLOAK-8779: Partial export and import to an existing realm is breaking clients with service accounts
2019-12-27 15:59:38 -03:00
Thomas Darimont
0219d62f09
KEYCLOAK-6867 UserInfoEndpoint should return WWW-Authenticate header for Invalid tokens
...
As required by the OIDC spec (1) we now return a proper WWW-Authenticate
response header if the given token is invalid.
1) https://openid.net/specs/openid-connect-core-1_0.html#UserInfoError
2019-12-23 07:42:06 -03:00
Andrei Arlou
eed4847469
KEYCLOAK-12311 Fix minor warnings with collections in packages: forms, keys, partialimport, protocol from module "services"
2019-12-20 13:31:38 +01:00
Peter Skopek
7a14661fce
KEYCLOAK-6115 Login fails if federated user is read-only and has selected a locale on the login screen
2019-12-19 14:36:50 +01:00
Andrei Arlou
aceb123242
KEYCLOAK-12417 Fix minor warnings in tests from module "services"
2019-12-19 10:51:37 +01:00
Andrei Arlou
697eaa4f36
KEYCLOAK-12309 Fix warnings with collections in packages:
...
authentification, authorization, broker, email, events, exportimport from module "services"
2019-12-18 14:02:27 +01:00
Andrei Arlou
bb156fb2fd
KEYCLOAK-12317 Fix minor warnings with modificators in packages: authentication, authorization, keys, partialimport, protocol from module "services"
2019-12-18 13:26:27 +01:00
Andrei Arlou
c61cc1a493
KEYCLOAK-12316 Simplify conditions in packages: authentication, broker, credential, protocol from module "services"
2019-12-18 13:22:36 +01:00
Stefan Guilhen
9f69386a53
[KEYCLOAK-11707] Add support for Elytron credential store vault
...
- Adds the elytron-cs-keystore provider that reads secrets from a keystore-backed elytron credential store
- Introduces an abstract provider and factory that unifies code that is common to the existing implementations
- Introduces a VaultKeyResolver interface to allow the creation of different algorithms to combine the realm
and key names when constructing the vault entry id
- Introduces a keyResolvers property to the existing implementation via superclass that allows for the
configuration of one or more VaultKeyResolvers, creating a fallback mechanism in which different key formats
are tried in the order they were declared when retrieving a secret from the vault
- Adds more tests for the files-plaintext provider using the new key resolvers
- Adds a VaultTestExecutionDecider to skip the elytron-cs-keystore tests when running in Undertow. This is
needed because the new provider is available only as a Wildfly extension
2019-12-18 11:54:06 +01:00
harture
26458125cb
[KEYCLOAK-12254] Fix re-evaluation of conditional flow ( #6558 )
2019-12-18 08:45:11 +01:00
Douglas Palmer
106e6e15a9
[KEYCLOAK-11859] Added option to always display a client in the accounts console
2019-12-17 17:12:49 -03:00
jacac
3ae508e1b9
KEYCLOAK-12425 Encode userid with Base64Url. ( #6585 )
2019-12-16 20:40:27 +01:00
Douglas Palmer
af0594b58d
[KEYCLOAK-12463] Fixed missing consents
2019-12-12 17:27:54 -03:00
Douglas Palmer
f9fa5b551d
[KEYCLOAK-5628] Added application endpoint
2019-12-11 13:06:04 -03:00
Martin Bartoš
2cf6483cdf
[KEYCLOAK-12044] Fix messages in the UsernameForm ( #6548 )
2019-12-11 10:59:46 +01:00
Dmitry Telegin
56aa14ffab
KEYCLOAK-11347 - MicroProfile-Config
2019-12-10 12:08:22 +01:00
Denis Richtárik
48bddc37ae
KEYCLOAK-12011 Remove cancel button from OTP form ( #6511 )
...
* KEYCLOAK-12011 Remove cancel button from OTP form
* Remove back button
2019-12-09 19:23:26 +01:00
Dmitry Telegin
e2144d6aec
KEYCLOAK-12175 - Platform SPI
2019-12-09 09:55:04 +01:00
Yoshiyuki Tabata
b2664c7ef9
KEYCLOAK-12094 "client-session-stats" not search null client information ( #6554 )
2019-12-06 10:37:25 +01:00
Martin Bartoš
e405ce6e97
[KEYCLOAK-11824] Fix bug with only one value of the authentication model execution requirement ( #6570 )
2019-12-05 18:28:00 +01:00
Andrei Arlou
fb421d3086
KEYCLOAK-12262 Remove unused imports from packages "authorization" and "authentification" in module "services" ( #6547 )
2019-12-05 14:39:03 +01:00
Andrei Arlou
da7e0ba403
KEYCLOAK-12310 Remove unused imports from packages: exportimport, forms, jose, partialimport, protocol in module "services" ( #6560 )
2019-12-05 14:28:47 +01:00
Cristian Schuszter
5c7ce775cf
KEYCLOAK-11472 Pagination support for clients
...
Co-authored-by: stianst <stianst@gmail.com>
2019-12-05 08:17:17 +01:00
vmuzikar
072cd9f93f
KEYCLOAK-12329 Fix linking accounts in the new Account Console
2019-12-03 18:49:40 -03:00
Martin Kanis
73d1a26040
KEYCLOAK-11773 Front-channel logout with identity brokering does not work after browser restart
2019-12-03 08:17:54 +01:00
harture
129c689855
[KEYCLOAK-12253] Fix conditional authenticators are evaluated even if they are disabled ( #6553 )
2019-11-28 09:30:31 +01:00
Stan Silvert
de6f90b43b
KEYCLOAK-11550: Single page for credentials (initial commit)
2019-11-27 07:32:13 -03:00
rmartinc
82ef5b7927
KEYCLOAK-12000: Allow overriding time lifespans on a SAML client
2019-11-26 10:02:34 +01:00
Dmitry Telegin
79074aa380
KEYCLOAK-12162 Modularize config backends ( #6499 )
...
* KEYCLOAK-12162 - Modularize configuration backends
* - Use JsonSerialization
- simplify backend selection (no fallbacks)
* Remove unused org.wildfly.core:wildfly-controller dependency
2019-11-22 15:23:04 +01:00
Yoshiyuki Tabata
0a9d058b81
KEYCLOAK-12150 change error response from invalid_request to unsupported_grant_type
2019-11-22 11:11:07 +01:00
Yoshiyuki Tabata
a36cfee84b
KEYCLOAK-12149 change error response from invalid_grant to unauthorized_client
2019-11-22 11:10:16 +01:00
Yoshiyuki Tabata
4117710379
KEYCLOAK-12019 change error response from unsupported_response_type to unauthorized_client
2019-11-22 11:03:02 +01:00
Vidhyadharan Deivamani
9e366f0453
KEYCLOAK-8162 review comment adopted
2019-11-22 10:37:50 +01:00
Vidhyadharan Deivamani
318b290f55
KEYCLOAK-8162 Added resourcesPath
2019-11-22 10:37:50 +01:00
Fuxin Hao
ff4c94506f
use reCAPTCHA globally
2019-11-22 10:22:15 +01:00
Stan Silvert
ea268af511
KEYCLOAK-12159: AIA and Logout broken in new acct console
2019-11-21 09:35:46 -03:00
stianst
3731e36ece
KEYCLOAK-12069 Add account-console client for new account console
2019-11-20 08:48:40 -05:00
Stefan Guilhen
9a7c1a91a5
KEYCLOAK-10780 Stop creating placeholder e-mails for service accounts ( #228 )
2019-11-15 15:08:29 +01:00
k-tamura
43e2370f21
KEYCLOAK-11772 Fix temporary credential property to work correctly
2019-11-15 08:48:12 +01:00
AlistairDoswald
4553234f64
KEYCLOAK-11745 Multi-factor authentication ( #6459 )
...
Co-authored-by: Christophe Frattino <christophe.frattino@elca.ch>
Co-authored-by: Francis PEROT <francis.perot@elca.ch>
Co-authored-by: rpo <harture414@gmail.com>
Co-authored-by: mposolda <mposolda@gmail.com>
Co-authored-by: Jan Lieskovsky <jlieskov@redhat.com>
Co-authored-by: Denis <drichtar@redhat.com>
Co-authored-by: Tomas Kyjovsky <tkyjovsk@redhat.com>
2019-11-14 14:45:05 +01:00
Stan Silvert
d439f4181a
KEYCLOAK-6503: Linked Accounts Page
2019-11-14 07:39:43 -03:00
Martin Kanis
25511d4dbf
KEYCLOAK-9651 Wrong ECDSA signature R and S encoding
2019-11-13 15:32:51 +01:00
stianst
b8881b8ea0
KEYCLOAK-11728 New default hostname provider
...
Co-authored-by: Hynek Mlnarik <hmlnarik@redhat.com>
2019-11-11 12:25:44 +01:00
stianst
062841a059
KEYCLOAK-11898 Refactor AIA implementation
2019-11-08 16:03:07 -03:00
stianst
63abebd993
KEYCLOAK-11627 Require users to re-authenticate before invoking AIA
2019-11-08 16:03:07 -03:00
stianst
bc5113053d
KEYCLOAK-11897 Change kc_action parameter to proper built-in parameter
2019-11-08 16:03:07 -03:00
stianst
1e66660fd0
KEYCLOAK-11896 Remove initiate-action role
2019-11-08 16:03:07 -03:00
Takashi Norimatsu
4574d37d8d
KEYCLOAK-11372 Support for attestation statement verification ( #6449 )
2019-11-08 09:15:28 +01:00