Commit graph

2221 commits

Author SHA1 Message Date
Hynek Mlnarik
df4f1e7129 KEYCLOAK-4167 Always use preset key for verification if key ID not set 2017-01-18 10:29:06 +01:00
Stian Thorgersen
5a0504b5d9 Merge pull request #3753 from hmlnarik/KEYCLOAK-4216-mod-auth-mellon-logout-failed-when-using-SSO
KEYCLOAK-4216 Fix NPE and logout binding choice
2017-01-18 08:40:02 +01:00
Stian Thorgersen
e364680792 Merge pull request #3721 from hmlnarik/KEYCLOAK-3399-End-session-endpoint-returns-error-when-keycloak-session-is-expired
KEYCLOAK-3399 Ignore user session expiration on OIDC logout
2017-01-18 08:38:53 +01:00
mposolda
843b4b470b KEYCLOAK-2333 LDAP/MSAD password policies are not used when user changes password 2017-01-17 21:06:09 +01:00
Bill Burke
dcf6da2a51 KEYCLOAK-4077 2017-01-17 09:20:44 -05:00
Slawomir Dabek
9bb65ba9b7 KEYCLOAK-4224 Allow hiding identity providers on login page 2017-01-17 14:32:59 +01:00
Stian Thorgersen
1913f801b9 Merge pull request #3739 from hmlnarik/KEYCLOAK-2847-Unexpected-error-when-trying-to-update-clientTemplate-to-already-existing-name
KEYCLOAK-2847 Fix for client template duplicate name
2017-01-16 09:45:39 +01:00
Stian Thorgersen
5842f7c837 Merge pull request #3751 from stianst/KEYCLOAK-4192
KEYCLOAK-4192 Added missing produces annotations for update methods
2017-01-16 09:41:29 +01:00
Stian Thorgersen
178625d3f2 Merge pull request #3745 from velias/master
KEYCLOAK-4202 - Attribute importer of Social Identity providers doesn't handle JSON 'null' values correctly
2017-01-16 08:22:04 +01:00
Marko Strukelj
d68f6bbc42 KEYCLOAK-4150 Unresolved variable ${cliane_security-admin-console} in admin web client 2017-01-13 17:48:21 +01:00
Bill Burke
ffb688b393 Merge remote-tracking branch 'upstream/master' 2017-01-13 11:45:55 -05:00
Bill Burke
6aee6b0c46 KEYCLOAK-4220 2017-01-13 11:45:48 -05:00
Hynek Mlnarik
02eda8943c KEYCLOAK-4216 Fix NPE and logout binding choice 2017-01-13 14:30:32 +01:00
mposolda
9ad14d991c KEYCLOAK-4140 Migration of old offline tokens 2017-01-13 11:35:19 +01:00
Stian Thorgersen
ac9268bd48 KEYCLOAK-4192 Added missing produces annotations for update methods 2017-01-13 09:56:20 +01:00
Hynek Mlnarik
0b58bebc90 KEYCLOAK-2847 Fix for client template duplicate name 2017-01-13 09:32:28 +01:00
mposolda
93157e49d5 KEYCLOAK-4201 Offline tokens become useless when accessing admin REST API 2017-01-13 09:06:53 +01:00
Vlastimil Elias
f13deab812 KEYCLOAK-4202 - Attribute importer of Social Identity providers doesn't
handle JSON 'null' values correctly
2017-01-12 14:14:09 +01:00
Hynek Mlnarik
e11957ecf3 KEYCLOAK-4167 Make OIDC identity provider key ID configurable 2017-01-11 18:24:22 +01:00
Guus der Kinderen
ba73ab1c2a API documentation: Overview to left-hand side 2017-01-10 17:08:32 +01:00
Guus der Kinderen
45f5fa6a74 API documentation: Introduce and group by tags.
This commit introduces grouping of the documented REST resources. The grouping is based
on a free-form name of a resource (a 'tag' in Swagger terminology), which is introduced
by adding a @resource javadoc tag to every Resource class.
2017-01-10 17:08:27 +01:00
Guus der Kinderen
50b7dbe7b2 API documentation: Update dependencies. 2017-01-10 17:08:14 +01:00
Marek Posolda
227900f288 Merge pull request #3731 from mposolda/master
KEYCLOAK-4175 Provide a way to set the connect and read timeout for l…
2017-01-10 09:49:18 +01:00
Stian Thorgersen
7eeebff874 Merge pull request #3720 from hmlnarik/KEYCLOAK-4091-Possible-NullPointerExceptions-with-disabled-cache
KEYCLOAK-4091 Prevent NPE with disabled cache
2017-01-10 06:23:10 +01:00
Bill Burke
452611242c Merge remote-tracking branch 'upstream/master' 2017-01-09 17:14:34 -05:00
Bill Burke
d075172fd2 KEYCLOAK-3617 KEYCLOAK-4117 KEYCLOAK-4118 2017-01-09 17:14:20 -05:00
mposolda
c32620b718 KEYCLOAK-4175 Provide a way to set the connect and read timeout for ldap connections 2017-01-09 21:35:58 +01:00
Pedro Igor
0b5b27ea3a [KEYCLOAK-4166] - Export/Import clients functionality not working as expected 2017-01-06 16:07:10 -02:00
Hynek Mlnarik
9fb3201c8b KEYCLOAK-3399 Ignore user session expiration on OIDC logout 2017-01-06 15:15:46 +01:00
Hynek Mlnarik
377fbced4a KEYCLOAK-4091 Prevent NPE with disabled cache 2017-01-06 10:00:11 +01:00
Bill Burke
f9eeecf836 test KEYCLOAK-4013 2017-01-05 11:27:17 -05:00
Pedro Igor
4044b39ab7 [KEYCLOAK-3517] - Filtering SAML ECP flow 2017-01-04 11:17:39 -02:00
Stian Thorgersen
f2ee9df600 KEYCLOAK-4116 Trim username on recover password page 2017-01-03 11:50:08 +01:00
Stian Thorgersen
45411b1199 KEYCLOAK-4090 2017-01-03 07:53:08 +01:00
Stian Thorgersen
902332c5ae Merge pull request #3696 from stianst/KEYCLOAK-4038
KEYCLOAK-4038 Get bind credential from component if stored
2017-01-02 15:44:59 +01:00
Stian Thorgersen
08d7211a93 KEYCLOAK-4038 Get bind credential from component if stored 2017-01-02 14:40:12 +01:00
Stian Thorgersen
1c0e204f50 Merge pull request #3690 from stianst/master
Bump version to 2.5.1.Final-SNAPSHOT
2017-01-02 08:52:04 +01:00
Stian Thorgersen
d6e620a266 Merge pull request #3689 from stianst/KEYCLOAK-4133
KEYCLOAK-4133
2017-01-02 08:51:37 +01:00
Pedro Igor
31ed69a970 [KEYCLOAK-4136] - Missing update on resource_set endpoint 2016-12-29 11:59:42 -02:00
Stian Thorgersen
e805ffd945 Bump version to 2.5.1.Final-SNAPSHOT 2016-12-22 08:22:18 +01:00
Stian Thorgersen
40b5731198 KEYCLOAK-4133
Login status iframe endpoint doesn't set encoding
2016-12-22 08:20:55 +01:00
Stian Thorgersen
04179c5681 Merge branch 'KEYCLOAK-4004' of https://github.com/l-robinson/keycloak into l-robinson-KEYCLOAK-4004 2016-12-22 06:13:41 +01:00
Stian Thorgersen
d365d9d784 Merge pull request #3649 from sldab/bearer-client-credentials
KEYCLOAK-4086 Client credentials missing in bearer-only JSON config
2016-12-20 12:32:03 +01:00
Stian Thorgersen
f6323d94ec Merge pull request #3676 from stianst/KEYCLOAK-4109
KEYCLOAK-4109 Ability to disable impersonation
2016-12-20 09:35:03 +01:00
Stian Thorgersen
eb7ad07e31 KEYCLOAK-4109 Ability to disable impersonation 2016-12-20 08:46:21 +01:00
Pedro Igor
0b3e867362 [KEYCLOAK-4034] - Minor changes to policy enforcer 2016-12-19 23:44:51 -02:00
Pedro Igor
c9c8acd029 [KEYCLOAK-4034] - Invalidating policy cache when creating resources and scopes 2016-12-19 20:28:49 -02:00
Pedro Igor
40591cff25 Merge pull request #3662 from pedroigor/KEYCLOAK-4034
[KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup
2016-12-19 16:49:10 -02:00
Pedro Igor
5cf5168770 [KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup 2016-12-19 16:48:16 -02:00
Slawomir Dabek
16fb1e2078 KEYCLOAK-4086 Client credentials missing in bearer-only Keycloak OIDC JSON 2016-12-19 16:55:19 +01:00
mposolda
ac00f7fee2 KEYCLOAK-4087 LDAP group mapping should be possible via uidNumber in memberUid mode 2016-12-19 16:27:57 +01:00
Marek Posolda
c6363aa146 Merge pull request #3630 from sldab/duplicate-email-support
KEYCLOAK-4059 Support for duplicate emails
2016-12-19 15:37:18 +01:00
Pedro Igor
c9c9f05e29 [KEYCLOAK-4034] - Improvements to UI, performance and some code cleanup 2016-12-19 11:22:37 -02:00
Stian Thorgersen
3bd3d0285d Merge branch 'duplicate-groups' of https://github.com/ssilvert/keycloak into ssilvert-duplicate-groups 2016-12-19 13:07:39 +01:00
Stian Thorgersen
b8adfcad87 Merge pull request #3658 from hmlnarik/KEYCLOAK-4095--Not-Recently-Used-Password-Policy-with-value-set-to-1-doesn-t-work
KEYCLOAK-4095 Fix for expiring passwords
2016-12-19 12:15:26 +01:00
Slawomir Dabek
93cec9b3ee KEYCLOAK-4059 Support for duplicate emails 2016-12-19 10:55:12 +01:00
Stian Thorgersen
f29bb7d501 KEYCLOAK-4092 key provider for HMAC signatures 2016-12-19 10:50:43 +01:00
Hynek Mlnarik
787a3f8fcc KEYCLOAK-4095 Fix for expiring passwords 2016-12-16 14:45:05 +01:00
Bill Burke
a4cbf130b4 Merge pull request #3592 from sldab/default-hooks
KEYCLOAK-4074 Decoupling of default provider implementations
2016-12-16 08:42:55 -05:00
Hynek Mlnarik
5453bec1bf KEYCLOAK-4079, KEYCLOAK-4080 Fix for single-valued claims 2016-12-16 10:00:36 +01:00
Stian Thorgersen
9be9d3f580 Merge pull request #3651 from stianst/KEYCLOAK-4081
KEYCLOAK-4081
2016-12-15 15:53:39 +01:00
Bill Burke
3c2a12d019 Merge pull request #3648 from patriot1burke/master
KEYCLOAK-3451
2016-12-14 15:46:24 -05:00
Bill Burke
56f9aa41d0 KEYCLOAK-3451 2016-12-14 15:04:53 -05:00
Stian Thorgersen
394676222f Merge pull request #3616 from sldab/fix-cors
KEYCLOAK-4047 WebOrigins not expanded in CORS handling of token endpoints
2016-12-14 15:13:49 +01:00
Stian Thorgersen
e316037910 KEYCLOAK-4081 2016-12-14 11:22:10 +01:00
Stian Thorgersen
97a08a1d99 Merge pull request #3644 from stianst/KEYCLOAK-4071
KEYCLOAK-4071
2016-12-14 09:55:55 +01:00
Stian Thorgersen
480d4e6f4f KEYCLOAK-4071 2016-12-14 07:01:54 +01:00
mposolda
40216b5e7d KEYCLOAK-3921 LDAP binary attributes 2016-12-13 18:31:26 +01:00
Slawomir Dabek
7ad028fcb1 KEYCLOAK-4074 Added hooks to default implementations of direct grant authenticators
and email sender.
2016-12-13 15:32:39 +01:00
Bill Burke
62029e8a33 KEYCLOAK-3506 2016-12-10 11:59:29 -05:00
Bill Burke
10fc7302eb Merge pull request #3632 from hmlnarik/KEYCLOAK-4057-MS-AD-FS-does-not-recognize-certificate-for-POST-signed-AuthnRequest-for-brokering
KEYCLOAK-4057 Do not include KeyName for brokered IdPs
2016-12-09 09:09:13 -05:00
Hynek Mlnarik
24a36e6848 KEYCLOAK-4057 Do not include KeyName for brokered IdPs
Active Directory Federation Services require that the subject name
matches KeyName element when present. While KeyName is beneficial for
Keycloak adapters, it breaks functionality for AD FS as the name
included there is a key ID, not certificate subject expected by AD FS.

This patch contains functionality that excludes KeyName from SAML
messages to identity providers. This behaviour should be made
configurable per client/identity provider and is prepared to do so,
however actual GUI changes are left for a separate patch.
2016-12-09 14:33:40 +01:00
Bill Burke
1f0600044a KEYCLOAK-3967 2016-12-08 19:29:02 -05:00
Bill Burke
d3e3990d77 Merge pull request #3629 from patriot1burke/master
KEYCLOAK-2806
2016-12-08 17:36:28 -05:00
Bill Burke
4a80f1e913 Merge remote-tracking branch 'upstream/master' 2016-12-08 17:05:46 -05:00
Bill Burke
0550bdb467 KEYCLOAK-3214 2016-12-08 16:47:17 -05:00
Bill Burke
5f07fa8057 KEYCLOAK-2806 2016-12-08 16:28:22 -05:00
mposolda
e7f6c780e2 KEYCLOAK-4058 Improve LDAPStorageMapper and remove LDAPStorageMapperBridge 2016-12-08 18:35:56 +01:00
Bill Burke
75e2b404c8 Merge pull request #3618 from abstractj/KEYCLOAK-3685
[KEYCLOAK-3685]: Username not updated when "Email as username" is enabled
2016-12-06 22:06:55 -05:00
Bill Burke
7271fdaaaa KEYCLOAK-3509 2016-12-06 18:52:37 -05:00
Bill Burke
68c8bfa0e1 KEYCLOAK-2705 2016-12-06 17:32:41 -05:00
Bruno Oliveira
ddb201db6c [KEYCLOAK-3685]: Username not updated when "Email as username" is enabled 2016-12-06 19:46:31 -02:00
Slawomir Dabek
4069be3ff6 KEYCLOAK-4047 Expand + to valid WebOrigins in Cors class 2016-12-06 20:22:35 +01:00
Bill Burke
77d17de14d Merge pull request #3611 from patriot1burke/master
KEYCLOAK-3620
2016-12-06 08:18:36 -05:00
Bill Burke
bab08bf8f0 Merge remote-tracking branch 'upstream/master' 2016-12-06 08:18:05 -05:00
Bill Burke
6587cd2478 KEYCLOAK-3620 2016-12-05 17:51:06 -05:00
Bill Burke
693d6c0e5d Merge pull request #3608 from hmlnarik/KEYCLOAK-4035
KEYCLOAK-4035 Composite roles need to be expanded in SAML attribute mapper
2016-12-05 14:44:21 -05:00
Bill Burke
952c1decf0 Merge pull request #3607 from patriot1burke/master
KEYCLOAK-4033
2016-12-05 14:44:07 -05:00
Bill Burke
f03d79c7d3 Merge pull request #3603 from thomasdarimont/issue/KEYCLOAK-3969-Allow-authentication-via-ScriptAuthenticator-without-user
KEYCLOAK-3969 Allow use of ScriptAuthenticator without user
2016-12-05 10:19:02 -05:00
Hynek Mlnarik
3c4114091f KEYCLOAK-4035 Composite roles need to be expanded in SAML attribute mapper 2016-12-05 16:16:08 +01:00
Bill Burke
d354aa1f62 KEYCLOAK-4033 2016-12-05 10:15:55 -05:00
Hynek Mlnarik
197f51e50f KEYCLOAK-3950 Fix NPE on request for NameIDPolicy without format
... and two more one-line issues
2016-12-05 07:24:38 +01:00
l-robinson
1c66ce7dd7 Additional test case added to check the text in the 'Back to application' link 2016-12-05 12:13:30 +10:30
Thomas Darimont
8610a02d72 KEYCLOAK-3969 Allow use of ScriptAuthenticator without user
Previously ScriptAuthenticator required a user to be authenticated
before it could be used as an additional authentication step which
limited the scenarios the authenticator could be used.

We now allow ScriptAuthenticators to be used without requiring an
user to be authenticated before.
Adapted the authenticator-template.js with a null safe username check.

Note that existing custom ScriptAuthenticators might need some additional
null checks since the user can now be undefined.
2016-12-04 23:15:53 +01:00
Bill Burke
0ab352706b Merge pull request #3554 from hassaneinaltememyictu/2.3.0-ictu-change-role-attributeToRoleMapper
grant the new role from the saml token if it exist
2016-12-03 13:43:40 -05:00
Bill Burke
88d08c4f38 component query and remove provider alis fix 2016-12-03 11:34:48 -05:00
Bill Burke
8fd7091068 KEYCLOAK-3986 2016-12-03 09:33:52 -05:00
Bill Burke
ce50b0ed29 Merge remote-tracking branch 'upstream/master' 2016-12-02 19:26:34 -05:00
Bill Burke
e88af874ca finish 2016-12-02 19:25:17 -05:00
mposolda
17d8394ab6 KEYCLOAK-3340 Service Account user not renamed when renaming client-id 2016-12-02 18:13:29 +01:00
mposolda
cccb532a21 KEYCLOAK-3701 NullPointerException when trying to get access token from offline token 2016-12-02 16:35:21 +01:00
Stian Thorgersen
8842d88058 Merge pull request #3562 from ssilvert/overwrite-client-role-fails
KEYCLOAK-3042: NPE when trying to overwrite client role
2016-12-02 14:06:27 +01:00
Stian Thorgersen
209f8155d1 KEYCLOAK-3835 Remove redirect on flow and return not modified if page is refreshed 2016-12-02 06:29:59 +01:00
Manuel Palacio
bfec073457 KEYCLOAK-3648 2016-12-01 19:34:33 +01:00
l-robinson
c72ceadfce KEYCLOAK-4004 Pass the client name in the ReferrerBean instead of the referrer parameter 2016-12-01 17:17:57 +10:30
Stian Thorgersen
1e7f1b1e54 Merge pull request #3570 from stianst/master
Bump to 2.5.0.Final-SNAPSHOT
2016-12-01 06:36:37 +01:00
Stian Thorgersen
433f373f60 KEYCLOAK-3889 Add produces to server info endpoint 2016-11-30 15:46:01 +01:00
Stian Thorgersen
b771b84f56 Bump to 2.5.0.Final-SNAPSHOT 2016-11-30 15:44:51 +01:00
mposolda
d0a96d463d KEYCLOAK-3831 Improve AddressMapper configurability. Support for 'formatted' subclaim 2016-11-30 13:04:45 +01:00
Bill Burke
9e50a45b4c UserBulkUpdateProvider interface 2016-11-29 18:43:22 -05:00
Stan Silvert
83063a5740 KEYCLOAK-3042: NPE when trying to overwrite client role 2016-11-29 15:43:48 -05:00
Bill Burke
7efa3a3ddf Merge remote-tracking branch 'upstream/master' 2016-11-29 11:34:04 -05:00
Marek Posolda
80c4b2aa31 Merge pull request #3556 from mposolda/master
KEYCLOAK-3822 Changing signature validation settings of an external I…
2016-11-28 22:37:44 +01:00
Bill Burke
63458a7de7 Merge pull request #3559 from patriot1burke/master
KEYCLOAK-3980
2016-11-28 13:36:52 -05:00
Bill Burke
f6a080729a javadoc 2016-11-28 12:25:54 -05:00
Bill Burke
1dacddb7e3 KEYCLOAK-3980 2016-11-28 12:20:40 -05:00
mposolda
69ce1e05f0 KEYCLOAK-3822 Changing signature validation settings of an external IdP is not sometimes reflected 2016-11-28 15:27:25 +01:00
Hynek Mlnarik
65b269cd54 KEYCLOAK-3731 Provide functionality for IdP-initiated SSO for broker
A SAML brokered IdP can send unsolicited login response to the broker.
This commit adds a new GET/POST endpoint under [broker SAML
endpoint]/clients/{client_id}. Broken will respond to  submission to
this new endpoint by looking up a SAML client with URL name equal to
client_id, and if found, it performs IdP-initiated SSO to that client.
2016-11-28 13:54:04 +01:00
mposolda
7c6032cc84 KEYCLOAK-3825 Ability to expire publicKeys cache. Migrated OIDCBrokerWithSignatureTest to new testsuite 2016-11-25 17:45:37 +01:00
Bill Burke
ccbd8e8c70 remove User Fed SPI 2016-11-23 16:06:44 -05:00
Bill Burke
d5925b8ccf remove realm UserFed SPI methods 2016-11-23 08:31:20 -05:00
Stian Thorgersen
6ec82865d3 Bump version to 2.4.1.Final-SNAPSHOT 2016-11-22 14:56:21 +01:00
mposolda
d8c8afe070 KEYCLOAK-3943 Admin console issues when updating LDAP Storage provider 2016-11-21 14:22:45 +01:00
mposolda
da52a5c9cf KEYCLOAK-3930 KEYCLOAK-3931 LDAP and Mongo fixes 2016-11-18 20:02:02 +01:00
Stian Thorgersen
7043ecc21b KEYCLOAK-3881 Fix login status iframe with * origin 2016-11-18 12:50:52 +01:00
Marek Posolda
3e71aeddf3 Merge pull request #3479 from hmlnarik/KEYCLOAK-3469-UserRealmRoleMapper
KEYCLOAK-3469 Make role mappers account for user groups
2016-11-18 09:21:56 +01:00
Marek Posolda
b434c2b9cf Merge pull request #3510 from ssilvert/delete-subflows
KEYCLOAK-3681: Delete top flow doesn't remove all subflows
2016-11-18 08:50:13 +01:00
mposolda
a27be0cee7 KEYCLOAK-3857 Clustered invalidation cache fixes and refactoring. Support for cross-DC for invalidation caches. 2016-11-16 22:29:23 +01:00
Stan Silvert
55556fc63c KEYCLOAK-3681: Delete top flow doesn't remove all subflows 2016-11-16 12:43:11 -05:00
Stian Thorgersen
26b1541f4a Merge pull request #3476 from abstractj/KEYCLOAK-3875
[KEYCLOAK-3875] - Conditional OTP Forms not working as expected
2016-11-16 12:44:50 +01:00
Stian Thorgersen
1c3a475d1e Merge pull request #3485 from hmlnarik/KEYCLOAK-3071
KEYCLOAK-3071 Add SOAP and PAOS endpoints to valid redirect URIs on SP import
2016-11-16 12:38:45 +01:00
Bill Burke
cc0eb47814 merge 2016-11-14 15:09:41 -05:00
Bill Burke
c280634bfa fix tests 2016-11-14 15:06:17 -05:00
Hynek Mlnarik
750e942267 KEYCLOAK-3469 Make role mappers account for user groups 2016-11-14 11:38:00 +01:00
Bruno Oliveira
39f40bc005 [KEYCLOAK-3875] - Conditional OTP Forms not working as expected 2016-11-11 15:16:08 -02:00
Stian Thorgersen
a86b5988b5 Merge pull request #3484 from hmlnarik/KEYCLOAK-3658
KEYCLOAK-3658 Fixed typo in condition
2016-11-11 09:41:48 +01:00
Stian Thorgersen
088f0ea630 Merge pull request #3490 from stianst/KEYCLOAK-3086
[KEYCLOAK-3086] -  NPE when accessing Account with invalid clientId s…
2016-11-11 09:35:45 +01:00
Bruno Oliveira
675faee593 [KEYCLOAK-3086] - NPE when accessing Account with invalid clientId set as ?referrer, and additional referrer_uri set 2016-11-10 13:49:40 +01:00
Stian Thorgersen
7e33f4a7d1 KEYCLOAK-3882 Split server-spi into server-spi and server-spi-private 2016-11-10 13:28:42 +01:00
Bill Burke
94076a3b24 admin console ui 2016-11-09 17:34:07 -05:00
Hynek Mlnarik
8816b55843 KEYCLOAK-3071 Add SOAP and PAOS endpoints to valid redirect URIs on SP import 2016-11-09 14:13:53 +01:00
Hynek Mlnarik
9c724b616d KEYCLOAK-3658 Fixed typo in condition 2016-11-09 11:27:33 +01:00
Vlasta Ramik
6f1b8e1fee remove KEYCLOAK_REMEMBERME when user logs in without rememberme checked + tests 2016-11-09 10:33:46 +01:00
Bill Burke
4880c0443c ldap port admin console 2016-11-08 12:30:20 -05:00
Stian Thorgersen
292777259e Merge pull request #3472 from hmlnarik/KEYCLOAK-1881-saml-key-rotation
Keycloak 1881 - SAML key/cert rotation for IdP
2016-11-08 07:56:25 +01:00
Stian Thorgersen
db4f3561a5 Merge pull request #3454 from ssilvert/keystore-error-messages
KEYCLOAK-3817: More detailed errors when loading keys from JKS
2016-11-08 07:33:43 +01:00
Bill Burke
5a86623c88 merge 2016-11-06 08:52:10 -05:00
Bill Burke
14dc0ff92f Merge remote-tracking branch 'upstream/master' 2016-11-05 20:05:01 -04:00
Bill Burke
4302b440ee ldap port 2016-11-05 20:04:53 -04:00
Bill Burke
c75dcb90c2 ldap port 2016-11-04 21:25:47 -04:00
Hynek Mlnarik
8ae1b1740d KEYCLOAK-1881 Client installers 2016-11-04 21:53:43 +01:00
Hynek Mlnarik
4f9e35c0a1 KEYCLOAK-1881 Support for multiple certificates in broker (hardcoded at the moment) 2016-11-04 21:53:43 +01:00
Hynek Mlnarik
67bb9aef3d KEYCLOAK-1881 Add switch to enable/disable generation of <Extensions>
Some SP clients might be confused by using a standard SAML protocol tag
<Extensions> which is used for signed REDIRECT binding messages to
specify signing key ID. To enable the interoperability, generation of
the tag is disabled by default and can be enabled for individual
clients.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
1ae268ec6f KEYCLOAK-1881 Include key ID for REDIRECT and use it for validation
Contrary to POST binding, signature of SAML protocol message sent using
REDIRECT binding is contained in query parameters and not in the
message. This renders <dsig:KeyName> key ID hint unusable. This commit
adds <Extensions> element in SAML protocol message containing key ID so
that key ID is present in the SAML protocol message.
2016-11-04 21:53:43 +01:00
Hynek Mlnarik
d5c3bde0af KEYCLOAK-1881 Make SAML descriptor endpoint return all certificates 2016-11-04 21:53:43 +01:00
Hynek Mlnarik
5d840500af KEYCLOAK-1881 Include key ID in <ds:KeyInfo> in SAML assertions and protocol message
Changes of SAML assertion creation/parsing that are required to allow
for validation of rotating realm key: signed SAML assertions and signed
SAML protocol message now contain signing key ID in XML <dsig:KeyName>
element.
2016-11-04 21:53:43 +01:00
Pedro Igor
706c1e2660 [KEYCLOAK-3704] - Registering UserSinchronizer to remove resources when the owner is removed 2016-11-02 21:40:58 -02:00
Pedro Igor
95d2130405 [KEYCLOAK-3704] - Checkign if owner is a valid user 2016-11-02 21:01:24 -02:00
Stan Silvert
facdd586a3 KEYCLOAK-2720: Should not allow two groups with the same path. 2016-11-01 16:08:30 -04:00
Stan Silvert
a5e5f4cf9c KEYCLOAK-3817: More detailed errors when loading keys from JKS 2016-11-01 13:54:34 -04:00
Bill Burke
ccaac40863 Merge pull request #3437 from patriot1burke/master
disable credential type REST and admin ui
2016-10-28 11:33:16 -04:00
Stian Thorgersen
f4a77c3d06 Merge pull request #3444 from stianst/KEYCLOAK-3225
KEYCLOAK-3225
2016-10-28 11:51:35 +02:00
Stian Thorgersen
b6b567f948 Merge pull request #3441 from stianst/KEYCLOAK-3733
KEYCLOAK-3733 Set default max results for paginated endpoints
2016-10-28 10:36:24 +02:00
Stian Thorgersen
479295cfd2 KEYCLOAK-3225
Modifying user's Identity Provider Links requires manage-realm client role
2016-10-28 10:25:41 +02:00
Stian Thorgersen
a78cfa4b2c Merge pull request #3440 from stianst/KEYCLOAK-3667
KEYCLOAK-3667
2016-10-28 10:13:06 +02:00
Stian Thorgersen
c6caeb3bec Merge pull request #3439 from stianst/KEYCLOAK-3828
KEYCLOAK-3828
2016-10-28 10:12:51 +02:00
Stian Thorgersen
a9d47287ee KEYCLOAK-3733 Set default max results for paginated endpoints 2016-10-28 09:15:05 +02:00
Stian Thorgersen
3d46b4c425 KEYCLOAK-3667 2016-10-28 08:43:24 +02:00
Stian Thorgersen
db428dad1d KEYCLOAK-3828
Component uses wrong role
2016-10-28 07:56:44 +02:00
Stian Thorgersen
e958bd254a Merge pull request #3435 from stianst/KEYCLOAK-3331
KEYCLOAK-3331 Reset password leads to 400 bad request when link is op…
2016-10-28 06:40:48 +02:00
Stian Thorgersen
0c6b47b9f2 Merge pull request #3433 from stianst/KEYCLOAK-3641
KEYCLOAK-3641 Clicking an invalid verification link due to re-send re…
2016-10-28 06:40:27 +02:00
Bill Burke
91da6a47d7 disable cred types ui 2016-10-27 16:17:02 -04:00
Stian Thorgersen
c6ac3266f0 KEYCLOAK-3641 Clicking an invalid verification link due to re-send removes the email verification key from the session 2016-10-27 16:16:52 +02:00
Stian Thorgersen
ab72b2b141 KEYCLOAK-3331 Reset password leads to 400 bad request when link is opened in a different browser session 2016-10-27 16:04:45 +02:00
Bill Burke
73e3f2a89b REST API for disable cred type 2016-10-26 15:48:45 -04:00
Bill Burke
68e853b4bd Merge remote-tracking branch 'upstream/master' 2016-10-25 13:40:32 -04:00
Bill Burke
b67cb0e97a Merge remote-tracking branch 'upstream/master' 2016-10-25 11:44:22 -04:00
Stian Thorgersen
4b27e66714 KEYCLOAK-3782 Keysize for rsa-generated should be a dropdown 2016-10-25 08:52:02 +02:00
Bill Burke
3e28ac1e46 user spi cache policy 2016-10-24 15:36:37 -04:00
hassaneinaltememyictu
a119a46495 grant the new role from the saml token if it exist
grant the user with the new role from the saml token if it is a realm role in keycloak
2016-10-24 17:17:22 +02:00
Stian Thorgersen
4d47f758fc Merge pull request #3405 from stianst/master
Bump version
2016-10-21 10:11:59 +02:00
Stian Thorgersen
c615674cbb Bump version 2016-10-21 07:03:15 +02:00
Stian Thorgersen
1a4f9e656d Merge pull request #3398 from stianst/KEYCLOAK-3774
KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redir…
2016-10-21 06:34:43 +02:00
Stian Thorgersen
9801f09a93 KEYCLOAK-3774 Fix keycloak.js with prompt=none and new stricter redirect_uri 2016-10-20 21:31:25 +02:00
Stian Thorgersen
5a00aaefa8 KEYCLOAK-2594
bind credential being leaked in admin tool JSON response

KEYCLOAK-2972
Keycloak leaks configuration passwords in Admin Event logs
2016-10-20 19:30:59 +02:00
Stian Thorgersen
1bf24d26a4 Merge pull request #3395 from stianst/master
KEYCLOAK-3772
2016-10-20 19:27:03 +02:00
Stian Thorgersen
839c4e8ede KEYCLOAK-3772
Login with Twitter is not working
2016-10-20 15:05:07 +02:00
mposolda
072ccb5c61 KEYCLOAK-3770 OIDC registration with id_token grant type should set publicClient flag to true 2016-10-20 14:10:53 +02:00
Stian Thorgersen
dfc09b69a8 Merge pull request #3380 from stianst/KEYCLOAK-3364
KEYCLOAK-3364 Fix for dns that ends with digit
2016-10-20 06:24:50 +02:00
Stian Thorgersen
d2e0432afb Merge pull request #3389 from patriot1burke/master
KEYCLOAK-3651
2016-10-20 06:24:15 +02:00
Bill Burke
34d80c9083 KEYCLOAK-3651 2016-10-19 20:28:33 -04:00
Bill Burke
9f00f693c6 Merge pull request #3387 from ssilvert/spelling-represenation
KEYCLOAK-3496: Spelling Error in Admin GUI Documentation
2016-10-19 19:59:41 -04:00
Stan Silvert
ad59cd618e Merge pull request #3383 from ssilvert/duplicate-fed-provider
KEYCLOAK-2892: Bad error when create fed provider w/ same name.
2016-10-19 16:40:58 -04:00
Stan Silvert
ac80f99e8c KEYCLOAK-3496: Spelling Error in Admin GUI Documentation 2016-10-19 16:33:59 -04:00
Bill Burke
cdf7dd3a6c Merge pull request #3372 from patriot1burke/master
onCreate for Components
2016-10-19 16:21:20 -04:00
Bill Burke
934ea1c33c KEYCLOAK-3562 2016-10-19 14:01:21 -04:00
Stan Silvert
9d098e9068 KEYCLOAK-2892: Bad error when create fed provider w/ same name. 2016-10-19 13:32:28 -04:00
Stian Thorgersen
ffce2023c0 KEYCLOAK-3364 Fix for dns that ends with digit 2016-10-19 18:41:43 +02:00
mposolda
3779bfb6b4 KEYCLOAK-3666 client registration policies - polishing 2016-10-19 17:45:23 +02:00
mposolda
964cd50f1d KEYCLOAK-3666 Added client reg policies for maxClients and clientDisabled 2016-10-19 17:45:23 +02:00
Stian Thorgersen
36c367a3bc Merge pull request #3369 from stianst/KEYCLOAK-3625
KEYCLOAK-3625
2016-10-19 15:56:57 +02:00
Stian Thorgersen
1b24d2edd8 KEYCLOAK-3625 More work on the issue 2016-10-19 14:21:50 +02:00
Stian Thorgersen
bbc1d26b72 Merge pull request #3367 from stianst/KEYCLOAK-3745
KEYCLOAK-3745 Change attributes in user rep
2016-10-19 14:01:39 +02:00
Stian Thorgersen
4efe12cb93 KEYCLOAK-3745 Change attributes in user rep 2016-10-19 12:15:13 +02:00
Stian Thorgersen
f2f508ac2e Merge pull request #3357 from stianst/KEYCLOAK-3107
KEYCLOAK-3017 Expose Location header in cors request to admin endpoint
2016-10-19 08:45:18 +02:00
Stian Thorgersen
13220e1d38 Merge pull request #3355 from stianst/KEYCLOAK-2699
KEYCLOAK-2699 Potential for NPE in DirImportProvider.getRealmsToImport
2016-10-19 07:35:54 +02:00
Stian Thorgersen
116027bd7b Merge pull request #3354 from stianst/KEYCLOAK-2488
KEYCLOAK-2488 Token introspection returns wrong response for invalid …
2016-10-19 07:33:25 +02:00
Stian Thorgersen
a33997976f KEYCLOAK-3017 Expose Location header in cors request to admin endpoint 2016-10-18 21:27:46 +02:00
Stian Thorgersen
0a8d1e28f1 KEYCLOAK-2699 Potential for NPE in DirImportProvider.getRealmsToImport 2016-10-18 20:31:51 +02:00
Stian Thorgersen
29538332d9 KEYCLOAK-2488 Token introspection returns wrong response for invalid token 2016-10-18 20:28:14 +02:00
Bill Burke
d941e07169 Merge pull request #3350 from patriot1burke/master
federated import/export to json
2016-10-18 14:15:25 -04:00
Stian Thorgersen
e41d11877f Merge pull request #3349 from stianst/KEYCLOAK-2741
KEYCLOAK-2741
2016-10-18 19:39:54 +02:00
mposolda
b62e6e2751 KEYCLOAK-3653 CORS headers not sent in certs endpoint 2016-10-18 16:57:06 +02:00
Stian Thorgersen
74dad004e3 KEYCLOAK-2741
Don't remove KEYCLOAK_REMEMBERME cookie when sso session expires.
2016-10-18 16:14:36 +02:00
Bill Burke
2199df71bf Merge remote-tracking branch 'upstream/master' 2016-10-18 10:14:00 -04:00
Bill Burke
4182e4d92a federated import/export 2016-10-18 10:13:51 -04:00
Marek Posolda
3986ce2ce0 Merge pull request #3345 from mposolda/master
KEYCLOAK-3499 Fixes in OIDCProtocolMapper support for includeInUserInfo
2016-10-18 14:28:29 +02:00
Stian Thorgersen
4b56743788 Merge pull request #3343 from stianst/KEYCLOAK-2884
KEYCLOAK-2884 Remove ClientTemplateResource.getKeycloakApplication()
2016-10-18 14:08:50 +02:00
mposolda
a7287aad36 KEYCLOAK-3499 More fixes for IncludeInUserInfo. Fixing tests and migration 2016-10-18 13:09:30 +02:00
Thomas Darimont
c3b577de11 KEYCLOAK-3499 Revise OIDCProtocolMapper support
Moved methods `transformUserInfoToken`, `transformAccessToken`,
`transformIDToken` to the `AbstractOIDCProtocolMapper` base class
in order to reduce code duplication.
Previously every mapper implemented at least one or two of those
methods with exactly the same code.
Having those methods in the base class ensures that the code is the
same for all mappers. Since the mentioned methods are declared
on the `OIDCIDTokenMapper`, `OIDCAccessTokenMapper` and `UserInfoTokenMapper`
interfaces `AbstractOIDCProtocolMapper` implementations can now choose
how they should be handled by the `TokenManager`
by implementing the desired set of interfaces `*TokenMapper`-interfaces.

I think this provides a good balance between ease of use, reduced code duplication
and ensured backwards compatiblity.
Existing protocol mapper implementations will still work since they just implement
their own logic for `transformUserInfoToken`, `transformAccessToken`,
`transformIDToken`.

The "claim" information provided by a `ProtocolMapper` to a `*Token` can now
be provided by overriding the `AbstractOIDCProtocolMapper.setClaim` method.

Adapted all eligible ProtocolMapper implementations within the
`org.keycloak.protocol.oidc.mappers` package accordingly.
2016-10-18 13:09:30 +02:00
Stian Thorgersen
e157a60a23 KEYCLOAK-2884 Remove ClientTemplateResource.getKeycloakApplication() 2016-10-18 09:01:24 +02:00
Marek Posolda
2fd680092a Merge pull request #3336 from mposolda/master
KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for …
2016-10-18 08:33:26 +02:00
mposolda
00879b39b7 KEYCLOAK-3719 Add 'options' to ProviderConfigProperty and use it for 'List' type instead of defaultValue 2016-10-17 21:34:21 +02:00
Stian Thorgersen
77499be8d2 KEYCLOAK-3728
Disable script based authenticator in product profile
2016-10-17 21:16:51 +02:00
Stian Thorgersen
64339aaca7 Merge pull request #3317 from stianst/KEY-ROTATION
Updated labels for java keystore provider config
2016-10-17 19:39:47 +02:00
Stian Thorgersen
2ed6067de0 Merge pull request #3290 from hmlnarik/KEYCLOAK-3655
KEYCLOAK-3655: Fix for unexpected server error when adding duplicate auth flow
2016-10-17 19:31:43 +02:00
Stian Thorgersen
d22f45f0d2 Merge pull request #3335 from stianst/KEYCLOAK-3635
KEYCLOAK-3635 Not possible to filter debug/trace logging
2016-10-17 18:50:10 +02:00
Stian Thorgersen
b320eb8fc7 KEYCLOAK-3635 Not possible to filter debug/trace logging 2016-10-17 16:12:14 +02:00
Geir Ole Hiåsen Stevning
95f62c6aeb KEYCLOAK-3626 - CreatedDate and lastUpdatedDate on user consent 2016-10-17 13:53:12 +02:00
mposolda
5732b2c58f KEYCLOAK-3716 Unable to start Keycloak on wildfly 2016-10-17 12:22:33 +02:00
mposolda
18e0c0277f KEYCLOAK-3666 Dynamic client registration policies 2016-10-14 20:20:40 +02:00
Bill Burke
1c0abbd722 Merge pull request #3315 from patriot1burke/master
import and sync spi
2016-10-14 10:12:42 -04:00
Stian Thorgersen
422805b511 Updated labels for java keystore provider config 2016-10-14 10:36:17 +02:00
Bill Burke
8c8a39c833 sync and import 2016-10-13 20:49:02 -04:00
Bill Burke
0938390654 sync and import 2016-10-13 20:38:49 -04:00
Stian Thorgersen
4e245d428c KEYCLOAK-905 More testing 2016-10-13 20:44:33 +02:00
Stian Thorgersen
d2cae0f8c3 KEYCLOAK-905
Realm key rotation for OIDC
2016-10-13 11:19:52 +02:00
Bill Burke
fbaa731dfa import spi 2016-10-11 18:33:59 -04:00
Bill Burke
db05dc6ee4 KEYCLOAK-3671 2016-10-06 15:02:15 -04:00
Bill Burke
fbb65fa072 KEYCLOAK-3671 2016-10-06 14:56:02 -04:00
Bill Burke
74325fe133 initial sync/import spi 2016-10-06 14:48:53 -04:00
Hynek Mlnarik
cfbc9cf14b KEYCLOAK-3655: Fix for unexpected server error when adding duplicate auth flow 2016-10-05 13:57:02 +02:00
Bill Burke
c5600e888d revactor CredentialValidationOutput apis 2016-10-04 17:26:45 -04:00
Bill Burke
4af0976194 remove UserCredValueModel and hold hash providers 2016-10-04 12:34:15 -04:00
mposolda
bc916a1909 KEYCLOAK-3564 Update demo examples with public key rotation 2016-10-04 14:05:01 +02:00
mposolda
0f9798a10d KEYCLOAK-3493 KEYCLOAK-3532 Renamed KeyStorageProvider to PublicKeyStorageProvider 2016-10-03 15:23:50 +02:00
Thomas Darimont
c852d6d817 KEYCLOAK-3642 Favor StreamUtil over IOUTils in ScriptBasedAuthenticatorFactory
The dependency on commons-io through the use of IOUtils in
ScriptBasedAuthenticatorFactory resulted in
NoClassDefFoundError org/apache/commons/io/IOUtils when building the
keycloak-distribution.

We now use the StreamUtil from keycloak-common to avoid this dependency.
2016-10-03 13:33:53 +02:00
Bill Burke
d4c3fae546 merge conflicts 2016-09-30 19:19:12 -04:00
Bill Burke
6a4e413bf4 final mongo fixes 2016-09-30 19:08:34 -04:00
mposolda
f9a0abcfc4 KEYCLOAK-3493 KEYCLOAK-3532 Added KeyStorageProvider. Support key rotation for OIDC clients and identity providers with JWKS url. 2016-09-30 21:28:23 +02:00